From 0481461f82f6f3b8f61fc92b12ce1b5e50159f4d Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 4 Oct 2023 19:14:24 +0900 Subject: [PATCH 001/117] Add Azure Firewall as an option --- .../azureFirewalls/deploy.bicep | 2 +- workload/arm/deploy-baseline.json | 6941 ++++++++++++----- workload/bicep/deploy-baseline.bicep | 22 + .../bicep/modules/networking/deploy.bicep | 504 ++ workload/portal-ui/portal-ui-baseline.json | 40 + 5 files changed, 5593 insertions(+), 1916 deletions(-) diff --git a/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep b/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep index 3b9d22b13..7281725d3 100644 --- a/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep @@ -222,7 +222,7 @@ module publicIPAddress '../../Microsoft.Network/publicIPAddresses/deploy.bicep' ] location: location diagnosticStorageAccountId: diagnosticStorageAccountId - diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays + //diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays diagnosticWorkspaceId: diagnosticWorkspaceId diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId diagnosticEventHubName: diagnosticEventHubName diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 587d1c2e7..b0deb342f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1320913085188889159" + "version": "0.21.1.54444", + "templateHash": "2710012389240087448" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - }, - "maxLength": 4, - "minLength": 2 + } }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - }, "allowedValues": [ "Dev", "Test", "Prod" - ] + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, + "minValue": 30, + "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - }, - "minValue": 30, - "maxValue": 730 + } }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ] + ], + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } }, "createIntuneEnrollment": { "type": "bool", @@ -110,14 +110,14 @@ "avdApplicationGroupIdentityType": { "type": "string", "defaultValue": "Group", - "metadata": { - "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" - }, "allowedValues": [ "Group", "ServicePrincipal", "User" - ] + ], + "metadata": { + "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" + } }, "avdIdentityDomainName": { "type": "string", @@ -156,13 +156,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + } }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -178,24 +178,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + } }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + } }, "hostPoolMaxSessions": { "type": "int", @@ -316,6 +316,20 @@ "description": "Does the hub contains a virtual network gateway. (Default: false)" } }, + "deployAvdFirewall": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Create Azure Firewall and Azure Firewall Policy. (Default: false)" + } + }, + "firewallSubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.0.2.0/24", + "metadata": { + "description": "AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)" + } + }, "createAvdFslogixDeployment": { "type": "bool", "defaultValue": true, @@ -396,11 +410,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, + "minValue": 1, + "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - }, - "maxValue": 100, - "minValue": 1 + } }, "avdSessionHostCountIndex": { "type": "int", @@ -440,24 +454,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + } }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + } }, "diskZeroTrust": { "type": "bool", @@ -490,14 +504,14 @@ "securityType": { "type": "string", "defaultValue": "TrustedLaunch", - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ] + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } }, "secureBootEnabled": { "type": "bool", @@ -516,9 +530,6 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -528,7 +539,10 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ] + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } }, "managementVmOsImage": { "type": "string", @@ -575,194 +589,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", + "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - }, - "maxLength": 90 + } }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - }, - "maxLength": 90 + } }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - }, - "maxLength": 90 + } }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - }, - "maxLength": 90 + } }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", + "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - }, - "maxLength": 90 + } }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", + "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - }, - "maxLength": 64 + } }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", + "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - }, - "maxLength": 11 + } }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", + "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - }, - "maxLength": 9 + } }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", + "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - }, - "maxLength": 2 + } }, "fslogixFileShareCustomName": { "type": "string", @@ -781,34 +795,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv-sec", + "maxLength": 6, "metadata": { "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv-sec)" - }, - "maxLength": 6 + } }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", + "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - }, - "maxLength": 6 + } }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", + "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - }, - "maxLength": 5 + } }, "ztKvPrefixCustomName": { "type": "string", "defaultValue": "kv-key", + "maxLength": 6, "metadata": { "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" - }, - "maxLength": 6 + } }, "createResourceTags": { "type": "bool", @@ -827,29 +841,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - }, "allowedValues": [ "Light", "Medium", "High", "Power" - ] + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ] + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } }, "departmentTag": { "type": "string", @@ -861,16 +875,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ] + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1234,6 +1248,13 @@ "varAvdRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('avdRouteTableCustomName'), format('route-avd-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varPrivateEndpointRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('privateEndpointRouteTableCustomName'), format('route-pe-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varApplicationSecurityGroupName": "[if(parameters('avdUseCustomNaming'), parameters('avdApplicationSecurityGroupCustomName'), format('asg-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", + "varFiwewallName": "[format('fw-avd-{0}', variables('varHubVnetName'))]", + "varFiwewallPolicyName": "[format('fwpol-avd-{0}', variables('varHubVnetName'))]", + "varFiwewallPolicyRuleCollectionGroupName": "[format('{0}-rcg', variables('varFiwewallPolicyName'))]", + "varFiwewallPolicyNetworkRuleCollectionName": "[format('{0}-nw-rule-collection', variables('varFiwewallPolicyName'))]", + "varFiwewallPolicyOptionalRuleCollectionGroupName": "[format('{0}-rcg-optional', variables('varFiwewallPolicyName'))]", + "varFiwewallPolicyOptionalNetworkRuleCollectionName": "[format('{0}-nw-rule-collection-optional', variables('varFiwewallPolicyName'))]", + "varFiwewallPolicyOptionalApplicationRuleCollectionName": "[format('{0}-app-rule-collection-optional', variables('varFiwewallPolicyName'))]", "varWorkSpaceName": "[if(parameters('avdUseCustomNaming'), parameters('avdWorkSpaceCustomName'), format('vdws-{0}-001', variables('varManagementPlaneNamingStandard')))]", "varWorkSpaceFriendlyName": "[if(parameters('avdUseCustomNaming'), parameters('avdWorkSpaceCustomFriendlyName'), format('Workspace {0} {1} {2} 001', parameters('deploymentPrefix'), parameters('deploymentEnvironment'), parameters('avdManagementPlaneLocation')))]", "varHostPoolName": "[if(parameters('avdUseCustomNaming'), parameters('avdHostPoolCustomName'), format('vdpool-{0}-001', variables('varManagementPlaneNamingStandard')))]", @@ -1560,8 +1581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -1581,14 +1602,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -1669,8 +1690,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -1683,13 +1704,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -1799,8 +1820,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2160,8 +2181,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2181,14 +2202,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2269,8 +2290,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2283,13 +2304,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2399,8 +2420,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2755,8 +2776,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2776,14 +2797,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2864,8 +2885,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2878,13 +2899,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2994,8 +3015,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -3368,8 +3389,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3035548163754880904" + "version": "0.21.1.54444", + "templateHash": "3182944092420253110" } }, "parameters": { @@ -3492,8 +3513,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -3513,14 +3534,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -3601,8 +3622,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -3615,13 +3636,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -3731,8 +3752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -4092,8 +4113,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9723296804992458231" + "version": "0.21.1.54444", + "templateHash": "1156178304169403377" } }, "parameters": { @@ -4182,8 +4203,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "maxValue": 730, "minValue": 0, + "maxValue": 730, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4242,8 +4263,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4286,14 +4307,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -4486,8 +4507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1015616738226483875" + "version": "0.21.1.54444", + "templateHash": "13379431903908500265" } }, "parameters": { @@ -4630,8 +4651,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9976669288431551452" + "version": "0.21.1.54444", + "templateHash": "18035599797024630806" } }, "parameters": { @@ -4764,8 +4785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3402933947779868845" + "version": "0.21.1.54444", + "templateHash": "15194527127560537713" } }, "parameters": { @@ -4899,8 +4920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12988075953101096314" + "version": "0.21.1.54444", + "templateHash": "14867461711977977980" } }, "parameters": { @@ -5071,15 +5092,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3289166297924789550" + "version": "0.21.1.54444", + "templateHash": "1856549003153181310" } }, "parameters": { "name": { "type": "string", - "maxLength": 63, "minLength": 4, + "maxLength": 63, "metadata": { "description": "Required. The data export rule name." } @@ -5218,8 +5239,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -5445,8 +5466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1145398762062008037" + "version": "0.21.1.54444", + "templateHash": "15607599815412583880" } }, "parameters": { @@ -5490,8 +5511,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 730, "minValue": -1, + "maxValue": 730, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5513,8 +5534,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 2555, "minValue": -1, + "maxValue": 2555, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5614,8 +5635,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15503229472224280826" + "version": "0.21.1.54444", + "templateHash": "15387093705469323985" } }, "parameters": { @@ -5765,8 +5786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7352784420507326330" + "version": "0.21.1.54444", + "templateHash": "3735355062180278453" } }, "parameters": { @@ -5979,8 +6000,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -6121,14 +6142,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -6288,8 +6309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16579532157576436548" + "version": "0.21.1.54444", + "templateHash": "13887797196136912022" } }, "parameters": { @@ -6620,8 +6641,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -6803,8 +6824,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5539435599928560626" + "version": "0.21.1.54444", + "templateHash": "1777331299932618478" } }, "parameters": { @@ -6982,8 +7003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -7251,8 +7272,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -7332,8 +7353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7759814680098607558" + "version": "0.21.1.54444", + "templateHash": "17066253197438681775" } }, "parameters": { @@ -7804,8 +7825,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8037,8 +8058,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8342,7 +8363,34 @@ "value": "[variables('varDnsServers')]" }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", - "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]" + "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", + "deployAvdFirewall": { + "value": "[parameters('deployAvdFirewall')]" + }, + "firewallName": { + "value": "[variables('varFiwewallName')]" + }, + "firewallPolicyName": { + "value": "[variables('varFiwewallPolicyName')]" + }, + "firewallPolicyRuleCollectionGroupName": { + "value": "[variables('varFiwewallPolicyRuleCollectionGroupName')]" + }, + "firewallPolicyNetworkRuleCollectionName": { + "value": "[variables('varFiwewallPolicyNetworkRuleCollectionName')]" + }, + "firewallPolicyOptionalRuleCollectionGroupName": { + "value": "[variables('varFiwewallPolicyOptionalRuleCollectionGroupName')]" + }, + "firewallPolicyOptionalNetworkRuleCollectionName": { + "value": "[variables('varFiwewallPolicyOptionalNetworkRuleCollectionName')]" + }, + "firewallPolicyOptionalApplicationRuleCollectionName": { + "value": "[variables('varFiwewallPolicyOptionalApplicationRuleCollectionName')]" + }, + "firewallSubnetAddressPrefix": { + "value": "[parameters('firewallSubnetAddressPrefix')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -8350,8 +8398,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3756011210515160191" + "version": "0.21.1.54444", + "templateHash": "744206307789280632" } }, "parameters": { @@ -8464,6 +8512,60 @@ "description": "Create virtual network peering to hub." } }, + "deployAvdFirewall": { + "type": "bool", + "metadata": { + "description": "Create firewall and firewall policy to hub virtual network." + } + }, + "firewallName": { + "type": "string", + "metadata": { + "description": "Firewall name" + } + }, + "firewallPolicyName": { + "type": "string", + "metadata": { + "description": "Firewall policy name" + } + }, + "firewallPolicyRuleCollectionGroupName": { + "type": "string", + "metadata": { + "description": "Firewall policy rule collection group name" + } + }, + "firewallPolicyOptionalRuleCollectionGroupName": { + "type": "string", + "metadata": { + "description": "Firewall policy rule collection group name (optional)" + } + }, + "firewallPolicyNetworkRuleCollectionName": { + "type": "string", + "metadata": { + "description": "Firewall policy network rule collection name" + } + }, + "firewallPolicyOptionalNetworkRuleCollectionName": { + "type": "string", + "metadata": { + "description": "Firewall policy network rule collection name (optional)" + } + }, + "firewallPolicyOptionalApplicationRuleCollectionName": { + "type": "string", + "metadata": { + "description": "Firewall policy application rule collection name (optional)" + } + }, + "firewallSubnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "Firewall subnet adderss prefix" + } + }, "deployPrivateEndpointSubnet": { "type": "bool", "metadata": { @@ -8552,7 +8654,10 @@ "varExistingAvdVnetSubId": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[2], '')]", "varExistingAvdVnetSubRgName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[4], '')]", "varExistingAvdVnetName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[8], '')]", - "varExistingAvdVnetResourceId": "[if(not(parameters('createVnet')), format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/virtualNetworks/{2}', variables('varExistingAvdVnetSubId'), variables('varExistingAvdVnetSubRgName'), variables('varExistingAvdVnetName')), '')]" + "varExistingAvdVnetResourceId": "[if(not(parameters('createVnet')), format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/virtualNetworks/{2}', variables('varExistingAvdVnetSubId'), variables('varExistingAvdVnetSubRgName'), variables('varExistingAvdVnetName')), '')]", + "varExistingHubSubId": "[split(parameters('existingHubVnetResourceId'), '/')[2]]", + "varExistingHubSubRgName": "[split(parameters('existingHubVnetResourceId'), '/')[4]]", + "varExistingHubVnetName": "[split(parameters('existingHubVnetResourceId'), '/')[8]]" }, "resources": [ { @@ -8692,8 +8797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.21.1.54444", + "templateHash": "12715653640573668517" } }, "parameters": { @@ -8755,14 +8860,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -8956,8 +9061,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9201,8 +9306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -9416,8 +9521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.21.1.54444", + "templateHash": "12715653640573668517" } }, "parameters": { @@ -9479,14 +9584,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9680,8 +9785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9925,8 +10030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -10131,8 +10236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4126277245845030634" + "version": "0.21.1.54444", + "templateHash": "16972778608528683628" } }, "parameters": { @@ -10152,358 +10257,358 @@ "lock": { "type": "string", "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], "metadata": { "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/applicationSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": {} + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + }, + { + "copy": { + "name": "applicationSecurityGroup_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4152038459218204517" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the application security group was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the application security group." + }, + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the application security group." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "condition": "[parameters('createVnet')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/applicationSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": {} - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - }, - { - "copy": { - "name": "applicationSecurityGroup_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9764104744913843180" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the application security group was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the application security group." - }, - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the application security group." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" - } - } - } - } - }, - { - "condition": "[parameters('createVnet')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('avdRouteTableName')]" - }, - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name given for the hub route table." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "routes": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of Routes to be established within the hub route table." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to disable BGP route propagation." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10601,8 +10706,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -10810,8 +10915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" } }, "parameters": { @@ -10845,14 +10950,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10950,8 +11055,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -11173,8 +11278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10436531327774101026" + "version": "0.21.1.54444", + "templateHash": "16057298145739940641" } }, "parameters": { @@ -11235,21 +11340,21 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ] + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, + "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - }, - "maxValue": 30 + } }, "diagnosticStorageAccountId": { "type": "string", @@ -11282,14 +11387,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -11507,8 +11612,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12913964363513527115" + "version": "0.21.1.54444", + "templateHash": "4385347612687619252" } }, "parameters": { @@ -11700,8 +11805,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1508597549221173835" + "version": "0.21.1.54444", + "templateHash": "15642916335871461785" } }, "parameters": { @@ -11923,8 +12028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12089,8 +12194,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12250,8 +12355,3396 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7449417204208520653" + "version": "0.21.1.54444", + "templateHash": "826837070159019998" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/virtualNetworks', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network." + }, + "value": "[parameters('name')]" + }, + "subnetNames": { + "type": "array", + "metadata": { + "description": "The names of the deployed subnets." + }, + "copy": { + "count": "[length(parameters('subnets'))]", + "input": "[parameters('subnets')[copyIndex()].name]" + } + }, + "subnetResourceIds": { + "type": "array", + "metadata": { + "description": "The resource IDs of the deployed subnets." + }, + "copy": { + "count": "[length(parameters('subnets'))]", + "input": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('name'), parameters('subnets')[copyIndex()].name)]" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2022-07-01', 'full').location]" + }, + "diagnosticsLogs": { + "type": "array", + "metadata": { + "description": "The Diagnostic Settings of the virtual network." + }, + "value": "[variables('diagnosticsLogs')]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.file.core.windows.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "903283518806229825" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.azure.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "903283518806229825" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.file.core.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "903283518806229825" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "903283518806229825" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[parameters('deployAvdFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-Policy-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallPolicyName')]" + }, + "enableProxy": { + "value": true + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4407823163253500708" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the Firewall Policy." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the Firewall policy resource." + } + }, + "systemAssignedIdentity": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedIdentities": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The ID(s) to assign to the resource." + } + }, + "basePolicyResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the base policy." + } + }, + "enableProxy": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enable DNS Proxy on Firewalls attached to the Firewall Policy." + } + }, + "servers": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of Custom DNS Servers." + } + }, + "insightsIsEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. A flag to indicate if the insights are enabled on the policy." + } + }, + "defaultWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Default Log Analytics Resource ID for Firewall Policy Insights." + } + }, + "workspaces": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of workspaces for Firewall Policy Insights." + } + }, + "retentionDays": { + "type": "int", + "defaultValue": 365, + "metadata": { + "description": "Optional. Number of days the insights should be enabled on the policy." + } + }, + "bypassTrafficSettings": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of rules for traffic to bypass." + } + }, + "signatureOverrides": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of specific signatures states." + } + }, + "mode": { + "type": "string", + "defaultValue": "Off", + "allowedValues": [ + "Alert", + "Deny", + "Off" + ], + "metadata": { + "description": "Optional. The configuring of intrusion detection." + } + }, + "tier": { + "type": "string", + "defaultValue": "Standard", + "allowedValues": [ + "Premium", + "Standard" + ], + "metadata": { + "description": "Optional. Tier of Firewall Policy." + } + }, + "privateRanges": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of private IP addresses/IP address ranges to not be SNAT." + } + }, + "autoLearnPrivateRanges": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. The operation mode for automatically learning private ranges to not be SNAT." + } + }, + "threatIntelMode": { + "type": "string", + "defaultValue": "Off", + "allowedValues": [ + "Alert", + "Deny", + "Off" + ], + "metadata": { + "description": "Optional. The operation mode for Threat Intel." + } + }, + "allowSqlRedirect": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999." + } + }, + "fqdns": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of FQDNs for the ThreatIntel Allowlist." + } + }, + "ipAddresses": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of IP addresses for the ThreatIntel Allowlist." + } + }, + "keyVaultSecretId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stored in KeyVault." + } + }, + "certificateName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the CA certificate." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "ruleCollectionGroups": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Rule collection groups." + } + } + }, + "variables": { + "identityType": "[if(parameters('systemAssignedIdentity'), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", + "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "identity": "[variables('identity')]", + "properties": { + "basePolicy": "[if(not(empty(parameters('basePolicyResourceId'))), createObject('id', parameters('basePolicyResourceId')), null())]", + "dnsSettings": "[if(parameters('enableProxy'), createObject('enableProxy', parameters('enableProxy'), 'servers', parameters('servers')), null())]", + "insights": "[if(parameters('insightsIsEnabled'), createObject('isEnabled', parameters('insightsIsEnabled'), 'logAnalyticsResources', createObject('defaultWorkspaceId', createObject('id', if(not(empty(parameters('defaultWorkspaceId'))), parameters('defaultWorkspaceId'), null())), 'workspaces', if(not(empty(parameters('workspaces'))), parameters('workspaces'), null())), 'retentionDays', parameters('retentionDays')), null())]", + "intrusionDetection": "[if(not(equals(parameters('mode'), 'Off')), createObject('configuration', createObject('bypassTrafficSettings', if(not(empty(parameters('bypassTrafficSettings'))), parameters('bypassTrafficSettings'), null()), 'signatureOverrides', if(not(empty(parameters('signatureOverrides'))), parameters('signatureOverrides'), null())), 'mode', parameters('mode')), null())]", + "sku": { + "tier": "[parameters('tier')]" + }, + "snat": "[if(not(empty(parameters('privateRanges'))), createObject('autoLearnPrivateRanges', parameters('autoLearnPrivateRanges'), 'privateRanges', parameters('privateRanges')), null())]", + "sql": { + "allowSqlRedirect": "[parameters('allowSqlRedirect')]" + }, + "threatIntelMode": "[parameters('threatIntelMode')]", + "threatIntelWhitelist": { + "fqdns": "[parameters('fqdns')]", + "ipAddresses": "[parameters('ipAddresses')]" + }, + "transportSecurity": "[if(or(not(empty(parameters('keyVaultSecretId'))), not(empty(parameters('certificateName')))), createObject('certificateAuthority', createObject('keyVaultSecretId', if(not(empty(parameters('keyVaultSecretId'))), parameters('keyVaultSecretId'), null()), 'name', if(not(empty(parameters('certificateName'))), parameters('certificateName'), null()))), null())]" + } + }, + { + "copy": { + "name": "firewallPolicy_ruleCollectionGroups", + "count": "[length(parameters('ruleCollectionGroups'))]", + "mode": "serial", + "batchSize": 1 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-firewallPolicy_ruleCollectionGroups-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "firewallPolicyName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('ruleCollectionGroups')[copyIndex()].name]" + }, + "priority": { + "value": "[parameters('ruleCollectionGroups')[copyIndex()].priority]" + }, + "ruleCollections": { + "value": "[parameters('ruleCollectionGroups')[copyIndex()].ruleCollections]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "2968908276504673942" + } + }, + "parameters": { + "firewallPolicyName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Firewall Policy. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule collection group to deploy." + } + }, + "priority": { + "type": "int", + "metadata": { + "description": "Required. Priority of the Firewall Policy Rule Collection Group resource." + } + }, + "ruleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Group of Firewall Policy rule collections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('firewallPolicyName'), parameters('name'))]", + "properties": { + "priority": "[parameters('priority')]", + "ruleCollections": "[parameters('ruleCollections')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed rule collection group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed rule collection group." + }, + "value": "[resourceId('Microsoft.Network/firewallPolicies/ruleCollectionGroups', parameters('firewallPolicyName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed rule collection group." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/firewallPolicies', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed firewall policy." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed firewall policy." + }, + "value": "[resourceId('Microsoft.Network/firewallPolicies', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed firewall policy." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/firewallPolicies', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "condition": "[parameters('deployAvdFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-Policy-Rcg-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallPolicyRuleCollectionGroupName')]" + }, + "firewallPolicyName": { + "value": "[parameters('firewallPolicyName')]" + }, + "priority": { + "value": 100 + }, + "ruleCollections": { + "value": [ + { + "name": "[parameters('firewallPolicyNetworkRuleCollectionName')]", + "priority": 100, + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "NetworkRule", + "name": "Auth to Msft Online Services", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "login.microsoftonline.com" + ], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Service Traffic", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "WindowsVirtualDesktop", + "AzureFrontDoor.Frontend", + "AzureMonitor" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "DNS Traffic", + "ipProtocols": [ + "TCP", + "UDP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "*" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "53" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Azure Windows Activation", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "20.118.99.224", + "40.83.235.53" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "1688" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Windows Activation", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "23.102.135.246" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "1688" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Agent and SxS Stack Updates", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "mrsglobalsteus2prod.blob.core.windows.net" + ], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Azure Portal Support", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "wvdportalstorageblob.blob.core.windows.net" + ], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Cert CRL OneOCSP", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "oneocsp.microsoft.com" + ], + "destinationPorts": [ + "80" + ] + }, + { + "ruleType": "NetworkRule", + "name": "Cert CRL MicrosoftDotCom", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "www.microsoft.com" + ], + "destinationPorts": [ + "80" + ] + } + ] + } + ] + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "2968908276504673942" + } + }, + "parameters": { + "firewallPolicyName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Firewall Policy. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule collection group to deploy." + } + }, + "priority": { + "type": "int", + "metadata": { + "description": "Required. Priority of the Firewall Policy Rule Collection Group resource." + } + }, + "ruleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Group of Firewall Policy rule collections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('firewallPolicyName'), parameters('name'))]", + "properties": { + "priority": "[parameters('priority')]", + "ruleCollections": "[parameters('ruleCollections')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed rule collection group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed rule collection group." + }, + "value": "[resourceId('Microsoft.Network/firewallPolicies/ruleCollectionGroups', parameters('firewallPolicyName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed rule collection group." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]" + ] + }, + { + "condition": "[parameters('deployAvdFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-Policy-Rcg-Optional-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallPolicyOptionalRuleCollectionGroupName')]" + }, + "firewallPolicyName": { + "value": "[parameters('firewallPolicyName')]" + }, + "priority": { + "value": 200 + }, + "ruleCollections": { + "value": [ + { + "name": "[parameters('firewallPolicyOptionalNetworkRuleCollectionName')]", + "priority": 100, + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "NetworkRule", + "name": "NTP", + "ipProtocols": [ + "UDP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "time.windows.com" + ], + "destinationPorts": [ + "123" + ] + }, + { + "ruleType": "NetworkRule", + "name": "SigninToMSOL365", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "login.windows.net" + ], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "DetectOSconnectedToInternet", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "www.msftconnecttest.com" + ], + "destinationPorts": [ + "443" + ] + } + ] + }, + { + "name": "[parameters('firewallPolicyOptionalApplicationRuleCollectionName')]", + "priority": 200, + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "action": { + "type": "Allow" + }, + "rules": [ + { + "ruleType": "ApplicationRule", + "name": "UpdatesforOneDrive", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [ + "WindowsUpdate", + "WindowsDiagnostic", + "MicrosoftActiveProtectionService" + ], + "webCategories": [], + "targetFqdns": [], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "TelemetryService", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "*.events.data.microsoft.com" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "Windows Update", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "*.sfx.ms" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "DigitcertCRL", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "*.digicert.com" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "AzureDNSResolution", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "*.azure-dns.com", + "*.azure-dns.net" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + } + ] + } + ] + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "2968908276504673942" + } + }, + "parameters": { + "firewallPolicyName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Firewall Policy. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule collection group to deploy." + } + }, + "priority": { + "type": "int", + "metadata": { + "description": "Required. Priority of the Firewall Policy Rule Collection Group resource." + } + }, + "ruleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Group of Firewall Policy rule collections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('firewallPolicyName'), parameters('name'))]", + "properties": { + "priority": "[parameters('priority')]", + "ruleCollections": "[parameters('ruleCollections')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed rule collection group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed rule collection group." + }, + "value": "[resourceId('Microsoft.Network/firewallPolicies/ruleCollectionGroups', parameters('firewallPolicyName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed rule collection group." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-{0}', parameters('time')))]" + ] + }, + { + "condition": "[parameters('deployAvdFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-Subnet-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "addressPrefix": { + "value": "[parameters('firewallSubnetAddressPrefix')]" + }, + "name": { + "value": "AzureFirewallSubnet" + }, + "virtualNetworkName": { + "value": "[variables('varExistingHubVnetName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4385347612687619252" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Optional. The Name of the subnet resource." + } + }, + "virtualNetworkName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment." + } + }, + "addressPrefix": { + "type": "string", + "metadata": { + "description": "Required. The address prefix for the subnet." + } + }, + "networkSecurityGroupId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the network security group to assign to the subnet." + } + }, + "routeTableId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the route table to assign to the subnet." + } + }, + "serviceEndpoints": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The service endpoints to enable on the subnet." + } + }, + "delegations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The delegations to enable on the subnet." + } + }, + "natGatewayId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the NAT Gateway to use for the subnet." + } + }, + "privateEndpointNetworkPolicies": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Disabled", + "Enabled", + "" + ], + "metadata": { + "description": "Optional. enable or disable apply network policies on private endpoint in the subnet." + } + }, + "privateLinkServiceNetworkPolicies": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Disabled", + "Enabled", + "" + ], + "metadata": { + "description": "Optional. enable or disable apply network policies on private link service in the subnet." + } + }, + "addressPrefixes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of address prefixes for the subnet." + } + }, + "applicationGatewayIpConfigurations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Application gateway IP configurations of virtual network resource." + } + }, + "ipAllocations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of IpAllocation which reference this subnet." + } + }, + "serviceEndpointPolicies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An array of service endpoint policies." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('name'))]", + "properties": { + "addressPrefix": "[parameters('addressPrefix')]", + "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupId'))), createObject('id', parameters('networkSecurityGroupId')), null())]", + "routeTable": "[if(not(empty(parameters('routeTableId'))), createObject('id', parameters('routeTableId')), null())]", + "natGateway": "[if(not(empty(parameters('natGatewayId'))), createObject('id', parameters('natGatewayId')), null())]", + "serviceEndpoints": "[parameters('serviceEndpoints')]", + "delegations": "[parameters('delegations')]", + "privateEndpointNetworkPolicies": "[if(not(empty(parameters('privateEndpointNetworkPolicies'))), parameters('privateEndpointNetworkPolicies'), null())]", + "privateLinkServiceNetworkPolicies": "[if(not(empty(parameters('privateLinkServiceNetworkPolicies'))), parameters('privateLinkServiceNetworkPolicies'), null())]", + "addressPrefixes": "[parameters('addressPrefixes')]", + "applicationGatewayIpConfigurations": "[parameters('applicationGatewayIpConfigurations')]", + "ipAllocations": "[parameters('ipAllocations')]", + "serviceEndpointPolicies": "[parameters('serviceEndpointPolicies')]" + } + }, + { + "copy": { + "name": "subnet_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Subnet-Rbac-{1}', uniqueString(deployment().name, resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "15642916335871461785" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1])]", + "name": "[guid(resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1]), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network peering was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network peering." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network peering." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + }, + "subnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the subnet." + }, + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), '2022-07-01').addressPrefix]" + }, + "subnetAddressPrefixes": { + "type": "array", + "metadata": { + "description": "List of address prefixes for the subnet." + }, + "value": "[if(not(empty(parameters('addressPrefixes'))), reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), '2022-07-01').addressPrefixes, createArray())]" + } + } + } + } + }, + { + "condition": "[parameters('deployAvdFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallName')]" + }, + "vNetId": { + "value": "[parameters('existingHubVnetResourceId')]" + }, + "firewallPolicyId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "2960346647454834982" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the Azure Firewall." + } + }, + "azureSkuTier": { + "type": "string", + "defaultValue": "Standard", + "allowedValues": [ + "Standard", + "Premium" + ], + "metadata": { + "description": "Optional. Tier of an Azure Firewall." + } + }, + "vNetId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty." + } + }, + "publicIPResourceID": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet." + } + }, + "additionalPublicIpConfigurations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration." + } + }, + "isCreateDefaultPublicIP": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Specifies if a Public IP should be created by default if one is not provided." + } + }, + "publicIPAddressObject": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPAddressId is empty, a '-pip' suffix will be appended to the Firewall's name." + } + }, + "applicationRuleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Collection of application rule collections used by Azure Firewall." + } + }, + "networkRuleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Collection of network rule collections used by Azure Firewall." + } + }, + "natRuleCollections": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Collection of NAT rule collections used by Azure Firewall." + } + }, + "firewallPolicyId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the Firewall Policy that should be attached." + } + }, + "hubIPAddresses": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Conditional. IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied." + } + }, + "virtualHubId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty." + } + }, + "threatIntelMode": { + "type": "string", + "defaultValue": "Deny", + "allowedValues": [ + "Alert", + "Deny", + "Off" + ], + "metadata": { + "description": "Optional. The operation mode for Threat Intel." + } + }, + "zones": { + "type": "array", + "defaultValue": [ + "1", + "2", + "3" + ], + "metadata": { + "description": "Optional. Zone numbers e.g. 1,2,3." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Diagnostic Storage Account resource identifier." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Log Analytics workspace resource identifier." + } + }, + "diagnosticLogsRetentionInDays": { + "type": "int", + "defaultValue": 365, + "minValue": 0, + "maxValue": 365, + "metadata": { + "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the Azure Firewall resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "AzureFirewallApplicationRule", + "AzureFirewallNetworkRule", + "AzureFirewallDnsProxy" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "additionalPublicIpConfigurationsVar", + "count": "[length(parameters('additionalPublicIpConfigurations'))]", + "input": { + "name": "[parameters('additionalPublicIpConfigurations')[copyIndex('additionalPublicIpConfigurationsVar')].name]", + "properties": { + "publicIPAddress": "[if(contains(parameters('additionalPublicIpConfigurations')[copyIndex('additionalPublicIpConfigurationsVar')], 'publicIPAddressResourceId'), createObject('id', parameters('additionalPublicIpConfigurations')[copyIndex('additionalPublicIpConfigurationsVar')].publicIPAddressResourceId), null())]" + } + } + }, + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs')))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs'))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true, + "retentionPolicy": { + "enabled": true, + "days": "[parameters('diagnosticLogsRetentionInDays')]" + } + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true, + "retentionPolicy": { + "enabled": true, + "days": "[parameters('diagnosticLogsRetentionInDays')]" + } + } + } + ], + "subnetVar": { + "subnet": { + "id": "[format('{0}/subnets/AzureFirewallSubnet', parameters('vNetId'))]" + } + }, + "existingPip": { + "publicIPAddress": { + "id": "[parameters('publicIPResourceID')]" + } + }, + "azureSkuName": "[if(empty(parameters('vNetId')), 'AZFW_Hub', 'AZFW_VNet')]", + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true(), 'retentionPolicy', createObject('enabled', true(), 'days', parameters('diagnosticLogsRetentionInDays')))), variables('diagnosticsLogsSpecified'))]", + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/azureFirewalls", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "zones": "[if(equals(length(parameters('zones')), 0), null(), parameters('zones'))]", + "tags": "[parameters('tags')]", + "properties": "[if(equals(variables('azureSkuName'), 'AZFW_VNet'), createObject('threatIntelMode', parameters('threatIntelMode'), 'firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'ipConfigurations', concat(createArray(createObject('name', if(not(empty(parameters('publicIPResourceID'))), last(split(parameters('publicIPResourceID'), '/')), reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.name.value), 'properties', union(variables('subnetVar'), if(not(empty(parameters('publicIPResourceID'))), variables('existingPip'), createObject()), if(parameters('isCreateDefaultPublicIP'), createObject('publicIPAddress', if(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), createObject('id', reference(resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))), '2022-09-01').outputs.resourceId.value), null())), createObject())))), variables('additionalPublicIpConfigurationsVar')), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'applicationRuleCollections', parameters('applicationRuleCollections'), 'natRuleCollections', parameters('natRuleCollections'), 'networkRuleCollections', parameters('networkRuleCollections')), createObject('firewallPolicy', if(not(empty(parameters('firewallPolicyId'))), createObject('id', parameters('firewallPolicyId')), null()), 'sku', createObject('name', variables('azureSkuName'), 'tier', parameters('azureSkuTier')), 'hubIPAddresses', if(not(empty(parameters('hubIPAddresses'))), parameters('hubIPAddresses'), null()), 'virtualHub', if(not(empty(parameters('virtualHubId'))), createObject('id', parameters('virtualHubId')), null())))]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + ] + }, + { + "condition": "[and(and(empty(parameters('publicIPResourceID')), parameters('isCreateDefaultPublicIP')), equals(variables('azureSkuName'), 'AZFW_VNet'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Firewall-PIP', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": "[if(contains(parameters('publicIPAddressObject'), 'name'), if(not(empty(parameters('publicIPAddressObject').name)), createObject('value', parameters('publicIPAddressObject').name), createObject('value', format('{0}-pip', parameters('name')))), createObject('value', format('{0}-pip', parameters('name'))))]", + "publicIPPrefixResourceId": "[if(contains(parameters('publicIPAddressObject'), 'publicIPPrefixResourceId'), if(not(empty(parameters('publicIPAddressObject').publicIPPrefixResourceId)), createObject('value', parameters('publicIPAddressObject').publicIPPrefixResourceId), createObject('value', '')), createObject('value', ''))]", + "publicIPAllocationMethod": "[if(contains(parameters('publicIPAddressObject'), 'publicIPAllocationMethod'), if(not(empty(parameters('publicIPAddressObject').publicIPAllocationMethod)), createObject('value', parameters('publicIPAddressObject').publicIPAllocationMethod), createObject('value', 'Static')), createObject('value', 'Static'))]", + "skuName": "[if(contains(parameters('publicIPAddressObject'), 'skuName'), if(not(empty(parameters('publicIPAddressObject').skuName)), createObject('value', parameters('publicIPAddressObject').skuName), createObject('value', 'Standard')), createObject('value', 'Standard'))]", + "skuTier": "[if(contains(parameters('publicIPAddressObject'), 'skuTier'), if(not(empty(parameters('publicIPAddressObject').skuTier)), createObject('value', parameters('publicIPAddressObject').skuTier), createObject('value', 'Regional')), createObject('value', 'Regional'))]", + "roleAssignments": "[if(contains(parameters('publicIPAddressObject'), 'roleAssignments'), if(not(empty(parameters('publicIPAddressObject').roleAssignments)), createObject('value', parameters('publicIPAddressObject').roleAssignments), createObject('value', createArray())), createObject('value', createArray()))]", + "diagnosticMetricsToEnable": "[if(contains(parameters('publicIPAddressObject'), 'diagnosticMetricsToEnable'), if(not(empty(parameters('publicIPAddressObject').diagnosticMetricsToEnable)), createObject('value', parameters('publicIPAddressObject').diagnosticMetricsToEnable), createObject('value', createArray('AllMetrics'))), createObject('value', createArray('AllMetrics')))]", + "diagnosticLogCategoriesToEnable": "[if(contains(parameters('publicIPAddressObject'), 'diagnosticLogCategoriesToEnable'), createObject('value', parameters('publicIPAddressObject').diagnosticLogCategoriesToEnable), createObject('value', createArray('allLogs')))]", + "location": { + "value": "[parameters('location')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "zones": { + "value": "[parameters('zones')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "1998504441889364515" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Public IP Address." + } + }, + "publicIPPrefixResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix." + } + }, + "publicIPAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ], + "metadata": { + "description": "Optional. The public IP address allocation method." + } + }, + "skuName": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Optional. Name of a public IP address SKU." + } + }, + "skuTier": { + "type": "string", + "defaultValue": "Regional", + "allowedValues": [ + "Global", + "Regional" + ], + "metadata": { + "description": "Optional. Tier of a public IP address SKU." + } + }, + "zones": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. A list of availability zones denoting the IP allocated for the resource needs to come from." + } + }, + "publicIPAddressVersion": { + "type": "string", + "defaultValue": "IPv4", + "allowedValues": [ + "IPv4", + "IPv6" + ], + "metadata": { + "description": "Optional. IP address version." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "domainNameLabel": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system." + } + }, + "fqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone." + } + }, + "reverseFqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "DDoSProtectionNotifications", + "DDoSMitigationFlowLogs", + "DDoSMitigationReports" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs')))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs'))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ], + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), variables('diagnosticsLogsSpecified'))]" + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('skuName')]", + "tier": "[parameters('skuTier')]" + }, + "zones": "[parameters('zones')]", + "properties": { + "dnsSettings": "[if(not(empty(parameters('domainNameLabel'))), createObject('domainNameLabel', parameters('domainNameLabel'), 'fqdn', parameters('fqdn'), 'reverseFqdn', parameters('reverseFqdn')), null())]", + "publicIPAddressVersion": "[parameters('publicIPAddressVersion')]", + "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", + "publicIPPrefix": "[if(not(empty(parameters('publicIPPrefixResourceId'))), createObject('id', parameters('publicIPPrefixResourceId')), null())]", + "idleTimeoutInMinutes": 4, + "ipTags": [] + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "copy": { + "name": "publicIpAddress_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PIPAddress-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/publicIPAddresses', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the public IP address was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the public IP address." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the public IP address." + }, + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + }, + "ipAddress": { + "type": "string", + "metadata": { + "description": "The public IP address of the public IP address resource." + }, + "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01').ipAddress, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "copy": { + "name": "azureFirewall_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AzFW-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4956524931122744714" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/azureFirewalls/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/azureFirewalls', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Azure Firewall." + }, + "value": "[resourceId('Microsoft.Network/azureFirewalls', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the Azure Firewall." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the Azure firewall was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "privateIp": { + "type": "string", + "metadata": { + "description": "The private IP of the Azure firewall." + }, + "value": "[if(contains(reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2022-07-01'), 'ipConfigurations'), reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2022-07-01').ipConfigurations[0].properties.privateIPAddress, '')]" + }, + "ipConfAzureFirewallSubnet": { + "type": "object", + "metadata": { + "description": "The Public IP configuration object for the Azure Firewall Subnet." + }, + "value": "[if(contains(reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2022-07-01'), 'ipConfigurations'), reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2022-07-01').ipConfigurations[0], createObject())]" + }, + "applicationRuleCollections": { + "type": "array", + "metadata": { + "description": "List of Application Rule Collections." + }, + "value": "[parameters('applicationRuleCollections')]" + }, + "networkRuleCollections": { + "type": "array", + "metadata": { + "description": "List of Network Rule Collections." + }, + "value": "[parameters('networkRuleCollections')]" + }, + "natRuleCollections": { + "type": "array", + "metadata": { + "description": "Collection of NAT rule collections used by Azure Firewall." + }, + "value": "[parameters('natRuleCollections')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createVnet'), parameters('deployAvdFirewall'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-Fw-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'default', 'properties', createObject('addressPrefix', '0.0.0.0/0', 'nextHopIpAddress', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time'))), '2022-09-01').outputs.privateIp.value, 'nextHopType', 'VirtualAppliance')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "routes": "[parameters('routes')]", + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + ] + }, + { + "copy": { + "name": "routeTable_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-RouteTable-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -12374,8 +15867,8 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/virtualNetworks', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "scope": "[format('Microsoft.Network/routeTables/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/routeTables', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", "properties": { "description": "[parameters('description')]", "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", @@ -12390,7 +15883,7 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" ] } ], @@ -12398,418 +15891,36 @@ "resourceGroupName": { "type": "string", "metadata": { - "description": "The resource group the virtual network was deployed into." + "description": "The resource group the route table was deployed into." }, "value": "[resourceGroup().name]" }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the virtual network." - }, - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" - }, "name": { "type": "string", "metadata": { - "description": "The name of the virtual network." + "description": "The name of the route table." }, "value": "[parameters('name')]" }, - "subnetNames": { - "type": "array", - "metadata": { - "description": "The names of the deployed subnets." - }, - "copy": { - "count": "[length(parameters('subnets'))]", - "input": "[parameters('subnets')[copyIndex()].name]" - } - }, - "subnetResourceIds": { - "type": "array", - "metadata": { - "description": "The resource IDs of the deployed subnets." - }, - "copy": { - "count": "[length(parameters('subnets'))]", - "input": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('name'), parameters('subnets')[copyIndex()].name)]" - } - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2022-07-01', 'full').location]" - }, - "diagnosticsLogs": { - "type": "array", - "metadata": { - "description": "The Diagnostic Settings of the virtual network." - }, - "value": "[variables('diagnosticsLogs')]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.windows.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.azure.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { "type": "string", "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } + "description": "The resource ID of the route table." }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" }, - "virtualNetworkResourceId": { + "location": { "type": "string", "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } + "description": "The location the resource was deployed into." }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2022-07-01', 'full').location]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time')))]" ] } ], @@ -12933,8 +16044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3669216872795545582" + "version": "0.21.1.54444", + "templateHash": "4247202091397558834" } }, "parameters": { @@ -13048,13 +16159,13 @@ }, "hostPoolType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "preferredAppGroupType": { "type": "string", @@ -13070,23 +16181,23 @@ }, "personalAssignType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "hostPoolLoadBalancerType": { "type": "string", - "metadata": { - "description": "AVD host pool load balacing type." - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type." + } }, "hostPoolMaxSessions": { "type": "int", @@ -13218,8 +16329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14753481159691076868" + "version": "0.21.1.54444", + "templateHash": "13399704224502342582" } }, "parameters": { @@ -13359,14 +16470,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13610,8 +16721,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2314964423044495570" + "version": "0.21.1.54444", + "templateHash": "15758203474913146406" } }, "parameters": { @@ -13828,8 +16939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "782391975946165786" + "version": "0.21.1.54444", + "templateHash": "2132806116783886507" } }, "parameters": { @@ -13915,14 +17026,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14081,8 +17192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7203259033747042619" + "version": "0.21.1.54444", + "templateHash": "11635969849932067949" } }, "parameters": { @@ -14120,14 +17231,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ] + ], + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + } }, "commandLineArguments": { "type": "string", @@ -14259,8 +17370,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1752140700494840741" + "version": "0.21.1.54444", + "templateHash": "9771114878684828045" } }, "parameters": { @@ -14466,8 +17577,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "324317554219687604" + "version": "0.21.1.54444", + "templateHash": "18405598736525966402" } }, "parameters": { @@ -14536,14 +17647,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14695,8 +17806,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6421047844253253523" + "version": "0.21.1.54444", + "templateHash": "12071774351316031070" } }, "parameters": { @@ -14916,8 +18027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17010593045994332917" + "version": "0.21.1.54444", + "templateHash": "2398896279200009074" } }, "parameters": { @@ -14959,12 +18070,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "Optional. The type of hostpool where this scaling plan should be applied." - }, "allowedValues": [ "Pooled" - ] + ], + "metadata": { + "description": "Optional. The type of hostpool where this scaling plan should be applied." + } }, "exclusionTag": { "type": "string", @@ -15184,8 +18295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12892308842611713996" + "version": "0.21.1.54444", + "templateHash": "5284850760210698082" } }, "parameters": { @@ -15421,8 +18532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16001375654748927393" + "version": "0.21.1.54444", + "templateHash": "3253016444031789965" } }, "parameters": { @@ -15598,324 +18709,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" - } - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "[guid(resourceGroup().id)]", - "metadata": { - "description": "Optional. Name of the User Assigned Identity." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - ] - }, - { - "copy": { - "name": "userMsi_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-UserMSI-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Managed Identity Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59')]", - "Managed Identity Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the user assigned identity." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the user assigned identity." - }, - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - }, - "principalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the user assigned identity." - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "clientId": { - "type": "string", - "metadata": { - "description": "The resource ID of the user assigned identity" - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the user assigned identity was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30', 'full').location]" - } - } - } - } - }, - { - "condition": "[or(parameters('createStorageDeployment'), parameters('createSessionHosts'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('MI-CleanUp-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('cleanUpManagedIdentityName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -15936,14 +18731,330 @@ "lock": { "type": "string", "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], "metadata": { "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]" + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + ] + }, + { + "copy": { + "name": "userMsi_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-UserMSI-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Managed Identity Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59')]", + "Managed Identity Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the user assigned identity." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the user assigned identity." + }, + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + }, + "principalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the user assigned identity." + }, + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" + }, + "clientId": { + "type": "string", + "metadata": { + "description": "The resource ID of the user assigned identity" + }, + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the user assigned identity was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." }, + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30', 'full').location]" + } + } + } + } + }, + { + "condition": "[or(parameters('createStorageDeployment'), parameters('createSessionHosts'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('MI-CleanUp-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", + "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('cleanUpManagedIdentityName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "[guid(resourceGroup().id)]", + "metadata": { + "description": "Optional. Name of the User Assigned Identity." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "lock": { + "type": "string", + "defaultValue": "", "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -16037,8 +19148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -16242,8 +19353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -16384,14 +19495,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -16543,8 +19654,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17123,8 +20234,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17701,8 +20812,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18285,8 +21396,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18865,8 +21976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -19445,8 +22556,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20019,8 +23130,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20662,8 +23773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12497703365980086846" + "version": "0.21.1.54444", + "templateHash": "1439819306129127820" } }, "parameters": { @@ -20829,8 +23940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -21018,8 +24129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -21288,8 +24399,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -21382,8 +24493,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -21652,8 +24763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -21722,8 +24833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -22306,8 +25417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -22887,8 +25998,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -22909,14 +26020,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -23010,8 +26121,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -23214,8 +26325,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -23356,14 +26467,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -23511,8 +26622,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -24121,8 +27232,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17450213271810432516" + "version": "0.21.1.54444", + "templateHash": "10225243890871880330" } }, "parameters": { @@ -24262,8 +27373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.21.1.54444", + "templateHash": "11494699434629956647" } }, "parameters": { @@ -24391,8 +27502,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -24428,14 +27539,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -24632,8 +27743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -24764,8 +27875,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -24901,8 +28012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -25096,8 +28207,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -25279,8 +28390,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -25482,8 +28593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -25549,14 +28660,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -25679,8 +28790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -25692,8 +28803,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -25814,8 +28925,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -26028,8 +29139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -26259,8 +29370,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -26442,8 +29553,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -26645,8 +29756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9857842888967195839" + "version": "0.21.1.54444", + "templateHash": "15837328238442399759" } }, "parameters": { @@ -26673,14 +29784,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "keyVaultResourceId": { "type": "string", @@ -26856,8 +29967,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2377303483140510674" + "version": "0.21.1.54444", + "templateHash": "17435508871327946334" } }, "parameters": { @@ -26932,8 +30043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1764649882380429233" + "version": "0.21.1.54444", + "templateHash": "7222366309271203422" } }, "parameters": { @@ -27004,8 +30115,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -27135,8 +30246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "205693325076049461" + "version": "0.21.1.54444", + "templateHash": "13165233376501361165" } }, "parameters": { @@ -27403,8 +30514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.21.1.54444", + "templateHash": "11494699434629956647" } }, "parameters": { @@ -27532,8 +30643,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -27569,14 +30680,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -27773,8 +30884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -27905,8 +31016,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -28042,8 +31153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -28237,8 +31348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -28420,8 +31531,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -28623,8 +31734,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -28690,14 +31801,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -28820,8 +31931,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -28833,8 +31944,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -28955,8 +32066,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -29169,8 +32280,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -29421,8 +32532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2907237861517290313" + "version": "0.21.1.54444", + "templateHash": "17547683740547410047" } }, "parameters": { @@ -29702,8 +32813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.21.1.54444", + "templateHash": "16145006903790239270" } }, "parameters": { @@ -30156,14 +33267,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -30538,8 +33649,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.21.1.54444", + "templateHash": "12494527698043294819" } }, "parameters": { @@ -30693,8 +33804,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.21.1.54444", + "templateHash": "1998504441889364515" } }, "parameters": { @@ -30814,14 +33925,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -31009,8 +34120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -31261,8 +34372,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.21.1.54444", + "templateHash": "5590101494385097417" } }, "parameters": { @@ -31324,14 +34435,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -31349,14 +34460,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -31546,8 +34657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -31765,8 +34876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -31971,8 +35082,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32172,8 +35283,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32378,8 +35489,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32574,8 +35685,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32770,8 +35881,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32970,8 +36081,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33178,8 +36289,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33379,8 +36490,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33583,8 +36694,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -33615,9 +36726,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -33629,7 +36737,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -33749,8 +36860,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -33966,8 +37077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -34108,14 +37219,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -34338,8 +37449,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "443290892200518911" + "version": "0.21.1.54444", + "templateHash": "3332339003647302114" } }, "parameters": { @@ -34597,17 +37708,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13503792698356233940" + "version": "0.21.1.54444", + "templateHash": "13264683594123465479" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -34640,23 +37751,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -34666,30 +37774,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -34811,14 +37922,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -34886,14 +37997,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -35145,8 +38256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -35340,8 +38451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -35407,14 +38518,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -35537,8 +38648,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -35550,8 +38661,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -35672,8 +38783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -35879,17 +38990,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -36003,17 +39114,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36161,17 +39272,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.21.1.54444", + "templateHash": "3867614023183305816" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -36204,8 +39315,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -36382,17 +39493,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36410,14 +39521,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -36496,17 +39607,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -36624,8 +39735,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -36862,17 +39973,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.21.1.54444", + "templateHash": "2167053915280339359" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36901,8 +40012,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37086,17 +40197,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -37121,25 +40232,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -37215,8 +40326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -37454,17 +40565,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.21.1.54444", + "templateHash": "8749040656749087019" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -37476,8 +40587,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37651,17 +40762,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -37748,8 +40859,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -37984,17 +41095,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.21.1.54444", + "templateHash": "17171385097788904997" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -38006,8 +41117,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38175,17 +41286,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38368,8 +41479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16133335500075476844" + "version": "0.21.1.54444", + "templateHash": "3833916253334122169" } }, "parameters": { @@ -38538,8 +41649,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "443290892200518911" + "version": "0.21.1.54444", + "templateHash": "3332339003647302114" } }, "parameters": { @@ -38797,17 +41908,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13503792698356233940" + "version": "0.21.1.54444", + "templateHash": "13264683594123465479" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -38840,23 +41951,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -38866,30 +41974,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -39011,14 +42122,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -39086,14 +42197,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -39345,8 +42456,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -39540,8 +42651,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -39607,14 +42718,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -39737,8 +42848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -39750,8 +42861,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -39872,8 +42983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -40079,17 +43190,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -40203,17 +43314,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40361,17 +43472,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.21.1.54444", + "templateHash": "3867614023183305816" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -40404,8 +43515,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40582,17 +43693,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40610,14 +43721,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -40696,17 +43807,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -40824,8 +43935,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -41062,17 +44173,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.21.1.54444", + "templateHash": "2167053915280339359" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -41101,8 +44212,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -41286,17 +44397,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -41321,25 +44432,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -41415,8 +44526,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -41654,17 +44765,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.21.1.54444", + "templateHash": "8749040656749087019" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -41676,8 +44787,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -41851,17 +44962,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -41948,8 +45059,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -42184,17 +45295,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.21.1.54444", + "templateHash": "17171385097788904997" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -42206,8 +45317,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42375,17 +45486,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -42568,8 +45679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16133335500075476844" + "version": "0.21.1.54444", + "templateHash": "3833916253334122169" } }, "parameters": { @@ -42684,8 +45795,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14889137037653853520" + "version": "0.21.1.54444", + "templateHash": "6119438582302440926" } }, "parameters": { @@ -42763,8 +45874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11940163391569342138" + "version": "0.21.1.54444", + "templateHash": "16350576771018439160" } }, "parameters": { @@ -42812,14 +45923,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -42921,8 +46032,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10835079600690809858" + "version": "0.21.1.54444", + "templateHash": "12543587259073888483" } }, "parameters": { @@ -43235,8 +46346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5800190286840239570" + "version": "0.21.1.54444", + "templateHash": "5880973515767091387" } }, "parameters": { @@ -43632,8 +46743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.21.1.54444", + "templateHash": "16145006903790239270" } }, "parameters": { @@ -44086,14 +47197,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -44468,8 +47579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.21.1.54444", + "templateHash": "12494527698043294819" } }, "parameters": { @@ -44623,8 +47734,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.21.1.54444", + "templateHash": "1998504441889364515" } }, "parameters": { @@ -44744,14 +47855,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -44939,8 +48050,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -45191,8 +48302,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.21.1.54444", + "templateHash": "5590101494385097417" } }, "parameters": { @@ -45254,14 +48365,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -45279,14 +48390,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -45476,8 +48587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -45695,8 +48806,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -45901,8 +49012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46102,8 +49213,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46308,8 +49419,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46504,8 +49615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46700,8 +49811,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46900,8 +50011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47108,8 +50219,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47309,8 +50420,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47513,8 +50624,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -47545,9 +50656,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -47559,7 +50667,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -47679,8 +50790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -47896,8 +51007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -48038,14 +51149,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -48229,8 +51340,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48428,8 +51539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -48570,14 +51681,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -48759,8 +51870,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48959,8 +52070,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -49101,14 +52212,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -49268,8 +52379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14854652588114627341" + "version": "0.21.1.54444", + "templateHash": "7945282169717240757" } }, "parameters": { @@ -49368,8 +52479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7172748536042045689" + "version": "0.21.1.54444", + "templateHash": "11980268490224207781" } }, "parameters": { @@ -49484,8 +52595,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "231872691044961836" + "version": "0.21.1.54444", + "templateHash": "17060282136194389196" } }, "parameters": { @@ -49577,8 +52688,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -49752,8 +52863,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -50021,8 +53132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 3a8258b20..fe93e99d5 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -161,6 +161,12 @@ param avdVnetPrivateDnsZoneKeyvaultId string = '' @sys.description('Does the hub contains a virtual network gateway. (Default: false)') param vNetworkGatewayOnHub bool = false +@sys.description('Create Azure Firewall and Azure Firewall Policy. (Default: false)') +param deployAvdFirewall bool = false + +@sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') +param firewallSubnetAddressPrefix string = '10.0.2.0/24' + @sys.description('Deploy Fslogix setup. (Default: true)') param createAvdFslogixDeployment bool = true @@ -517,6 +523,13 @@ var varPrivateEndpointNetworksecurityGroupName = avdUseCustomNaming ? privateEnd var varAvdRouteTableName = avdUseCustomNaming ? avdRouteTableCustomName : 'route-avd-${varComputeStorageResourcesNamingStandard}-001' var varPrivateEndpointRouteTableName = avdUseCustomNaming ? privateEndpointRouteTableCustomName : 'route-pe-${varComputeStorageResourcesNamingStandard}-001' var varApplicationSecurityGroupName = avdUseCustomNaming ? avdApplicationSecurityGroupCustomName : 'asg-${varComputeStorageResourcesNamingStandard}-001' +var varFiwewallName = 'fw-avd-${varHubVnetName}' +var varFiwewallPolicyName = 'fwpol-avd-${varHubVnetName}' +var varFiwewallPolicyRuleCollectionGroupName = '${varFiwewallPolicyName}-rcg' +var varFiwewallPolicyNetworkRuleCollectionName = '${varFiwewallPolicyName}-nw-rule-collection' +var varFiwewallPolicyOptionalRuleCollectionGroupName = '${varFiwewallPolicyName}-rcg-optional' +var varFiwewallPolicyOptionalNetworkRuleCollectionName = '${varFiwewallPolicyName}-nw-rule-collection-optional' +var varFiwewallPolicyOptionalApplicationRuleCollectionName = '${varFiwewallPolicyName}-app-rule-collection-optional' var varWorkSpaceName = avdUseCustomNaming ? avdWorkSpaceCustomName : 'vdws-${varManagementPlaneNamingStandard}-001' var varWorkSpaceFriendlyName = avdUseCustomNaming ? avdWorkSpaceCustomFriendlyName : 'Workspace ${deploymentPrefix} ${deploymentEnvironment} ${avdManagementPlaneLocation} 001' var varHostPoolName = avdUseCustomNaming ? avdHostPoolCustomName : 'vdpool-${varManagementPlaneNamingStandard}-001' @@ -950,6 +963,15 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre dnsServers: varDnsServers tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' + deployAvdFirewall: deployAvdFirewall + firewallName: varFiwewallName + firewallPolicyName: varFiwewallPolicyName + firewallPolicyRuleCollectionGroupName: varFiwewallPolicyRuleCollectionGroupName + firewallPolicyNetworkRuleCollectionName: varFiwewallPolicyNetworkRuleCollectionName + firewallPolicyOptionalRuleCollectionGroupName: varFiwewallPolicyOptionalRuleCollectionGroupName + firewallPolicyOptionalNetworkRuleCollectionName: varFiwewallPolicyOptionalNetworkRuleCollectionName + firewallPolicyOptionalApplicationRuleCollectionName: varFiwewallPolicyOptionalApplicationRuleCollectionName + firewallSubnetAddressPrefix: firewallSubnetAddressPrefix } dependsOn: [ baselineNetworkResourceGroup diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 4ea9fa8f3..d67cf581a 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -57,6 +57,33 @@ param remoteVnetPeeringName string @sys.description('Create virtual network peering to hub.') param createVnetPeering bool +@sys.description('Create firewall and firewall policy to hub virtual network.') +param deployAvdFirewall bool + +@sys.description('Firewall name') +param firewallName string + +@sys.description('Firewall policy name') +param firewallPolicyName string + +@sys.description('Firewall policy rule collection group name') +param firewallPolicyRuleCollectionGroupName string + +@sys.description('Firewall policy rule collection group name (optional)') +param firewallPolicyOptionalRuleCollectionGroupName string + +@sys.description('Firewall policy network rule collection name') +param firewallPolicyNetworkRuleCollectionName string + +@sys.description('Firewall policy network rule collection name (optional)') +param firewallPolicyOptionalNetworkRuleCollectionName string + +@sys.description('Firewall policy application rule collection name (optional)') +param firewallPolicyOptionalApplicationRuleCollectionName string + +@sys.description('Firewall subnet adderss prefix') +param firewallSubnetAddressPrefix string + @sys.description('Optional. AVD Accelerator will deploy with private endpoints by default.') param deployPrivateEndpointSubnet bool @@ -117,6 +144,10 @@ var varExistingAvdVnetResourceId = !createVnet ? '/subscriptions/${varExistingAv //var varExistingPeVnetSubRgName = split(existingPeSubnetResourceId, '/')[4] //var varExistingAPeVnetName = split(existingPeSubnetResourceId, '/')[8] //var varExistingPeVnetResourceId = '/subscriptions/${varExistingPeVnetSubId}/resourceGroups/${varExistingPeVnetSubRgName}/providers/Microsoft.Network/virtualNetworks/${varExistingAPeVnetName}' +var varExistingHubSubId = split(existingHubVnetResourceId, '/')[2] +var varExistingHubSubRgName = split(existingHubVnetResourceId, '/')[4] +var varExistingHubVnetName = split(existingHubVnetResourceId, '/')[8] + // =========== // // Deployments // // =========== // @@ -408,6 +439,479 @@ module privateDnsZoneKeyVaultGov '.bicep/privateDnsZones.bicep' = if (createPriv tags: tags } } + +// Firewall policy +module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployAvdFirewall) { + scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + name: 'Fw-Policy-${time}' + params: { + name: firewallPolicyName + enableProxy: true + } +} + +// Firewall policy rule collection group +module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) { + scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + name: 'Fw-Policy-Rcg-${time}' + params: { + name: firewallPolicyRuleCollectionGroupName + firewallPolicyName: firewallPolicyName + priority: 100 + ruleCollections: [ + { + name: firewallPolicyNetworkRuleCollectionName + priority: 100 + ruleCollectionType: 'FirewallPolicyFilterRuleCollection' + action: { + type: 'Allow' + } + rules: [ + { + ruleType: 'NetworkRule' + name: 'Auth to Msft Online Services' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'login.microsoftonline.com' + ] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'Service Traffic' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + 'WindowsVirtualDesktop' + 'AzureFrontDoor.Frontend' + 'AzureMonitor' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'DNS Traffic' + ipProtocols: [ + 'TCP' + 'UDP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + '*' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '53' + ] + } + { + ruleType: 'NetworkRule' + name: 'Azure Windows Activation' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + '20.118.99.224' + '40.83.235.53' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '1688' + ] + } + { + ruleType: 'NetworkRule' + name: 'Windows Activation' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + '23.102.135.246' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '1688' + ] + } + { + ruleType: 'NetworkRule' + name: 'Agent and SxS Stack Updates' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'mrsglobalsteus2prod.blob.core.windows.net' + ] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'Azure Portal Support' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'wvdportalstorageblob.blob.core.windows.net' + ] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'Cert CRL OneOCSP' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'oneocsp.microsoft.com' + ] + destinationPorts: [ + '80' + ] + } + { + ruleType: 'NetworkRule' + name: 'Cert CRL MicrosoftDotCom' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'www.microsoft.com' + ] + destinationPorts: [ + '80' + ] + } + ] + } + ] + } + dependsOn: [ + firewallPolicy + ] +} + +// Firewall policy optional rule collection group +module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) { + scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + name: 'Fw-Policy-Rcg-Optional-${time}' + params: { + name: firewallPolicyOptionalRuleCollectionGroupName + firewallPolicyName: firewallPolicyName + priority: 200 + ruleCollections: [ + { + name: firewallPolicyOptionalNetworkRuleCollectionName + priority: 100 + ruleCollectionType: 'FirewallPolicyFilterRuleCollection' + action: { + type: 'Allow' + } + rules: [ + { + ruleType: 'NetworkRule' + name: 'NTP' + ipProtocols: [ + 'UDP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'time.windows.com' + ] + destinationPorts: [ + '123' + ] + } + { + ruleType: 'NetworkRule' + name: 'SigninToMSOL365' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'login.windows.net' + ] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'DetectOSconnectedToInternet' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'www.msftconnecttest.com' + ] + destinationPorts: [ + '443' + ] + } + ] + } + { + name: firewallPolicyOptionalApplicationRuleCollectionName + priority: 200 + ruleCollectionType: 'FirewallPolicyFilterRuleCollection' + action: { + type: 'Allow' + } + rules: [ + { + ruleType: 'ApplicationRule' + name: 'UpdatesforOneDrive' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [ + 'WindowsUpdate' + 'WindowsDiagnostic' + 'MicrosoftActiveProtectionService' + ] + webCategories: [] + targetFqdns: [] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + { + ruleType: 'ApplicationRule' + name: 'TelemetryService' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + '*.events.data.microsoft.com' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + { + ruleType: 'ApplicationRule' + name: 'Windows Update' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + '*.sfx.ms' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + { + ruleType: 'ApplicationRule' + name: 'DigitcertCRL' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + '*.digicert.com' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + { + ruleType: 'ApplicationRule' + name: 'AzureDNSResolution' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + '*.azure-dns.com' + '*.azure-dns.net' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + ] + } + ] + } + dependsOn: [ + firewallPolicyRuleCollectionGroup + ] +} + +// Azure Firewall subnet +module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployAvdFirewall) { + scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + name: 'Fw-Subnet-${time}' + params: { + addressPrefix: firewallSubnetAddressPrefix + name: 'AzureFirewallSubnet' + virtualNetworkName: varExistingHubVnetName + } +} + +// Azure Firewall +module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployAvdFirewall) { + scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + name: 'Fw-${time}' + params: { + name: firewallName + vNetId: existingHubVnetResourceId + firewallPolicyId: firewallPolicy.outputs.resourceId + } + dependsOn: [ + firewallPolicyOptionalRuleCollectionGroup + hubVirtualNetworkAzureFirewallSubnet + ] +} + +// AVD route table for Firewall +module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployAvdFirewall) { + scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') + name: 'Route-Table-AVD-Fw-${time}' + params: { + name: avdRouteTableName + location: sessionHostLocation + tags: tags + routes: varCreateAvdStaicRoute ? [ + { + name: 'default' + properties: { + addressPrefix: '0.0.0.0/0' + nextHopIpAddress: azureFirewall.outputs.privateIp + nextHopType: 'VirtualAppliance' + } + } + ] : [] + } + dependsOn: [ + azureFirewall + ] +} + // =========== // // Outputs // // =========== // diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index efc6490bf..2ca4baff0 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1425,6 +1425,44 @@ "toolTip": "This information will be used to set remote gateway settings on vNet peering." } ] + }, + { + "name": "hubVirtualNetworkFirewall", + "type": "Microsoft.Common.Section", + "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", + "label": "Firewall options for AVD deployments", + "elements": [ + { + "name": "deployAvdFirewall", + "type": "Microsoft.Common.CheckBox", + "label": "Deploy Azure Firewall in Hub vNet", + "defaultValue": false, + "toolTip": "Create Azure Firewall and Azure Firewall Policy." + }, + { + "name": "firewallSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", + "label": "AzureFirewallSubnet address prefix", + "toolTip": "AzureFirewallSubnet CIDR", + "placeholder": "Example: 10.0.2.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." + } + }, + { + "name": "firewallInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", + "options": { + "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub. Additionally, UDR will be added to AVD subnet to route all traffic through the Azure Firewall for protection of AVD deployments.", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" + } + } + ] } ] }, @@ -2310,6 +2348,8 @@ "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", + "deployAvdFirewall": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').hubVirtualNetworkFirewall.deployAvdFirewall, true), steps('network').hubVirtualNetworkFirewall.firewallSubnetSize, '10.0.2.0/24')]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From dbfe56ebff6b80401083d893deffcf4cc63c6359 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 4 Oct 2023 22:10:09 +0900 Subject: [PATCH 002/117] Add network rule to whitelist GitHub --- workload/arm/deploy-baseline.json | 24 +++++++++++++++++-- .../bicep/modules/networking/deploy.bicep | 20 ++++++++++++++++ 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index b0deb342f..d252b9456 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "2710012389240087448" + "templateHash": "15466667802386589012" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8399,7 +8399,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "744206307789280632" + "templateHash": "11738074428347052620" } }, "parameters": { @@ -13757,6 +13757,26 @@ "destinationPorts": [ "443" ] + }, + { + "ruleType": "NetworkRule", + "name": "GitHub", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "github.com", + "raw.githubusercontent.com" + ], + "destinationPorts": [ + "443" + ] } ] }, diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index d67cf581a..20ed64333 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -725,6 +725,26 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros '443' ] } + { + ruleType: 'NetworkRule' + name: 'GitHub' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'github.com' + 'raw.githubusercontent.com' + ] + destinationPorts: [ + '443' + ] + } ] } { From 07da88f99173cc1194149286f05c4bf3ddb2eb3f Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 4 Oct 2023 23:51:55 +0900 Subject: [PATCH 003/117] update --- workload/arm/deploy-baseline.json | 374 +----------------- .../bicep/modules/networking/deploy.bicep | 44 --- workload/portal-ui/portal-ui-baseline.json | 2 +- 3 files changed, 3 insertions(+), 417 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index d252b9456..0c4b9de6a 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "15466667802386589012" + "templateHash": "13391568498190449035" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8399,7 +8399,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "11738074428347052620" + "templateHash": "12598513227027439427" } }, "parameters": { @@ -13757,26 +13757,6 @@ "destinationPorts": [ "443" ] - }, - { - "ruleType": "NetworkRule", - "name": "GitHub", - "ipProtocols": [ - "TCP" - ], - "sourceAddresses": [ - "[parameters('vnetAvdSubnetAddressPrefix')]" - ], - "sourceIpGroups": [], - "destinationAddresses": [], - "destinationIpGroups": [], - "destinationFqdns": [ - "github.com", - "raw.githubusercontent.com" - ], - "destinationPorts": [ - "443" - ] } ] }, @@ -15592,356 +15572,6 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" ] - }, - { - "condition": "[and(parameters('createVnet'), parameters('deployAvdFirewall'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Route-Table-AVD-Fw-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('avdRouteTableName')]" - }, - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'default', 'properties', createObject('addressPrefix', '0.0.0.0/0', 'nextHopIpAddress', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time'))), '2022-09-01').outputs.privateIp.value, 'nextHopType', 'VirtualAppliance')))), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18134341385828267149" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name given for the hub route table." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "routes": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of Routes to be established within the hub route table." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to disable BGP route propagation." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "routes": "[parameters('routes')]", - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - ] - }, - { - "copy": { - "name": "routeTable_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-RouteTable-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15918129007023123856" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/routeTables/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/routeTables', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the route table was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the route table." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the route table." - }, - "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2022-07-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time')))]" - ] } ], "outputs": { diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 20ed64333..50650765a 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -725,26 +725,6 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros '443' ] } - { - ruleType: 'NetworkRule' - name: 'GitHub' - ipProtocols: [ - 'TCP' - ] - sourceAddresses: [ - vnetAvdSubnetAddressPrefix - ] - sourceIpGroups: [] - destinationAddresses: [] - destinationIpGroups: [] - destinationFqdns: [ - 'github.com' - 'raw.githubusercontent.com' - ] - destinationPorts: [ - '443' - ] - } ] } { @@ -908,30 +888,6 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d ] } -// AVD route table for Firewall -module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployAvdFirewall) { - scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') - name: 'Route-Table-AVD-Fw-${time}' - params: { - name: avdRouteTableName - location: sessionHostLocation - tags: tags - routes: varCreateAvdStaicRoute ? [ - { - name: 'default' - properties: { - addressPrefix: '0.0.0.0/0' - nextHopIpAddress: azureFirewall.outputs.privateIp - nextHopType: 'VirtualAppliance' - } - } - ] : [] - } - dependsOn: [ - azureFirewall - ] -} - // =========== // // Outputs // // =========== // diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 2ca4baff0..41c21d153 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1457,7 +1457,7 @@ "type": "Microsoft.Common.InfoBox", "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", "options": { - "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub. Additionally, UDR will be added to AVD subnet to route all traffic through the Azure Firewall for protection of AVD deployments.", + "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub for protection of AVD deployments.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", "style": "info" } From 1175f19ec37b97bd8246362b7b0c5f172c9c1004 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Tue, 10 Oct 2023 21:02:57 +0900 Subject: [PATCH 004/117] Rebuild arm template file --- workload/arm/deploy-baseline.json | 3254 +---------------------------- 1 file changed, 93 insertions(+), 3161 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index c8aa112df..639e59f1a 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1320913085188889159" + "version": "0.21.1.54444", + "templateHash": "4609023406700195911" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -3388,8 +3388,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3035548163754880904" + "version": "0.21.1.54444", + "templateHash": "6844551742069634141" } }, "parameters": { @@ -5958,317 +5958,6 @@ "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', format('Monitoing-RG-{0}', parameters('time')))]" ] }, - { - "condition": "[parameters('deployAlaWorkspace')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('LA-Workspace-Wait-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('monitoringRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('LA-Workspace-Wait-{0}', parameters('time'))]" - }, - "location": { - "value": "[parameters('managementPlaneLocation')]" - }, - "azPowerShellVersion": { - "value": "8.3.0" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 120\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('monitoringRgName'))), 'Microsoft.Resources/deployments', format('LA-Workspace-{0}', parameters('time')))]" - ] - }, { "condition": "[parameters('deployCustomPolicyMonitoring')]", "type": "Microsoft.Resources/deployments", @@ -8393,8 +8082,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3756011210515160191" + "version": "0.21.1.54444", + "templateHash": "13694978219349307980" } }, "parameters": { @@ -18165,8 +17854,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16001375654748927393" + "version": "0.21.1.54444", + "templateHash": "4075702247539576269" } }, "parameters": { @@ -18614,26 +18303,27 @@ } }, { - "condition": "[or(parameters('createStorageDeployment'), parameters('createSessionHosts'))]", + "copy": { + "name": "startVMonConnectRoleAssignCompute", + "count": "[length(variables('computeAndServiceObjectsRgs'))]" + }, + "condition": "[and(parameters('enableStartVmOnConnect'), not(parameters('deployScalingPlan')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('MI-CleanUp-{0}', parameters('time'))]", + "name": "[format('StartOnCon-RolAssign-{0}-{1}', variables('computeAndServiceObjectsRgs')[copyIndex()].name, parameters('time'))]", "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "resourceGroup": "[format('{0}', variables('computeAndServiceObjectsRgs')[copyIndex()].rgName)]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[parameters('cleanUpManagedIdentityName')]" - }, - "location": { - "value": "[parameters('location')]" + "roleDefinitionIdOrName": { + "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varDesktopVirtualizationPowerOnContributorRole').id)]" }, - "tags": { - "value": "[parameters('tags')]" + "principalId": { + "value": "[parameters('avdEnterpriseObjectId')]" } }, "template": { @@ -18642,698 +18332,69 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { - "name": { + "roleDefinitionIdOrName": { "type": "string", - "defaultValue": "[guid(resourceGroup().id)]", "metadata": { - "description": "Optional. Name of the User Assigned Identity." + "description": "Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } }, - "location": { + "principalId": { "type": "string", - "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Optional. Location for all resources." + "description": "Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity)." } }, - "lock": { + "resourceGroupName": { "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], + "defaultValue": "[resourceGroup().name]", "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + "description": "Optional. Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment." } }, - "tags": { - "type": "object", - "defaultValue": {}, + "subscriptionId": { + "type": "string", + "defaultValue": "[subscription().subscriptionId]", "metadata": { - "description": "Optional. Tags of the resource." + "description": "Optional. Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment." } }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, + "description": { + "type": "string", + "defaultValue": "", "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } + "description": "Optional. The description of the role assignment." } }, - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - ] - }, - { - "copy": { - "name": "userMsi_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-UserMSI-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Managed Identity Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59')]", - "Managed Identity Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.ManagedIdentity/userAssignedIdentities/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - ] - } - ], - "outputs": { - "name": { + "delegatedManagedIdentityResourceId": { "type": "string", + "defaultValue": "", "metadata": { - "description": "The name of the user assigned identity." - }, - "value": "[parameters('name')]" + "description": "Optional. ID of the delegated managed identity resource." + } }, - "resourceId": { + "condition": { "type": "string", + "defaultValue": "", "metadata": { - "description": "The resource ID of the user assigned identity." - }, - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to." + } }, - "principalId": { + "conditionVersion": { "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], "metadata": { - "description": "The principal ID of the user assigned identity." - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" + "description": "Optional. Version of the condition. Currently accepted value is \"2.0\"." + } }, - "clientId": { - "type": "string", - "metadata": { - "description": "The resource ID of the user assigned identity" - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the user assigned identity was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30', 'full').location]" - } - } - } - } - }, - { - "condition": "[parameters('createStorageDeployment')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Managed-Identity-Wait-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('storageObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('Managed-Identity-Wait-{0}', parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "9.7" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 60\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('MI-CleanUp-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('MI-Storage-{0}', parameters('time')))]" - ] - }, - { - "copy": { - "name": "startVMonConnectRoleAssignCompute", - "count": "[length(variables('computeAndServiceObjectsRgs'))]" - }, - "condition": "[and(parameters('enableStartVmOnConnect'), not(parameters('deployScalingPlan')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('StartOnCon-RolAssign-{0}-{1}', variables('computeAndServiceObjectsRgs')[copyIndex()].name, parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', variables('computeAndServiceObjectsRgs')[copyIndex()].rgName)]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "roleDefinitionIdOrName": { - "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varDesktopVirtualizationPowerOnContributorRole').id)]" - }, - "principalId": { - "value": "[parameters('avdEnterpriseObjectId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" - } - }, - "parameters": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity)." - } - }, - "resourceGroupName": { - "type": "string", - "defaultValue": "[resourceGroup().name]", - "metadata": { - "description": "Optional. Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment." - } - }, - "subscriptionId": { - "type": "string", - "defaultValue": "[subscription().subscriptionId]", - "metadata": { - "description": "Optional. Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. ID of the delegated managed identity resource." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition. Currently accepted value is \"2.0\"." - } - }, - "principalType": { + "principalType": { "type": "string", "defaultValue": "", "allowedValues": [ @@ -22721,584 +21782,6 @@ } } } - }, - { - "condition": "[or(parameters('createStorageDeployment'), parameters('createSessionHosts'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Storage-ReaderRoleAssign-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('computeObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "roleDefinitionIdOrName": { - "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varContributorRole').id)]" - }, - "principalId": "[if(or(parameters('createStorageDeployment'), parameters('createSessionHosts')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('MI-CleanUp-{0}', parameters('time'))), '2022-09-01').outputs.principalId.value), createObject('value', ''))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" - } - }, - "parameters": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity)." - } - }, - "resourceGroupName": { - "type": "string", - "defaultValue": "[resourceGroup().name]", - "metadata": { - "description": "Optional. Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment." - } - }, - "subscriptionId": { - "type": "string", - "defaultValue": "[subscription().subscriptionId]", - "metadata": { - "description": "Optional. Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. ID of the delegated managed identity resource." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition. Currently accepted value is \"2.0\"." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "builtInRoleNames": { - "Access Review Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/76cc9ee4-d5d3-4a45-a930-26add3d73475", - "AcrDelete": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "AcrImageSigner": "/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f", - "AcrPull": "/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", - "AcrPush": "/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec", - "AcrQuarantineReader": "/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04", - "AcrQuarantineWriter": "/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", - "AgFood Platform Sensor Partner Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67", - "AgFood Platform Service Admin": "/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3", - "AgFood Platform Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728", - "AgFood Platform Service Reader": "/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba", - "AnyBuild Builder": "/providers/Microsoft.Authorization/roleDefinitions/a2138dac-4907-4679-a376-736901ed8ad8", - "API Management Developer Portal Content Editor": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729", - "API Management Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c", - "API Management Service Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61", - "API Management Service Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d", - "App Configuration Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b", - "App Configuration Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", - "Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ca6382a4-1721-4bcf-a114-ff0c70227b6b", - "Application Insights Component Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e", - "Application Insights Snapshot Debugger": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b", - "Attestation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e", - "Attestation Reader": "/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3", - "Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867", - "Automation Job Operator": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f", - "Automation Operator": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404", - "Automation Runbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", - "Autonomous Development Platform Data Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b8b15564-4fa6-4a59-ab12-03e1d9594795", - "Autonomous Development Platform Data Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/27f8b550-c507-4db9-86f2-f4b8e816d59d", - "Autonomous Development Platform Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/d63b75f7-47ea-4f27-92ac-e0d173aaf093", - "Avere Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a", - "Avere Operator": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9", - "Azure Arc Enabled Kubernetes Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/00493d72-78f6-4148-b6c5-d3ce8e4799dd", - "Azure Arc Kubernetes Admin": "/providers/Microsoft.Authorization/roleDefinitions/dffb1e0c-446f-4dde-a09f-99eb5cc68b96", - "Azure Arc Kubernetes Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/8393591c-06b9-48a2-a542-1bd6b377f6a2", - "Azure Arc Kubernetes Viewer": "/providers/Microsoft.Authorization/roleDefinitions/63f0a09d-1495-4db4-a681-037d84835eb4", - "Azure Arc Kubernetes Writer": "/providers/Microsoft.Authorization/roleDefinitions/5b999177-9696-4545-85c7-50de3797e5a1", - "Azure Arc ScVmm Administrator role": "/providers/Microsoft.Authorization/roleDefinitions/a92dfd61-77f9-4aec-a531-19858b406c87", - "Azure Arc ScVmm Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/c0781e91-8102-4553-8951-97c6d4243cda", - "Azure Arc ScVmm Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9", - "Azure Arc ScVmm VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e582369a-e17b-42a5-b10c-874c387c530b", - "Azure Arc VMware Administrator role ": "/providers/Microsoft.Authorization/roleDefinitions/ddc140ed-e463-4246-9145-7c664192013f", - "Azure Arc VMware Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/ce551c02-7c42-47e0-9deb-e3b6fc3a9a83", - "Azure Arc VMware Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/67d33e57-3129-45e6-bb0b-7cc522f762fa", - "Azure Arc VMware VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b748a06d-6150-4f8a-aaa9-ce3940cd96cb", - "Azure Center for SAP solutions administrator": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7", - "Azure Center for SAP solutions Management role": "/providers/Microsoft.Authorization/roleDefinitions/6d949e1d-41e2-46e3-8920-c6e4f31a8310", - "Azure Center for SAP solutions reader": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b", - "Azure Center for SAP solutions service role": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138", - "Azure Center for SAP solutions Service role for management": "/providers/Microsoft.Authorization/roleDefinitions/0105a6b0-4bb9-43d2-982a-12806f9faddb", - "Azure Connected Machine Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7", - "Azure Connected Machine Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302", - "Azure Connected Machine Resource Manager": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c", - "Azure Connected SQL Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508", - "Azure Digital Twins Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe", - "Azure Digital Twins Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3", - "Azure Event Hubs Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec", - "Azure Event Hubs Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde", - "Azure Event Hubs Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975", - "Azure Extension for SQL Server Deployment": "/providers/Microsoft.Authorization/roleDefinitions/7392c568-9289-4bde-aaaa-b7131215889d", - "Azure Front Door Domain Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0ab34830-df19-4f8c-b84e-aa85b8afa6e8", - "Azure Front Door Domain Reader": "/providers/Microsoft.Authorization/roleDefinitions/0f99d363-226e-4dca-9920-b807cf8e1a5f", - "Azure Front Door Secret Contributor": "/providers/Microsoft.Authorization/roleDefinitions/3f2eb865-5811-4578-b90a-6fc6fa0df8e5", - "Azure Front Door Secret Reader": "/providers/Microsoft.Authorization/roleDefinitions/0db238c4-885e-4c4f-a933-aa2cef684fca", - "Azure Kubernetes Fleet Manager Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/63bb64ad-9799-4770-b5c3-24ed299a07bf", - "Azure Kubernetes Fleet Manager RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba", - "Azure Kubernetes Fleet Manager RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69", - "Azure Kubernetes Fleet Manager RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/30b27cfc-9c84-438e-b0ce-70e35255df80", - "Azure Kubernetes Fleet Manager RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/5af6afb3-c06c-4fa4-8848-71a8aee05683", - "Azure Kubernetes Service Cluster Admin Role": "/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", - "Azure Kubernetes Service Cluster Monitoring User": "/providers/Microsoft.Authorization/roleDefinitions/1afdec4b-e479-420e-99e7-f82237c7c5e6", - "Azure Kubernetes Service Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f", - "Azure Kubernetes Service Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", - "Azure Kubernetes Service Policy Add-on Deployment": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064", - "Azure Kubernetes Service RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7", - "Azure Kubernetes Service RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b", - "Azure Kubernetes Service RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db", - "Azure Kubernetes Service RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb", - "Azure Maps Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb", - "Azure Maps Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204", - "Azure Maps Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", - "Azure Maps Search and Render Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/6be48352-4f82-47c9-ad5e-0acacefdb005", - "Azure Relay Listener": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d", - "Azure Relay Owner": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38", - "Azure Relay Sender": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d", - "Azure Service Bus Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419", - "Azure Service Bus Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0", - "Azure Service Bus Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39", - "Azure Spring Apps Connect Role": "/providers/Microsoft.Authorization/roleDefinitions/80558df3-64f9-4c0f-b32d-e5094b036b0b", - "Azure Spring Apps Remote Debugging Role": "/providers/Microsoft.Authorization/roleDefinitions/a99b0159-1064-4c22-a57b-c9b3caa1c054", - "Azure Spring Cloud Config Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b", - "Azure Spring Cloud Config Server Reader": "/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7", - "Azure Spring Cloud Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c", - "Azure Spring Cloud Service Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1", - "Azure Spring Cloud Service Registry Reader": "/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65", - "Azure Stack HCI registration role": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06", - "Azure Stack Registration Owner": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a", - "Azure Traffic Controller Configuration Manager": "/providers/Microsoft.Authorization/roleDefinitions/fbc52c3f-28ad-4303-a892-8a056630b8f1", - "Azure Usage Billing Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/f0310ce6-e953-4cf8-b892-fb1c87eaf7f6", - "Azure VM Managed identities restore Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6ae96244-5829-4925-a7d3-5975537d91dd", - "AzureML Compute Operator": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815", - "AzureML Data Scientist": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121", - "AzureML Metrics Writer (preview)": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae", - "AzureML Registry User": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615", - "Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b", - "Backup Operator": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324", - "Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912", - "Bayer Ag Powered Services CWUM Solution User Role": "/providers/Microsoft.Authorization/roleDefinitions/a9b99099-ead7-47db-8fcf-072597a61dfa", - "Bayer Ag Powered Services GDU Solution": "/providers/Microsoft.Authorization/roleDefinitions/c4bc862a-3b64-4a35-a021-a380c159b042", - "Bayer Ag Powered Services Imagery Solution": "/providers/Microsoft.Authorization/roleDefinitions/ef29765d-0d37-4119-a4f8-f9f9902c9588", - "Billing Reader": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", - "BizTalk Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342", - "Blockchain Member Node Access (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24", - "Blueprint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4", - "Blueprint Operator": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090", - "CDN Endpoint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45", - "CDN Endpoint Reader": "/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd", - "CDN Profile Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432", - "CDN Profile Reader": "/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af", - "Chamber Admin": "/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a", - "Chamber User": "/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32", - "Classic Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f", - "Classic Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25", - "Classic Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d", - "Classic Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb", - "ClearDB MySQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9106cda0-8a86-4e81-b686-29a22c54effe", - "Code Signing Certificate Profile Signer": "/providers/Microsoft.Authorization/roleDefinitions/2837e146-70d7-4cfd-ad55-7efa6464f958", - "Code Signing Identity Verifier": "/providers/Microsoft.Authorization/roleDefinitions/4339b7cf-9826-4e41-b4ed-c7f4505dac08", - "Cognitive Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68", - "Cognitive Services Custom Vision Contributor": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3", - "Cognitive Services Custom Vision Deployment": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f", - "Cognitive Services Custom Vision Labeler": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c", - "Cognitive Services Custom Vision Reader": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73", - "Cognitive Services Custom Vision Trainer": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b", - "Cognitive Services Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c", - "Cognitive Services Face Recognizer": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7", - "Cognitive Services Immersive Reader User": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d", - "Cognitive Services Language Owner": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498", - "Cognitive Services Language Reader": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e", - "Cognitive Services Language Writer": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8", - "Cognitive Services LUIS Owner": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8", - "Cognitive Services LUIS Reader": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226", - "Cognitive Services LUIS Writer": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27", - "Cognitive Services Metrics Advisor Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a", - "Cognitive Services Metrics Advisor User": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8", - "Cognitive Services OpenAI Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442", - "Cognitive Services OpenAI User": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", - "Cognitive Services QnA Maker Editor": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025", - "Cognitive Services QnA Maker Reader": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126", - "Cognitive Services Speech Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181", - "Cognitive Services Speech User": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447", - "Cognitive Services User": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908", - "Collaborative Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/daa9e50b-21df-454c-94a6-a8050adab352", - "Collaborative Runtime Operator": "/providers/Microsoft.Authorization/roleDefinitions/7a6f0e70-c033-4fb1-828c-08514e5f4102", - "Compute Gallery Sharing Admin": "/providers/Microsoft.Authorization/roleDefinitions/1ef6a3be-d0ac-425d-8c01-acb62866290b", - "ContainerApp Reader": "/providers/Microsoft.Authorization/roleDefinitions/ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b", - "Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", - "Cosmos DB Account Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8", - "Cosmos DB Operator": "/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa", - "CosmosBackupOperator": "/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb", - "CosmosRestoreOperator": "/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f", - "Cost Management Contributor": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430", - "Cost Management Reader": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3", - "Data Box Contributor": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5", - "Data Box Reader": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027", - "Data Factory Contributor": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5", - "Data Labeling - Labeler": "/providers/Microsoft.Authorization/roleDefinitions/c6decf44-fd0a-444c-a844-d653c394e7ab", - "Data Lake Analytics Developer": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88", - "Data Operator for Managed Disks": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e", - "Data Purger": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90", - "Deployment Environments User": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c", - "Desktop Virtualization Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8", - "Desktop Virtualization Application Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55", - "Desktop Virtualization Contributor": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387", - "Desktop Virtualization Host Pool Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc", - "Desktop Virtualization Host Pool Reader": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822", - "Desktop Virtualization Power On Contributor": "/providers/Microsoft.Authorization/roleDefinitions/489581de-a3bd-480d-9518-53dea7416b33", - "Desktop Virtualization Power On Off Contributor": "/providers/Microsoft.Authorization/roleDefinitions/40c5ff49-9181-41f8-ae61-143b0e78555e", - "Desktop Virtualization Reader": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868", - "Desktop Virtualization Session Host Operator": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408", - "Desktop Virtualization User": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", - "Desktop Virtualization User Session Operator": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6", - "Desktop Virtualization Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a959dbd1-f747-45e3-8ba6-dd80f235f97c", - "Desktop Virtualization Workspace Contributor": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b", - "Desktop Virtualization Workspace Reader": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d", - "DevCenter Dev Box User": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05", - "DevCenter Project Admin": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0", - "Device Provisioning Service Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633", - "Device Provisioning Service Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8", - "Device Update Administrator": "/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a", - "Device Update Content Administrator": "/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98", - "Device Update Content Reader": "/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b", - "Device Update Deployments Administrator": "/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432", - "Device Update Deployments Reader": "/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f", - "Device Update Reader": "/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f", - "DevTest Labs User": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64", - "DICOM Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8", - "DICOM Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a", - "Disk Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24", - "Disk Pool Operator": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840", - "Disk Restore Operator": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13", - "Disk Snapshot Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce", - "DNS Resolver Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d", - "DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314", - "DocumentDB Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450", - "Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2", - "Domain Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb", - "Elastic SAN Owner": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406", - "Elastic SAN Reader": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca", - "Elastic SAN Volume Group Owner": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23", - "EventGrid Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de", - "EventGrid Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7", - "EventGrid EventSubscription Contributor": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443", - "EventGrid EventSubscription Reader": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405", - "Experimentation Administrator": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a33b-edd6ce5c915c", - "Experimentation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a22b-edd6ce5c915c", - "Experimentation Metric Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6188b7c9-7d01-4f99-a59f-c88b630326c0", - "Experimentation Reader": "/providers/Microsoft.Authorization/roleDefinitions/49632ef5-d9ac-41f4-b8e7-bbe587fa74a1", - "FHIR Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd", - "FHIR Data Converter": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", - "FHIR Data Exporter": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843", - "FHIR Data Importer": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b", - "FHIR Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508", - "FHIR Data Writer": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913", - "FHIR SMART User": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0", - "Grafana Admin": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41", - "Grafana Editor": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f", - "Grafana Viewer": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769", - "Graph Owner": "/providers/Microsoft.Authorization/roleDefinitions/b60367af-1334-4454-b71e-769d9a4f83d9", - "Guest Configuration Resource Contributor": "/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31", - "HDInsight Cluster Operator": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a", - "HDInsight Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c", - "Hierarchy Settings Administrator": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d", - "Hybrid Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb", - "Hybrid Server Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624", - "Impact Reader": "/providers/Microsoft.Authorization/roleDefinitions/68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e", - "Impact Reporter": "/providers/Microsoft.Authorization/roleDefinitions/36e80216-a7e8-4f42-a7e1-f12c98cbaf8a", - "Integration Service Environment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8", - "Integration Service Environment Developer": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec", - "Intelligent Systems Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e", - "IoT Hub Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f", - "IoT Hub Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3", - "IoT Hub Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47", - "IoT Hub Twin Contributor": "/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c", - "Key Vault Administrator": "/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483", - "Key Vault Certificates Officer": "/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985", - "Key Vault Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395", - "Key Vault Crypto Officer": "/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603", - "Key Vault Crypto Service Encryption User": "/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6", - "Key Vault Crypto User": "/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424", - "Key Vault Reader": "/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2", - "Key Vault Secrets Officer": "/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7", - "Key Vault Secrets User": "/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6", - "Knowledge Consumer": "/providers/Microsoft.Authorization/roleDefinitions/ee361c5d-f7b5-4119-b4b6-892157c8f64c", - "Kubernetes Agentless Operator": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6", - "Kubernetes Cluster - Azure Arc Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41", - "Kubernetes Extension Contributor": "/providers/Microsoft.Authorization/roleDefinitions/85cb6faf-e071-4c9b-8136-154b5a04f717", - "Kubernetes Namespace User": "/providers/Microsoft.Authorization/roleDefinitions/ba79058c-0414-4a34-9e42-c3399d80cd5a", - "Lab Assistant": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1", - "Lab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270", - "Lab Creator": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead", - "Lab Operator": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d", - "Lab Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f", - "Lab Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc", - "Load Test Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e", - "Load Test Owner": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6", - "Load Test Reader": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081", - "LocalNGFirewallAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2", - "LocalRulestacksAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/bfc3b73d-c6ff-45eb-9a5f-40298295bf20", - "Log Analytics Contributor": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", - "Log Analytics Reader": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893", - "Logic App Contributor": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e", - "Logic App Operator": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe", - "Managed Application Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e", - "Managed Application Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae", - "Managed Applications Reader": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44", - "Managed HSM contributor": "/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d", - "Managed Identity Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59", - "Managed Identity Operator": "/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830", - "Managed Services Registration assignment Delete Role": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46", - "Management Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c", - "Management Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d", - "Media Services Account Administrator": "/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466", - "Media Services Live Events Administrator": "/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77", - "Media Services Media Operator": "/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c", - "Media Services Policy Administrator": "/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae", - "Media Services Streaming Endpoints Administrator": "/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804", - "Microsoft Sentinel Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a", - "Microsoft Sentinel Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade", - "Microsoft Sentinel Playbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/51d6186e-6489-4900-b93f-92e23144cca5", - "Microsoft Sentinel Reader": "/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb", - "Microsoft Sentinel Responder": "/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056", - "Microsoft.Kubernetes connected cluster role": "/providers/Microsoft.Authorization/roleDefinitions/5548b2cf-c94c-4228-90ba-30851930a12f", - "Monitoring Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", - "Monitoring Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b0d8363b-8ddd-447d-831f-62ca05bff136", - "Monitoring Metrics Publisher": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb", - "Monitoring Reader": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05", - "MySQL Backup And Export Operator": "/providers/Microsoft.Authorization/roleDefinitions/d18ad5f3-1baf-4119-b49b-d944edb1f9d0", - "Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", - "New Relic APM Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237", - "Object Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/ca0835dd-bacc-42dd-8ed2-ed5e7230d15b", - "Object Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/4a167cdf-cb95-4554-9203-2347fe489bd9", - "Object Understanding Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/4dd61c23-6743-42fe-a388-d8bdd41cb745", - "Object Understanding Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/d18777c0-1514-4662-8490-608db7d334b6", - "Owner": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", - "PlayFab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c8b84dc-067c-4039-9615-fa1a4b77c726", - "PlayFab Reader": "/providers/Microsoft.Authorization/roleDefinitions/a9a19cc5-31f4-447c-901f-56c0bb18fcaf", - "Policy Insights Data Writer (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84", - "Private DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f", - "Project Babylon Data Curator": "/providers/Microsoft.Authorization/roleDefinitions/9ef4ef9c-a049-46b0-82ab-dd8ac094c889", - "Project Babylon Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/c8d896ba-346d-4f50-bc1d-7d1c84130446", - "Project Babylon Data Source Administrator": "/providers/Microsoft.Authorization/roleDefinitions/05b7651b-dc44-475e-b74d-df3db49fae0f", - "Purview role 1 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347", - "Purview role 2 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803", - "Purview role 3 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db", - "Quota Request Operator": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125", - "Reader": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", - "Reader and Data Access": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349", - "Redis Cache Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17", - "Remote Rendering Administrator": "/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e", - "Remote Rendering Client": "/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a", - "Reservation Purchaser": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689", - "Resource Policy Contributor": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608", - "Role Based Access Control Administrator (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", - "Scheduled Patching Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6", - "Scheduler Job Collections Contributor": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94", - "Schema Registry Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25", - "Schema Registry Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2", - "Search Index Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7", - "Search Index Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f", - "Search Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0", - "Security Admin": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd", - "Security Assessment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5", - "Security Detonation Chamber Publisher": "/providers/Microsoft.Authorization/roleDefinitions/352470b3-6a9c-4686-b503-35deb827e500", - "Security Detonation Chamber Reader": "/providers/Microsoft.Authorization/roleDefinitions/28241645-39f8-410b-ad48-87863e2951d5", - "Security Detonation Chamber Submission Manager": "/providers/Microsoft.Authorization/roleDefinitions/a37b566d-3efa-4beb-a2f2-698963fa42ce", - "Security Detonation Chamber Submitter": "/providers/Microsoft.Authorization/roleDefinitions/0b555d9b-b4a7-4f43-b330-627f0e5be8f0", - "Security Manager (Legacy)": "/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10", - "Security Reader": "/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4", - "Services Hub Operator": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b", - "SignalR AccessKey Reader": "/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e", - "SignalR App Server": "/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7", - "SignalR REST API Owner": "/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521", - "SignalR REST API Reader": "/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035", - "SignalR Service Owner": "/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3", - "SignalR/Web PubSub Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761", - "Site Recovery Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567", - "Site Recovery Operator": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca", - "Site Recovery Reader": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149", - "Spatial Anchors Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827", - "Spatial Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c", - "Spatial Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413", - "SQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec", - "SQL Managed Instance Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d", - "SQL Security Manager": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3", - "SQL Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437", - "SqlDb Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/189207d4-bb67-4208-a635-b06afe8b2c57", - "SqlMI Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/1d335eef-eee1-47fe-a9e0-53214eba8872", - "SqlVM Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/ae8036db-e102-405b-a1b9-bae082ea436d", - "Storage Account Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1", - "Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab", - "Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12", - "Storage Blob Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe", - "Storage Blob Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b", - "Storage Blob Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", - "Storage Blob Delegator": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a", - "Storage File Data SMB Share Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", - "Storage File Data SMB Share Elevated Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7", - "Storage File Data SMB Share Reader": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314", - "Storage Queue Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88", - "Storage Queue Data Message Processor": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed", - "Storage Queue Data Message Sender": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a", - "Storage Queue Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925", - "Storage Table Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3", - "Storage Table Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6", - "Stream Analytics Query Tester": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf", - "Support Request Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e", - "Tag Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f", - "Template Spec Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b", - "Template Spec Reader": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e", - "Test Base Reader": "/providers/Microsoft.Authorization/roleDefinitions/15e0f5a1-3450-4248-8e25-e2afe88a9e85", - "Traffic Manager Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7", - "User Access Administrator": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", - "Video Indexer Restricted Viewer": "/providers/Microsoft.Authorization/roleDefinitions/a2c4a527-7dc0-4ee3-897b-403ade70fafb", - "Virtual Machine Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4", - "Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c", - "Virtual Machine Local User Login": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525", - "Virtual Machine User Login": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52", - "VM Scanner Operator": "/providers/Microsoft.Authorization/roleDefinitions/d24ecba3-c1f4-40fa-a7bb-4588a071e8fd", - "Web Plan Contributor": "/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b", - "Web PubSub Service Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/12cf5a90-567b-43ae-8102-96cf46c7d9b4", - "Web PubSub Service Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf", - "Website Contributor": "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772", - "Windows Admin Center Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f", - "Workbook Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad", - "Workbook Reader": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d", - "WorkloadBuilder Migration Agent Role": "/providers/Microsoft.Authorization/roleDefinitions/d17ce0a2-0697-43bc-aac5-9113337ab61c" - }, - "roleDefinitionIdVar": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]", - "properties": { - "roleDefinitionId": "[variables('roleDefinitionIdVar')]", - "principalId": "[parameters('principalId')]", - "description": "[if(not(empty(parameters('description'))), parameters('description'), null())]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The GUID of the Role Assignment." - }, - "value": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Role Assignment." - }, - "value": "[resourceId('Microsoft.Authorization/roleAssignments', guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId')))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the role assignment was applied at." - }, - "value": "[resourceGroup().name]" - }, - "scope": { - "type": "string", - "metadata": { - "description": "The scope this Role Assignment applies to." - }, - "value": "[resourceGroup().id]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('MI-CleanUp-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('Managed-Identity-Wait-{0}', parameters('time')))]" - ] } ], "outputs": { @@ -23381,8 +21864,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12497703365980086846" + "version": "0.21.1.54444", + "templateHash": "9091327518732404312" } }, "parameters": { @@ -25893,316 +24376,6 @@ } } }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ZT-Mana-Ident-Wait-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('Managed-Idenity-Wait-{0}', parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "8.3.0" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 60\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('ZT-Managed-ID-{0}', parameters('time')))]" - ] - }, { "condition": "[parameters('diskZeroTrust')]", "type": "Microsoft.Resources/deployments", @@ -32140,8 +30313,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2907237861517290313" + "version": "0.21.1.54444", + "templateHash": "3986508018763278533" } }, "parameters": { @@ -36644,316 +34817,6 @@ } } } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('MGMT-VM-Wait-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('MGMT-VM-Wait-{0}', parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "8.3.0" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 120\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('MGMT-VM-{0}', parameters('time')))]" - ] } ] } @@ -37057,8 +34920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "443290892200518911" + "version": "0.21.1.54444", + "templateHash": "13034429143668788215" } }, "parameters": { @@ -37316,8 +35179,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13503792698356233940" + "version": "0.21.1.54444", + "templateHash": "548323401753873634" } }, "parameters": { @@ -41257,8 +39120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "443290892200518911" + "version": "0.21.1.54444", + "templateHash": "13034429143668788215" } }, "parameters": { @@ -41516,8 +39379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13503792698356233940" + "version": "0.21.1.54444", + "templateHash": "548323401753873634" } }, "parameters": { @@ -45954,8 +43817,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5800190286840239570" + "version": "0.21.1.54444", + "templateHash": "125592546840104256" } }, "parameters": { @@ -50519,371 +48382,61 @@ "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", "properties": { "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the VM." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the VM." - }, - "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the VM was created in." - }, - "value": "[resourceGroup().name]" - }, - "systemAssignedPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity." - }, - "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').location]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('SH-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('computeObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('SH-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "9.7" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 60\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" ] } ], "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the VM." + }, + "value": "[parameters('name')]" + }, "resourceId": { "type": "string", "metadata": { - "description": "The resource ID of the deployment script." + "description": "The resource ID of the VM." }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" }, "resourceGroupName": { "type": "string", "metadata": { - "description": "The resource group the deployment script was deployed into." + "description": "The name of the resource group the VM was created in." }, "value": "[resourceGroup().name]" }, - "name": { + "systemAssignedPrincipalId": { "type": "string", "metadata": { - "description": "The name of the deployment script." + "description": "The principal ID of the system assigned identity." }, - "value": "[parameters('name')]" + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').location]" } } } - }, - "dependsOn": [ - "sessionHosts" - ] + } }, { "copy": { @@ -51104,317 +48657,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('computeObjectsRgName'))), 'Microsoft.Resources/deployments', format('SH-Wait-{0}-{1}', parameters('batchId'), parameters('time')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('SH-Antimal-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('computeObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('SH-Antimal-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "9.7" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 60\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "sessionHostsAntimalwareExtension" + "sessionHosts" ] }, { @@ -51634,318 +48877,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('computeObjectsRgName'))), 'Microsoft.Resources/deployments', format('SH-Antimal-Wait-{0}-{1}', parameters('batchId'), parameters('time')))]" - ] - }, - { - "condition": "[parameters('deployMonitoring')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('SH-Mon-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", - "resourceGroup": "[format('{0}', parameters('computeObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('SH-Mon-Wait-{0}-{1}', parameters('batchId'), parameters('time'))]" - }, - "location": { - "value": "[parameters('location')]" - }, - "azPowerShellVersion": { - "value": "9.7" - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT10M" - }, - "retentionInterval": { - "value": "PT1H" - }, - "scriptContent": { - "value": " Write-Host \"Start\"\r\n Get-Date\r\n Start-Sleep -Seconds 60\r\n Write-Host \"Stop\"\r\n Get-Date\r\n " - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6119857452463366145" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Display name of the script to be run." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The ID(s) to assign to the resource." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "kind": { - "type": "string", - "defaultValue": "AzurePowerShell", - "allowedValues": [ - "AzurePowerShell", - "AzureCLI" - ], - "metadata": { - "description": "Optional. Type of the script. AzurePowerShell, AzureCLI." - } - }, - "azPowerShellVersion": { - "type": "string", - "defaultValue": "3.0", - "metadata": { - "description": "Optional. Azure PowerShell module version to be used." - } - }, - "azCliVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure CLI module version to be used." - } - }, - "scriptContent": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead." - } - }, - "primaryScriptUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead." - } - }, - "environmentVariables": { - "type": "secureObject", - "defaultValue": {}, - "metadata": { - "description": "Optional. The environment variables to pass over to the script. The list is passed as an object with a key name \"secureList\" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object." - } - }, - "supportingScriptUris": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent)." - } - }, - "arguments": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Command-line arguments to pass to the script. Arguments are separated by spaces." - } - }, - "retentionInterval": { - "type": "string", - "defaultValue": "P1D", - "metadata": { - "description": "Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week)." - } - }, - "runOnce": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once." - } - }, - "cleanupPreference": { - "type": "string", - "defaultValue": "Always", - "allowedValues": [ - "Always", - "OnSuccess", - "OnExpiration" - ], - "metadata": { - "description": "Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled)." - } - }, - "containerGroupName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account." - } - }, - "timeout": { - "type": "string", - "defaultValue": "PT1H", - "metadata": { - "description": "Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year." - } - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('yyyy-MM-dd-HH-mm-ss')]", - "metadata": { - "description": "Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "variables": { - "containerSettings": { - "containerGroupName": "[parameters('containerGroupName')]" - }, - "identityType": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]" - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "kind": "[parameters('kind')]", - "properties": { - "azPowerShellVersion": "[if(equals(parameters('kind'), 'AzurePowerShell'), parameters('azPowerShellVersion'), null())]", - "azCliVersion": "[if(equals(parameters('kind'), 'AzureCLI'), parameters('azCliVersion'), null())]", - "containerSettings": "[if(not(empty(parameters('containerGroupName'))), variables('containerSettings'), null())]", - "storageAccountSettings": "[if(not(empty(parameters('storageAccountResourceId'))), if(not(empty(parameters('storageAccountResourceId'))), createObject('storageAccountKey', listKeys(parameters('storageAccountResourceId'), '2019-06-01').keys[0].value, 'storageAccountName', last(split(parameters('storageAccountResourceId'), '/'))), createObject()), null())]", - "arguments": "[parameters('arguments')]", - "environmentVariables": "[if(not(empty(parameters('environmentVariables'))), parameters('environmentVariables').secureList, createArray())]", - "scriptContent": "[if(not(empty(parameters('scriptContent'))), parameters('scriptContent'), null())]", - "primaryScriptUri": "[if(not(empty(parameters('primaryScriptUri'))), parameters('primaryScriptUri'), null())]", - "supportingScriptUris": "[if(not(empty(parameters('supportingScriptUris'))), parameters('supportingScriptUris'), null())]", - "cleanupPreference": "[parameters('cleanupPreference')]", - "forceUpdateTag": "[if(parameters('runOnce'), resourceGroup().name, parameters('baseTime'))]", - "retentionInterval": "[parameters('retentionInterval')]", - "timeout": "[parameters('timeout')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Resources/deploymentScripts/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployment script." - }, - "value": "[resourceId('Microsoft.Resources/deploymentScripts', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the deployment script was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployment script." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01', 'full').location]" - }, - "outputs": { - "type": "object", - "metadata": { - "description": "The output of the deployment script." - }, - "value": "[if(contains(reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01'), 'outputs'), reference(resourceId('Microsoft.Resources/deploymentScripts', parameters('name')), '2020-10-01').outputs, createObject())]" - } - } - } - }, - "dependsOn": [ - "monitoring" + "sessionHostsAntimalwareExtension" ] }, { From 012a405c751b0cf3fbbe5e8045091a9ee30dedef Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 25 Oct 2023 16:41:09 +0900 Subject: [PATCH 005/117] update portal-ui-baseline.json --- workload/portal-ui/portal-ui-baseline.json | 136 +++++++++++++++++++-- 1 file changed, 127 insertions(+), 9 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index e6aaab8ba..7f7f8e907 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1435,24 +1435,83 @@ ] }, { - "name": "hubVirtualNetworkFirewall", + "name": "firewallOptions", "type": "Microsoft.Common.Section", - "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", + "visible": true, "label": "Firewall options for AVD deployments", "elements": [ { "name": "deployAvdFirewall", "type": "Microsoft.Common.CheckBox", - "label": "Deploy Azure Firewall in Hub vNet", + "label": "Deploy Azure Firewall", "defaultValue": false, - "toolTip": "Create Azure Firewall and Azure Firewall Policy." + "toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments." + }, + + { + "name": "avdFirewallSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "avdFirewallSub", + "type": "Microsoft.Common.DropDown", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "label": "Firewall Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "createAvdFirewallVirtualNetwork", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "label": "Firewall Virtual network", + "defaultValue": "New", + "toolTip": "", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "avdFirewallVirtualNetworkSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", + "label": "vNet address range", + "toolTip": "Virtual network CIDR for Azure Firewall", + "placeholder": "Example: 10.0.2.0/23", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } }, { - "name": "firewallSubnetSize", + "name": "avdFirewallVirtualNetworkAvdSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", - "label": "AzureFirewallSubnet address prefix", - "toolTip": "AzureFirewallSubnet CIDR", + "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", + "label": "Azure Firewall subnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { "required": true, @@ -1460,10 +1519,69 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, + { + "name": "existingAvdFirewallVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "options": { + "text": "Existing network must has connectivity to xxxxxxxxxxxxx.", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "existingAvdFirewallVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.avdFirewallSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "existingAvdFirewallbVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "label": "Azure Firewall virtual network", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSub.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "avdFirewallSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').firewallOptions.existingAvdFirewallbVirtualNetwork.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkAvdFirewallSubnetSelectorName", + "label": "Azure Firewall subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, { "name": "firewallInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", "options": { "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub for protection of AVD deployments.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", From 6cdbb463fa99d60da6456a2f36d98b95eb173fa1 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 25 Oct 2023 16:44:47 +0900 Subject: [PATCH 006/117] update portal-ui-baseline.json --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 7f7f8e907..e6c4ee634 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2474,8 +2474,8 @@ "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", - "deployAvdFirewall": "[steps('network').hubVirtualNetworkFirewall.deployAvdFirewall]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').hubVirtualNetworkFirewall.deployAvdFirewall, true), steps('network').hubVirtualNetworkFirewall.firewallSubnetSize, '10.0.2.0/24')]", + "deployAvdFirewall": "[steps('network').firewallOptions.deployAvdFirewall]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployAvdFirewall, true), steps('network').firewallOptions.avdFirewallVirtualNetworkAvdSubnetSize, '10.0.2.0/24')]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From db688fcf7e948611a47f024313d906433ebbd51f Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 25 Oct 2023 17:07:18 +0900 Subject: [PATCH 007/117] update portal-ui-baseline.json --- workload/portal-ui/portal-ui-baseline.json | 55 ++++++---------------- 1 file changed, 15 insertions(+), 40 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index e6c4ee634..234b628fc 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1496,8 +1496,8 @@ { "name": "avdFirewallVirtualNetworkSize", "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", - "label": "vNet address range", + "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "label": "Firewall vNet address range", "toolTip": "Virtual network CIDR for Azure Firewall", "placeholder": "Example: 10.0.2.0/23", "constraints": { @@ -1506,23 +1506,10 @@ "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." } }, - { - "name": "avdFirewallVirtualNetworkAvdSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').firewallOptions.createAvdFirewallVirtualNetwork]", - "label": "Azure Firewall subnet address prefix", - "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", - "placeholder": "Example: 10.0.2.0/24", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." - } - }, { "name": "existingAvdFirewallVirtualNetworkInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]", "options": { "text": "Existing network must has connectivity to xxxxxxxxxxxxx.", "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", @@ -1540,8 +1527,8 @@ { "name": "existingAvdFirewallbVirtualNetwork", "type": "Microsoft.Common.DropDown", - "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", - "label": "Azure Firewall virtual network", + "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]", + "label": "Firewall virtual network", "toolTip": "", "multiselect": false, "selectAll": true, @@ -1549,33 +1536,21 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSub.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", "required": true } }, { - "name": "avdFirewallSubnetApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat(steps('network').firewallOptions.existingAvdFirewallbVirtualNetwork.id, '/subnets?api-version=2021-03-01')]" - } - }, - { - "name": "virtualNetworkAvdFirewallSubnetSelectorName", - "label": "Azure Firewall subnet", - "type": "Microsoft.Common.DropDown", - "visible": "[not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", - "defaultValue": "", - "toolTip": "Select the subnet.", - "multiselect": false, - "selectAll": false, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, + "name": "avdFirewallVirtualNetworkAvdSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "label": "Firewall subnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "placeholder": "Example: 10.0.2.0/24", "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", - "required": true + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, { From 7e62f44572c3cc133350a49c4a4fa884faab2973 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 25 Oct 2023 22:41:19 +0900 Subject: [PATCH 008/117] update ui on placement of firewall --- workload/arm/deploy-baseline.json | 18 ++--- workload/bicep/deploy-baseline.bicep | 4 +- .../bicep/modules/networking/deploy.bicep | 12 ++-- workload/portal-ui/portal-ui-baseline.json | 68 +++++++++---------- 4 files changed, 51 insertions(+), 51 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 11089504e..b89f06b73 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -312,7 +312,7 @@ "description": "Does the hub contains a virtual network gateway. (Default: false)" } }, - "deployAvdFirewall": { + "deployFirewall": { "type": "bool", "defaultValue": false, "metadata": { @@ -8037,8 +8037,8 @@ }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", - "deployAvdFirewall": { - "value": "[parameters('deployAvdFirewall')]" + "deployFirewall": { + "value": "[parameters('deployFirewall')]" }, "firewallName": { "value": "[variables('varFiwewallName')]" @@ -8179,7 +8179,7 @@ "description": "Create virtual network peering to hub." } }, - "deployAvdFirewall": { + "deployFirewall": { "type": "bool", "metadata": { "description": "Create firewall and firewall policy to hub virtual network." @@ -12585,7 +12585,7 @@ ] }, { - "condition": "[parameters('deployAvdFirewall')]", + "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-{0}', parameters('time'))]", @@ -13027,7 +13027,7 @@ } }, { - "condition": "[parameters('deployAvdFirewall')]", + "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-Rcg-{0}', parameters('time'))]", @@ -13337,7 +13337,7 @@ ] }, { - "condition": "[parameters('deployAvdFirewall')]", + "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-Rcg-Optional-{0}', parameters('time'))]", @@ -13657,7 +13657,7 @@ ] }, { - "condition": "[parameters('deployAvdFirewall')]", + "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Subnet-{0}', parameters('time'))]", @@ -14063,7 +14063,7 @@ } }, { - "condition": "[parameters('deployAvdFirewall')]", + "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-{0}', parameters('time'))]", diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index f0107d5ba..24c396768 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -157,7 +157,7 @@ param avdVnetPrivateDnsZoneKeyvaultId string = '' param vNetworkGatewayOnHub bool = false @sys.description('Create Azure Firewall and Azure Firewall Policy. (Default: false)') -param deployAvdFirewall bool = false +param deployFirewall bool = false @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -938,7 +938,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre dnsServers: varDnsServers tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' - deployAvdFirewall: deployAvdFirewall + deployFirewall: deployFirewall firewallName: varFiwewallName firewallPolicyName: varFiwewallPolicyName firewallPolicyRuleCollectionGroupName: varFiwewallPolicyRuleCollectionGroupName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index a8fd4c8b7..bea41c9b5 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -55,7 +55,7 @@ param remoteVnetPeeringName string param createVnetPeering bool @sys.description('Create firewall and firewall policy to hub virtual network.') -param deployAvdFirewall bool +param deployFirewall bool @sys.description('Firewall name') param firewallName string @@ -437,7 +437,7 @@ module privateDnsZoneKeyVaultGov '.bicep/privateDnsZones.bicep' = if (createPriv } // Firewall policy -module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployAvdFirewall) { +module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') name: 'Fw-Policy-${time}' params: { @@ -447,7 +447,7 @@ module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicie } // Firewall policy rule collection group -module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) { +module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') name: 'Fw-Policy-Rcg-${time}' params: { @@ -648,7 +648,7 @@ module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Netw } // Firewall policy optional rule collection group -module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployAvdFirewall) { +module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') name: 'Fw-Policy-Rcg-Optional-${time}' params: { @@ -859,7 +859,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros } // Azure Firewall subnet -module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployAvdFirewall) { +module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') name: 'Fw-Subnet-${time}' params: { @@ -870,7 +870,7 @@ module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.N } // Azure Firewall -module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployAvdFirewall) { +module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') name: 'Fw-${time}' params: { diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 234b628fc..712095abd 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1441,15 +1441,24 @@ "label": "Firewall options for AVD deployments", "elements": [ { - "name": "deployAvdFirewall", + "name": "deployFirewall", "type": "Microsoft.Common.CheckBox", "label": "Deploy Azure Firewall", "defaultValue": false, "toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments." }, - { - "name": "avdFirewallSubs", + "name": "firewallVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('network').firewallOptions.deployFirewall]", + "options": { + "text": "vNet peering will be created to firewall vNet with access to host pool", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" + } + }, + { + "name": "firewallVirtualNetworkSubs", "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", @@ -1457,10 +1466,10 @@ } }, { - "name": "avdFirewallSub", + "name": "firewallVirtualNetworkSub", "type": "Microsoft.Common.DropDown", - "visible": "[steps('network').firewallOptions.deployAvdFirewall]", - "label": "Firewall Subscription", + "visible": "[steps('network').firewallOptions.deployFirewall]", + "label": "Firewall vNet Subscription", "toolTip": "", "multiselect": false, "selectAll": false, @@ -1468,15 +1477,15 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.avdFirewallSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", "required": true } }, { - "name": "createAvdFirewallVirtualNetwork", + "name": "createFirewallVirtualNetwork", "type": "Microsoft.Common.OptionsGroup", - "visible": "[steps('network').firewallOptions.deployAvdFirewall]", - "label": "Firewall Virtual network", + "visible": "[steps('network').firewallOptions.deployFirewall]", + "label": "Firewall vNet", "defaultValue": "New", "toolTip": "", "constraints": { @@ -1494,9 +1503,9 @@ } }, { - "name": "avdFirewallVirtualNetworkSize", + "name": "firewallVirtualNetworkSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, steps('network').firewallOptions.createAvdFirewallVirtualNetwork)]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, steps('network').firewallOptions.createFirewallVirtualNetwork)]", "label": "Firewall vNet address range", "toolTip": "Virtual network CIDR for Azure Firewall", "placeholder": "Example: 10.0.2.0/23", @@ -1507,27 +1516,17 @@ } }, { - "name": "existingAvdFirewallVirtualNetworkInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]", - "options": { - "text": "Existing network must has connectivity to xxxxxxxxxxxxx.", - "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", - "style": "info" - } - }, - { - "name": "existingAvdFirewallVirtualNetworks", + "name": "existingFirewallVirtualNetworks", "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.avdFirewallSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" } }, { - "name": "existingAvdFirewallbVirtualNetwork", + "name": "existingFirewallVirtualNetwork", "type": "Microsoft.Common.DropDown", - "visible": "[and(steps('network').firewallOptions.deployAvdFirewall, not(steps('network').firewallOptions.createAvdFirewallVirtualNetwork))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.createFirewallVirtualNetwork))]", "label": "Firewall virtual network", "toolTip": "", "multiselect": false, @@ -1536,16 +1535,17 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.existingAvdFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.existingFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", "required": true } }, { - "name": "avdFirewallVirtualNetworkAvdSubnetSize", + "name": "firewallVirtualNetworkSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "visible": "[steps('network').firewallOptions.deployFirewall]", "label": "Firewall subnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", "placeholder": "Example: 10.0.2.0/24", "constraints": { "required": true, @@ -1554,11 +1554,11 @@ } }, { - "name": "firewallInfoBox", + "name": "firewallVirtualNetworkInfoBox2", "type": "Microsoft.Common.InfoBox", - "visible": "[steps('network').firewallOptions.deployAvdFirewall]", + "visible": "[steps('network').firewallOptions.deployFirewall]", "options": { - "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the existing vNet hub for protection of AVD deployments.", + "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", "style": "info" } @@ -2449,8 +2449,8 @@ "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", - "deployAvdFirewall": "[steps('network').firewallOptions.deployAvdFirewall]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployAvdFirewall, true), steps('network').firewallOptions.avdFirewallVirtualNetworkAvdSubnetSize, '10.0.2.0/24')]", + "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewall, true), steps('network').firewallOptions.firewallVirtualNetworkSubnetSize, '10.0.2.0/24')]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 37944747f446bd791254d8062273cacdb31f74f8 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 30 Oct 2023 15:55:03 -0500 Subject: [PATCH 009/117] updates --- workload/bicep/deploy-baseline.bicep | 4 +- .../modules/storageAzureFiles/deploy.bicep | 2 +- .../DSCStorageScripts/Configuration.ps1 | 1 - .../script-domainjoinstorage.ps1 | 14 ++--- .../scripts/Manual-DSC-Storage-Scripts.ps1 | 53 +++++++++++-------- 5 files changed, 42 insertions(+), 32 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index aca95b71b..e8c50ce12 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -1092,12 +1092,12 @@ module wrklKeyVault '../../carml/1.3.0/Microsoft.KeyVault/vaults/deploy.bicep' = } { name: 'domainJoinUserName' - value: 'AAD-Joined-Deployment-No-Domain-Credentials' + value: 'NoUsername' contentType: 'Domain join credentials' } { name: 'domainJoinUserPassword' - value: 'AAD-Joined-Deployment-No-Domain-Credentials' + value: 'NoPassword' contentType: 'Domain join credentials' } ] diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 0eb4c9cc3..e278d9930 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -190,7 +190,7 @@ module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { name: managementVmName file: storageToDomainScript scriptArguments: varStorageToDomainScriptArgs - domainJoinUserPassword: avdWrklKeyVaultget.getSecret('domainJoinUserPassword') + domainJoinUserPassword: (identityServiceProvider == 'AAD') ? '' : avdWrklKeyVaultget.getSecret('domainJoinUserPassword') baseScriptUri: storageToDomainScriptUri } dependsOn: [ diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 6ebaf1a6a..9a3cf2652 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -200,7 +200,6 @@ Configuration DomainJoinFileShare throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage TestScript: $ErrMsg", $PSItem.Exception) } } - PsDscRunAsCredential = $DomainAdminCred } } diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index bda935181..cbfefdd5b 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -63,12 +63,13 @@ $ErrorActionPreference = "Stop" . (Join-Path $ScriptPath "Logger.ps1") -Write-Log "Forcing group policy updates" -gpupdate /force - -Write-Log "Waiting for domain policies to be applied (1 minute)" -Start-Sleep -Seconds 60 - +if($IdentityServiceProvider -ne 'AAD') +{ + Write-Log "Forcing group policy updates" + gpupdate /force + Write-Log "Waiting for domain policies to be applied (1 minute)" + Start-Sleep -Seconds 60 +} Write-Log "Turning off Windows firewall. " Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False @@ -127,7 +128,6 @@ if ($IdentityServiceProvider -eq 'ADDS') { } } -# Remove Administrators from full control if ($StoragePurpose -eq 'fslogix') { $DriveLetter = 'Y' } diff --git a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 index 2a533ba05..e94542dca 100644 --- a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 +++ b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 @@ -65,7 +65,13 @@ param ( ) Write-Host "Add domain join account as local administrator" -Add-LocalGroupMember -Group "Administrators" -Member $DomainAdminUserName +if ($IdentityServiceProvider -ne 'AAD') { + Add-LocalGroupMember -Group "Administrators" -Member $DomainAdminUserName + Write-Host "Domain join account added to local administrators group" +} +else { + Write-Host "Using AAD, no domain join account to add to local administrators group" +} Write-Host "Downloading the DSCStorageScripts.zip from $DscPath" $DscArhive = "DSCStorageScripts.zip" @@ -86,28 +92,33 @@ Set-Location -Path $LocalPath Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Install-Module 'PSDscResources' -Force -# Handling special characters on password -function Set-EscapeCharacters { - Param( - [parameter(Mandatory = $true, Position = 0)] - [String] +if ($IdentityServiceProvider -ne 'AAD') { + # Handling special characters on password + function Set-EscapeCharacters { + Param( + [parameter(Mandatory = $true, Position = 0)] + [String] + $string + ) + $string = $string -replace '\*', '`*' + $string = $string -replace '\\', '`\' + $string = $string -replace '\~', '`~' + $string = $string -replace '\;', '`;' + $string = $string -replace '\(', '`(' + $string = $string -replace '\%', '`%' + $string = $string -replace '\?', '`?' + $string = $string -replace '\.', '`.' + $string = $string -replace '\:', '`:' + $string = $string -replace '\@', '`@' + $string = $string -replace '\/', '`/' + $string = $string -replace '\$', '`$' $string - ) - $string = $string -replace '\*', '`*' - $string = $string -replace '\\', '`\' - $string = $string -replace '\~', '`~' - $string = $string -replace '\;', '`;' - $string = $string -replace '\(', '`(' - $string = $string -replace '\%', '`%' - $string = $string -replace '\?', '`?' - $string = $string -replace '\.', '`.' - $string = $string -replace '\:', '`:' - $string = $string -replace '\@', '`@' - $string = $string -replace '\/', '`/' - $string = $string -replace '\$', '`$' - $string + } + $DomainAdminUserPasswordEscaped = Set-EscapeCharacters $DomainAdminUserPassword +} +else { + $DomainAdminUserPasswordEscaped = $DomainAdminUserPassword } -$DomainAdminUserPasswordEscaped = Set-EscapeCharacters $DomainAdminUserPassword $DscCompileCommand = "./Configuration.ps1 -StorageAccountName """ + $StorageAccountName + """ -StorageAccountRG """ + $StorageAccountRG + """ -StoragePurpose """ + $StoragePurpose + """ -StorageAccountFqdn """ + $StorageAccountFqdn + """ -ShareName """ + $ShareName + """ -SubscriptionId """ + $SubscriptionId + """ -ClientId """ + $ClientId + """ -SecurityPrincipalName """ + $SecurityPrincipalName + """ -DomainName """ + $DomainName + """ -IdentityServiceProvider """ + $IdentityServiceProvider + """ -AzureCloudEnvironment """ + $AzureCloudEnvironment + """ -CustomOuPath " + $CustomOuPath + " -OUName """ + $OUName + """ -DomainAdminUserName """ + $DomainAdminUserName + """ -DomainAdminUserPassword """ + $DomainAdminUserPasswordEscaped + """ -Verbose" From d72d14ec6211bcab764ae8838c925046ef7900d8 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 30 Oct 2023 16:41:53 -0500 Subject: [PATCH 010/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82678 -> 84173 bytes workload/scripts/DSCStorageScripts.zip.old | Bin 0 -> 82678 bytes .../DSCStorageScripts/Configuration.ps1 | 191 +++++++++++------- .../DSCStorageScripts/Script-AadNtfsSetup.ps1 | 110 ++++++++++ .../script-domainjoinstorage.ps1 | 24 +-- 5 files changed, 239 insertions(+), 86 deletions(-) create mode 100644 workload/scripts/DSCStorageScripts.zip.old create mode 100644 workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index da77018698fd4c91f7e22a6d759c4d42fdfc738b..5926893e558b54f16fd3d1d5b1e8d684974b729f 100644 GIT binary patch delta 5634 zcmZvgWmFW5)`e$ikZz<~hM|U`B&DTOl#=dlC59YAYUrT^K~g%Uq#Fr=0coUR2n9j% z`mS%?uhw1Xto?KU-1|A_cNF#n0z0%3s3Zuhjx;y&`iL+Z!vO%4K>z?5002;Mce8V} z_w};$adda%_wW`%8@swMiIU#Cbw7l8#4qBgk=$hSD_~3FOEor=O7Ov}X(?k9=SDuL z>pk!M^bqX-R+v*iWU=BycP~kzCeum4&<|;nkGDbdZbW%&CBjQcaWr+99imQ{jR}@S z-4hHpr8vrgc^#! z#z|4t#&T9-iV)=RkB<>&D?rUrLEfu!aeg=PDpzIr^Qm_4n)m7)>({Gd46(F6zr!OM zXscgTyHm@x14!g*b&$U#YwwFE`x-1t$!!>WA4JyB6RojRMUNxcUt+5HLohdXY|hyA zdZ5(+L+VzpP3xd2y-gf@Kw!${8{Dlr2h!k!?L3v>S#L@7n06r9ukw{kyVGKF?DG^` zryqi6qygj9x2&NyF2mUuM&N}fTXirxX{>M+-rChaJn78W|0MD3&Z^JVzL`LnA5TwOfYpO=$3(%!6j;;z7}+aw>q zOT?Qvar*KFCp>y=$v6==hXI`piWYdYFvu-;9m%sqNKANcvu94w6SZ9^V^WJv0S@mr zPiC^2ZZjhHP3et>O=0{vv2CjlB|%O7+PJ;VE*I)w>kE=!y5s+pRP!R)THL;N4$2X{ zB?;C2Sc&e~xxCaMMExw)azyGM3zK_I5}h4)qEUVXOU`LeT!SBr>r(am^&N}bh&tqh zO9(gjc1tacnm;DQDXrZ!fF@?}Z4QRB@Sw(Z@Z0oj*D! zvsEue%~ptuV4_=Ut063TjHMykUuN?JU<_*};P zwnQ1CTP8$26P`iirG&dOvlpauSm>)HO;J_#NBJ>w5<;SvXH64w7!2iv{(1SEHz{~f z285Ul4-e)&mSr_1;E`w+R#ER*zGVj@@ox4y`2?RF^M>*{?)Cp z_BFWF8G`btsC!fWGvns#WBEz?H%Uq;Kdw;DEq9CsyanagxDZ^mz1)Gg5>mhTcFNhE zw!`f?y;GH+G7+e;NhWo##};6#q`SmE%OP5M_6?>j&?ZC?EvG3yiS{$!l5sUeQ5OFg zEq<{LYeDm-kJu4>Y_@VA>5#2c#$aPK<9g0A_W9|uzIgk*xNSHo1)wILnmqf7yw|U8 z0w=v1?0wdR*6$VcM~{Hbgg0$QG1V6zL{zZoBVwaJ*^G<*8r8f#Be{vFl0GUw^c7*7oNX$RLiH`x?8$Ebjb{ z@qx{0*(a|Kd#buiXgc-DCy21U?E;l+i!E``xt!-L+0EL+1OuB}IGj9l z64#cON`3CQIFw2DC(AR1I{X>nC(WdUt#YtN;^ao2%SrIkWsWgrsQSdn*g}>m&wychNOO+^4 z00Tx8Wp31j$j8UR1^~o~0RWo6EvRqp<>=wV_sr5p%g4@J-`2<1sZX^S_T9? zi+OK$E|6z6H-YVv=BJjBiwH}(Ny#BLn5|H>Sa=r(ABPFcd9Tiv>9;0?j12y@y#h=$ zS1Z0ZSz(wmJWJu^>YFD3r1;eaOw0nRm7xb4TGe4Z%EG|md6X%{ZASby_G3p&OZ&sp zs@oukx}?p9z?xK{@*#HZ*Ifr&ixzuyv&ST0PzB2SMj>s#4a#G&PRW7)HiLU}s-r_{G2b(tDg$lcONzL}$4 z2*tsWMJ6XhQ0&#J8|tM)o+^)x0QAjI&ab*`BnS=h;uHzx{)j}&ghSy@4vrkdo1^%C ztFW1|*+T1{)v=dF>ZR-BULzw=Se-rbi8WJfdiWc#=Rit7W-pOWJH>3o&+$wvCT={p z3!T#o!0jzttirXx4_*R_Ws0x-YeR=_QP(;{`A-8bJ_kF`dPd-O;^E7h%2?$l5cbNd zCLKX*pV}y25`3C5z2!)!yb7_Z$xmjGfE+xgHgt97h-$hfYR&OldOK(*75$Yuq5CgH zgEbJ3W4sIOPJrwuZ`wpAI%xpTBj0HphahYe<(-> z)6NRJsYfHZd{8uceeY-lTIjSaNLN{PP0P~C9bSOCO^20-srW{2V8q`S?4fHKA95hZ z32;ybP~_>TO1thdy2YGpa+B zMeA281gom1Ndx9gzNU&ZOTIB(F*Y5FMro1o$QtDEroH7_1}K2!EKsZP^y%J@T{tHc7v<)P_ADNe{MRTBsq)nj(8E&dYCf?=L z%t(l@qH(?wJBr{fj0vdDQSU%hzE2%5RXSCw{eIu$^MGL=g9kX+q6vydyx5v(9#&U$ zE!n4j+_X6Y^NsNv4YbY{EY{F#_(;jy)>sWqBr2iao1wvgTr9f%JnK1TSy4ZM5e*PMV zfS0EGsJv- z^$g!gDnZ=oY^q|M9fklH8`uR~(LHwd>X!-}@_M=r8a@xR@0PKS^I~2LM`eQK(SnBc z!z`(>F&R2GHlLJd9qrz4OkiRE8Qh%I*lMKxl0LA=f>+I&=@GRpF;@Gvf9h%IXVrJP zC#()x!s$1by>D=2UJxP&AIo&C0GMe&oE{R$ZhOR_SD_^vCG2%A2Y#qU!14Q^9Ve@- zm)vX{>zO1O%{PLe>M5>UqgZFJfs>C%pl3zb2Ft34EOQcU7F!<#6qz!W)+uB+8n61j zPqh_6I|H}jya|DT=pK@uoApyP@G6)-n|xbw5PQ**I%x}oW;`HeHi7}?B%GV&drMeR zZirs3OP%(JC2W~mFZhk#alG@Zg8t5(JXfKx`AY(lt6N^^(u&){a)kTv@hJQ$V`C|L zN#;2De(9%LEbWdm&+*=izTm6U;Y8d1m?Krs_}n#QECbCf;b6rkD>KAoBfw*#P+5Iys1d4lV^)orh3&XjanZy1tky;cMUZjK^Te3m zjTw2)S>`HsV|5Hs=T+k~RkGa*X?f^&nv-t+cycWYLy-49Sy`m%FMcjfn*)Ppwz4H$ z(#N=EHuy)`v5}CdopL|axLKBn+we?S50g5n-|J^vHy+f@L)}*6zG1cr2+$`i$h6=P zlPXmY>^XaK&J4eng%HIwAvN1`LOXob*YBZXWtNC)d$~g7g;MfQ@2Q^!gj{-Z1uJbo~5MOR*M2v+P^6)ix@nzh}{I6znEl~BG#CN zQ4ST9h?4r#6IHQ)qnr@KO3PB_VH;vGeVnOAHi&`RZB@~?UoeP8zY@Z+0+>CbX=yg71YWlU z{(R3XAyL4mZk4Iqa>sd?|Ai^ce_!@!Mr~1sHK*LdUEZ}VcBL=$8PzuiU3#bhQaxid zV6CIWrT6_oBI>GnzblmklIzTXmB*>F-pO-%sUoat3Y(|haV6Ak zZ1dS-H|UACi9Pk#^5+;_pZFmEKHtbF|H+fUrd0OcB`10P9hxqw)A5d%7hw(raPMUC z475j|O6~szbW_YJJsWdUR+;OsrB0>aXPN zT;s?Gmro)G%UXx%OBA!2!-`vxQ!m3kN`rLay``HDo22|A`IQkA!pSq~`k{CD&PWNG zq~5R6fc%0|?B@*Dcaa(P5{2Gi`LVthW~=g&)sVT?2x)7q^5FRNfS-Ir$`nv*QoT^( zArZ@SUM|C1@1dlddlNI=(ii2+f&1JV*<4Vdo}*kqRLwlTZMKYbLsjwPua-$%Fk0f^05bcvQi}( z76c0YY*K;ldcP7jy<>6S!laoQl5k5i(Ki(B2G@1z`U84xb=?bvPY7vv=Hc@mwWx#j z_dOmpzV(+36Htt4So21PRYP${fB|}R9V6)-Tc;^sS>(qRiTTjFLR9-y*Iq_ucID|_ z0`^C&^snO(L7el7Daus}GM@5nj%f2ZL|D%Ofuc7(8aexU6}Kph?F-Hx*f9%38P#)% z+Dq?xarwZh9sT8OqF^=HXS&*Zl&4zJ*6dWuOlViU04nG*dzzs0|Yl0|GSM?d@&7{=pg@bsz>M z;J=XQKV6l7sR#fBu>4h13E;m0>HpuD|J&q0an=8rq{~46+vPuEmX131-_I@pfc@5eX71cMGw0!2^Mc89^X02n3RMb+LDZ zdAeJ9IJ&yl+MxsTq?Zq}EAJebCC7?FKKRTH<|laYL(g-PyAy=9mL;3m|27 zRiPq2y3Ndc`>`j9==gH*MEc8bJ^iGpe}D)2{}6rlk!#ex3KQXz80Pbfq4B8m$B zCdebS%iwqiA8S?Qi4H+2T8Kh~gzZz(es!zAgDYt9s63Rt2ylQW8p$N@BL*Chhu<()?7MG1p4T9%#WtMg*j z*#&3fr~jxDY`U%IL}P2Y3kW8#90!D3B|prgy0ks%({w1W8$DMY^_OQ8Ouu= zQkVQ$M0XoD!eX}0mqu)hoEwSW6f&1V;k1qG34D@mC}nW`Qa^lnnDbZ&2qK#kIAM}C z1yJ@bY;N9|%iSx}XAXi(_O7)0x!ITR*}j^I*(u}=G0%T%PKw0zsS+-p!2}fK1u|>( zBODJ^{tkztTypem4;DDXt)W*&A?fh`hL*b~Q*9_Lh~ZC3AXCW)zbKR^Jb5MNezY`@ zmpD`ERR+c>g-HuBs5T9hNFat1N+rh5O6RiI2t(dZZeT&@Ge(&g5YF_F>X%3~r8U+- zrigx^!vuAud^4tUf!Q2k$fFbAKY1o_`}+|`79SPiTxL(0FWBP8+_H{GhhC}tAWlda zQ~J+Dx20F#=6+Y!c^oBS)wL!`hb|FzO!idfqEmqJCYx}*3qhA;UrRZ@ z779jCF)lX_Hk@-CD~@-O3U}eTvHlpYUt{$_SlO`j%!O+a_g z)MO;X=v24;V*nT+*0V8_OG^scKS%D+qMZbF9JJ~aadyaT>a3p^k51BdLWP7DNAq5` zYUa7eL%PkM<^O6p^j+SbrllD17P!r+*qvaGbRUo1a3QPeKY zJuZ}ZNG*#GiFuvo{lk6*gjvrtW)DcR+4WkZOubG{Gm|U7|7&itL8{ za&bhTtu!y{LVfi1iIct72)un{FviQIQC$-rhSHXn;@8RlkPMcN>PzPKTYgsY?HPnk zNJL;yug8fnS}Rib?GZRMJ#@A}zD6b--hT1U?D`MRTJv%Rj>QUB^9_#2W9+}?_m1=} zU}e080^sy*gW@hS%iUzZ`Bb0v)7S-+OIBs5!L@>XQsjA2u%S|nNNZ)^GTD;H)J`3D zsUYX!9+Q(hBr;e^x;RG^c7ZFP1QI=w?!3V>h z8OiDorpz}XV0d@DS+~bK=f2d)*cvnyyWXFhbb!M*X^frv`mA=$GZ|U^(&zzMv%4ZL z!bQ9Gun+z5GW4l!$B7-G{h~y4a!~=s*oU%Q<1BToylEr;m^rYkLV!OSK~=zE8-E)& z@ecO1hsuo#k>o~Zv@_h=rQ+;mQCzogkVc+$l?2n@@xOk|esoPK-KXw7u_{}(&K#6& z2Ap=M{k@^pC+|6Qt5l_^#tPExt?iCVc{1W-Nv+6<`si|2l~B=9{=2-kj9q-bgW~}& z6_2Xt+egpl9JL5+NCU~P59hD7sw5Nto~;}yjlXa(2>TJTXfmvys4lM!#ADmSEbG2a zLDm~%-AZTsM9u zGpUCs-#?aRRB^1^m}(xhf^|fbi|@IUGM$PH!D^}(_th~+JWI`}6DomIb07Tv6)W<` zMehpRq*}5Lp0RVE7>yqxuYefwEzkNJAENwUVPC560@i=^9wun`$*IxI9PaPU`T_=S zi%Q|sc)++z%HUSxPkS=ur`l6O)5QPECCD6kC>2@#vyOT<`Mm*+-k%3XAYsfY)Zm<8@W^r|nV9IdzIJ4=?MKju+8)SEOf6(4UvimPc zavZ+vtpGr;)o~t>|63UX(EGHQX1NzwY}f$Q(87pHG~slT00dH`2Z8AR

*hM>h{X zTUTc*N0+y*jxGofS9dFz-Tw`ev+K$*_|6IEjsyo<`g6h7n)Tshh~BG|pZZ2Cq#6>t zO)_)~Kh>6r2JF04$K3bs14NMO8OhXL>K8=V&_fqHk8!LW_tam#~iM%s(va@@4O#3;+L!UNxlEohBMWkbxN~R9(XGkE* zQg&*?{tcaHoAEHymYR7?pDB6=ZR~Qk<5)W_c5P0%H?S74K@#|8DiJjFr9KZ1|7RSzfF( zEUK%0v;(`(Q;2(zH?NELRB%vU0SGrUkBo>=nTw~$b03(EC?qFo8kK^Q zz6y6(DB+a1(~L`p9T`vBo8e~296wrwY3LmOFg=d@67~A!crvf>ur14H3UX?$3b1GD z63plMK&YS1Zy1OBG7y7Sa~C5Bf)BHsu}H(HPc}@*XKpL+qHWO3sb%~U$`;p*P3Cre28i|I{ua)iPwwBj31KQo3vZ7^ZU0HB;346x|daZ={B%=i$x zJ-vC-PW<={<43?YNAGj?a0`?4IHu0*dzgfFl6^wohUPJW!UcyLq=eDjm~v@op#Yt# z>;K+kjT%+oP2rv7{dIu+CAyH|_^*+J_w{XU2R>S`lLvp#b}GZmHSRd%585zIt-n@K z?nI#(de|qc2zc?bDs9F=;&OlcA`<)ivIV*oFU1>$0yx;OD7>w(gN$(QY}{BmCBEXJ zsO^i<28&E)?;H|H>8z}23U6glPZu!Gg>1jV_@X+S;+mdQNLDi7VdVK_;prCI_7#zI z;eV>eXRBnp{gZPJR$zJE{4r!&(gxg!JBA2_Y9Gc=0Ee(fN)^sr4h}&qpME{I*MNdt zh8(>?v+GNNaT=8UZnvd28-Z^%)2Y8W5t7VO$R7F1+J=p=^%VyVr7>0bGGLz1QOz%<@&UzhDE z&PI-7Dn9KZMD|bowUuB2&hbJPmt_k#v$T5%`rtaOOs+mtw|LsZ{`f~zVdcOEYmT|v z=b0)~VW9L^(+ufJyqI65dfV;vR!v0xvGP1Ul z4`|YBRyOWY@lG^(W?koM%2VK8dk3&ezX)$tswsJ$%7Us~rA?6X#+-$%>_IxxXKmo9 zDM6^|(ROVIx5Ilb46CY8{gJ91dKFcx3P(ftEHn+N!@Z~%4((`f5;N=cSJTyclYZ;} z^oOuJ7!t4*EPh^bp{BCg;~z;0h9gUXaW>(q>3S-$U6W;*kvj-YS;|8m!_$iOP}*HR^Z zoaWZO#+O?ZKI&dxYQS$aitS$ORfceV^q=O0MGeoR4?JaVOuA1a*cja6MpHBZIvz=g z%agBc;`5Q&k?^75Dw#O>o2PKxq%(Yn`#G`Cok-t;F60@b7d&)RdsyoGxn`+myk&uq z8C;l|$3_(ZNp>tGkBQ?UfeR9?qR^V#0EhGaDMEhXpMDlV5yiBzUlt~aUG$C1jhjJ+v?U@38- z4xTk_T;tJ%^Kk;{$G+YGNZjcgA@p60EiV1H!H~(s5X0~q^nmU}`)#>9zOT|l((Bjy z-xJKd(gz)tm>*$f7SgWn80nWUZgZp{bxw=pY%Sd^t{&FH+60#n+eMA>r>`_J%84Gj-;x^5d4XiSG4I@9iar zFJ$JP?U74R2^CbNb$xGcoUtJOB8T&lF{2jz`qHH-Eldk<47a zNOMxg(s}&nN(1U-% M!vcYpA^!~YA91VY-~a#s diff --git a/workload/scripts/DSCStorageScripts.zip.old b/workload/scripts/DSCStorageScripts.zip.old new file mode 100644 index 0000000000000000000000000000000000000000..da77018698fd4c91f7e22a6d759c4d42fdfc738b GIT binary patch literal 82678 zcmZsBQ;aSQu;keGoUv`&_8HseH@0otwr$%s&e*o@f0KRL%~nz`o%C~8SCyg+C>R>h z{{oIhL47$OOACS#80deA`QJ>)Q{2+V)Jf9A$kEb7pOK!Ko|E3w(n0b6EI|Qnx8kXr zQj)6nQ2_xF{sjU;`G1$_9h^*hgB zz3LnczDhkNapr!T&#velg(=zrX&xSr6zhgpL!KS#nlY!n>)(BS;R(vm!JZHznU((oC~D2QJHro z&_y3|TlR=jR!XdM9$%+ZdHwzUvCks!_NF-nex9secrRzFE-FV1?{rN)7bSOj!W7U7 z35b9?x&oCWoEP}tP;Zoyoyo>>@neKP*W&OtIs&^1Vrp7)CS|*?9E!691n=KobOhI$psit@wu(4Hd|ThP0Yz1N zspG4^wwDG|d#n7B?mt#dn}k&gkwMz17d2gmN89lq!yXxyK!A> zo*kbd)8;f2lihu~4jbx9NbC$QplyE5eG{C1#Gfrh$zSHD3=BmrK5dfEH9DgubVKC*k%5^{su% zVa9^$wR<#DPzM3oCu&01#l){aAC9AIem=k%U3$J17l?uVUR(m2r4{P%Vj7Hpw)3yo z9qcwxHH&Zy4>&sr>1?c@ve_#my+MK-BS$kZ=T?>Qzhn`gD^4ysf8QVU{eGq-&;@n9 zGIGT8S|nkuhXecUv)u-LnU`5EViszA-&x=k&-C$)wN^}E90n0-8WxwUepG((P=8(k z(OL|-+IK8`PrXmO)_}RizUaihxlY)guQe8Y(=Si7(sJgick?k1$@gbTd$p%d&Ul{g zqj<7@}*NP`(fBHG|v+)4x+)3Rdr` z2|am7`V_A%5-+NrDFX6rZu`n@?h{dFq+szM#kIz&cHc(FHB69?Gf=XJLi$we@LBpbqkc@s|Xb<(Mz8mzvj5_1qABKVrF7o`u+arKi#)!boihG4L4yN zb3`4uf1_D*G{!9!1QPn)SE2L>c6qye?p?t^+e`Gj@k%Nk7@}mYsV$xavR3DYrptr^ zp|nh&v#vg=vb!yW@@E7P*lH*1c9X;q4pDK-#(j&N%KY&s*78O@S{I@iv?cXkw?wik zPYHEDk7dp@<`=VkZJv6tMGp+&kWhX6fYF*C0qXijoB@~=P6aJ%d8tTnTA=5~`@myV z258{PHe-ylU-hf@@UME{QhrL82}$lT5EaMQMHAkBif)EPp)bXehKb|FmJZ|anOWtG6{oSm3yp=v->&p=~KSFvjvl&hmy^Fmg6iRn$Pez zb8TPTwQNnwTz3!7GGOZXD_I}KFfR5j zj4wK(geMY6|0M_((D=9f>?X<|et!#t3;#(22&4WJu?8CqW}WR04LUf*V*c@&e#0_0 zy+5mA34h%@p2Y;B%>WtmrzA`bkG)8V53OZe!qKvaen#emZMAqzWi-(8;5GWGBSpcM z0^q>>`;Cu|?|<+8^>AbEc(a!4F_TgRo^SoN<#`W3(z-YQOz?AP9QSHbCXy6%b)(C5 zi#X2lg!2IZuI(8!GgL}->6bT0Q}v0_pRs4d*=MDboA5g1?aOcZmSr};ugBL`YQMDm zqb87Nx;nmmVyE|e(ieMgaV9^oug&XNsQ_asrQ)kEjDNBB0958xF2G^k68Va0n>c z3_#L6nmA(JG=Hl9XTW?SYn?jZR zUFa?y%Bw$#Diuh26R1aqM<$4Tk4C)B>a~BFefQgZiDTfgK-am!bbxQqqkij|SpPR> zg>wA9N{1&ymP@cxMu!b+$H=-emkvbt;H2{QLM$>AbpAzR)IngneE~S=sHnW#0%g(n z<&nMZ_4$+P4fpK+9_0G__%jvm?dQF~iSa^i;F{dGtQ4=%@h>U|L!LQj&Oyf)lDvL&U@Qa>kQ6(kLPMWzBP3r0;YPXGRITaxZaB}dy>$BMvdWx2Y236w9DLcs0 zQ?C!-Sbj;zzBc5R8NHMudub^y zNeZTosys6@1*1j8K4mScOXpTdEa|8b1p+Ji1u!wf_5~}S@~HXvR#Up5XvvK@b}{q$ z=pvpUD})v%bS8MYP*QNafYG!;!})ciqBc({Ix=mU+pz97_6Adf!qyh$q42;rMW;lc zBJV{Rt83%6fiY%qQOW8=#OegrFn7%5Q!D=RUOm2p!1>uDe#{GSDz1==fp;GyxI{Fw zzi`J9e_}hE1Y?=@6i!ATe+RQ)kBN@?Dvc|syOrsBY`vY8qc|$$WG%*Jq9N>ZZH$t5 zht`qRT)M{%nvp+?*YJoj(RDoQ-3^+mZQ%HQgHR}_&bMo>wJ^tBw6jJ|Jow1;f)a$5 zj$-vB@M{tEZ=SkQGt zDYt?G_WIoB5^m1M1NpAzYZHBfTL6jtc<2D4s0}BcQ{QXvwc$prMre6GE7C@rICj&H zhh0T;<3jC;sfO)kQ}}b{Rh!w|$h&G1K-37@T0`l&zkzd>ghd$U7zd-wdeW`7D0*GR z%9%qTJah1R?TMUE*}R4qkr1iiw-JEE2>Qe^i0?13c`eUkkqT0#?w$SuZWN3F5(pJ| zk1axp01mM)f1N@$0~VPOHG7gcXFri!9&wiJTzj;(Sm}I#AIH4BAg?M)R&MIHPGg+_ zbJK;ziKt)UGWvEz1KS&vH*dPM;HrR%figMdt9pMxfwprC3Hrl+^Y^Q=kMo=WiQ3%U z)5^aIUni=Gl@k?$jiUO@DM;33FnzO%v*t3Ga8WbA7MfhPcyOm82lt?+%K=mPMXyek zcY`~$8DT5=B@hct_QKYY=VRb(uhYd59lXG+eCwN6)^{g78B|~ZezHO=HTN!=)EeUh zSj3rCh*8`eF8IUFheuHd%esshLA4oVdFWbw=FD0_AnR*&xHYDpkoqhwXUYC>Dnnxb zwoet)L`#|Ry+=lb?*yq!3<#j;L11qYpa_HxMzU&b(M9JLvX7FP%uG02ij}gHcG~3) z9QNVfmuFk4uH~FspWMcm2Aptd;W>MYlS_>aP;kya!b)zBJV+UDMelC)8{DfNJH~ zsD~N1TJ_kFn0xjNZ^99|52fEjia|Lz>2=);+q3F3&cN2c$wTTO*={R|a~@UATLl}5 zgbdkK%ne5Z%&iCN8I74#wqh3HRZw@$FARCq8QyEO#NYF&*t!bGNhsv8z~<4CGO^p3o@n{2w+UPI<<18D7!9Fhl?GHQy4zH*nz zqokbllHM~M*<{qp?8%Ms72@6OTz9zIkAN{vqgi^uHYG>QCws z^T-83reuWicB&0?qHd`+XazS6XCHf^kxowF!g;jbs7d-W_8V7Inbp|=OQBpo$x>iV zGJ;LEZ`Ve%jpRXxy+bF(J?0Q3MrHXzy|iv-!+IC!%YK|-i1}p%QJL)_b;n*!3Cn6^ zq^Sm|mDuGOUX`|YI(DfTeFfg3&Q&wZ=(v)oU1k{PlI-5dH*^{ECngp5=%9` zf7D|T8@ufmApN@jcR+csLFa{d5Zikys?kZ^>){yht4s!$7$eqg!}_t*L}JBIki}q$ zCGp$QB9HDVch7;#5p`glnO#I6VP$xn5)ufanJr+(<6dLs^SwO{7glGJ-P|?4P!K8L zA|?7DmfGV3QV5LLhuU6@qDRK?TjvPz`+ddpv*W_SjhkH5)R%U9Px0>BSp7?|Kvh-; zlHAhg%$+&-q9QiNdGxr(SkwIC-MSrPsd~TYxhc=yGc4MhQmGD z5|#jPLR5d!>k)4lCPw1;zIy%QNkB8efDuMtQOO~_-f|$;xLRC=_o3E8EcNS1 zwLZ$Q?QitXBu#7P2_ssXwKg2Q1X8x8r^xcFAA{@L_AE_MfwFU^rESv>Cr_POd)NjOIxdZd+P zrk*DEAe@D8$W(~&1PQvq1k@4C6pl|tEYU&R?GRRkO+<-nHlVroKJP9zGx_+$Wr!hT zvt-)77Wkh?39rbZ%be`EnmuaFU&?RCGFy4=kpnnIq~V~#io9vh6&Gidy|u{rsq35= ztu^FIKRa3>WMnoA9}x^+9@E!cYoN$!ohORs5|P>C<%yCgl-XfyG@f3MI-T2F)b;FM z9l}%(a%Z<6nPcA$g-@eB&6fXo;@(k-2XKKuZgh&Zh+Hv_4=~b4dE)z*?5ySQ`@lht zc?PXhI-#kFVEk<&UA>y^UZAe^{1{f~0`Jqi3C>P4b84B+fS=_WyN-$M=_)=q@zu5a zf_HkXdf#8I#&f}pyEBVg8ntken|heg|DdG7w7?%<#RsX-mtgrL#&=3|*J2*f8#v?h>RaGM0mt*95(bcv=4<&C>mZxyU6r~OcsL*D^%*H&H-hEJ8 zTU0Z6Y-mlUwfJ}@X=}>w@fsf<3p7v{hJf;T9~VI*4$mR^;yck1B#n_8lw| zM_`+DzoT>r@O@5|VfHVgGU|YghSCWM2ciQJgB%Q^`4|5cMano6dy(6b9(g9XF#~NN zSPI28eg_(N3Eo3E0xPtm60%_5WgWre1~w`ZK}??eHF+qGK(^Q<*ak%;yU2mh@lZR* zdy_I0^JP1zjN({slhsafo+4t&-daLfM!enh5G%seD=F2B<%GyTM!S(PCCC0UdfGml z5A}|kN8&efDo)Qanf{jj5-{~m=h>f~k+W)>+^__Mr;|A&Z785}B)0Pv#N&5sr@9w>X>mrVG}%LGE7&*PvJj$6-K z4}1`W2jnWT>@VlPflSlC-+vBe;(ZH3oMTcyzJ3bf3WJm%op=1nm_`bm9EGWtIT3tN zF#^94I$pB3g<4xD>*A5vGQFPXou;qEE2b0sCYR4XWk*!r>XF`Z-%WUFv_!0@IbDJ> zbi{?3w}>W2!6%%%EqjU739XINo`=iVg!S5k$ zU&hQ`(>`?ciN`^(T>gBbQq}y?(NeTzYkKfLTB6gf-Ijro!}2EqQF<#$$9MCPT}P>pZHe&sQxy3Sc#j?0bB5)ccg?PfBgUMK&eBOFKi`y=rN5 z5Q9dFWIJvXq=^(6n6U(#k<7+*{>2@I-EO!YtFh`>p9ETqa><{S;D@nZ2*Geg$m$50 zJH#hnP1<{C%2CntHccvQ_$S5QaN!oV-$?i;vt}-I4ytOtd2UCT)mC`@E%I>O%i~bD z*&}DRhKfDgV+$-1y%ODXKwVGz54^-9_PQjQBn*#e-= zj>C#UVcXGbgI4>hbzaT4Sr0eu%C=p)%6Vk*8nRs zBc@LSm!gkN{RyKZpMo!A26Qwc(kVX@xoMa1sdx1>t7@IXJPe+smy2gCs(Qg(l89wX z?$SpvOnEymkEO3^VU%B$SGL^cLWeqNHnAG~n{yf@d;u`P80vu~3NulU{8A%1%OW-I4b_hTX zcs2Ak-!+&h*9f`!8#ji-vPADk|58Gel>_ahIQQ_peQ~gzvaha}T(BOVDq4;(g*Mb+3zt*G5FW$)6eWq4Y0pMwR1q7JJ2NdW7FZUeP61OO9i9=YL2Zii>c4)H z#1{YiH(y2$$dthBN~)D169VDsnd}YDuOjeVJEF_27FdFX+ifT@goO(gb)!Gf!J9gq=n`qlyE(xP%;1qQIW?^iogL4bpf8;#+u?f4)ez(|2q(_ z$UAm=md99(r|KL2@K16E<3=H+?F?=lc};aEQna5EJ634 zJ&a?D7ZUf0i7~F5nQ!$%9yH#|<>;TDH?f#p(g7xq<)DwY^wA~%QbRurDTg}vvrph{ z*R#((>z9iVI8hMC0FJ(ltHX1iU=WMgS}5&4ZL^h*G9-bVf64_adYu~L#ejButl!NE zorBsbN5nvxM#&Cn0atpXMUuYo5&6<~^dn5lX%;0Sc1R{V?m$q|yB0!+B2tGKdWQ}~ z4c7Df+TEWxg9XY%pPp|TS`=r+o>fGT4^WKzq&d^E&0r4*345OLJp7hn9XMxpTLXmb zL0neU2?@D`?x>ptc#$kV1l*zvaRu2IL&B*BwTN)!K+1>!=+N~k2%l3Iq`rgwu?G0@ zh`$GvL?_TWt7t|>7e{G}!}3B%%vlY){fMMeluc`%LG-RjkhVXiK$dp;EF{oCzQhcNadCOl?oHg5!;*gLM28|aXdRl=+QE>qeM5o#OLBU z$f(Gq7?(&pW3<6?W;r=^Xz$qKPorU3V`^JmQ3r>O6t z0;@13o)nkJ9rB7CY##rfW|mxpLE9D!7jm8*aw}X2TL1(7rPU1e z@W2*Ds=&VbBhV359%@7ukG2PK269z3afDa=Yec$zFjtX&QA|1koNJd9nFrz!(hAB^ z&U$i}^o%pw265EHDpg4pbKKqp4KWdB05(G;DovBbv!i;_v0m0;1B_g_{mrK6$dL$gh^i!q-Ef(_d4}{L#N!ho9~?hQ7k%d^q^G|43rzKoprGVFBb& zn$ocG$r54BI>CJ2KFLV2C3;OVxT_giLV@Jd%^(evz zukGJp3TC`d*HKm=X4wda=Rc<2tMC`##;M#;1f0DKQESP8$W2ol1CNmXX@J z-fkbku{?9D-q)anV;b`xqz{CZeL@6L@!3_atHumPLbm^_zPE89S!~uYMC)xQN$8@y zpK@fgLF1}7bagvStK#nC^^O&74!NY|-MxMBXc1PPAaE5Nvu81bG_&N<=UL0$WnHxF z(ftJTB#gq_?cc`Tz}R#~0E?Z9?A?_XAHHqrDqS6XxR{^GZnjvt^ql+?8>~;k#Il8t zp^hcBro-Tr)7UUmx;vhF? zdMvRh>S!p{_R0vFxo6BFR(wSPO zGSsFOfmIu<)FMh0cFMi~RAO4t#NL+Sm3~6gxmEZ_was%mwtL5pb}`<#yAEVmBf1#^ z9cDXOw`5jeMeHnGXG%XvpJSS2lay(z8<-dvduL&Ha}-@ar&sUslccZ{Pv$KNZc3x#X`g+c%nxybf%sqR%ns*m87+0C~uNAI6 zsZ8;U#0%Hc!})2mdxN4lCN-LdSEXN*sogcRb*TTNR6!{s=|x~VSr_(u(-AL3Sy3TYn%_Q)(#z-P6n`R!^P3@$xmxCSi7;MEzSPL@EXtQ;@kx!V%VnP*p5Yo z<#V((os{EYgavZx4UQJtDbFa?V90go*SvPBzc%5Nc+y+1iN$e~(lEaU5k4yE8dsSH z0BCkA0{}bCT-wYQNm+|#T$7U0n_K5mbQE@wdj@oD0y1t85*Qb`656!Ku4gs~n945Z z>8LaR#o3^3C$7)NU8#wNomKT?tKc~|k*zG{MpJO6fwTsS&ZMzC`(P^^;l_5fedDt` zI%#&-9T*VH@L@qj6FKzqr)}JAq}rJb!SS7;a6|MsuGS$1rqt8(=6cR{*@N)GlHFl^ zovt7{XsgbOIdX8AUf;}yj={TujYva}$hSJVY=5b=u){>d<-3GnWRs7V@mjBKhQ~aU zv9PRt0ny2T^HO>HwHoG)kB;hF>TB+{3|1Z(=W$4*Nqo1WmS`DdgJQx2!0^t1Vr^TtEIiBmCFYGbV|Ddlx=##)HCvjFzF@ zC*obwH(xFo$*i@b;#}Jm9rNdH3f^~+z8sV8WB1vR1Yl1}6wV0&&GFtVBj`ckM}*u$ z;b=cO<}PuaWT?L%2n&$8A>}n4NZR2Ic*7|u{}zIcb0IuPqnw>NcCw_Q=Uq(hVozNL zis(ODAz+}l+)V_}49sQOBv=S31()#N;{pD~(4)wy=)gZevxp>t5qU0M5?$$pfw5Hm z&UpyW3}wDt43SUxnkYST9)sfdEhCZAZg8b9{6dF2?qQW!w~BOoJKCN++MoYurM6;m zTU}hey*BWS-6&d(WwDKi+}#Yj>lkxgU^E#mB3iS|fOb<(Xm0WE>ydvQ@DPeS{Ad(ckrY4*R z)>aJhw5~#N_U;&j_ry#8RLM!2ibrrHpmC-jF+9qU|%n(}F$AnsIcuuPER={`&$nDPe)LUUR z-qFk|R}6inMrV(6(Yh6BTU0%=o}$wYAUBDQvG(nx-?r*(>nL@^illtz(F++++b z1a3thoe53`T$&0pt{f)Y_-2tdJ=kQ}aSX*VZz6e&XgAK%Wb3D(( zW9C->8M`Tbfa3|WSVL8+S^DejZnE)cm3f&xh-5r-ro6n=OotJvG+v9c348Sp805CU zkM2uv>K1*laJS~?rFet#DH`Bzh0^qqY!eSoSF*zpfl^t4_R=GYosUJMW+9}FK{ofK z;{`*TK8B8@-0`H6{qDEk-CeM{Hs-0@H*ZazJCuic9XL;;3VyG4^L3XlNppPGuD=#N zc8$;GGdBb^YjVDy)f?yu?F4J_XR>B{bW}(fXhreNISecCb1W=-w4BvxKFvHN!IM*K z_uIMI|77ab&42d*+X@}f(T2*=AOXOu-e`7|NDV*)mwoX|kR)}tq&po$Da;jZk5GVV za7D}f24z`VQ5cWx9NsxoVe$=B|6W+oX!LwS=n(40@7mm(=Kfp309PEn7sB-!v3=e? znxww&me&#quSpYu$>Y+dx!2Q(L#O#`qFeB|N6dA^ha}yCgoC%M_Z+A?f$a*@QVqjJ z!g}6?UBH^7hP?MQ`K0KY&ZxdkN+@G&aE}dOS=}l}2ZmEl86mO^G&600SFH->)l%OC z2%vqkO~(2!Qj8GooB2&cEOV~g=ico8er!9zZG&$)TW^;PP-z!fk`GX88>-;@dZ(-h zf?!_g=Y)$+KG-*(YyFU2#%87ly&_MS<0a4al$-LJY=4_sS5~_U_&S-unBVBB#rUaU zRVqZd4Cdhnc8mVh&_q|G2w-b*8I3BRhZ3ZE{3o&x= zuN;zqL~**>Np)M4#-Sm45}vV5Md9=i?Un1ov5otky0|y?Sg`DzOifDbCXMVNpBJf+%sd#8UR)IoUv<- z?~@hf6;0kgzOlP#)z&SVLAMG~Q~Z3yAg{a;6$%9-7Z>T!%R%XyYZGxHT^cNXQhdX? zuET_EuFMXa1Ft@{Zu=DFt4_VKSzYS22p)*@>6J3y>948{q@{e&L!2gEple(Av*Gl1 z1!(UOltT7vU6Q!hT&K zet4wfCGEaLpf+Vq?74uV>FR{k79}C~AxU!z8d21gRY$buQU$1HFhMMt*b-MI@z9E!@fj_YK8`FaUowy8*Wu+zIeEQlw!n&kqQUIT zv5Vi=Qu`-h>RJ zNtKw26QR-3r1=L23|5@XhE_?*t_*LQ{+uYOJ{rmNz=kuS3O={TcZt}U$0xI=Wc?QIUI%l6!f)V(y7_EwcCXc-`8w`FY`ZEqs*H5@+$miFv4wT!QNz z+puNLj46{+73WBDW(~-*D~cl3N}k}9ZnDVM(<2v4R8``VZfuu)bVPz*g6sS%muS&T zdE${Fx-RSsEl?r8ubd+BNZbd}Y(la^T3e`;kVdvbAon=p&NKJ%NSsk(`d1wD9mG>_ z+fJ^U{>vgUdRNq6Q72VONeDL0gDDC*j1oe)-cAB; zjI>KWiZ^RO!^SWti#S(;V(82<0eQ7QcExr%t5mRH?^PjGA*o#pZK9MPh6(Q524ddc zzjodO!Z%w`mvCNAOU?nRsp{`O!d;8&6!7KE?i>)OXQsSi_e(w?e_2Qi=-yu+9Ue>o znBNi|I4hZ|p1P1_*1X?$Vb3sIV^6vqTb~R!&z%*7ygb}5(u9A+163l8Dv^=O{|7Yb z0uHZAcfmA?cbF!4QBJQrA;%0UvKY)ne4Z*4vR;xJhldk?Q*IurzLHU!Bqyq&*&^fP zfMh7#j7r6P#t`of-7^p9*f!buY<<%OMg>?axk2#myxwoy{~w|y`>g$>g`~-mD(jU| zdN=rAu3R}}XhLG*p*xZ7(f4lVP<L}hd?JMm`C$JGf5zmDWch$o~n$g z9Oj6HVs$`@`BoV!^VFaMGZOtUe1aej>qoYzi`DG?=I%~ zD&Iv9NLr98qeH=)vA%}HZ+$lnevm_bczM|faiLc<%Z9?CR)+75fg2jk*ctw`eNvGJ zq#5$SN+6v34hRTgpXL%}rxFxnSD1-ga5Vd><^91B5yV(cNW5r$!gnM6Ooy78C8nzR z@*9!08un#v$X^ro_3;o!$#DQ`ahvJum&HnLadi*yKq7q|xoF^m4mm6U69{h#*+hCD zHdar70=9ogNZjEO^9)M1@In)-cK1&1ND->M%x*!Va`@8u-S0J@fRF2VFR)rqu3I)c z$B5*C6T_dArr_r~$)5&E*sBg)Qnfq0FQCSa8Vm&?CUd3;9x$Q5oUzQ=;rZSNu$1qK z4H&@x%5%Fp1$+SfN9j(W`(3t}bDIri-P1VNz5GObM-&)d zBjWdn!mlbRra{bo7V$5!`P8v4FSyQYl&`&l(0^ zi8F-UGspKKxcj^hRpsQ+cARJQ-&It2vxbK5!!LvDylM{h%*eqOHE)ZUL5SiWK}Z}c zxk3c%)*jqqoHrYx7hLoCR7z4umPra$n4!QvKji2&is)P^Hf5r{!y6202*Qm3^x!cc zJ@opq2zv3zoQ}lg`)3qEDTaPu@dt*yqX(=s-9WzxtfVK`_!@muF&aKeQ`^5Dr!f}Y z;0`zsACrnP(Iz`nsN}3lZa~ogwEkNI>qh%iR?QYCYG6N6Nw1R)jOUf;)D1_4NsNXG zy8sJ@ApFN7J`orAJn}E+g~xc)M6tTrK?SDR0c}(rrMDvUZ*7dl4{)j3q5!FhFLOuj zZ#K!=f<(xKJ#*-Cy4RD{7_dal71Ifh+Buvtp6tr~%d9zv2!Z*&-RO$KsSZjSRAOajU1M9;l+2r33wq_`IS+ll;)|Gvd+leAu=3M2l>M*qnC2&_pYZi^(T{z#uR63a2K9 zEGn-m^1cHv{8q@v?0wLz7`eM2;=M;1zZG6ip~quGmlS*Imeio_61%P_VuqpFlftFC zp6`=hfZ^#2^c~C#6y1QJpJ)Q+Miy<~1lS=29V64VdQ&$&O7<<`1S{3*ER6Qx&m!xC zCmcg;xw`LW@PSd7rj|}y`~Vp(U7VB)q~>wt4J~xIom~clVWQV{PSJzEj+5W46non~ zsGWFn5pj+>IcD)NRFOA3q>E0yqXn5F?026ss!aMpbVfms5z#mPq&x}?+Mk#i@}vLy zOz||j+)M_`7b~Sw2wQ3WDP%YvURb4lE*coT1X4D~#zUL^P3v?ox%3^ao%X z!pjchUwQsFnre5fRQc;i<{D?w28m=-G{xiSVyP1Sf|a4jH3tqIAk$Tb3Q(X-{0_ao4*8e`QBri{9kXr=hYVQ{nfphHJTd-8hOJ@~nK+1EaP zZ=UvkzegkY@0W)?r(rqeexn?zy<>RtHE$aSNIx3_-rwIF6H&@)nQYV_>+9~#2exlV zT>=C*c??4Z31$+XZKDeq^KPRDO_c1i;V@lzY0P*FFu?SdGapt%1>>poaM~@ucl6g? z$HGwQNrOUT-ZiLWo=g5#W3_i{?wyjk81GlCITZEN(i&0X_PJ$eY2yr4z}KztFOM5= zNVJgtY_7JWV>&&|nPR1p6fGheJI&fxkc80B4 z5x3p;=tGqUS@}7KHaC?$MtoH|m46PvCKO@)HCS(}!Mn(^%op0oKvl4UgYJ7Bs4 zXF)3Hs4%vi02HL)f4D>Rqp%g!wp<%KXPV)Np$K9eU09<;-HJqkIwab+K*NFoH-s0W zuY6EpKza{Ir~y^mz~C)wJ3MELljT?x#N1-qlV_pZrMvmKpZ=*{2@@89_fidZITWdI zmGBp&-Qk!kM?KcVoLwtwlJ)V^T1BG`cU5yh3;dzXwqcXzE1iEo^HeX*SFF@vE7iWj zzI}c#R7td2)8(z%Y?sGEs#arW0l8$)n;SJt#dBl=`vSkdTHkh7J~S8q(w(J94%}N+ z9ur@6{A{37^mpTee}jvWvXBTJY<%<8s9qF@VSO;uCfpH|d+e8DfuvxX5dW!qjR);} zL#G=rlDWpGo_XmOACqDyQCe9h#ym&btf8GKPPT`?2#go_CWXUW9ei7w0=NPQ@Z*vp zgQRrCclO*oM0|@XOD}z1%VvM>?YxD%P>u9#1ioAb<70~TJyI$Y}ec;xBp$lnZ; z=eTt^i&BDqd*eLz*@$qbePl1u{#-pue&Q?IHVM^ALvBXNBAg?LM`A)pfdOMJSb*qa zC5-VOKFrxQp{m%6GOABzhtu7s3eoeLfdp?~fwZAwb!Ee8U!UB!UnQ=c6Dz1=sdKgL z+a>hN?T)fU=lH!D+!@^6RgLNM8l7VA`P?xfZB4GP=-8ic_e)xE9*FzR;tEPSMSN}A{2gGX6`d3 z6Nzm^`7udGhy~fwGr(-8w(B65XT!DK$w&tpN*YF(>_lqXb!`7xs*n%GusxpO<&$vJR;+>w*T&UE6+sjOo8#n7wP) z=wJKBEnkM^Z!*rzAsY{_sJJbVCk9ZNA_ZfZVqyAuE{vA5rk@4DHI{RfN6Lyz5hOV< zb&f)I+P|aY@AKdEo>5PYP9>BrsC~8`hJvNGiE!0aZQJ3__!DjbI~#_6T!EuG=)1QM zKd)j6J3}IP**t!#__L}xmOHvadhvD6FqeD##mVd8`7^Y;aS*pC`m2=h%AwkdsVF3whv><^!CH>4GM*E?z) z6P0KN7P9!SL)7)B9?W(?!``!NBsfn{CAq(pu~1d3hq0o*LK5HT3w9ZalyyC*k7Jh+ zx`klwFv?ll+$JZ@<{d-9^jR=WGr#$&k^^h2xz#<-KsQ91lFnTG_1v2lxCFI~tO#;R z$oWhTQ$LVbTZxyPjGQ>Z7MTHN(NYs1Q^7@pg2cvp*32?9c?-)fc_@(2lc`29M=fF) z?q@EjM)L~bm}7zlo%>(bj!q}((Cu0OBl_978I4~RG`PMg=PhHSNb1xNi@D_AyGlTe zXU*uLjXnYA;NOvLw%&>tIIBT$N8T$THX17C7`7knwV=nUIc;F;rP)sz2TWe0)j>3{ zMNq$_lj=fbIbPIz{#FN>K40W$IKCPP65!Nm!pYE2n*S1VC`s%v`#BrO0Ltu?sm3{4 z99oDxz5TZ?co7Owbm%R-^{$39R{U?_Ha@^S+BKH7#wI$B)0aX7<(>S&sKsFEN|2)j zYfEN%7YLpUk_fUeJkT#b5);cFl#dQGA|^z`vGT;vVQ9(ZwB#gZfsujX!87ij0XhmfSb`|x(fa}DzKfR<`r4vuWEy!dORE3e@A(a?kEBYR#sZKQmV7R2AGzq_A=hdCjFMOWh>Uacr>6YT7fjs zt*(UM{)_djDnk=UBWELpi@UlH+Vo9PhZ-l|_i9(S6 zz-?oe6Z{qQPw92>G+^Ak@>@+{)>CJboC=i9F_uiLPqu$2N(vhoJI3$|QUKGMk12Nu zx$v*EfI9W14eIY;6m0Lt&!EcZN5<*GDqVyI7)RZ5g~Gz-6$~e3QlX&NHy=T zfGTm-x#Svc11jOCW>A9^Q$WMQ);6J9DA zt8v?cRS8}0e55w->y^|TF5DTeAqE&$r4&<-7`G#jkd0(UK^f6q1vlGdO`i<=9Kf#W z8b+3pk^N1=ZxB))$CK3dEjiDl$(zEXG$L5=kV@b!SVUBBll?~Xv!kpIV`Y+fa0Dn* zJF~$jgIw9npUCo1sl}gw&+H6CqZc??Gb#pU|979Lj`Qn3QR0q)QWL@@kQzW`0+a;3 zo@Ss4dR?1XSvxby8B3@T9Jnx{9Z%1mOCIjAIqIlyHBdcLCM-Z|&%`(1-Z~>C<$Bq`_@sb$_)fUK7>}FFdr8VOHtsTq|KY$ksgP= zRJBjKlo1>4*8-#oBG(j67LDHmkD9M-a+-O7=_+r@P0c#^q`~6qa?BJjdpx5=lq5t#@u$1-0O+ivtAPGl zb-$Uw%SoKQ90lj{F}z5l8XZNOJ~pZaaeIQMB+qpixZ?{{bn+C(1JEMx5IcG`VV+9c;*&$Rrjk_wa8Kzq1e2ir|V2O9zagTV5=1j z2YHJSjiIhb70S}aVM5e|Z0ed&VSQ)vM5zy`7#y25Wp6zzb+~$FI>yYv97BDZXKvI) z`MzP>UcuAzC4uUv#ffvzR*_`qvupw^a446F5iHsIYl!1hfo+=!UEfBw>vtZ!4Ya#X zJl-kEEmM*yqqA+9cQvXkNMH&zlOwKCd9Yth_jB%;FT75X_ZY;oB7Wrw(X_hN>b6z1 zy-3byF&CkH)Ik=OdYb-I@~2_ulQh&w@~jTq*M^_wAywIP@m`5);cD|FKMWUOZbaPK zmJz_svruJWJbr99Vx7pCuNb$YfM?lKH)ZM`l=IQQB_b8P%Vw`}~+ z5#Y~dC3QG?Dc?J9tnc0T0Nk!M8cx^yjq(HeJ!8Ptt#i$aNe-kzxfs~B6Y*o4Zf>jX z0xRz(t#vit-e^jg`^)HI*Bi|}m!`_Mv4_LZYqL{ymBV10`8W|m*hTt>bqXN?862sn?(efm+V0uyVTBKK$+4!{$8*fmW?+FB| zg`OHJ*Sf|wa&rxcY`-kS+*LT-mDy}xON%Chl0hTG+5`l1WHft*8o<;G2#W#yh1Rt^ z$LF7eLyTono2HuLeU0I7geL5=WtPkMtYNGJOCS9S9mS%|i8bdTHeLtMTiH+R<)-;# zV6BPIolcM7<8RQn0>$V3G*>e?>uON@_|9IKp0RaY>xC&VZ#t>0g_`t`30E77?2Y+a zben~=wpzBPfv{tDJuO1TjYBdQ>M9=*B+BDy@okcoiz1QBSwd6`>;!>NKbL966}{@= zg@^*7OG+x?w&PgyB+Trl8;uB@UR(MehN#M8B~%LSEig1P+V@Wo=L>WS$+3bAE0upb$kGpsj@og-01He^p$giAEaOFs-CihdQJi3;ylpD770ySL$$bO zJ)k|zAsq|0KihIZu$9JBRpwhEWjDa?f9iY5Uf(IKZe{;LlkdRl&i!4j|FyPA$WsNP zHN+NVP=*V-#(HRZ!ZWjchp0;yDCP0;za+Q4P5_6_rkn3uf80Stl7u?cXstO^g4JqX zLDzd0;eTx~FOg=OOK-0)O(<&&7`5t_;w|W9kL#yHG|x}&kLy|)z0a9ut!4bM0%+9@ zpb2+5EZ070{?!5hsL9aJn^EkeY{4~-wU6fLh$@zM&EXMt)YJZX@GQx$s!7zps-g$x zK8Praw@Z!5Xa15MF6KYDy|Akc_9(o#M+ZSKb8%CfoI@kp80Y7#s8c%;%*S6nD`rr< zy^VDD!8g%H8ufwhp`KuY`}ZBi%Fe=iy4i^PRtP109PtwZYYZ; zb2c))&89Q4_Gx8j(O7%nK;gBr9rxMrq&M%~@LVP*f&}^5^89RhwkOnQ%hUPsv*p=p z;NJhBc}J(gi@wCg5OOEc=T8^M5>*I|N(|BQM02ghN^XPoDn{~M;J&8|IM|1^+q;xc za0z2qFTVy$SAz_8uJ+C8*{@C{r8Qlfja@J9OIo@<7#pu!*tGuE2Z6@@7O(+g1@l)p zgH@nc{ieyG+Gw!+zzs*YRp5YruV$g|IAA%E1FY?q3N)wfr?{?d5fK>Up-FbTq{!k? z6JU3wT@8bN`&s%klWZ89j3;GNc2ks(465%c%$e`8EK1RD7g3oXh!VDlq$>Ydz@SHQ zbddtyF|4IQh2nh10C0A#5YG}L!n+fBQF(4hl5e(0V_=gRo5E8rJgE;31Ro&p)`H|F z_H(0C-#W$}%>ERQpEK&RWd{GkGG5u^(0`Ve)t(pvM^@tTdI8SL=%~_Y%4C&~kO+dD zR;J3wgJ_S^y74WJHH*(WH99OweoY zQS1o*PjrJ%?i#B_?2>g?uq#{SwZXnQNE8v1`6M$ghgGAfMAE~r9(=vUYKfi7{3e^` z@tB|LnpD-i+}Yl~xw#q4Wa8veKHC-rx5o)A52ocHF6VFmJ00&n`QnR5HK9>8p$3MM z_@sC1-mNq<+t0PsVENTvQkQjQYB+G7MFF?B@9f1v&F^1&;a z)5kY?x4yJvZ8t_SOG&8?x``w8dYUPtds<#}OdEuE<8exgiM`9GwmqLsDm@&0Ie2hi z=p!~al}(X>{mk=eQH%z+EMm%w9gk;e1~e|v#|1K)#T6v%gb{w!W$9Lw60b4MsL-Or z2A42M2o&3)Y<;6C-t~uc$oVl#y4;V>tuA#i*tF-T@m7HL zTXINU*_>Xsyy#s#{&=f%b;iQz>XsrRBe+3r@4)F?BD9>ef3A`&Dag1}`SP^dDB`cv zX>x_3DrJsJ8R>!i;V+Pd%=dsHopW&5%dDc&?BXr@s+~RT82o*>@59!X5S$>_= z2njrrKpj>&`J+B8dhi}i0|n?JF0j!@1&d?Pfk3g5!r`5=R8a+Q^msuMi9xm(A7Nk| z@frt*Pw>?hKTGDAzMYm6!|!Q9;N(g*DlnAmN;tP%)D<4SN$01Sa=Zj%jWSnRBMbb2 zPUY6~!0h@>T=EcWVnde7MT#>P6h(1joSA9BO$HrA!z7XR$T%OBmO(Pd7E5fA2Z(`4 z+rDC?6uFk*r~bUWO4wp3Rrg=xssWRzP)a;BI5GGP)>a^t%1O?X`I&vvrD%((VbIKc zXMPLatEysbr+5~=3QJW^u#OLI^EidZ2*{J5>oTMae7T=l>K!5;=vaXb?!w^9~b zvWS!qDh4zVI1B^PdV1TQqDFDkMyPm!xI(HPkl$8&KK#Cj=actsrHLR$)(+co>ZsdL z2!{dQ3|^uq$bLaL7aUSE2)rRmPWDd5bVJ6u! zY;+1(zU44JmgQ(c3@qLLglD#a0Mr-GtvjMAYrffCMo&2_80J($%B(lo&lkv8uD{Y_ zo${)YHAL<*vTSdsa%YIK?ret7=D5Ho&k||H#)~RPq03xTjW#V_vFje^FaK#x#X2qQ zvmz^vj5gUhtu@<{-O{8+Eo@lw0wU3Edwa6})KilhY}R~ijvYybEql*<3-isMBN1J` z9N`64o7OCBHra%@Fd_O1wl&iFd+7h)pXL{sV$D||XubUlX|=td6*li#wcXP$8OkDd z;DvHFbKj$MgTcsB@(-|9hS8UUN3fp46d;rG_RZ>5P6Z*??%rX)iE)~os=(UL#ccnh`paWdq4lw5ou?mM}w~h z5AM@~N*jbHgU9RfCjC2UU3usyG>ksI%LlB{p|gS`=dOy^C8vksy_EFJh+j?Z;a0PB zuM$#TMQUnIueZm0FmaXjG9bam!CoXcktsa?#bavJMi-GbN!RG^X>^OZzXV)$_`Jx{ zMk`8xmgyOlZ|ohFTCRsR9xHrW3I}}j!?e;Pk?E2mc?;7OMW)tgKF`@vHN18*mJB#W zNy5yKM+4kxZOkLkVj4J{i%+xlE1qS>thFI5D>NCzvS1@8^q+%loGoU;H0Y3OtCx(f zbF=+S3Oe%CugWl2zkfQ$c?ghhqP6y{2LSO4Xv@1pI!-FOI;R~V2Ffu17``^Rlil-sw_3kHY)DG7+*LFNWQf96#`>ZY^$}EO z!o0!NTa}I$)3}HR$A{;U1f*1S!Gi?lHNT*TDdRbsOlrR{611w1m%>|a@FJlI#8#Pd z5$-n72D8+qVOp^=w5R3@d}N&TP^HJ-*AX8@Wi*(3bNl$-6ltp^%o_)sIsKm zz7+MgXXzEY)vSNDNXN_`M-fnl1dr;2~v(6A@fAN<|Wvxm1?vEWW~|C^4wyQmn~iP#s_1=Ww@$wxm_t z4MwYBz?_d`G%F5?H;^2lj+6V@Q?LcP(@2HbptNyNjl-ZKW55hg3Y`fkh7)g-hoObf#WdL!26Hk0@%Z4hQ>)HEfx#*r+hAt`FvjiriM)r$TIyUsG1fOrT>2>CGUCU6vWNSb*@sk zk@1H7Pwi=2N_-I_qaG zl6W~)Ow{1lXS2(hQ%~BuVKQ122|H^>TWrP=K}1blMH)_km|T<*`?f!ci%kMa2e)96_A~kxm~F%})Az10d^e8Rq63%FnTfy_!8ed(g|uHb zF&Y@Rt@NGm92Vw9qHc3usO0h-g_Q2h;n!C4BicGxK?2S*lXN_WhF|JMUTx^#ta8Rt z%MIhJS(0CxT$-?0nS0TGk>HIpaaM~Y-OG*r9494h@HzeEXN78j^u*1@rAb|F((p@y zjRH73)6yjbJ~Zz=b)1RM3Rz%HTDzxbz3HYoB!fE5CtrOI?|Yn)6@T)HDlZc^DEsm{ zPsgwL(NDRIX17rq{cTMY9z@vN7*Y732b6eR@(t7^g!(lZINK6Y9)}fZ1kS|re*_8X zNW?@YlH_v_W^4Bv&r;%D_8^EEaRnh+p;u5obsp`HXWmZzg#EHSV6%QPF~G3GNd|Q09vQ?pum~tGC!-HL&dy%q(ss&@xAT)eYAW&;6Cb3#>3kAr zi&;{nqmyi^WfkT1c{B}OUYlm4=>j#JR!KwM2Y(;*_b>r?y1*^DQonpD zD$%E+kpg<6Zel|JvF7wwO&l?-hUpCSf3YvCvx5As4wf9Zup*vRbWQA(E`yx`R&0q4 z^rw*I98fCozUMjHoI!U#VtJWo)#gt0a4VW_MMu6)AHJnFZB!0O?Fu4Rbla4M7C*RZ zu#$Q1SQ|Ev9yw#P5MglXK|9YS6%@k>d@vCk(0JtHiX7{*G2W1Iz}cCWeVzUAOljZd zBKXCtrOivVd7?DE58@}Ri(%z%FW;AQ9CVd1K3KL=izO2l0lm=yBZGKkpjKQ{oUy6KMV#BA3gGA&UlF>Uv0cLoVNzG ztuQ|W@Rwf<246pD1NU73wFdyeSAXNRp4P&!wb+WyX0JLlA3q)po_yH`O&{?d0*b3v ze)#AylD<`SYe^bnRI{TF-(jmA+~w&^@y`+dd4PXToWt7&AL-wI4QD9wG^hZ^qY-js z&ANeG(-wns!|2jUa;OU)b#$83fkSU{&Q_a^SBv zEwTwq53701PM<{wvmejsvrJ-YnHVtYpfo=;HjkOwmle5PgDc_8Fd}F#hC{231(+l7 z@($1)y=Zr?@6?Ps`^UTS#VEPlI(e~skk6nX#uMxV1IX`l6g+m9bg&<&eH64I(`d$ z{6Oc+3L3eh2%IpOY8(2mTwLpB)~a!-r?|1>bkKIxmh6^Z;wh3PK=` zlN-6+glRr#Xu90o*hi8Q$CiV=qKI!XOsM+}qN#wXlWK??TWCrowbjipc7!D>4}xin zF59MW_oL2k2M77^EetRYp%sj3fnWr3DLy#L#>v~0ONP`YUeKK4Wv6LTR_wN9Jfp97 z10T|J2okr{`VT>@&_uw%s<7jd@W|L^t03%PZ#*VQp)6nV)htW~@qlY2f?8)mT@NjX#_`N5Z+0=mufoQ>E1-vWVy#qFx zh3pi)Sy%4=;H7b57z8@|*}Z{$9<0wxTv)IshP zU+hVWPY@w3Po5(DGAO88goOIK6dGZ=uyI_9Dm=d?qQjGFwnc@{SA8Nz->L@83J!$# ze4CNg*!#T6$o%0W-(ti@V?UpPy^|F0K`@4{I(?c>;j8|;KgNrdYay*d4T+iC+|-?f zuv(JyV45^3wP?Ln0S07ks|#F%QngW{)=LdGBz~#kkr=EvNeuSUmKaMmUoXs8735wd zGy$$gwQaMi1~sg{wrYAcp}mU0cA7T?wGa({QEk+1b)UqNV$5uy`BsU$fNyoT#PSXB ze@wZ1mf#Kp(3e@^Kcv-!pUGtV6ZK1VRvR~51pv0Yn!K$F+5=aB(o3;%PkS1;!LA(p z2KebciOjw->rlR?;zsT#!5Q@M7}}) zfLoR$p?ef&>X7zN*$=ceh7lFh^i9G}4$P+*?13y~f@54N`-MR+Nj&~<9X7iykNn!T zt10Z_V1JUs689kC`L6N|w0^JipMOgzPtSiI=X$pBjUp*gr~ttySb32SKofu@f0`Ez zP;UeD(G(A1&*X7zj?b2{_T~{v1PJrx9sjvh@@h>}B)E|F&YjjX$2GEO>*)Z5_XGy$kv(%bp>~1n{Nt}$_o?4~ z)Q<%&d;1IwgSM%qy**=$+3Wn&LH_uC$NTanzWXo#yI1(`kN$VR;Jg3zzk7%8{zGsh z`zyRA!u#{iH@HanyAQ9lV7o^>u|LYdG!hy`ZYh`)Wuoz9{P*vs`Ne8D zZIzINR+Ew6!Ea&%&?*GR=c6ya@c;b81N6RvdJgu)fS8Y&zb~?sPQ-ydiVc=M(M2C} z_oXk}`H}yOu{=E9inVuiGJthS0xhvPwjT9=(&68od0Yag&5+W6#bLSOO$!f7rlCr$77+}DO zt^qnvW^+statC7X&FXIg!)V{z&WCo`5)B`kn z*bDofq<0!Q^fA*1l>3=D0NTo9jX0wm_GxKa#xvF<;e*-@`KvvnjZdFD96M}53u~sX z-c&byT>^KN@vi6{!N>9q3jDk-xjT)YumE(dqj(B-%J`P$zbR?-wAXb*=;!Da5u`Jn zGmap6dE~)PO3uZvT}p6->yT_>EWH|Xmre?Y#hPx?leR<0<+Hn8BD)+O%=-AqNRZvK zb{v++Ls&nb04kR4w04Y^!^X9~J~Bcc`|TrRq}hL;1SVuZt{s!*vEkO|CxD4*yRIFf z<&e>=-;a!mvY*$Ai2AaY;2ZAz3V0^O?)w=zPXmv&8RpV+BUZl0$0bIRfLCFUkHR-gZ|8M zH{RTz$C(Fxf|cw!e~(Z?{foBC_&T{nC=y-(RSf`9eThJJYM@b&>iWXt=` zSa3gs{=$F6LKbuajM{jsf}X0{Eo80DK+wEa0@**wu6J&b(uG;}oz2NBODlZLz%cn? zL;g}fiX!^l0S{%N#t4Pcs&;wc(H0WCr` zR+i^Fl%Pa!kl6UJ0Y1`_&kNCW5LdAhKgP|kQv9IU*#lX5f!E-srMeagljMvhadwrI z;v(<)e41kBVHby5v8)&Li&K1Bh*W%BvC4#}OwWg%T1k=;^u}wJJRdc|@%dy*$g*{` z&~b9pKjXQEiEloD3Oc1D+{m9Tv{3l`L+l)W2qu45EuzGaiz_^_&fk$8Abx!)O`VM* zxgvu2GoI@pm&{|nAz~S@IQy$bn6TX2)U+XIaGR9<+69Nnk-)kaL z#AwyXS&mv6+BEve2)a9IWj+O!d61RZz`9OEn>aWdYUXQ|EW&;h*m!F!_T8p=iTI$8nZqI=KxN?vjm#J49Is7{VOtmXqyeN0@zh)@u}rk zFcxBXPXvC`@pH<-g5Uz?N>8Afm7{yAhV9b z{gu%VtXn5O`B<@TsYSe=3yTumrlY~1;&K8iQ^;pEr4=;fgWol|q!oG|m$b{328%la zL+?qPrI$%5ENQRg2x)klVtV5P_VK$I$ESn$&8t_W4hHjb{4jVK^6z@*cmq0{Hq3<3 z(Q9(WFEuytapwo07^2m>8G;kUz|NsEKH5BX&mGA6=-*&h4XPXB(8oZoDGw#Iru^p) z?n)SHc!rSCi;CUFB!3cJev8}1qEZ(!j~KVwBpfu;$v>}Hel(+|f3w1_(_14C%k~Gj z-OJu=HZI5TF*#d1Yak&W!=Gf#V7fU;E=6AUOe;p2^I8JHXLZ_$rwxsC41L5APvGQC z!@LQR?t5e>|*Lmh9k)qvog0P z;aWhz=fjXrpmiv9UFT;pWpV;JzI$zblVt`s->2mjam!lY>}1o7?VAo z4u{Mwj`^la&n=3YDh`_nmR(~Ta0ZQquf+V-Jfdd}$+y2m+%-q%xjNrOnmd12bECYA z-r1`PtuEgZb*uX}OkWRh>A<{b@6=fH?F6xfU?JM)G>il>Bd3HoW`*fab>dP7wv1o+ z6+PM>#g<8Fr*+Cp^4&Bay{Va7hL`ift6({CLy+ze4HOjv&k8yvUvM6y^g^F9IlxsUR z+B3bINgmJAO|X!jq5lIQ#zh)uRlVz5>zgsOj+=$|N4eG_o}JmKwQCW=lK1AfHc_Nn z^5;O@l8e|Xd875g(25RTl)j-02Z|VQmKhU^++y6>%>h!1N8dW#4Gd?iXo)5A9K6WD z2FkB8x*U=t!IT?ff!9}4dIM|rSSb#)fB5X2=J}h&oRqhw^1aHO<7TQCMQ|Y*M1n;{ z!4-66CM`T-QpY?QoENvSP$HA3r*~p2dRZiwuWT$#-X)k;iNUbKtK87l&^eidnKSl; zz`A&_*d_!B7>;spR#Sp;tFG5q2 zY_2b+QGNMX+Rb4mzk*{Qmi3P<>mKu(+3(8_7O?5V?l8U?C+31ao$0gHJs*4z&~OBE zXHnul8|PT9B`YFW4v%nC%gG6E?j_l{NUrEB{_h_967BtrcUUsl9y05-?i6CTdzG5U z0PKPk)>BCzIJ$tjwl^Aqkt^A?&buAy>{+|A^oEG2RXFYyEQ(R`eUUHbd?~&h;D>&| zW}lRCY;X3nFS-^gbd+RXVajIqvw^N)7pD*QmcJpS9pKvBbasssnMYeR5?xW#naBvY z6Lnn#y8heU??)YRS^Q{{z*M`LB>bY&L|n{1W_!RspeTf|k!K>1C?WVd$il>#B|(cW zZlhw6p&1ec(hXDlzZ|^&=+6y@aC(!fnwLA<+v9vx4rb}7$jkh)8jSMUc9QiM<#voy zhW+gebo(7w|xbu#y|6KysQ6xohCQC@z226PXEL0 z3?&PAB$>jf>623(-!`w0jajL8_I~eSR-!og3t;${YNeNlCUF_P z0eJA|wv0xUyn1Y2TkYK8u^LRemK^A+-r)5di;^ElVz+v-vy`}tDhIR$HG~u>W+XvW7IPUsc!o&9)m zHNjcKm#90@#_LXNf$t*(k=);XK4#vT<|BiL06`AY+Al61LMym9BwTz^-SD0@0d`P_ zYIJO`JOO&NG@wTYpmu{IdD}A@J!nKa5C(kQboFfvh-KjkS~&iid)8M}Esi3gZb6Iv{017YT8U0(b_}_h#U}9fK^XwmX{UDrxObBLB&uiSmLwE9Yol~K`4CTXP$G35PkCqFg0*jAJVMSN{a zARqPvp0!QzWl4vg%;*K(5xE~{^5j?jw6>An4bM zymjgCxW3FX>(s>Jxr0U)AdF?IJyx*Ru^y|7E|$AC0)v3vB4K#&b%D5r0$r#N#Ryp0TfzHn{}36%9Xu(HfYDJ_ZV@P6#>NNsuB0ZJ%LSSn9v)dSOFfe8Wf2-Dsf zD8O%?rq*J5p)FTR%ZtAC`R3ehKOXnTWk1OF4%1@>V}Q-c+fI`(er?~b~T{jJ}QT7$C_qX#*Q*m9!QjmT1% zBFp~1V=5QZZ+r{dp%3ib>#?r%K~Aaw(;~io1@F;hXYYA-XsZ2Sv)#hkoHwmhNtF86 zx2;qOkNHVxBi9ON7*XIQ{67A$V)q_JMF3j^Emesk!8lL+0xv+I*bC!6D41L5AA$n= zbP-Rdx9b<+NF1L49x~SeESj@XI*;jq{4&B<_(|ph0E@K>2v1l~3c56gh%^Z5_t7vu zO;IWMG)1O3&f1lIw067aMVytGCp<8HrM8oIb5pBp0^^(Yhi4VtalwOuU z3e@6S)C6YrYS7DEYgK{x5ZWdHKho>fn*S#L;Y;1a@7ICmCO|7?xK0Q0M(Ja-T?=)T z!_ycj(iM}iyVXV3+3q%g@%=tHFVY#n?sd1jo4Vo+d#XK9!m9NJDHL2xTxnagL7`XV zGkot=cTM7{YtX5?HqB#gAbu}*CwfZz-=U6moupT%13T!9>O`V2@ zQpe9T49;F8A`~@CZdAK0XTDc!AwvZ;SCigq;GMNwfHZF0?D@v8Y&M{`G#Rs3 zXY48(5T;K-Z@_}uZy2b^M@7e-NF%C@nkMs#do6|mD~qAw$yA^XQa{D;D`#k(ofvjS znsyF+?|^}i#NqMi8QxzbAgSsiq6%hxgl%oKc)uvE7rJXg~c?rwI^ zx6R}fH~e{hY_T!Xj4L)f%<;E;MUS9f&#W3Tjur(a$IBo3VoL!-4G**Ho&A&Nr!USA z&yM$=A8y)=rOyC~mhydCtu^Kx(BiPol+YuAUe|{e1^C!Zv_jN&i*eutJB?YtXb_QV zZb7^Ap=nO2EGMxzWRym70O^Y}crS)`8aM>H`k>J|rE6pINe>owxOSjI!l6ksw!qeM zN8}4RwtV+N8{HP*>PFle?R?=3a;pK3vnXe%(H<}P5xQ+~BObsNrO=v;AKHjwfXYZE6)`N`2xv8*=eEtuU4kv zzPyge!;gn==U@|uOIR%_f85fyGxDnZs>5fP zD{b?9;nM-EkmXmc_gC#OuO0Rxj`j}ZxB#D_+@SX4Y~2x)7e-X>TKa}{$A74U;U|}b z@*X44O!O!~#6`g1p4odS7mctC3M>V)8>C(pr7YSeDw7dz0`q+^%dIGnE`9tXaSjW# zJ0ygM;=VEVW4MLJn>oE14~YV73PAVv8G+98zVV{Z|5XRpSi0l>UU@o&aYyL}$|r|@ z%7LH}7@l&^^+q|*SRF<~?*^Z>2eAU7s9LL0uq%c3i0-ko-CDW;=#z{UW5<_x7loxi zoM+EzwdSl)>_&yU_EDqc`dbjr4WJ7samoql;6O(92WelABEiIHHd$oEh$^CE9NgMk zMwR;2k;?PHhp)QHQMNIoq2%Fy5vN8Z$q^C9&^D9cVzm(1kiH{BuX^>SO^RCIh8KcP zsikXojw%_tDMTzXHl6I8r}j}?$)vl)-hzGcfz-_ZD|(=XwLGWP{gMsHSSem zn_W+HUCbp!rjnJlPzQi3))qY0RV`U=mu{m!%A^!6WWo;SmL%F+sSiucR#RM4P277t z5XYucJUGt|PDK~VC`Q8*tyGj1MS?aevx9IK(J@q!ugeJ(Ey?CCWz?|9RBBh*Ler1O zA9Eo>W-u-;SW-zg=j@jFZQ4*0fJ0}2NHpI{%$+-k4#ez(9w~D608~MFUa37$UYo>z zA~h?<+>tjE6JYXV3H{)JGA10w(xP_+gUgRiE#;Qn*|n z(99Cz#QwaFh9_xv&dvK5$wQhiHQiL!iqMJ{^!Epa%Vr`jCTyr1VT1l8Mkt{m0R%;=$DDJ}vfs)D$kBO{Suz>l~pkpl5j5QY? z4>}w^`r=EB2av@1mXk!p{_uDzBPz-pn~bGdol3-gX#|mH5Y=!x0?ljqhIdt5di}Iv zx*QZy!hRtAX{*ol$EB+?2VU4Ed~M@X8=2{}6TWE+pBkQ`{U*6*OzSZgEN6hARAdCtZD05JZA}N8@bQ- z1L#%C5zkG8NbLYx;E$6V!rr6m^e23y4?b+8fcjB04f>Ymv-NFVRem2M{;ezKcBQts z@N#qBZ{q>41=lzu*?es1sb?Y*Z`W4S=iho}U;R*e{lUswYpSc9!nH-k>~8MAJ0I%= zcO9gFc<8hc^zJT^4@lNmgszcy%H8`02ltM=G+KY!Q*A|M zIkW@sq;_-mz}Bzf+$Pqj?Vz54yNriDuMN!Ahlb2@KbOnYrBc_xF zU|=+-zK|5x^Gbi8koTdt$!q?o1bMkd4WEtR)$O6#sOkH-c~x)GCi zBq6#aD7wMZef~T<1|uv3B8!ra&c-+H@pp-yo%TfxP;dxFv;} zJdh&}#OjsWq}Y)vm=Ay87_5lA@`n&u10s^*I7eO2l>5epYda0e*l8g; z;t+Vh0Rn46z~E<~BkRD3xJ*q?!$IYUErC518YB&FVtHE%&v3)fg2d9sH&<*u^7@UY zpk6m4>d44alLNlO7@Y2%?L9v{KRlE7)L6&v&qc&1Kkr(Y#~epYOo|@3B)TMFCbmmx zJH;4#j))3qyrtV*_GZf_4r@-MkjJ)ZA`yGN=U}OGAYyD#<}v}@pN#pT zYTump(8v%H>!Xnyf`>|-HRjU8p<$SO1BY_%GJra%m{$sv26Ovb(rSv?do8kZto z6bZn+$&&0K3bw>NXHC(3W)A(Hciz)nXQjk^AJ_=u7s^JPPC*VOG57DJS%udU+e|4)<%-9-X{6KYek|6;aEhfaLT5Bw7|1OBpWX#|ehl;S|X;Lp#Wc>CPI| z6sFLM#cfk&dV$knAj7RZ@Zrv?&g|CsvE$D?FuOH>?S$H2{cfSVVba`p3j=S))pqo3 zhyAbh_{iBqu>;B5ct#gXg8)mIc#g%n(NVn|Ri{f~b}^_mq8n#X>F*VZxp@lwh->*< zr&R_!&3qPv)q6yxuJ&U@urc;QVZNc&F{jpr%cz;D*2l=xDw554fM6$3wd| zNzt*cGh-|UE>qf-3KEnl6b^fsj;-oyvW6kBGOTN6^-##wGgz~v{JKu-r1J3S08c%o zWAADI_DO2(%m>hhJd7nRSaaJ!p2uSNASV0_7GUEI1NBUG?dbN!-~F>#ovAW1@mhq4 zTaY5SiQ&l~=qD3GwoK3V7tf29xN9D0$-Gywf8B*vw&tnm3y;wRnz@?rD#^U8Z42;~ z#t;A+QG$P3D(}?RTWjv%MK$TO`Oud)x`?f0uHByXIr=Sq*b#ZjdVfK z=3cl~b1_31(=`k@e+~{u>NuOkO=mI1)9Os5Fz)=fs1q1-YCHHDVOn)(G$p_ff|q`F zlai^_pWVbFdQSqTSzCFdMmh_P^k+HnY0Clgd#l5jW)%tUxKJ4a@OYRVs<=8aXryrpN9g0;A%g}wRs2jg8Xyy&4 zk`!$(9aU_Yzc=l~POz9}H~R%0=2rB_RfI)eb1X$O&sj|2M6V$O`Dsi$0j(tbzZ-3l zG7WSMT(5*ri-QE(j8uEIzO_zT;uKtD>i8lr+&C*&B#hUw;O@Y~qWv$)?Ri{WC6Wer za;!F_o@ebv6>E^JFUorn7o*8mlnky0TXN4hklo+snPMGKOV4G!Q<5!CU8jo`i=i8n zqnI{7M@2#tE1uG?8a9U6xREa^nCdW9N3$_zu}e@ z&L}NMy`na1#;_s}tv*x~WY%h+Zs)-=s|}M4>SGU*E|cyuL<&$~$Y@5dJY-~2wHh*P z=U;lr3{Bw<89o=FE#3r2(uomeIS(YDA`0`Cm1Vzstvk7gAdK$wbo3^vV4hTqrh5#( z$D1zVEQ;|GHZ)!ZjHn_YWjM5+XK^T5GkT^02Aa3m9Fd9FKeJfD(KH1MONB3D+Y%uW z1SJpyi_(u5Z{G^n)H?}nl_JQf1cMZHAykn>YGdG^1bDuiR z@9nvnq)@*~rc-ul$b^;Qfkh16fx?GH#%pOxFoi~zi+-^boViGU!QZo%78!$mtBnqn z_C_r+`SJ1<;&D3MUjUV6T&8GIoNv%D<-2_OZw0S$UvWV)Oi#*R|ii5cAM{uSyulVvZ_te-`r##~=hy zGB~1^NB%J>xJ3bs$fPGntiN46WrvmP|) zfR9{5Mg19VQ*<7@9X){O;a3-Sj$M!C=09e7zIXm&`1<(d_4(P0;rZ*~-t*Uc`}-#^ zj?aC?F&Z3-L@>4E3kv#Vl;#sG;+`)%afTg6&rgGZ`hwNvo056yqpASeis7X6wVb5$ zfwvd#kNSqj;n~^A*$!dK_bNvE7Kg$mFPPoR_0?K7PX~9~@u)?>*$w%;<5BO(!$+=( ztaLti%Jb%M|MlVPzZ~qpesTPl!jqhlfhNk=@8H3lnC5r}N~1#5lX#;m6ut0tnh-JHPf+D-(upFd4BQ7gFv-SE zGbxW2^Rc{%(VChin7I^Qi?Q##%Mt}`ATPw-c!8Vl^%h@Hb8e6l41~&(;4uw+kr!Ue zqfNvMJ|AvwJ$QV#xplsG_Wj|xm|nhe%;e^o>WD#A+uQv|51)Mb)z^<7eDRnm11*S~ zt!RN^7TKE&PtKw$$Vhpk*lIcLEHjMHJmCfLOw&rbF>#45EUdwBK20mSee~tSS2Y#6 zF=}i<^p$H=hwp=8#Uio79{-7Fl<@IiX)3KMziYp%;ZzeTfDg`+lOhER9_q4@Ws*dV zDI2lmEes@G)Z_KY8 zz=*Det?;oT3WBVKPk?Cn_*qQLVI9~%vWZa7X!vNMDKmagyJ#n^LRqlGAn(j__&8gw z;t7Rmogs?OF+#8Fiu;#Ztyfv^o7bp8KILwrW~^3RLF>=Tt7#jMHR)Svy8pfR|U3B-|233yPMHB zky}!^-5+^o@CIMt?V3y5mtysQ|KY1|^g`^DYMy-;&ASE5`qq(+Si6TjElvQ9N3Xu| z6}Em-c&QhWmQ;lt(}Zg)Xbs3?(Wle+stlw37|?c#(HDg(N0WZ#xCN>-;6vL#=P6ku zA%va)LV7v%MH^H6DZ<|btpYU~@Hx!JqK+S#F8~>>5dWwUfgcPsJY^LMPkbnxC0TM) zkHnXNgi%a>QHan_1}cFXO(T?0J`Q%#O#q)i;0PJz)Hi+JvCJM=MCa;YO%pR0x8N=t zXU~RRwhogv9l6QIzOTO>CRbED?ECuL2@4R_wk0ptkAyB7RI^ebtiM4u^)(8M`M&<< z!~|E3@p--erqmQxjmdet{^soYsWYsYlWwc-FJz=}t;)?5xzKFC*7K~&>F4MNaj{)2 zcDnG^uFSuEIEcheO?1%=^LeuDRF*r; zhkeWjX2(K^r)~lBLtNlij4;t@9V0dx`_T(6oG~mf963?5@VG161vg|B|CwE?>ASs^ zbN~J~{?eZHH9r0|Ha;~JfByvN@C~e*QLy&7mg%^^piuR^Gxw$P_mp=RF6IxSrV|uG zFNGCxU;S=CuzVRhxd2B%xWA-JlsCZ1$EN&nF`LE3?T)cXWK-1I5WMel&L(-N9yA3{ zvh{XnqaDcQqaWBsp5vrq?k0u8*@A6)UFMjUQQLamvBt;z#`a~cJy}%*1rz3|z!fI* ze2wxkc|Z!hs)AhPo+eq-+c4h%uEN#3w2D0;`JLgJAWD{o2*qV@Tbl=OIywqeJ)dLU;Sm za7zCgoh&MTCFigI5&dFq=D!X__i;~|HO`zdM1-0hqZW@}P$*zA1Vic<0q%WA2&H3x zOin4zhs#x>NK3KLuG4v5eqY4%Nz@;XK=qa^bPpD$@fcG+OQLVYtY6$4{rrl)$TOBF z*=do?(lRM2XKq^Eva>mtDZEuDvIR72uY<$p+@W!y!F|VKayuC$45v`AtYG2-)74^k&MY67~ zr1*h^_z{g)1OsNYqrOn?Y*^^e^E8<4?5SR)-KKyYm)CMLqSmn5NEDhT+WmsL;-any zzUgj7-EN?2;#L#oZQ|?csc=_;WgGn*+TeUNM{vW%XvFTDCF%SW zk5kn|wR?93nZe`>-$1fQ0w@1gAa4Ji- zj>*h?s=~U1O)-f&6Oxt;8j4ZmQFB`u8I6Sw()cRNOAxQ+U|v4-Ck;S|J;6j*@pPIL zw*#;{Coq?+V6Jl$-#+5o2YmbS*O&3b%jAo|Rw*G3-J0hm<(rSne7c~RJew@R>URn; zTk4L!d$cm@KkTCl>I3)n)3VRQh`fggR@kR~C-so6a1M}%f=T#3s~w~9wWuBDVBqO* zxk4X6KJuP)JUG|4y29>B(!Y1LETRO)UaD)f6)Xa8O-#89@NSEp=0;jK=j)pRt(bQ6%Haef^na^RN>BWr( z!HS5+v12Xb&;^AktR%V)?kdK(2>GFyf}F=`p)*a2DU|(z!Pr=r-60d|2AdK*sfCsq zp|;nxcN6{8ar*XC=bat2xGtG(No+G9MY-TVOKhX@RVB8Yqxi45@q;n2W`A1Bi1%Ww z1M*cq%BR5iXdYqoM91aFuS^vVbcps$kHYh$n&jisT#T4r2VMk~fjxqQ zJzq&n)N6hrU+M5lP z_Gx(+%yVW@nT{!QjbsOH@U*de6Hq-W6i>*5z-@5Guvx67n7g5wzMG}zL7R%e4-0?w z?lBBaw-pQ)_W}a)vU8c!&teDgst1j}&09N`aFc{w2Nkl#oG`t3bfg$_wd7sBo@mYg@z-KMT zQt{cKl4rsL6{zRdYMNKyx`|jez@Dw1u}nK1%kt#Aa=i`o72D}YJPK)WP%A?9^btpceZOt~Fvm?^%Wp?9aZqqU(=AQZr5uLk&iX*>-=%}@)1qqUT0gLdnefNyJm5@%U5 z)kV)|r`8>uTH3@}vsVv1c|2K$bfw1oi`Xglc+3n)~6SuloD@&xIn#uivY$px5cEAtD-K zvn$hF3iQ`egJ#uLwIF^lUxhWHRD{6}tV<7iMsZ2~CqA-I0X@i)*y3vJw0@CnZSO+y7aBs>S>r>T)4ueiIjVcM%2Lh^@%);xZYdm)O2V zl&eDfz9P}8E_R+G0+GZ(q({aIJ7M%R8MZ-})JvCEHmwqXyFD(il4?BK3HMMBEw-ks z7)R$;Hm$8yJoQDw;yNQb?4Do342HQQVxUA$Ef7~lj=@LY0QY4hem^kfWn|%=kqFg7 zuN~Hu)-Q9+HqPl~Jr z>XPjOaj;XN+$BUqeJPwvC>p0eX_4~N5&%r=mY;$gs72+oIB>)PBNtsfvXo%p^@M1U z`*Osd>;Nhzv%I6YV6D^&jPLah{QF4`Mj=ynu=`^6HS0@A3o#Lt)u$WAP}2JGs4Uf{ zqXtlyEG|rAyf!eO)IeCSmXS;Eq=ncSzDehEBZPpJAT+ey%D~#kmuXO-63AfA4iKON z1D13DSfEiy_h4aH>F6UH=F3~YNRz?xJUOIxddLdOND=39AeL*q_0Rdt$qfD%$Y&mA zIaa3KCG^cY`d@U}-J)&V8hB(i&dy2t+hgxmXymcg$O*Y>;wc-hM9jlWc1E*HGI5xW z{}h+}kZPBFLF@&7$C&~&2YB5GL6eTFmZF9C3`NcnpWe*nD6{fq&mj{URRAB@t>r>f?lJPUt(T5jYt#RucVsqr#Q;8)rj7$t;rh!>wFsP$rh|8O|8V7!Y) zG|u7iYKh@fNLK%t)b;P_-qEwegCL0*0K0*AZKf8JN_{4ln8U*; zx$?9!#oY&-PkO`JL=sh8Ak;DPEFP759fa&~}#EfDz4FN0tv7JltZ zWAc0_SBv9>0UH<$TosxkJPpdN0%aIFp`-nJgP8ZxZj<$Ci+esWz*uH{;kk7VbZ-%S z?6`Lec zk)MBq`3lRmvPx#wA$J%?k&1z@774wK;Ux|@(11i;1L*yPvAuEGu+Ou91XEDN6K zhWn~zj}n;;yNxUBd47W-Ov!Y*JPLJminmso^+>nW zl|CTLDM?>vKc;r{?7n?K?dY`L!m#wz`DEsb&;6v+w$(goO{lxskoDNLoDe=B%S{Mh z&pzgasM#?7fD zUKHtgdy?Put6bzP@53sxil@_lk;mg%JpZseixwL{rC4$~+&IddZ3g(qNG-S7r8Pcs zLu-~cB&I1(R#p&>aJZXN2xHY!5!e8h6aIE@KBmC8BHccqz&Bd175KI1!$i2TdqT|L zxN^We$8a+c4uuxzR1zB`~E*m2JR#c+50-N!WJ0PS@o5QGaH$RAn zKz=sf7%@Q*Pj*)#&3_?Xvxp5 z2Aans+UJ9L=S+Fwmj#HDk^>)409Y!bZjvrT#bp#oOTE3cOWv`R>fG_>kF8DOFuE;G zVjIA6Cb8Yc4`dSe{7#UXBN}V5kVDfIwuD0^}pMgD9}!Q4o9bTzj0XRhFi zQ8qk>ClBlS8UX1OPm3fT---xlZBF;X|DZKpq~q(GTvAGUJT{MrSB+iI;qSngKdEuKq+B`;CGdqqu|j&XXhW2c@~r*3bp z!$%uL;3c&*0L{*_f4@TJqMr`Z65}ftX*o%#thXaZ9v4rZAq`*A&`S97cIXc2!+135 z^T6L<^scK#)9HG`qSh(nNkk$Qom16 z0pDMUYmMnNNi`{wgaEU|r{m-j=j2v&v8bT^8@#TijArpIWrQ1#nc%%#RA8BH`QT3| z?+BnznKl60TXojlS6&EzJS-C(#8ph^zUee!gnX-~E^k*0W2%Z2@Xwd7Dq_UyVQiGM zi!-1Yj^Qcm;;zzS9=JX^%V8WKz3Je5aQ-oMZx#mT`vFskXsq{|BAy1rDlV!Lv!nK0 zJU2m+1ndDXH#;~YUmuMbL;E~bo{l1K?P)x_t93{hey!}0CSxXSpokK9sY~=+E{1tg zanOiY30h4q*i5!By?Oh`G_EWyPBO4pvtnaPq};jB)|RPmGE+i_r`lM1RU}Kn@jKQ3}|l*>(N~ ztvh1etAuKo9^t_nq%1;vr$@BPi=#JLe#0{m4WeUM=3=5|>8lW_et0e*n7J|cwqQn1 z`Buw|LwTMjNm_`2JTwwRxCjplETD_b>q5CgHM||q(`|_pYqSp?y|_)sC5xk@a{U5T z_`|`2|E%JRau=cB+xfqpDtTM&Vz>X}(F5o>{DrQ=-x&U*?!&)~0Pq1wfUl-g_$!-) z&%CSfNst1I6$$)>?!sRrh*3@vMFJ$kz`rd>Q|8ePlk=LR6~ju|SDLc^y5v<+{K#*n zq&89d=f%J1D|Mj5k8K^jz6L$h5TB-=5D}K{3e}4G^v`?hOt?G3 z-<2gAYMXUls6GyQua6$6I^QjW)a1QwY)4vHrj%{lK2U z_Z4=fXE}h+on7lSfg>ypdcXA(bj2`0tr!kWo{Zg~AqFGNapjKJH=*p;!kVnoiq+>0 z$fvL=tK+{X<^ip!$7)%HeR3qU-S#VXJ9c*`wD;c(p#_Qu(t5o}$Z!=n)4uTgLEIxS z9T;q-IE$z())nSGPR-u^Q@ao3gYS}C-7hF-Nlj!m*O zl%K*bIXPvR(}gi-u|W52@^(H=M=82?rLKTZ#}pJWNf4!Rbiwj5V~1)73E`d**j-8S z0W_<<>CweSTM_@~<&X|P4upw3kS4*vV>JhCdKzjAgI4A+KKh`aYxkgNRFXyso}2Uy zKj=*u@j~7Z4i+mnHFa9I3d;}&Yl(S!_$_%G&*oF06^rU=v^DwR%YI4GD%a_<(whw*qTO-t`DvLKp=jGhm2`Qr=N-t zD56l)LSMNPL?0|KLQPxEZUlTJ;Fq<)8eItZ)VdMyY26sQ5LAgU(0WZN9yPXX@r=VN z7;wOLHCxfD?eJ17{BGwqaPfKnBQ2iRgV18c#iLECb`@G9VRC{Ern#}ebZ_zcUFgM< zb_Q{cHmJ*M;Z}YE$1!C%q6{_NO7ALFZu*K0|4<>oLMdNBDb=i{utc>?tBq0p?~11AH{W0iVKd z<7UD&(Ox}aGp6lYZ|OK!cisFR0$pnmUcy^qKv>>WV)XK3dPzbVxD~+Fy(OUznS<`f zpgzLY+%AxNprH%7n<76}3LEhRiY#+l-y>Z;9Ssm?*H41l8&LhA+&0}`?nOtJQ2-Ov z!4xe4;`lhvlCE1lz3c%;`s;7<*vb$S;7&M!-P{a0hJqyOV8n+=fRw1SPuG~;w^`k; zVYBAHDO7_1^)Z)IJSFR4mZN(iyChFI5%H2I)bja-JjR+ejrms8gF@L9 zlY!P7HAHJk-lBn)5C+Y9_|*?!WjNV8+sL0k(8;t8T)xZ8U*3t$IsqcS{SjK~1p5xY7h*ful$*a+}(K z-H1)j#4HT#;8~JgRgac9&My~Ja)Mtj3Of0gX4gqsrB`gtHO35BSGcf1HONyU7WquOZHkm}R3-6j zP=^CoP4gm|8$pQZQ^wueX?~?3^Gtt;*AI9I9mLHWu*>2RjaNZal&-cyt;`o32~G@L z^weR2J&pi{A|EeCA_9WOnHnqS&_!{NnL!EGH$TvtR}%Xjsg7@MZU#5v=RsavZAUc# z!b7dk1C1XApNQA*_zjxc9hyVTpXfPoq8*FkQzvkjCO#C1TGEA-6X!0~ShVr2vVtO6B2CIcfDsY|7^K7n&fwx!sPzx|>%T_T3Kgn$$@IJ-doI}jb8L`}) zz*%-L^y~{mdz(N8fNKvvYt9qt+x+`T82m}IwKp-Lz08xU6+t&EO zw9F885ieMUr{0QXzy8-hqR1uLo-}R?@8YsuZ+ynTLPc11GV+zhGQwYR$JrJq0}#h+ zd{6r;p`X)jP{0t|Q;{6)655S-(9S(~(0<2+}y&=QB+A zi27RMc3>xmDGX<+P7LtSy;d-V6aUL~}0spc(0>CK||Hur{o68ZvpgTBeT=cZHO2T_>F!BvG~ ziS|sN2lT7umTEzvaL_*e%p*`Y)%WUHqD; zj}gd^M}$J;Kk%kwhU?5r*h5Jn+eaf=sj=H_{xj*)*y$2or3IB~4?JxNzi>o4oDV^7 zEs4nd=CzT@>T#n46~_Fac}qID{rmNYt&Oj~t#Gq+g1h4KoR>C=+HV$jkniEt}SNdS@pXjKS)ksI}IgOxi zGbjf~Hra60m8Me3xAV=IMAVVti7ZORY;+uGnXF^5y--3$YQz?Tp?e_+9=Uq!AKOkM znZs?e7GB2XuDi*a;zm(RrBC8PNO`1+-L}Z|jN}Q3#b-mvT9>;Ki?P$nVGaDYEj?%t zYMpky({A~ff3D4Iij3xiOQPSb7}963Iv)2AN}TtDMfF)m!yvU2 z28yAp_Wo!1@>!0XAH)vGA@X25NMUA8>iSeO&;U7wHel_+*vMI>TQwz1rBcFGr}>E*cC zf5$wJq{~vBP6XuF`!6J&~FT4zww^IP_LCx&R6>-8+ zxEDSk7~BbV*sp3U7PRdUpE}DB>DimS2}i!-@k5u0hont%);m$R!GW2O%5Qi)))tao z0q;Tf_C?&;R>#?Az(y;;R;=V?hh_Z318cmb95+e_o?)V5NWKC{R3(XQ#wGoD2Nvb1 z5LgB};+1`Yi2(iy`$rUH10VlRU)*2_M>aF$9CDygup3Bh=FU?#a6C>eI$UNX=vtt4Q!$_ z#rn~volo##o~V~ZQQV@Op<57~Sbx2z*CpaiRDMGQ&<^nhy+b%`|L&}GIfUz9*Z zUvfnN$??d{e4Js=N%F-yK+YuL^B|-RoKe#j&4&6M(P%)1X{HS|Q=1X1q2?0LXP|s}`Zq)UzH6J-(iMf;53;Se%*scY-h6#$fgy#u? z%K#;jeRP`{bZrY;D$#&A19<4Ly~XUkD;1$DV0!4#iuQ<9>8iaktCx!H&$$6}2g#;u z!x|EQf_h17BmVdzF^7sn#b)Z}#RU(}mNG*(*&L!I#QfFO@V0JCW38#W22_vXmdn;J z!6E@C*|8MBJWKM~c{VO=^093v5fNBTfYVsma!+gfP)x*p-S8_0@_xu@{Milt?P{9o zl~j&YO8DjLK-CS>kS>Q$E~}hN0Q-m}cHz)V5l0}(%SWOM`Kf zIj0Zs!9;WdMQT6&p7tdIGXMeiB|JWK#Lqlmv!ArF9U{6l}ZdnlrJ$Z-xq!ezuu zO{OF2kn_ha_bDR0PoanAe!6doZws3N0$objL@MP$`H?JtI#@`U9H5tgImr+Do6H*I z%^c#9n*qzC#PYI}zXDezWhINdtnjwSNvinzF0>)o;27|l@i;rSXRX=kpiJmNJ6S*7 zc@ae{H+9PiM_oV(&ZP!g_hu^4>+1)WF!SJb;Cxsg;tm!689qNpeP z5TPmrU%C74K&KUY@8LU=ReTGsCNX0RyhZggU_vQih=0p@Ma%!PHs-bgiv zo^Uc2Pv=_G#148pf-~XxIS}FNLomH&rtdw! zCToF-8EU8@Mm$@ae+f4VF@!{WkgNg0Mud?x^s%Yk6?C|R6%Rrmk;(~ z023TKj2v_Z+P~oDG+Uo(Tr8i%C_Mt(pC~U9;Qe^h?YEaxV927)4UdnC_@X3gR-$cX zEX&xJC#vS-6TlJck55e!4-(*Ew*wW10 z(?|K&DVhLOF0W%iH_tK?<_e7#2=X(iEg|eXXurvG#Xqt&1|CKpE>PQ+4~aho9UFVB zy?Mv~_gw~-91x`_ij_Z!5Uf;mrfTZNSZ5`oz zA2f0j6xag)D|YZmvFip>KHA#rTu8FRo;_1rZ2^3|39c7;yb9p&;i4>1+$!_AHkr<; z&xZ-v0Bt2MTfe>0Uhv=(VL4ja>3`51agI1sMKffUYr&aAGHaAACP+xeb`WXpz9iHo$dZMncbbJY`#sjpY6L@Iy22ak7O# z{cYRs6Ig$`H|Ag7kpGF^5CZ+L;dR%=KmCxCkKAz@k4*L~(8+j9HxL5GI!n)mcy0+0 z53Fo?81@$z0SUyIaHd~+i@~k?S?>5^_4%X%TY0}C^M}{;5acF<=XXg%q&}>mu8B(O z65~p{=CY6Q$-TR)GEBGXs*F}aU6ptW#TUdi{MYNKiFRWj+0T!XBF^q{3jyMK87ZxZ z%?G-`vNp)5AhiH-V1pcjet#g{4vYRkY<7y&Dh>XOxc^SXxn;%u^>f@^5pj(D!gDt_ zZrd1!;#Esx5}_vyME4nG4WE%F2;IeeRIp}BzLh>Z546ls;u07Tg-BrVyKZ)&1%;%U zz1bR5E}Gee_>v)m13Bu1uM7$>6sZ0yDOi*SK2Swbpcrjs1K~{+9(zc5C_0V>UIC|J zw=AGZ#vKP4dvqb4J7wXVKmlrSiUa0aVjf~eKhD~+JF*@$Npl>sZ~`DIzT|UYl=v1% z;w=F%j(>+EL7%i6jn+ORO{94g#X_@HTsFfa<|6Xfh{zVZ?cHIBC+6fj`|NnT_%yzVWI+XV&XAzY2jg}b<|3eITd+e^CfYreb$czHn>spMA_U5c9TF)68_IJYD z8HaAWL}>y*S)eA5$RCzlB@%JpK~1L%ZnSK)BrI;#Ie)F2XATkL&Av-W@{c^9H$1`l zx8Vue<3Lobf-fMOF%=N5gbyCRFQ2heh=5T216<dHaL%VvX|G!X=pI??w+?c}Xz(uL;LcoS>9XWQjG( z-jA0|doe&;R~=D+B?y`6!_i#GLV{zDrZkj2{>5WYmW;YI%MQEPc%qKAn7yD^8{?Z( zE$5O@HzEr*&%>DtK__6$fsdaH-~<5dXO{7qySO$GSrX`lWCemthnAWSNj~I0&Q45& z!MtWcr9aV4#0WF2YR9sOM%pZ~arit#C*Cj)Ph^7a{klzK!t88q%wz9UG{uX21kHLU zopeWq-&>95^b44GEN0n#8`ZQfcESwk#I9I-T@%JL8sbB9Qr`sC0E{VMm87A9Wfp2ck}cBsY+*V~Nu>(7dPDQ#h+`MjIZ93U zt{3R%9279bQ9@!dHhnkAjtG)MOc_Q(wyD^nEG7f(??P=hR89R2%M8`%n7U_XSi<+% z0u^wM%zFE#_Q@GnD!5!$0Vy^m5DsJA1?0Rm;YQh|KC?_P@7gTm8;&GL`>8011{`I^ zbm2b1meLbNiV)0t%+r2d#+r(jQALg>(K$uy!MSf1=U;dDu@p@1Vsr)m&PrH&? zvk^Y@5*$21us-4;?~_L8wjOsEjR;9BDw$HgURbnMo500OH(iQmT^;G8XyFE^w4!52 zPzM97Ia@0-*@!+LZFPa3u0RXTzmmaXWN=5(O<2bkZb*rTrw)2&F#tp%pim;*l;Yfy zhq^+Njj#jGF}pX@rxXK{DiRKfqK(Y}VF3ET7R~s2Ebh+yqQZ?rh^fZVLR}k8gqwiK zEhBnwtcjh7e{N<^KOcT3+r7_mnsJhb6xby3ATEPD%F1yKvTKF>?oPR87|Gum&1LK; z+;Mx+we`M^m@Uz>X43?ne2~)BDaFa!7~4=gNXccH*X?50I)4>EbpUZae|vHI^9knm zV0Y^L7S#Jct#|)}eeP0H|I5k#FDLuEoa_<0gO^wSSdx@dWHRpn?j$(p9d(11LH%U} zIdt#jmC{JWhZip2{55w#_f*C}yqID_O3qMnfwlu4XHoF*sn=1F@>P5{hO8}_ro032 zb7``=K!tRN7A}MqT5Ef*P0)-pAd>@Dw~BBcR_`UQReOZkmG$t)p2vj$E%wWP9BFRx zLuSnXvI9Doa{1)BXaqifbi@oiJDhDJcXUp%?Krkl*Tj}VmS^22fwQW3a)oTaU^x_C zyVnYmBu8$VB?R@0%DxChy|@ zcmklI9QCjl=+rT10 zZtM;|bs`^hYW_3<1=mbRJ&{6S41fBD_vA>>j&it0l5LN7#gJ_ZUI+Z%7v`&Q3y`Wp zUXLKj@JF4P`4r2Wj?>tSFg63(39-iZ5{oVsQg#vw#)9t@3=*@uxJ;eO61f?{3F%ai z>_Ub|{L9fLIwnrIH$+3wug!Kn7aTf@IH|vLesip?Jp)Rr9#NMnRtuwE*%y_98-w6J z#j?bzk2^qZ`m6(yERgIWS%+pUBY=PCgyjYwQI?6Aze_4gxLPg%WtDxzi+q+nPOt+- z8Q1Y`+oZUPs~E;pq6o9c7lK4*dFV<>5Rt5q@NnZmk4@9!ZWkocINKu;q?txU%3mEL z7@#WtF$hc4-<`4d!;*K$uik!0--0%m(R&mK0rw;5>qhMNrfP4j_0fC-ZvxE+%Ce>v zteHpN{^BCGLCgngrF?_mMWOS<1AP9eGQV+F9&TbzG1&=2hN=iFfwMeUxtYX9kN>-JQ3L70+5nq%PJb#HuDU9A$(Ngfx zS@b&%oca_~`u&&+hBLhSO6}_q{JWTs{`PNpO5w89B@|XX9y=n@{PI$9A#RJ_LTlPh z%bJ6Y*e|`PaFJa2PCj63NhE{4)Ye*8=cuT;AOFAm+3L6b@9NRpkKev0kFL;vV~HPM z4!-Q~AJ#h3FaH7Ga#`uOgD-mlwpqE?-^s}&%aqjbAvAGD5MS*?3odQjj~^mE+?RmW zpE5+)E~dW_r9PL9%hI=^0nMwuQ9%8ZL-?C*jbkTYMA5uwcM-nKbO`BE6J!gVS?ESz zo6#f;LgsA5iTisxs+RnF4E=kAp+Z3kW-9LV?WI^Lfr<*Sk1O(;{i(r`bXz=WzT z=0|YsVbkK`R-~AG-_w8a*&6v8>^@3Vscn(ovMY0Xk7X@RlF1PR_nCuoi@Ac z)Nk@{fo&8?%{Nq~HbYYwjs)UwDm%^==!%WtT@~pXH4|TQ$4q>_Vi|U74<|{IEEvSg z6mRuVDR9J<`r+XR#W#6ws;V%$ot>Daqi&5MFs3_ z7K5gS#Bmp5%W?b{2p-r{5Rr~V0%W`ei!4M~6Js?AzoI8TaKI;${K^{>-;q|3Ia(TM zDC=U5mHm4lq?h6+$^vYcU8T@MwN#KTcqdS|?1#(Z;5%$MvR2&Yf96>%Md@b?x( zznA*XTGpJ#>~M^J)Wy!UX1Qj->D$AGYEuH=w>FjaF-6Q_YZW6(Cq#w_#J$MgwK-Njd)Sp9`T99}s1 zxNfbqS!<*jMr^6g@PR#*U14PFLlcI=MFAflpor;2=DN}kifdTHAps6?`BDiZC((y9 zy+mR9{^Q3U)~Tr8>M)=@T!SH6X<-a2m~gDh9)wuJ#T-mVX35{eh#pmjgy=`4*%)m; zcGSisL_&hWNsu=QEH_++6uFDGLqz1o<`9fE9?1zO0+_L}tGGbWP7=my=AgrU=kOkR2d4t7oh-I-Mc9r?md z=ON~YZ-J~rtA5bx^CjAJ*c;4rB$JJG*%}fPHRF1^cqZ6tB9?5iorv(3?OJ|u??MX@ zyKLG~8#r3d)qX-T49AE~53aIZdu7NU!J;2Q;eY~8+21x?GX#Ah5U{bx-=puTAF(6d z6dDkgGPdFfRmo@nMr6;KS>NQXC4a!u_bXod>+298GMi0pZl>t@A8^-7;LwhxLGCqsQj<%G`?1 z`aqLH*WI)C;R^$lccb;)Bm1^{PYIU8v7x@yOkqj)EeI_%N}voNtr+QNj9a>>a z7j|+vYYMX+CM0`P6)j3OUbP$uP8tLo>suO*pJ0c|==yl*TsQ+)0=Z{QM>KTFJwm|~ zjd|Wc_Qm%3rS8yk{NXT$drMw@kuED>+tUO^kE~4i{G5kCxR2hzk+HV6|34~F#T`?S zsWj4llI{b0wuOQAdhD!_w~^l@v*O5^X#|QJ?@v)V7J=Bu&^74EF$vm|p7C)=aZu!{4$tU^^s?=7+R~l%j}-X&4=B_Y4htRVRChnFCh9 zH3FV^6_(T0;kMnt&=U|%ZGZ&l2(Q%SbC~h{6WUTu7Y2(>>k-``rt-=GS}`41@Q^s; zKvm-i)ex|d8@&So$gSXEnhlJ-SS7?NE(Mgx8k#!W_vn9uu?1IlXGqpHp?;&gXC$Qp zt$YpyulGs@QRd2W0Dxwo*kI9^X#9;`P2qiTP$hD$`7S%`w80A55HH} zu@yiH2$N$1KMA}I5x%#k33q*`yJ-1Mr945HWmCSOGV?WY~4qkIdF-IOFgdG1>pub*P$p$1toSloQHw)iHP)$kDe=SWg5!cj47mBIT%*29&B z_?{m(DoX^$;@HeH)45_t*iIV%58TFo$PR?zvW^YTttuGcgeoD(Fk2K-`=*B4)Ap&! z38}#GFYe1<;e`NLm;<;I0lEcCoao2GKM|wzD?C1){Vwq9j{xn+tJg4_lNVY*U!&?E zRN0`~5x<=h_`pNNP}R|6it_7i0-_EvMT9Y7J$>-Eg}zsX$g2wN3bm1*a1K88#r%E zcAq%c%rSGOzYrM*G!062PMxbH5?Bfj9tQz>=natYb|OJw$aN<6VBX~?AC+SiaA;k4 z_`dn4toOmOiNQsFmw)n+pFJ3Pia;o)4!KNgu7psm%07pKgC~%1P7@nJz$4*}O;t7! z5uN}-hJ2E|4&IHz<9ah3Zk5y2<>nnZvA=mbu;-tT8*>||SLKVmj{r?TvcD@Mh!y_% zD|4o72%;zzn~Go~5bd|vLeTDT4{4xlnNpDx-bYm`7+809iD0nLP;BwNy4cTIoJ6Gm zwKO?Tz|!QQ*S{7f{?$$klZT>FrRu+yB`G&XB_BNhT9n?mD1p7=-=i!`?5F!He2e_M zHy}RMtpWMrSIQ(NL% zb%5Jm=mazI4w@hw#drgnDv=~QSm1*=EM61`5s0Uu#0avFcR9-6JWGgg`S1+khu|jSwLMNBbz}RK zjSRl@Yl~~!T?tZg6aoK2@QX_qt}fOWu#mv&gAbJVGz5~Nem^id9}jLkn!cMu)f+JB zw&yp~;?;?s--rbt=m@OioQZCGBgqW4Hzq6az%mSL<%t3O8Vfl@?LQ32bt3#oAUyh} z!`$%5yKxwX7CdtGN(PI^8IBLaVU=ypjZ5(hJ9;j?&`1R19(0ME=|O(rJXdYG$IP)4 zE0#0uf;C&IGgvvBa2SPB-jh?-6+_>#*KrSveKa-AMPh$4NdkhdMI_xbT|b3Xe=Vj74oi1yIvZ{zJ|=jd zEz-}oX!u(q4lW(%>2O3$;2Avn5BcE}8-Ma-#(W_(=xrdJy|(SoPE5A-eEg^A)t@&+ z-;uJ84>J%Q>&IS?`%A=t%Z2qVCY19BMd8Co+N6urp$Lg}NJ*UY8pmhB(R8+RjC&N& zk!p(qghMMrQ@9pM+~YtIVg@-K5_C+VIiEn-pmU3b;fd!oq$1KxATfc4e&Yz&Puj_K z0`xS#nkTS?{S*o2lcc-SOaQcjY(m+eOgXW`QHduK&8LOzN;Cn`2BHaNe=^a;4sTC1 z+#9~6XH7oRZD{YibKvWv`zJQ1(`%~Cm^z!OTl9kywPK56=W?7B4lAdK0y?Z{B}{gI z*UkA45UilsWUaooFVK$}nmsC3La5*ciC3st{$+tSZ2NRze(a%trJ&J!5gcJ#+@ic0 z+)}_M34-w1J_)NUz7lAW_r0?Nmom8cL#A!|An?keq)lP#AG~rxbK(--_qFt)=(vy^ zwRHx2P3#^DZ#t}b8li=L?x?k5Li|%`5v(eQ4J_}n5!qST`=M>pE;bL{JH_HAEyLgc zkC6Qmuz&ahAZhcRtHAElmBH~()(vFZZstmGpr!ykr8muK+-2AM*oQMn!R9Qvi-`O; z#8D)6XG3;agiN$amLT-@9eyFK4&=@L)I#ey|5@}A z-Er4hi9PouTxX!-UJAuqF9taG;S@k{p<8Wz2Ob5dgw*vWAkFPzcO?QUf>e&+-uvyQ zTQoYL7a(olDm@A*YHYg?^``c=xf)7P4I|*>Kj<04QBDH!_@U=ZMVk%%Z*#h>!ffL1 z29XXQT)1KAy?I81GddRdS-7@Hg)f2-kvJ{~{>51~B_#sVw?J(;78Wu!eKMIpbC?ZF z6(bUw)e=uq#gZV$|1fb|2HyCQxMjm4!p0i6!f zH_QA(lpQyHl08@F3)?jhkeq?23oH|%iPZw~2i`@CzJP$KCM6y`&bAn#$}>0KA$uqn zZWQMqk)o1m?rCi^|NQQMEoTTvCl12zy`#o1>f;9ji)Ph8r0lQhy>vi8*!tT@&4po- z7^J>P*31xrCJpxAeO?LVW2R-9Mo&ulj1>4n6~B>!Hz&XEx|6N8PCs!ozQyt<>fyWX z7ujyOHP)v!vp&-%x~+k^awllpAWvFDEnQnS-k$B&B-@2jaJ(sD2VfjEP!)|`>_mz< z=6T6=$K(Sx$F*?YA-SDN&{!PlsPf~8WurK=-yKOOi-XaT05axj(>sNo=}V5J z`M5*C2+9O1_1KuvLi70jAG-0|=i<31FK>v7IHy5uy2%`SSny*^()?x}t?L$p^Vgt3-!ygDf;Ech0 z8=(J)<5pkTqa%kMvh>nlaz;_E&C%9u;p%5*gU^y1o=cOd+M9oiU+cqBd|UM|*m2|F zDe7fgLGerg5t39f*wq0Q=my!YBY|K-dlJpr;MISrx54|`*;?)3WQahhora3(gPuZv zRCC*?&%Er{W~HgHS~!|2J)P)W5kXoNzSUY(iH#izh1lCT68x~mY_^p45&C^ZF?V!c z?v{BrwKaTz!e#|=v1P!u^8Q=pAz8MD-4r--0YP$ioG}}TWY`W1R}4ra9Kc-^%V}`1 z1S(oIzqFHl+Q(8;Hd^#*1)6zVg=^rjQCVMdxd{^v1w^mYA8}hfZo$JkejN@Q1cE$g zyXYW3IMMQDBK=1+gKf4m`~=j6Wy<|y;EUYAxcI62W|=IDmNN!V@Gc@rpseGC#EtN0 zBm|t`i8SQ!ctYgA#ll4cdqR@n`T)*+b~X-# zp7D~5miIZL)AB1leHf)m!4l4^@Q;r^?Ac&ohG!2O{16lSB9-3)nU8tLD(v|=*vpQL$e!P0;uFNX@HoPg zF)0C$#i*2Tw;V}gZx(@Xw&uh0d+?|K0b*mL8v>s9x+37g=bk+p7$%bFj*z+_a7fLT zJqtPc&YlnHR>ySGCo^XfQuU}F=v$7Ud%kzUUEA==^QZV1n05G_GP@7P5j$bLNG)?- z-6E*8$7&8xq^wwjjbRLcc=*akClh&{(p4Bg@VTy^CT4 z@!7(BOtxh>X=uZ$3fsFOSPjY)z{5^65-M z6h$Y~N&L=3@V%wKOHO1D*2{2|2s6UqtJA!dd=yLs-tU5u2~Mg4k58@p6uTqLVsl){ z9;wiQjje|@cCh{sSdpz&u308%WkI{55E}>7TuN$w%(zp+NLvUPbno2U+xPSgclpbE z2b=rJiIIS%)Gti3>J(d;b#s7kqJ?$_Gi!qFwB-0$D96wxK-RU;dVaCt2jVLe#M;M; zDY!sX#{Y{%l&t2i0}jtWuZRj%qoo>;%blhQ0V9r# zD&;)vBI|#t?`IhDh1{CH`Bpf&)RVXMJubet<3B>7No8RW=ow#l6J&1mLqL*Qhha%5 zAEawW6R!VKH1V_bZ2pr)I7TM&#D*tSqDNttKT)tF84xI(;bUl5f4YDVoZ>xjdSiy@ zLPkuqhyJJm79@9g)KW-R)DapYLy{6TAxW*|w8-}2eJ=JgG}x85c8DH);S*xCeOd75 z7Zzkk@$h+%=CifWFC7IiA5|*gC^kqM?cqZqp>bi+t?u!x!x#e{Cl1%xSrY*h>_OoF z4jmR)ly$Q=!%-rLhspar9gNXn#71=B@F!;7Jy^UCV|z1dJUZl$R|uI`_R#QxEPx6g zYld^-TY{@hFM|_HwyiQ;=U6hA>P%P7`M$S+18Q&I!71Ud_2r0wcPn#<>IluFl=}iR zC)l*Uer?azNVBoEedrB4+@<@YuUW{Y&a;5bYe@_8%>~Vuo;8^+U>LBz#J&L!z-{p{ z=dyUUhu4`dhzqz7vd8=#c5Ht*(^LR~3Y)R3tE(?auz)cPat>>KO3S^0ZlFS05NC*9 z!2WVW;Xy2Z^dF3fdmQVuG_B86gPhjEi&|WEaV%PFz~@Zjt^S*1`2^w_YmA2bSD4c*y7@3BrN^O14B)*3-;5_@ zd4u1dn~6fTil)MVJM}8+t3Fvwwt-EnkmBUOo<+|yn4;A6k2K?7hiOSRWluRs%A86j zlcCTK4k#$!eA%$Ry6b8i^nn=M!a1?X%rJ4gyw4S!b5vwLV`DSi_=*G6Xk<2;br#&^ zi6$5V7n2RRd@&AKgdNgw8K<;a74Ln%`KXXc_{etP;&eGwS|70j!>5vLUePT@HE zFGSb7X`UTisd)N@H)xC6O5CsC{XMWSQEenu$OpcnuxvpE{)JFbAPU{=%}E~gxP-Dn zb@52x3cm4i2Jm;mDGHc)JfZ=v&}{;*D_UP)OdQwKHr~_i6Z`DwP)++Tluz$)&P)ql!Cly3}zhU84}xn5Pwa zIa|x9w%!A+7ZgQaHeiOQ4JTUo5Ip3t#L=l~&ngd3g#EF*hI6q*^n85}V6R3R7)217 zG<$+~efSFIPCq_hb}?%U`(w(wE^sg@Y50IA`h}+O9ESDi#)eypa%k^10(Ij{ zG(MxA>YvPL-lUU0#^20yc=&zw5})_*VFL9t=7acXKA+lOkB`aA#6&gG@ZyWu@L5^7 zH=Ta7kJHK2*-$n{^B&g8eL#JIdGKXfaLou}s{cp3 z;3RXz5dq8<58;_H*t8hy*hDqJ%LZ4)&sefV9;)v^4o1L7wD8=Ju2$}+c8_o(Wunk2 zC+Nq}wQwS+F$z1jB*2lj8+F3$F@TJ@zs0`OpWbV{@xfr{BfrDm)LFLu_O#_+GJ}aA z^xe~4Oba%=TlC#YChUzwp(RCO5Gjf!l5B9MDzg^|om=u)NQOtg`0=msioxT_K8QMp zT)Oew!eBN@RMck}Be=Uq){>`~W1^D7(#=S)pcoZ)yKXjJG7li>3l?24g*-|mJyON8 z$4o6-2eA!|hQx-2Z&PB-hxe>b>4I)(_Vv0u)B9*k+lMnXWOZa0{!wuRjL}1Q*u)xy zR93tTUeF2M*Or=LO(#5;TZ7PMK=9dEm5o`b3i{&Be9JLH4){{F zVqP|m&RvV?aHjS(+E@=k>Vi!hsSw?DY^crW*i4CFK__e<|5AY1iOf`vp*|lix>&=& z2pqLkL_*Cz#+t{`0Ps1o>ARU`XsWH*!ID16AazH!aNKYSVyJP@uZ}6-+D!N7oyc8=O}A`rv2lOI}RRfHes>&yGESv7+@?K&vuN2 z-mz_BstXKm-n!+HYLDjR765l=?^KPFz9?*Xd=}4L;7Q_{MLXjM0TnE|yTGK5#Fo}u zAd#^qKeQGL@W)!2HB&*wwrwc4tX%Yyh zFOf_E9vUec6R!k{h03Q5K**tt&=VV*Isv24gi1^%X`~Pwv#nJ0ORG@vBFYduTO zF2EBIs}ZD`BQc`kmlOI9OB1whF@YZpoa|yoq7wR`%c`-NWf)x*?a-N4r5YftH<=jd zKN4f2`~-C*tHIVw%parr1UrU2E7YE;_Z*+8x2zrJ1OMf}op69^DI5R0*Xh5%_bc{> z!bfo3Z{@5FBLX z6F++rVvzqjVK6R9ybRpIf&RXTQim2nY`o2u!pUU?aCYST=nC@3E9dgr5tN;XSCR;I ziSKeL2B3bnxpYGI_WIHy0%*Kzw|}PI6dJpk$c=i_8m@&e1qw=^5Um=bidYSvup|>@ z-44mJE*Oyq&h5I6G}q0TeE4@npWePJ$+z*l`_uj9kKt`?K0t$(FkfB?-xB6cO8g;F z6dy6=Kir0}{bBEaoo^2ZB{>xrr30?w{*G>JZ2KoK8Ie!6?~3I+EkB{B(1UeJR{CAw z{oAT{A9CN?*0NJ8I|gX&b|!x(z*}Th`l#&Ww8@GaOQ0;~7CGyR_%u7ya9qA>{Md7U z@6=Mn)a639MjT>IJuuSPv@MjZ!2))WJs|<)z*&7_n%O^^TWC+*KZMAAV}aj>Ifn>Z zcNH7^UKn5o~gDZMxhgx0C>$iT4`mlinG4hdZQ zR$K3T&NBHoK9NZo9$x-|2uoCtcOou>=rxA14}VZcM9pD~{zyb+C}dy1#P89%2P+KD zO^jwEEEn0(TxP%cQ4cZ8dUwU&#MTnx=fHaIN!gIv-YM-pqbSyu^K-bDzy~9wZ~#nV zd<+AGOYr0KDMnSMnRwP2X&(}A+##^54tH?d=I1%fn8-uxYML4AVUT?YC-DKsnw4{h zw~g?LIsPdX2YJSph|=82!iX~@U=t&oAbn|R$6hSHjdNH1aN~j}kI4FP=GMe>#u^AJ z_z3Ng_>-RSct&T(8)&2!EZJ@C5!udjIUis~a!&4aLrX|PY){uDm(F~XbXbZ*!FxK6 z?J28-6iBB*BLjf*=6ptPQQf6G47Z@QsW0<;ev=+8lX)?PC1B%u9U-uTP)s7cWfikR zHc_wg@b8;sqr@5_6N)moF_DN(L{n=*j4MIY|A>4pYvvFRV4MY(%c?eFdDGVM)dNAL z6q~o`2;;|oy1zDs#f1+B=c<;+#{^Ull1p34&LfW!<5g-lR|!jG5yH0~wwF(aO?2^3@R9t#YGR1|QOE`}SfEOmNIyw13v z5ww^n>bGm?m8>lApf*{sN6FNop#G*EK~j3SYKeRb=srA0ER6*r1?@m+1qY)TXNC@~ zQZmtq8pfTjX07Quv?yHJ0jDu4IPjf>Zv-17*@NxakPD?X(hLJlaB@`W8@WzAz-Y!- zR^Hs|+t$q?k*v)NFn%z>gzCYyy%wwB8&-by0RL;W{Eu(6xJUdX{sr_VBi7$0SeQf! z!^mMl?8Xc8u&HuJ9h<@GBjpi?kAey^3n;{MNDx1CQdvR74!1OX32wSK)2H){VIdL+ z7=GcA(I#GamwE$Tm!5$IgXNmhO?7~h`>USJt^GP!iwnLqS?0+IZW4S`> zs2b~G*O(nts5OE^T?QP!i=mAyJ`)UaffId52haiF#PL+%b{9fqT)pnrYg^6}NaHUFgOff*)rVSS^r_ z5yMBj5;0{uMHI5hVM2Rqkt^#wbGq;8J8RLN0WU?P`qWt*jXyHu-^ zH#K6ik)WyK#`|yvl7nv(>tk1oO;7=nbtt4as1GE)8(Q)_cr!R?KcEk3{-Wp|sdd`* zPMeZDVlS}gPk!J z|4%&QZ1&w9``F@zMjZ>l1zMchiU5Mxz>}J)0I;07+>6#Q zDe56Yf$my%>CbskfB2Qdzoa7)+i*%NS-_oD85S9NpF+i$Z!gAY06}U# zXaba_abqe|59rnwV@-1lBMu^RiroC`(H6e99KC;qc9OTIwc>^Mx7g=A0=TwJ?ek&m zbEZ=&w@cOkQu-6!M5`AzoZ9e(SbgCa>evXBlOEO&V8n0%=SSmYVXc||#$q9xLi0c5NVSL>Lh*-Jw}iF?-s! ztvT70|L_K{)g|qnLT_CB;3i?1S$iK1yG~btdm`u+a}6ED&QGG)Fd=Y961IcL_bzd; zYH(^UNjEPn4+O}3Mnfz37)){LL;Z4m1>zT}@!9{18kZ$nVQ?l@_y?cT^kFAIrkPb2 z!x5y_r!i|^V|%{_C;D*XS@$KK#U5_(!hi8KPD12xx)w%pMhi&o4*@Hf)QMQzq9H1Q z!_%`&6BtIHqD>=Rb|^(y2@t?p9j|%whQQ-f8@sCun5v*8~DfD&gec@v*i} z#W~a0p12zXM-S|dStt>0gT0n*D5c`W-!+Z^37j@@O9`{1U(^uodq!A-ftP zhoF;K0i{w9C#NE{60V%!dKV&f1E@)_S>}*xIY@Dm7zZEXosx?J-b9gXQ$ProE0Igd zMzU%6&BvTl(}(M7gxtxASc6HPKOno}9b zPQl<(tw|U6T_HsX4|`rxa)~AqcR7jeOF?a3rnBND8r;a6k_HoAfl4R=Uh7!Ays5__ zef|xi(I)ErsEs#@SQbV*kxGv-j)o?xbrjOxzJPo_KRjZ9SaToK7Uy=`OSj z423jH?1Pt}<)<2xmEYum5}c^zDxv)!Dc011@xCzwN-P)(D=dRTi?!ENm|M|+adljf z?k^BDK^sUX#$ccIp7)t~=l#Zghi9Whj$lhs_ju-*&=uw-M<1*E3>#wUR>L`=SVy$# z=~LB6RNE9Ow_75yTP18?pkNd2nQGdQ+-Ki+?9m0vUXk7nbZsWO2ZJO>MV(GTa&XRz zV`3XTa(E7OGJWp#J1 z#)@5>snZcSa;+&^^5U3kO|-L2D25Ri>+Y#)pAHrXyUGy%;arMBtoIND>?ddp$+XXO zd_Hqvf8JWaPa7n7Syw<6=Y?%x)BfSldB=nITtTL94QaQ1lGzc=UPq9|khYtE|2Q0o z4KKp*!}E#E$XK(h_OL1re1KL`P;3}nwQDVXS1iM9&S_|Az?MLm4kUB2SgbVImr5sB za>Nx-c;a4XyTs40^RTc8C2<5i<4Bpmp(hy)QgWHRsnHz{7dWzyv*U&W~@%(6dC`^>FW7Y^M!Iq zsPQRQGtt~K*N50{&2rw-y-yEk;`dHKThiai8U{ApMprL>_ewQ#wS$L(OvY1o5q+~k z{2`%6&`Ll$25Ygn%ws1!rVhTMN#oaUtghRz>f);hX#w9(G~rto;Q5580saZ6u(&3IbH@W9i;e z+D9+T2=l{zPgNI&7F8k9oN<;~_C`)f936;AXKNZWUf>afdWmtfu^Y+$d+URo2*)WN~@J`7CKOlfEB!Q@Q^ z9MUE{L6Z&|r$d7~$>J60s2!3R6*LXw;qZe8tUU`07{zrriZ!3ZCc13%K3!BlC_Ml? zl4UgDwNGlogC(b&7I;uG`$p%*&9X8~I(~IGP_9V}mnC=QNEj?&n3)!h9YoxEB}z+2 zZ+9BAr&q$3{J3Dp)YZj>L%sWjsBELcE-l4IswH!;ri?Z+p&@ zK?7eOf#mDD1WK?9!u=FAk)LOqC;`XstPJ4Vt-#ogZD)$l@h95&R8uq>AjKAYXWTs~ zQb9knN%J`os}tv0kA&{VQ28G7%h~uwRzsU>-qfwO@8)HA0`&7gwSzcs9$1z@z>A&8 z`bkv3!GtKFM*5)cQb-wFSom!Js1gU=m`-pwz~s z^8q_b4#$ClOOYAouy4b5Jh-22W&-X}GpiHvMEc{?)x7-<@$wh^;p1CVZCk4|Ye-o0 zwi+)Ga`qoQSd`{7*ySEG%KuLoHcY&Cj2ZWjD|7xyXCB2%j41SP@V4&GJIK2uA^#dv z;-l&LUS8dnnEt)NM^KdQS}{o}5vj6EU3_!;gY1~mB0EAfM*8T-5!4^1_D4}wP;j>< zUj|#~R7ScL9FOoGZ$XL(v}tc7gAh9RNA?%1;9K|g|Cy}?=7zz-AX^}J^K5_h^==DW z0>f#u&g`iv76=slEE#*W6)WTfnL>{Mp|PDUOwT26fBUyRJm54fe9p8>Q_fRMeJH|l ze(#M{{>vhz#U)UK56sddcYA@SV)+6=M_--O``+uY_+!0wYr4Sb(SZv%;^q{iwCf4S zBb^L-U+ z{A9^JQLgPgIr`==HbsSVto_aTZHc}KEiRVFt!Lf3r=ULdm`yw z_jY*CF(ieww%nat!PIk{_j@^FfEEx&)1k74ev+(OiOQM=r6)+S1UHi3zJ~i+m4MhwjVITx0u<%@=XeOqlgP?BQme-D(K`I zTL2}3)jK&Y0)TI%MsPb)dTeNB2a5PK)DVJ5wb@{L_(4Y^hqRSIY6Lg312JUUcnCd$ zl=ongNE?Vmm7ul)2@~2By%;AnUUq_GusOE>4_8i^TNBU!*@eP+$Ao@K-!=M5C#kFr!jgv2Qpj~?TrH4Z;7HKLJA%p7!320 zqmoyK`GS(moMncPI~oBW=JU#9=>)ycTSa@Nwv{A&|<70K3i-l1w&ai5KbK>lg+HN7Z=Y5Pd#%o zKgBQ>o#(nW7&eou)62pnpU#wXS2vmT+j;SP)m5|E+{5E)IDAN=KIcwu5#%B2->CA2 zkjk}ZolAhB*~NVKz@91isn&4Yt(Rh})IG^H@|oU$bw@O=eiV%P5a+#kgx% znw3?)@t6Y`ca26VznVTgK2$CB{>6(){H_7- zlFqy5OtR9jR{$g1z_=CjtDC#dTfSY%)tT}{!mU!ncPZ&@3)Fo$^ZBi9!;}nRfd;^+hqUpxooVG z#!!3Bw3`D(v$1V=_pk`?Iddh6<{1( zKOC#geB+|^^7!<2c4a?Q((6`juzXyXp3Rq5?J`*{X4JQ{-14ndyu7?g9%QPc+9LgI zoaY9;7l85n*sxRA$Ms69QMx_PUlr_^!xFuUme)h zvuPiVF~Dd7pEi@tOzw15zipgXa>Li_XQfBxirp@BJagsbW`+Jg>K6^*-FqwxGY!JO z%?g<(x%~R}t%LsUyjGtX{uPY>Fw-n`CvBsnJhX=|)nkuz8*-jK)=~f8AWw^vh-cq<>PL@OYg)V_r`um%ZYA+C9m~$^07O_WJOK=k>gj>!JS-7YL4BDdw>(%x3K(ng@lUvKi|Ohd^Hhal_IspZx5+A8-mt*TK_o+o&Xn!KJqyw;wSx_$Th z`q0g-8_U$exR}$f9;U;L*-jY`=Ig~xZd$0^W>(6&wCb14$#QgiHAU=ug6CX&t(8xv z7tOStEMK;iOugQ`xmNPy)9Up!^MF`oa@xLq*4~tE>*b|8wAZQRcZ`J_E>4a$#?Pl|f8 zYAdCoe$fXQqc`(xq|VFMMQ-$VaN0ho%nJR3^KwT`cTV1BR~L=dTW&sjJ!saij+;;B zVs@&VZ>@%1Jj-S8N);@Fl$4RK-scsxi1pOuyp%T1M~&*Et=^VXV{OnMTxVzX*ZgdK zX_+_A>tb}NQm*+~Yc2OGvjGO$V+c4gaU&r=iF_dw7q3=Hw1(M8$I52(T)tdU#zZcSD%rcc%4_~jX%e|MY-f%BsFxm1yOVwr z^aFsA&nY$Xz1Pm9Zj7g5YT2DMIC*G=%0n!Jo?%`qxLu@yO@%ePaI@^5z*>B_M&&0+ z9-w-iVdLR0siL)6eQ2KHvE}s+^l$Y|IjuY^sajj1ddDMumtWy`&zS?zJDARa`?90n z!E_G1zC_VGTEo@Nkm(&*#xYqq1Q66*DDn@CN*N@GY)u{1y zQO(a&Cy%e$(;PShDDy7}3!^hR-Jekb44{CKSvpTtZ zxSklTmTBg?=fnJoc3|XAmIp}C-H(((`|i=Q%qiCCPBW$RdD76*wUc?{te8tbEY{lT zV>jJCe|;{TSbFCmUtHdf$|-X^&e`+XbM^7H+dDXZF1PJfI2 zu68%gkE*SQTcWo=y%^-cL+}Rh&ZmMusK6{&tatGt*R(JKd z$Tu&WS{v)9tCO4a)9bQ%Q$09tPR+u_WvO>}wa7hduhmvNYrdRb3@!?b!R+|0Zx_4z z>PgFJ2PgLzou%1oO-wvr*7{_6k}`)i^%e=zfvq3pQz@?S@E2nMME)5?}rf0RQ z8+EnJtHbWibL+IKBG$Lb-cCjQt|hTPHXL40kp_tLa?nE>nc;Kq4*d&zE~S!5Vx1s2 zY}{ugdKBnT0E6gJ$`hJb&R(*hl=8XE>8(Y&RGI!mgVUi3gG#PC zs63a5K36y`f-Z-7%+cpct4=Oc^XPNgFntbmIe>xnxt5^IMZp8@nTwci0OPu)2?78YQ3Bw_PmP&mNnn_qEofb9+DN z-<;)ca+#;Q%SAbNak@GwH@lDZgXQzFm9?#lWm213$JJ>%T{|v4-y23Mh4C2OWUln& zQ{%2btc;PuR~*~D%eU98o+>x&dTMt1h9rYN>7G3&yVHIvb^V}qYFc^vR59}PhtWA+ zZ;vbOfvPt8rCRl>Vo#Lus}$8&#GI(}>FOYJzfY%JRk%dUREI8!gpi+-+uxjJ7?TKdBzpRCmz%XPM7-d|r< z*2P+R_1Zc?BKI7_Xtl?;uftjP^(DPH>z1F=ulJ=+=kBqVyLr8NogUkRhIvpuwQG82 zIw{{g>Gz{W_gp*aSE@>;q2m3m(z2|&RXWZmQ`EVT*u!XktX>{JuhGUD&)b`W>+1Ar(6}&C&ke2G&77^T>%*s$%sgMT zA3B3V`E2yqeOR4T9=nFHW?)IHA{{>amahQ}*xw3eo1Im8CBVy9TBSVFzz!CT zn~7ncn`fuX+h(`-y10Kh#`3h>xKS&&_1BBMu8!Bqvhj%4nT7|471$t>RtAJ`rb=bn zS}9&)9z$|%sT3cT{%yWD%uMmx)O!nF3raarUnTMsbk-JXOS#Oa)Z^!;S@O1dwyaOG z@^F^`yGKzD|~3YKv*(Y}rb; zlW6s>+v>|}-q2r{N>eM`t}iN$dgZqH*q&rB(AH(v7#8ee(#{R=yuG(F>f~xN>kMCQ zq-YMZFXhoRy?hw;TW#%WkZE2W6!JF@>A~dWsb9>`jnk{^YV+c}o_*8OYdl|`Ur%!{ znr$Rs^^|?^T3pPs%jEFkwzIO&?(c^B@MM1Sa&zC)*U!p$ywqFS${kVwrpccETsyhM zHUmRx_KO#T!oh5CpP!B{nnU%pP`~ZHRhRSr$=TIPUG(p)rSvj2>qb=B7|MDuSHLh<@(u@1qFnj%!8Mg-gwDnkeDCe@-!g|P$cMj<) zuftLA5%XB7^ic5I=pQm|RBr_~`bvO}KATnU#>5`9cGk3;ypqqO`iPUzSa;CeAEIGL zbKkYuH=nY@N(Siy&b-0=LFZ1Uq2x>X$JM;t8%~VW==DBVoYV)Wmz`DN^>o<0ULBmj zoj!J|uP3%)!Z!73d}5Ta{J0)A9`m4IJXcn=TxRWk- zD(hM&|9aC_o*g+Tw%tKGkx{;@CLixpn5IZ38a?xA`k1~S4o8Ixus7ViWwV*a0kb!> zD=Q=iyElu5Qa$dzOgiJCl0k1WHrlshSt#sX!S;~3+$~8=&duIPO36&-c@V0XXUh-D`8n!&EFKNdMa0W zHZqk~XH{A;+P;R-wvBi?jlLUH25q!)F#E>(<;JLtQWpnzIo&Rw7S#s>uX9)G`Rq79 ztrzE4cDLKpMh8#1^XXVQ8Fot-%iiU~pqxC-986B;nPauOzDqrxJ~ggS2bJPQ_Wte} z%b?@_@%8Za`K@+vnmxT9*!Ks|x9MK8{8)ME-_P$my|cU3Q)8LD)zo|?xyp49v~{a8 zI)2pkQa5R~0ERW!m#^vb%YI5RlZ*1>!7QDt6H7CRPK#tZBPan>vXPh(p>jSC*9oW@}*@?rpD{MIlR+vR`Z+Xv6Wkld$*~< ztfZFC@fApcwCBwyFq?%Vk{eW|1@2^IT&cQgJ-pVaXiXAJhUn; zqkq>uFO`$U*IMd&c2c~mRomv>L^-w#*P|h}1vk~1J$bvmE1e&YuZ;>)q5Fm7hqqDl zx^iEr-z-;WhBAF#sMh*={DfnO4b8 zGG~)nHuE|(*W-$LQ9drTU-XNLS??6DE{tmJ7A-@$WhVQYxtLzhnv-@ad6hiDyq;^U zW)tn^x^|WsXHSNY&nMP>u~ximKD{=_r?;)+OQZL8d8%F$@p4(OUe;2B z+l%rgUMp|f<7fS$z0SSd-dqiC$Ls7!Z#7>}PnBFjK*i7{v+OZ1TZ-N5u4{mmmZjO@>uu`{$>q-I1y8F(& zbJ84j9~8h9WV}J;I@l*xx4HbZJgKhxIi*5qRLLlV%e?ZepcjvLOl}(3-&Cn6mV+mz z>8etqGQ6K7KB+ufBd>=!uWYlaY|ASrc`bd>d#H@2b8MHY&efNPn{EeZ$wA*Km!na3A0w_m-+w1X89{m8`L;FC*PDu4XMlSarS~!vUuDW2-U`X z@*1dB2qZG{7itwCQ#7HVp>pr;#xYkZ?h66$B|RD0 z@L-q4OQA_C#>oa7nY!*Um?M$p@=TDPe4yAySl2w-tGiJ_v3L9UT665>h9ohPD%q^I zFAS=UY?Ek*905V1fqDY*cvyMjW885H<#LJBj@4wfTkWZl?}Jd+3WF#$M3L<(=Rh zuAxKBe?T_m?Q~wbaPye#U6lernaHqbQe0lI@@x@N@Ocy0bKSmY2#Mc0T+(c^6KDfv zL`Lo9uO-3r9L#Bpy*wWm+3gju&r0-ty#-JuL9;H13^KqBgTvtN?(XjH?t{C#`{3?_ zySvN59S(kQcXyWmz1_HX@7vh!=&p*c{;DH7sw1;Azs$6wJzBreGCP)#URz%YqV27; z&6*ZT7v7f`=xC1C32Bm47rQTh9R3x>*i7iv*5lc#X^vS2F1HVx@-o~K%~d1nceco@ z6q5v?P~hmK@MONzE*0}SE?~ZaR|{H`4a;v=m7G+?@M60Z@a^ftyFqBbj~@LQd(w=L zF*77mgFh>n6H%j2fmVSMn6JYVfdX||5CKB|gnWv#^$et&l1Eyd3pUTuQli;dVBbcz z{|u#zNo=}L6ACA%xDc>YoN4pUIGD$K0ch=s7GdM%2!?U8Z5IPNhZ{BlYB7l8j&0Jl ziK=fd)vQYRQOk*=6`wqv45RtFu#Z<5^a!+rzSu@bobs8{w@<}N9)8Cm@uJU{9M_n; z{M)5L`BRv8>NqZg6_;79OFgyGYYOwT%p5OS+wTq!2oM^rXHl_|-W^fDisb*DV7M-1 zXJfN_w&6uypLm3Hb~K|BlwOzw)a z6;d%jPhhgXzwl7-7B4s<5sGNbbjfr4VJS1zA$@&oi^yu*bV787Z7*;tpr?8pc zyE8^L(E5HuW5t-RCI)O8oyui2m@=kN?l`GzwvI$Yr3BKSoGt|H6sP~Q_f|HA#cUCW zdgNq8=gr?`@Dab_&8&&w-e#a1VB^WX5?s9Rzl!3UI#^gHZETPy@0|^T7WWig+u2zKG{Fk0M6sK9IzMp#5d=cWkU_3GOXA9|VD?zD0 zH4nP1w<(-k*A2&pNk5s>Y_2s1IB=ASL?;ehUK|^@$$h2iyv`Ewym&r!bCJ8frQZ~Z zDfwS~qP&KMLchBQ;A*+`my2TgcOFW1IKSF#3)r|0gWRw5pDr+W$%mtQ-2Wc%hB-JJ z0)!r3+ekcP&k%MPqNn0N2Q+WhK}r;#o5FYS=DKH;0(X{ib+>rxFT8l!4m4foIFx#3 zzI;B)tisdGnV*9mP9KXH?+%DGuKZ-CPQ&@6k7u0FoCC8w{0;iXY1}O59wMkN8E-4M z#7B3d<_&i)I-?BFG|qR&B|-H7AJM+*id1upE0rn+B$1u`QtgJ+T!1-({8U(2IX92W zk$iU%{^}}z<3DT{hBH*@vAe&WO!0TeBb4H{9G&oC`r9+@Q>_;>_}TD$o@IXX8(h~I zh-h(BKLMpZe{8|8-gTxpAHwubK~}b|4@2wv?Pb^Nw=?YxZdUIrgyEClDSfp0C6i|YX* zCgI%uhw?_1@_K&OUArXq4Bde&td1I|K)xEt3^EJDlT|ty%`DkET&Gt{&t|Q=(Z0+* zrdr)%#jAbgf{WC-j@8nr)@1QUNqD^)GaQ?I!NmmwP#7=2cTPx&f-`HIH6QJd35@!4 z?o{;smH9+BRrYVKtYb10AKI3$m(&uL{EJ!I`&`=RMRKM#d57}Sb3iw{F8RKk6I;u=1%gZBKYza2Q$+dT# z77eRQq({>h((BPspARC2HV9Tmn;~oL0@2}VVAH9+nu@@(xzr;Bwn&M$=XjIZX9WNq z{Y-S#^150#N+WuS?yshWv1WS#BItR0V*2qKe&3q+yMuoB>ABEx z0(rWA+V)&zo&Mh)otCf8hO&B`*T_Ub-V}v61}?eAS+bpCrUEMXNT6IO&|Lp>e1byOmeDE{eY{_?i%Ev zrv=8uhS!~nP~enGf4-MVrwp4sHuF|s<5iubXmOzjWn`Z^zcgdF{4g9=f8>(b}Fs z1D8KEEEiAUxx@Cn(HOi-c9IT8$gf1)^^^&gBT3S<3ln8cIBdftI{oqI6^G^=7&Y-E zgJEGNqU}L*vF?F~L}zBO(Ekw0r^~T)p$kLngLA#)GR}GNXJQN;8QQX`otpl;5SSzD z9AwSVkGt8U#Ka(UgtGU#u92LRmdQ+x>2GUc@}$AbVs8nDDRn>+9&aAvYk$;7-*J-6p-VD{-lhgr$R_4K(JSHm;RO_!{k;yEu9n_fhtNt7l;qMp5sfN^NbnnSdYf`; zdv&^wp`p!Tjs9-=gy=ed8SgVeIRv9` ztHHXyD6cbvX*%7ht_Y~xVjfF&;vt`1lHX+wfu#;k_yCreNPb|R*jim_p;6B{!DrIJ(!;N#4uzbXpzHG3h>WoYoMgwA_rePh z3^c%{x5f9zwN@=)$fDCE34py{6nGw zWt@4mpgtge9%)D^(jh#Wh}(a3V?kqRk;E+urKVZTen48&-$f|il(HE&8i*dY9Oa{6 zy!w}3gZPwjNOe=y++%x1zMAFINEOM9E98!#&`d>3(JE7v2YK(DBXS~E58}N z)y>-CPu$eiBvx|&N6+qxS&iMO7OukVfHbnoX^mTn^HDbpCI}9N_i5sMg=py)Hv(Wa zUhnfM6gqxfIcnl@cV}afBK92iSg(5OSNPcD^&&G4g*N(pUt$~@*&l5BEds?#(x(qr zHWL9h_R11iuK1=zAXK0!o-@G3;OfiG3Oo&ayXN=s^?SbR0auWQ{Duk!1_leZ-i)g* zW3QgeN(2Tr$^{1Y>+7npoxO*Oor1E0p|b^@y%Xc2m*({DSkp!a_-9yb4Zbxj8+k+l z@_N_~k8)PnI*)xZg&Z=eoaBd>gztt=`)d}Tt9Jm{GgwoGsAGdh)8ncY;)@fI+Q#vR z{!oeE=iOl=*2n3h4$P)%d(8XBS^3&2z2A$S-^;0A*e3x0(|(-qeZS{zNa_^`deG+k zc)wN0@_Rom`FsZOdux3zIKO3HNuBEJ-dN%{AJDyvfO0I~{^Z`4eBMiX^?Vd}SDeK8 zJ%Rk*2Jk;?^>S-lsC3Cm7j$2Ba)GhO^E7ki1q14>xv#(8A3wpyU6*g2?m9{R^e;u! zz$I5}b`teBP0{X4^oy_GWk0VEd%Qh%K>Qc>bLM_lnLQtXT;G?a9?$-1&<8N_xkN4C zPsg)1r{7DJ+xvV;&+O@ft?ZK)`5X51OUd5CXLOd|s|nnCiQlV8@pIMl0_f&`^^y4< zRn^8DBu5=MBh!mf#P%zaP%QvY`JC&aop;!N@DIO;rT6O_u%>fG;#+B-S4+SE4GcXDBt=udRnAcf+4=VSGB( zknE4#jLSrj0v!%B79K6b8&i@DfDf8cD8=I>=?YbQ!lW^ZkQP#JwdN9&hqPE7;*dj>i)txO{XGUvf3#T=>)1;=CGOx(8rTp)!55^B_VwGD68IZ&U4tpA&g<;(@Tt7aQJL5vnRsAd1Tm@?DHs-CqG@K+LUY?0 zou3V>sOAwCQ5Q`agCvVn9q&9nyTxBe^E{RMHcMB{i?|TVBy;noc+#H5zGrKoo1R)s zgMfUL2Q;jq6lYoMZ_=a3&tzS_7K5A{1nmhTttYp;@R3=lRF~JSzqlqFSiW2E|B=8K zt1byZi~+)2@6EsxsJV^^FX!VB2tUqanFRd}mEUYgxgd$rF_ljtxvZQSG}uu)qv(dEdt|Te(RS$epmOQ)KYJz5Q{y!3 zQi|TM|AC?5WFi?|E$sR`%znxp$YvnC>2KVQyXS&8>g{RM{ID|R+HpTSE>p4dwDVpW%{+0JST%!I0p)w%@?Wzn@1upjtf9P-#Gmqfo}5p}_i0 z9~EBQE=l;_Cb#0zs3T4MzXREY^HIQk6Jx?;pp1F^g@!1RI0L*f5zD=TM5?W-zI6+y zm7HlMH?{@hc<}d;)5TvNz3XvQp!m&ls{7f5F=z1jXLk_~e&Slc6ajX8x(8*rS=r(2 zidS}q*Vlb#my`LwOXgM0FT`9643w)6f}JOha!(4mNon^?%qx$Ozak5vg5O-_*szA? zvLdfYTg=-veu|&w@vQ9mkGqDiF5h%!-8>bbV~oINJl?unp(|gup~!Lu)*Js4 zpi*(cs^zNV2-b(t+779H@u3(U;hju~F3AB#cua|`h3`)|3=E}edGrPpXE$Y|hs)p| zFG9#ZZXPP2AnqDU;eW>1cT_9_8k!Mi-M48 zbIK^iVlpl*R4H6<^C4NaUyvs9A0khsmi8D_RfCwUXG9I8L!%16D%bVOgB47?;8EAGXZ znLw@c+m|U&02Im0z=vU~_t8~JMWfMmRmiV~5!tX1el*72)`=1sq1li8T6|%5U;d!O zyTDYjb^Y;hSdCEmI%VFl^UE-k-u2-A#d9d=o{t;I3-ePQgyT7E30kxB0K8PuZIvd0 z&C*<@yFKLs(j4%qM+b(vyX|A&bw5NmuS1;9KK66Ban1N5pD{M;jMp(}CfKp4FI!>A z+6*_ncAX)l=i0x!o@qa(B9F!KzL|ci#Uil4?R{IGx=hQGK4pZ&`xOI#3g3r05RZcy zVqkc~BXKTjP1n1NyHW^gzT-$R#Y>QhF%K@dqQ_h_2@bX^Fu-ILg&QHKwTO_dXOZp$ zypH+G@|{NO>>cE{0U0mQDc`t69yI@&h+@xNb+4^ASPmVMx@@$Lx2>NBlKn}RDow{; z;29RupQ5@IV(=@7bw=*i3e-4vJl8ls7us8=FBBbC^{l@-DJ<|p?LIbc{D_-N=h)2D`&?zbn?Yct|FWmH!i}MZEdQz#^ z@M=IrV3!DqW_je^=*cNMkyrHgms&Xy->)A%BDQQz9Rj~lAkfF1JWdm0<<)YMe?*wQ zg2vIyDr00e+1bJ@$N2W!P%Thub`J*XOe0M}Zdj4sIe$m3P)EN(+qv)H_=95@BFDAQ zi^}~@Q$i-&9dJX&l}5V!-ghB8s2RQ?4j#@nSC0SdR%@8XyXhS4G#>}2unndvE&rSS z3o{O3C2?*_dmiHBT(sEdBxZ2D7B@dGBNG3OBXK#*$kFcy8Q3}}k9kwBvSLxzxLr=} zhRd_>w35@JEsPSQcm8eWUKTP9wys|3b}nIrvehATaQ`&@xEWv*hI738NWStb(}_t# z%%(E*(gf1Ot)Y@DP%0a#y?C$qxF(ZcLgpUQv1;W=bGmr6Q;Acbg{%*>C%PgHI2iQv zAWPqthE|+B;@9c6o_N7sdecll+nV}Q(}Uc@^opzzQhB3 zw(YU~)~=JZI8}Vw$g5vMgwv5c^VQ`<$#On^gc&i1s4*9z@;%{r?Xl6doGz>Lkw>%1 z{^7skJb8RtAKquf;?8C6*>(J!;8{vbUjy1C_GS8y2Dwi_`n)rMF0Qd@P}AwbUd(J! z8Q%8S+RoV?v2R~Ptu~2ObeDEHo#TmY)z%M^AE|bW7`DRhe^G=iDeprg_eK-Uj6&NZ zgoCAnA`{?Ax^w4()vub`U%5_WUvd3a$Lc}5tf?b`Qfm{zR%;Sl zEt~D$mIjAuKs|5uy@@HTNN=KT(Vrpeu2s zE)wKBSHKBAc%Tw_wDkpCkhD4Kf5&&bG&V{v#U?s^NAti-MZ>anai-cXm6i#9RMM8- zr&FLhI6-^5up=BA>sOHfCfh~f^W);f*joENCKI=8dUl2O`fq=B${)fq-{;~AlO*k~ zjf;bv;8WYzLNMB48woH;wn6iG6B+@u*q_Kebn4qkWa1qQM>?^zJaTNFz$+=QSa)hqQcczgYCQ!Bf&EVC zrH+kA7`^jA8Gdz%vXVa{Ic6UjFqqFqt(y(ZYJ6zEdogJ{;{Uv-?l_i6&aH)P??T+-J^ISw+Pc8Y5^@dL@0hwX!LUqFqpS! ze-7$wfjLyYf{(2{EqS)(uWP&^Fe}*!9)>Z2y3(j^cgCZ#1(>nyivGGJsdObV4_!PG z)=Ukq>p=dAdf@V@}eW(O3{9&ey)-o zPT74S>=9**sy{r_TMCZrX56Yc-T2(v#dCTQA^>v}mAi^ZByypeE@TyWr^D--kL0U% z-l8t9YOb-nB#YB%SS2%#vg_$ssulNmlfx@agCPD3HL#f^L>oIR3l_J1 z*AIDtcJ`3)H<2Gc^=39P^v~i~n1HU>r{T}tlpud?M@W68_h?Jzt#Dm{nhrMDVUUQ? zPS%+#2$i1y5enj+SO2|tKBgf9dnp~*q7lBp<2E_lt=`R<^Ec?Q2}rZ%NEw`h$%PsY zVF1z%FdTB+<$KfNpb-`AwyTLIt{o9tM}eG%uea^K&xtDdM%OpsVuraNxWMY`tGeLt z_Hat0DhMUxkZ5>{7FR0+s2vPwzk|-`!gws+^Z0%mg#BIBun{1@tN#O;bknucjV*<( zGpm5Oi>Zk>wtd1hiR;Q*lhZjLVJ9}Tcc}ZSiNV-*qj1?r_T|XNqwJ;5wK9rOMO<$4J)svckhjd#RtF96>RWi z>b)_j?$ya^{9K!`1#n{6yxTl1aPsU}IEpH~S!e}a+ZyAU_pknd~tR+=bv!s z=dU-i-S6faB-&fgq<$1kUqjU;4(E3tzs+GMOm&{;#p&u49iuArtPpgn7%i$4@Hs{Q zC?SVYM}|A02e8t3kv-nmZWG(iSRr@^8NTB&)SuTNAU#y^I!!R2v@3+y>OuPSl0Wyke5c}tLf~t)_g{rsL9$#nTa`%64Ioy-3 zIhmTVb$jv8qf~?&gTO`g+_184HSy)6dS!I?)a zsLo%!nCWx7DPYAjQv|bG$E(PAp$^kqaldb_YE{S;o<5&2L%$E;08-zEV>r2<3)0IG zX$I{RmxbMQ&4oscG;(xf_j!3sc&xb7uVkiI`nL-i(;izyEeV2~%FgvKTe|FZQ~IaC zhNx+f+dFFj2JtIbU_epHI%d*ZJzTy^Yj-Q6#@$VW&Xy|sbZV;jMyP{)B0QVNtLm== z@f)m1#`{jaQ9U7U- zmTy}r<^{>G)ehWAQ?MYDpCB;RESreJc>dywhDYG>KuGc_2f%Ccwg;JalL~rRb%&CB z$$g)){(PCBv@E4FFcz;|3FkE|b{kenHM~Y;q!` zBSqf-P7Lw$DqZ!s{{2xUviI;ebbW8YN%baaxr%X$+R~h7#9KHv;^1e4?u$2?eb1_q8e`5R9n;%k*4sRD5E)GNJT68;Zlinb!_yM? zKwIa<#=ZAWFY7iXCcI136DhzD#GX6qn+sqd{lt|u;JSFYi9Vs`fhwt{e-~+AmtTtW zfMGr*BL_b_K6qAtN(xtH@1j|>Xm2HHK$Q6y;cjI)rm9R|LsX)_C;?UB`)G5ons_Vo zzZe}REBRgui%4U#<8}F5YDn!Tn&hZORZXc=c&y- z&U@G}`DU$g)hwE0MZMtyTFgUq>!zCY+00PmVVc`)G4*|h?`ioNrC8=io4CkX6!?}T z2nEF$^1hw=_gqGlUfz?5f}aCDF08ny`oFxAM{yab4KEUWC4Pg=AI!~+y~Jaqp0za@ z#IE|B=F7yEc%|3KGOT>RbZ`G{il$C1AY|&ux{60R#$N7{#=;E2&Kmnr)j;t%5oR`D z)EfUfx!X%pg;>%Na|)(Gcg@+ks=xS^qK<}M66sY60X=CLdyOop>CBZ0n47kjGkzMc zE=iq`EY=z{4dX;^Bp|7PkA#UonY<;I3FR<-g}^o2RLG?VC7%8D_%3(%k7z$2PNC&+ z*`7TbvQGQr%Go{#F|4E1BT)4AbWwUwG!iFvv9zE&r$A8^uQZQ-p)4+QVLC!wgRY|{ z_)_#2e!|_#5aO8NYrfXM)?B6$*!n|Uekh-v4Mu z;T((TVKROmsLyJ)sX}<369JNP`pzud? zowJsGbzA2T$`Ww)Qq-#kZGZgYuOd6f93lx-yOI#hpjy*N0Tlh7cR$7vYczg#Akao3 zyg8f_eb~zo(anI>c-`CV$w_&0A-=25SfZGh@;M8_8&-=spo(Rku}tT%+MK1WOHr(3 zHHc%vlWiPu>>k+C(^>s8g0W?AH^2N5eamP#ykBLn=G(k_;NDS%kvz&t=IW*Rll~?? zWspdNvWMxE`1G}KOs@DxOW>cbEr#zAG?GMD7f|^c)rTBJnm%}-LOA^bUR#c~8EnT` zPg)tF*{2zYsVAo!anFtr24hKAH6JzYjsRbJ zexmcjzwtFLPpjx39teXl!Y9j^*m#+Vdq1BPtCW{oDaXdcs-U6{9dtW!gE(%G)sSsQ zEOj@7$T>B~_e3QWXQ{m!f|t_~hNPUzX*NwGJ?=JmMVS%uewdfCqXq}1n! z1DR}d!BH=+Vn&h5%g0n!J5`sn^L3&jiI@+)zFA?Rry6^UPbbfum~~Of&-VUmxDd-7hfG_-E<$@eVNioeDN28h?zs; zwTOASjuwpOTSIB@_MiN9?~JxOA3b$4iP8o*ylWVtU8{1v^kd)r{kHACcN*d2Q~bL! z_KAEy(l%er_N~8RIIfda`@`BZ8UBXJ2$^XKKs5>$C(brD?sAAUoO4&`35^5nSHk5*x-!yAZ z6=6Z=S&Z?)*F3|i)Rx?T*mB#k`Yc}SoRXaP@p@cRmQm=)?&h%%X%Bri!)BAF#F3mc zg}M4;penvl{bzcoY=Kz1*oS!T+)#+LICCtU87SK+k>zi(?ykl6MQIlg%nRdt#2W4G za148VYbyNW-==VVS2V4hObeTdC6e&23|0<2abMim%8yRuJ1Gy&9!uCO&%HVk$L3$l zG1O)6QUU5YgrH*cNIXI;74Dq+)tCM_s{XBZnO>PJ(VxAfYMJ|GOIrhNn5*etix;9A z9>r6I()hg!=oAjJM~D-fkEZn#j6P^wNj1f0kVZn$>bvE&l9P!par%Y%%nr_N_%gS@ z3e!{$?u+m>r=6p@PjnxB%dELXp|@CCN@MIr8e*w-4cc42BCaQuANeLKaSL$Amo3Fb zj=h#_3*7iguA)>DN*c!P1$aZa#!V)5o-P^%o_D>?mS0ZTQqv72=ecn&4ja7l!d|T$ z^HUvpoYAdNZx8}O zBV)W+_F)7`7Z#n}I(S)!BU|MQDW_}B>Q3lGk#F<45TzM^QCAGX}MWJZ6= z*v+W>z94!9`SR^dK#FSQ%u0qfAM8d5snZE*;i z-!8|FZ)1S;RM`Vki!XOT&*1uD2)N4Gm$MX-;+ZS)^F1fsVuMTM?`e{HYWm<>kqgJo zYOD5_mYQ(^-6uA3mIQ}{P=ok@kk-p_;Azw&;J$I%hhBZzDi^eb@|9Rmiuw`?|33A; zJ305NN)l~t`OvuD{jIztWy2?A8Vs5xRZlrT@wyFW^8v)?7XF82SkN)r;hN8gKL0Gb z+e3^CIG13HLq^pxo~lP=UY9U9n7r4JLHKrC_lN;ecotMBvor~Z^CN3Z?!%ow&O8Q4 zH@_khtfzD+HBEX(P#@Pe$&$ika^^B*B}?Dg<%*ouK4lV$b}i>t0%@DYPm`-ou#MC9 z+b{PciHO4(X(<}4)J&3 zw!Hx|?#e;@3scw2lt>63-dTP9 zCpQW_Z!R{7ZS;22UplRC&QIIHq>}TrlIxdQ08b!RKzUZ*@6^(K2NJ}7PMr`pcm2D%3-@-TKEL8Pm#;V2@@e(Mb|Zf8m2c_N zF$Q#p?BA7Y07UHFeiQnJ5hx06w;|&LnpPaS*D0&{9vQej!GN>LjQ%0D^b~?a_fxs{ zi*gy#0lB!8rB}X6-b7m0l~`60Mb&AcqqKik;HFM;pPLi8-*Jv@zU`6{PRcpN zz665-ZSz;5J=WHNWNxA}G8*1=%#>rWU~zbl*81O^2&($Ozgv62j`N;GY1cHK>MF#i z6*~t0YJ;zs@$JBlFSmAMVW0a<9LHIbn;&^&Z%hVcLVL zepW+`7}wYcZ@5Z-d7E~E77fsqT4pIqL}~D&z`#~mJTrl_!E2MyUk|yVwasZ7B8&89 zR%TE@eiQ@mD$Rz%4YB|NXL84OFbC@cRlozHaU)zZijB1cFcJnmP6d~>heR%K{mmu5 zA4=jYDzuf*X!<*iZiHC4V8mgCEW`cKkJb78Xnih>b<0|(Ff$@2y{l#PV_HX&^4n6K zgYMG>NK5KIRqk>sgs8vC1d60MD9oIHQA9;fggnE?1@N1iL{i{QWvbC~yA9Lp2i7AU zEqiOaW#PU7Rq?=@okGw{0c2`qvm)-y(CGE{!O^K*Kb?COujL3E3`oTV>cXxCTPwfi ziv2mL81`9Gd(9{-XraDdkpd8Sd4(4u-}DKbwzw|u`bX{8j!|#MblJy93@iOW=a3%Nt0Nfjb>?4+u%#eI zG-gDS#DufzHkDr?c;htOo6vskfgUs}-6$i19WD>>Sesn^D~;MdOhqxiY04PNGIw^_ zGfp!rxH>}W5#iZ>GGF}CfH-06u|*cR!1UHt>&5Ea7->?5xwx4omr7yW6I8SwnO&Q? znGIQGv!z&rAEAt~?3IF$g|PE>%uxriTI?o9$mZ#*D>6J!beZrUTgFUmCN@v%B+C?A z@os2*Pk~|BjhlaIx!Zx_NO3EJRwE-6SB!xu3-s3n{Mvp%Gg}gSw}YqS7j1G2h7~hA zY?Yj>Cl8Wl9X3;uTma$XbW1|S!GI*(^1V5|h%kLdtxCA%g~ann2+%fL+2nkQBFsqZ zMLjspYOta8qe)v{%RCV8t|Wk<#M3(x=wg+$7X3L^8bI?SgGV6!z&e>g&S_X`wuI9O z@VAt6{JwM{YXdI$&(s#U)?)e?;gXXLu3$A+2MFB=d?&*GY|9 zF>Y|`p8ow7fh?0218yOsFVqW3Z+Br;(YZ^xRCpLNIFul5FW!DdV0z)Uvd;N30le1M z7^<<6A=Q}7r!!;)u4}5VG6$4A(PSK^{K#ON+jBqJ><2Jme9Iah(xs@z@l0w-zJg@>nicn{2LQoM5jmdERNmh1crgEcWlw z^E5pQLpa3_<42r%q$b%E&aS=;d>@*}4&P%>E}3O3Q}7`_Y)i1J4Iv^=UpQkon2C_VQ6%i2tC)T(oI zINDXSQCik26e!QjL#LSMnS{g}Igmu`5T(c_LxN6oXA8x`Wj z@kcF6ehEN>T?OhCGiyY5h8lZNv0j z5)rO+_gs_wRZs1WrJZ3IEZ_KJxY$JGSFOgN^AVTyBb^TX9!}0X-G;bWu(i`D7+>@3E5(=9qmL_83kH_9*H{BW*nrHm-Wb zb!V!nsF^Pb<|;=%uRlpIU(tC7q}?Xh`O7v51G98)dQ+d@uvJj|F6=8M(W=1%W&3M; zBa?rPx*K4LQULvJ@2mb+bd}$h*OrlTEOwE7qrsq-boqlozF;W_Ym6L#@_MoODp$oF z|9ro8DK^1wp&GgyysSB*5-%+*?-vJQVs213JtMf;7-L^LKfrwN8&gR`8YDmSZk!i| z45wzNDZ0F15o7gUsq6U1EZ$QNnKQs3wuPHEeJz4M|G!@v}Pml6s{Dc#T1Sqw5YcxMqm@v&f;aou@VPoSc;ET7BZOvp>GR zDh9%c3!aGTy*jMpBoEc!++zXGNK$R*mX!}2xwK50L0)RLQ;AOpPU#1dI1O34#hvwg z?RqZ{P6X*T&iBRxIUsz~2i2_ZUQhY$4pN^bZn6u9{tCbUCT~1aqt%ANGfzIh#84z8 z7#Q4_ypgdpH#c?skD$?2?u*T2_|;X@_{ks@4`vy_t%PWq;Hs{rg<7y7oDpP9X7GJ2 zo-yCK>2njjK7bZu;@173>kv?;xDHpfwFn#4*Fd**{_*o@rN%@r|D8;QPG$Q!42h3< zV6XLV7^sl-z@WvV*RL{F$%g9<1;~Krm;33`#JX_4MWO+$>CFPtoB_ zOSXT9OSCO2B54_rVGk|D|I}w}zoJ3?u--$8=}B9omD{@i{l>XwcyaIelK(pC`fBCX zYRK$)Iq#@ND>*4eEzKu%)n5)B@iZB*l~`5$l09kANP8- zzCk9r0b`FcEIoJl@?i(3H&E^}$t;D>in|CzJ+7S_N`6XaVcgo+X`zj=HOzHMLc+5B zu;+Qii3sRl(l*IhHpb_h$zmT?_`Rm2z@+_RM=@)_I)lpb1G5NukAgNwgwH?GOg{JJ zm0j)f^S><5Fxcn_m)hIh`;|7R2E3yQ&C?-mf<{Z;=@_mlUjuzGIf<4cRcy@ zW$utpPr~X!<;xT0C&?e#FxPWENKc>4b#rTO3A`$qpXI;_ed=6Hg(p*bQryuuq(jSe zI1-DenZx0qKlvay%l-jK+&)TTLr@M+J0K{TIscqP6cpz%l^XF0r(LQEF2Y4`(CB4h z(5SVbQ(Dgy;ybkUscq&v+nC{Kg* zl#@I5)+mt>|C^@Xd$A7RrCNmR6-#UCxA_F6(1muCFFv?AKGFx&tXIUAC0{hYSa!V# zKV&o7O{oHre$2Hw2~!G3PiNkap+gxlX}!+K9pim&46k`)Pv=+{#DEJU)i6zN56un3 zu&{_@_29wPc!#O;$4wfY<#5Q@zYm{UT_HT5nEBM9%T3hCM`X>x zpgSpwbUKc@J-qLhKavv4u@x8M&~hDz=EDn75u3(%w2%eDES5?rgiU2*)66e5rp$Dp z()q3smd#}pFLt%BV*f=da7`r9FpZcH6`-MFQC1+iq^y{`vkrxL8{e9fIj%;7q#W5` z1Fc3#b%=P)v2J7#vLQ9X8%Lh;0z)~K+wjS<%(sY*M_87wE?5JATjU{9-}U55t~CGE z>HJB98%m{-gdiZuc`f1Lcf4eHDIwb4N=0O|e>Bw5DNuW=K~^`3=9gG84g78#a;#9fz(o^25T9Fu0>k3E(Z8TU1^BLwqpfjb8fwy z;s*z^=zB$igZt366Tz;ud1EW!41<>TIi*yPvWR1ACDPt>m` zCSSK~_phexyL^O*O#a9qM)VXR^U%81=}IL`tnB`$%)fUa4DeH!XUKajlH^lPAf2f` z>aOMQvW&~6Cv}-Uff8mo37&oISh5TbHMgMcuVxaC#fYp3D?m^cU###OrWI7eJ&eWY z0$V|MhgW`2$34EQRmisd2+z)gY^iLVK|Z5_!Vt@?b(9vh6R~pow^a-bnQEoPcE97IpocnRe4|`bLp#H$(lj-R-m>RI zA{E^e{f_46DUOgXR;;XEYn1_+YiL8qko^WaoRiBaD~WcjQ+Em7Tvju4%)TVuT3b8HL#EN9ro&%ZFsi9ZI_A za+mv)?c4eajjd`RCa1W4j|2WIsSO)e=D%CrlN2Z)E-r97_l zmYe#a^mYQki`iJ}%uo4<GnZoHe+e$FPz-+a4dk z<+Bu_h#2M$Lg;VQEZNHu;YkaQ83SPO+(Fwf5MoYV{!V31U5LZzTob?Zn5*&jX$Sr~ zbNaZI=~HIOrpz^q|7^XV?A`2kJ6y5&hobA!8L^_pDFKWys_)NQ-DO@;sO kxc@IL?!Rzz9N_=II^F+cy7~t84GjA0cVSiVKc=hy3x8)4=>Px# literal 0 HcmV?d00001 diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 9a3cf2652..b8c34a84c 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -1,9 +1,9 @@ <# - .SYNOPSIS - A DSC configuration file for domain joining storage account +.SYNOPSIS + A DSC configuration file for domain joining storage account - .DESCRIPTION - This script will be run on a domain joined session host under domain admin credentials. +.DESCRIPTION + This script will be run on a domain joined session host under domain admin credentials. #> param @@ -63,7 +63,7 @@ param [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $StorageAccountFqdn, - + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $DomainAdminUserPassword @@ -129,90 +129,139 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $StorageAccountFqdn, - + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $DomainAdminUserPassword ) - + # Import the module that contains the File resource. + Import-DscResource -ModuleName PsDesiredStateConfiguration - $secStringPassword = ConvertTo-SecureString $DomainAdminUserPassword -AsPlainText -Force - $DomainAdminCred = New-Object System.Management.Automation.PSCredential ($DomainAdminUserName, $secStringPassword) - - $ErrorActionPreference = 'Stop' - - $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) - . (Join-Path $ScriptPath "Logger.ps1") - - Node localhost - { - LocalConfigurationManager { - RebootNodeIfNeeded = $true - ConfigurationMode = "ApplyOnly" - DebugMode = "All" - } - Script DomainJoinStorage { - # TestScript runs first and if it returns false, then SetScript runs - GetScript = { - return @{'Result' = '' } + if ($IdentityServiceProvider -ne 'AAD') { + $secStringPassword = ConvertTo-SecureString $DomainAdminUserPassword -AsPlainText -Force + $DomainAdminCred = New-Object System.Management.Automation.PSCredential ($DomainAdminUserName, $secStringPassword) + + $ErrorActionPreference = 'Stop' + + $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) + . (Join-Path $ScriptPath "Logger.ps1") + + Node localhost + { + LocalConfigurationManager { + RebootNodeIfNeeded = $true + ConfigurationMode = "ApplyOnly" + DebugMode = "All" } - SetScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - try { - Write-Log "DSC DomainJoinStorage SetScript Domain joining storage account $Using:StorageAccountName" - & "$using:ScriptPath\Script-DomainJoinStorage.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn - Write-Log "Successfully domain joined and/or NTFS permission set on Storage account" + Script DomainJoinStorage { + # TestScript runs first and if it returns false, then SetScript runs + GetScript = { + return @{'Result' = '' } } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage SetScript: $ErrMsg", $PSItem.Exception) - } - } - TestScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - - try { - Write-Log "DSC DomainJoinStorage TestScript checking if storage account $Using:StorageAccountName is domain joined." - $ADModule = Get-Module -Name ActiveDirectory - if (-not $ADModule) { - return $False + SetScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + try { + Write-Log "DSC DomainJoinStorage SetScript Domain joining storage account $Using:StorageAccountName" + & "$using:ScriptPath\Script-DomainJoinStorage.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn + + Write-Log "Successfully domain joined and/or NTFS permission set on Storage account" + } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage SetScript: $ErrMsg", $PSItem.Exception) } - else { - Import-Module activedirectory - $IsStorageAccountDomainJoined = Get-ADObject -Filter 'ObjectClass -eq "Computer"' | Where-Object { $_.Name -eq $Using:StorageAccountName } - if ($IsStorageAccountDomainJoined) { - Write-Log "Storage account $Using:StorageAccountName is already domain joined." - return $True + } + TestScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + + try { + Write-Log "DSC DomainJoinStorage TestScript checking if storage account $Using:StorageAccountName is domain joined." + $ADModule = Get-Module -Name ActiveDirectory + if (-not $ADModule) { + return $False } else { - Write-Log "Storage account $Using:StorageAccount is not domain joined." - return $False + Import-Module activedirectory + $IsStorageAccountDomainJoined = Get-ADObject -Filter 'ObjectClass -eq "Computer"' | Where-Object { $_.Name -eq $Using:StorageAccountName } + if ($IsStorageAccountDomainJoined) { + Write-Log "Storage account $Using:StorageAccountName is already domain joined." + return $True + } + else { + Write-Log "Storage account $Using:StorageAccount is not domain joined." + return $False + } } } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage TestScript: $ErrMsg", $PSItem.Exception) + } } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage TestScript: $ErrMsg", $PSItem.Exception) - } + PsDscRunAsCredential = $DomainAdminCred } - PsDscRunAsCredential = $DomainAdminCred } } -} - -$config = @{ - AllNodes = @( - @{ - NodeName = 'localhost'; - PSDscAllowPlainTextPassword = $true - PsDscAllowDomainUser = $true + else { + $ErrorActionPreference = 'Stop' + + $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) + . (Join-Path $ScriptPath "Logger.ps1") + + Node localhost + { + LocalConfigurationManager { + RebootNodeIfNeeded = $true + ConfigurationMode = "ApplyOnly" + DebugMode = "All" + } + Script AAD-NTFS-Permissions { + GetScript = { + return @{'Result' = '' } + } + SetScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + try { + Write-Log "AAD setting NTFS permissions on $Using:StorageAccountName" + & "$using:ScriptPath\Script-AadNtfsSetup.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn + Write-Log "Successfully applied NTFS permissions on Storage account" + } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC AAD NTFS SetScript: $ErrMsg", $PSItem.Exception) + } + } + TestScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + try { + Write-Log "AAD NTFS permissions on $Using:StorageAccountName configured." + } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC AAD NTFS SetScript: $ErrMsg", $PSItem.Exception) + } + } + } } - ) -} + + + } + + $config = @{ + AllNodes = @( + @{ + NodeName = 'localhost'; + PSDscAllowPlainTextPassword = $true + PsDscAllowDomainUser = $true + } + ) + } -DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalName $SecurityPrincipalName -StoragePurpose $StoragePurpose -StorageAccountFqdn $StorageAccountFqdn -Verbose; \ No newline at end of file + DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalName $SecurityPrincipalName -StoragePurpose $StoragePurpose -StorageAccountFqdn $StorageAccountFqdn -Verbose; \ No newline at end of file diff --git a/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 b/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 new file mode 100644 index 000000000..cb3a961e4 --- /dev/null +++ b/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 @@ -0,0 +1,110 @@ +<# + .SYNOPSIS + Domain Join Storage Account + + .DESCRIPTION + In case of AD_DS scenario, domain join storage account as a machine on the domain. +#> +param( + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StorageAccountName, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StorageAccountRG, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $ClientId, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $SubscriptionId, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $ShareName, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StoragePurpose, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StorageAccountFqdn +) + +$ErrorActionPreference = "Stop" + +. (Join-Path $ScriptPath "Logger.ps1") + +Write-Log "Turning off Windows firewall. " +Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False + +Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force +Install-Module -Name PowershellGet -MinimumVersion 2.2.4.1 -Force +Install-Module -Name Az.Accounts -Force +Install-Module -Name Az.Storage -Force +Install-Module -Name Az.Network -Force +Install-Module -Name Az.Resources -Force + +Write-Log "Connecting to managed identity account" +Connect-AzAccount -Identity -AccountId $ClientId + +Write-Log "Setting Azure subscription to $SubscriptionId" +Select-AzSubscription -SubscriptionId $SubscriptionId + +if ($StoragePurpose -eq 'fslogix') { + $DriveLetter = 'Y' +} +if ($StoragePurpose -eq 'msix') { + $DriveLetter = 'X' +} +Write-Log "Mounting $StoragePurpose storage account on Drive $DriveLetter" + +$FileShareLocation = '\\' + $StorageAccountFqdn + '\' + $ShareName +$connectTestResult = Test-NetConnection -ComputerName $StorageAccountFqdn -Port 445 + +Write-Log "Test connection access to port 445 for $StorageAccountFqdn was $connectTestResult" + +Try { + Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" + if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { + $UserStorage = "/user:Azure\$StorageAccountName" + Write-Log "User storage: $UserStorage" + $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object { $_.KeyName -eq "key1" } + Write-Log "File Share location: $FileShareLocation" + net use ${DriveLetter}: $FileShareLocation $UserStorage $StorageKey.Value + #$StorageKey1 = ConvertTo-SecureString $StorageKey.value -AsPlainText -Force + #$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ("Azure\stfsly206dorg", $StorageKey1) + #New-PSDrive -Name $DriveLetter -PSProvider FileSystem -Root $FileShareLocation -Credential $credential + } + else { + Write-Log "Drive $DriveLetter already mounted." + } +} +Catch { + Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" + Write-Log -Err $_.Exception.Message + Throw $_ +} + +Try { + Write-Log "setting up NTFS permission for FSLogix" + icacls ${DriveLetter}: /remove "BUILTIN\Administrators" + icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)" + icacls ${DriveLetter}: /remove "Authenticated Users" + icacls ${DriveLetter}: /remove "Builtin\Users" + Write-Log "ACLs set" + + Write-Log "Unmounting drive" + # Remove-PSDrive -Name $DriveLetter -Force + net use ${DriveLetter} /delete + Write-Log "Drive unmounted" +} +Catch { + Write-Log -Err "Error while setting up NTFS permission for FSLogix" + Write-Log -Err $_.Exception.Message + Throw $_ +} diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index cbfefdd5b..1f22afba0 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -63,13 +63,11 @@ $ErrorActionPreference = "Stop" . (Join-Path $ScriptPath "Logger.ps1") -if($IdentityServiceProvider -ne 'AAD') -{ - Write-Log "Forcing group policy updates" - gpupdate /force - Write-Log "Waiting for domain policies to be applied (1 minute)" - Start-Sleep -Seconds 60 -} +Write-Log "Forcing group policy updates" +gpupdate /force + +Write-Log "Waiting for domain policies to be applied (1 minute)" +Start-Sleep -Seconds 60 Write-Log "Turning off Windows firewall. " Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False @@ -171,14 +169,10 @@ Try { icacls ${DriveLetter}: /remove "Builtin\Users" Write-Log "ACLs set" # AVD group permissions - if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { - Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" - } - else { - $Group = $DomainName + '\' + $SecurityPrincipalName - icacls ${DriveLetter}: /grant "${Group}:(M)" - Write-Log "AD group $Group ACLs set" - } + Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" + $Group = $DomainName + '\' + $SecurityPrincipalName + icacls ${DriveLetter}: /grant "${Group}:(M)" + Write-Log "AD group $Group ACLs set" Write-Log "Unmounting drive" # Remove-PSDrive -Name $DriveLetter -Force From 9be2abd577aa547fb7beabbf61b193837c5380e0 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 30 Oct 2023 16:45:32 -0500 Subject: [PATCH 011/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 84173 -> 84180 bytes .../DSCStorageScripts/Configuration.ps1 | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 5926893e558b54f16fd3d1d5b1e8d684974b729f..4a64e246bc37b8abf3ad896baafdf1d8a87ec16d 100644 GIT binary patch delta 1863 zcmV-N2e|mnkpv!Ls z{+Y5V+u6#Zz&>lk$`_Ei|8&DzKVE4 z7E#Q|f(sJzl^-SK1CNp@xg%0>;omXh2LVqL)oy{b@ufGqnYi=GY?=$4FC$50AfmM* z4^bSGTSi2h5RmKZ0$E5TlM?kUxl|-gLRM+?!xj7t1PfWBB0rYHcI)gHRJitqziPMo zs47?Z&cz|7nCQRqlhA*MO>W2q=_--3!TW;ejUPua#im?M(>R`q%hg(K`qjKt0xWz_ zx?XOhlbbjN!Ou{wZACZNw$v8=#x0Fp zN;;OoO)*92t4sv?mAG=uWCR_Ur(n-Dj4dTZ3({}OS%iNkjPx95+#8U`t$|(10xz?% zv!*Yg39}wzDH-?!x`=kiH;;?m1gSKh}+Xwkm_CRO1A6TG>w~>mi zhHy}DqL|}`P6`=5Gi&I2qpITs%S_Q`FkqkuL-$e$E}Q`6xq>a2U}e7J^@_vh!=OpU?+0mc*R?ss8-e6@lY!!?7gq#@~Jy+bomy4cQ3 zes{;ja4mo8)V4Y0AtNyl{1|)h?YMSQNH3A2cJ#U9#4aP!4ZGzK*&uncm@@EVSl)tt z-nvZO4DfcG^*Y|nl6ceEUomF4>0QoQ60V5j4yk`Lf7b0p%Kf3$g~fd~*>FbYOsZmq zNa6l0A|Vw4pJTK~FvwIYa2%oG8D6i1cuZfiFZH^b*XY8eA1T*BUOe{TUZ%0?Vf6IS zu3b*UkoP22^}tCbMD=-d_?RRp$aM|Ek=_FSF$!Wx2cMbt&tSXX@xiwy(tVxpZm*&? z#7cijKakFzQNQPZ(!H%@Rua0epjq`U_szAL7shG5(5d+9qqM9}%K7RuH5L<<7~>?Z z%JPb@8lc-Ux}4NTXj4)zSQ~S`v5YKNnJ1}UV^?B;l%DLiG>HDJk*ztThx^qGZ z-sUsHncd8xlNQNd8U#$r1z`AQ=S36p#E*Ymkm>x&BWosBQU1UwnZozaGU$t#ZirmN ztwsub6)X?kHH4m5@(z=(>rDVl$lnC85wMNEjARLvFgQyU%^~a*b18@|WjFJyrQi?b zT>-C`p8}S}G{9KG9{L@R!-+A3M#2M#Rm5fR+L4@aUh3^UD{b0}Zb(R{rAaNzZ|Q#v zrAa%9QrmH`WWk@9BLR_4PLm{(^;jJqNSs|~oL7S269BKGEF?4&gvHH0t4fn*DOeuT zgsZK%!66qQ71-CkLUe6rZMY&x3>F^KQdGW$Reokqc-$VO?nKsoyFIC_-a&6U(Qe?(v#j(0?m&F^TW;Q0asFa{&Qp1sM8VqPYDC0r&@^CVMzaL%Z@}g(gD*NrvCSk zvCWS5FasK5XqD5%ky@8{vDa_b7iw~fKZ{?x0s6gh{016F{bK>Pjx(lM&QX82D(9rh z2(8Dn-r0SjLd7KE^fCn;gLSRKLS(1jm00Y4>4wem!>L+Ga6`KO)_b)BeV2`{rOBO5 zJ&O<5C4yUKI=1gUiUDvi)-z{)-PYurx#v&1-_<`8H5W$T!^cYae8wN!A#JvV@al22 zn;#N*@`dJaKt+UMiNpQ6>=%EAV?o~R#0><72K3KL zuxwFYbm6mnIcHp?xnQv40mJ_ZKu*`oi?Of#%27tJISpox1I#Y8XaLgiWOveI-BX|G zPI{m-Kh2eoa)$3rj9=UBaaM=l{H@OxaF0HVHa&>$fbS`=YZ#+%n79Rn1<(Hhw>38b zh!75)g1%R{xMKFJ^gkD#2rIA<51^@s?DgXcx0000(Z*FF3XLWL6bZKvH zE^u=(?OJVb+cpsXZovP6aE#doN)P**E<*)72|Tp65IHS|t{4=Fj@8McOHxU_tp9y? zdNUZVjE^rZd}_IPDgJW|6ToA|8K_7QuZiTov$$ zEP{}c1sBBUD>sP9M;=5$bWfz>!o6q2^*kO&s@(!@<4b3BGqLBB*)&x+Uj~v$PXud4 z9)mC>cZ`TQBB0mR6*8YlCMDWia;Zoh`K++$`YZVK1oK&>0ymVycI)gHG`Mz!yK1-k zXeu@M-o`GbnCQQ8Bj108MQ+Fi=_(Pk!G}!dts4d~#HL(L<1n0w%hg(K`o*|Z0zCXc zx=!k&mAW_u#V^oo(}r%Yn=-R>1#8faak60z8W_cpcB@%zyK32xiAj=WYU42R5O~ZM z{2_p3Y{;7RS1i~l>EhoN9k0KniiQkZsQ5b)K2S=!1z(GD)f7fAN zEMRwR_~`{}H*7H3X15J0&rZA@i#3-`8A;Ehh4u4RGSR#{SpmEHpkQa*Cw zw_5|W*KUnU;FU`M3J7xrFqV|RcIzqCnSlp>)d1w!6(6(eeIY9C#kVr50ZW4>cR;2& zTL!>s&X^H=nlpcQ2#A`qydRXBvs(jD%^BPQt9_^1HiSssXg- z4DJKB=B(}ky5@}5f*y(ua{FgwvRZSYh*~nT;(iPlH??#XUg#9em&pJEArVaSSa@uh z&rN62vGi`TAwu6IDlo3ZmSZLZxPdte)?C8aTtl!R{kngeMQFrG&$7n70eRXw*p*Zk*tmDccMV4D@8^UJAj5<)J=Xumuw=g1}yo9%RwF zR}yuS!iRs*0^{#xy0U-|*U1e@~2K|nN#jF5^~QC@$S9t*LDiqYm_K$eHu7X6~uPK?l@#NXr3&l4C3hL zr(jpMtP>XlvK?!^4mYzX+;nzljM-g$pGxKpXM}%Yhm?iC=zd~L^z%%I3sf= zRW?J!aDEnnkcvReG1~*^WGWWekI?V}k5@z-rcc?`dR>fb?ZRXqTWW#4dg{Tsj6>DK z?CGIjRY^mabCRiY;=~fN`n*1UOd1r_x*Fx!-U0qG3Tj9PA2aRl!FIjlz0aCR_cmSK z4x@iIM&wDF7 zgy3!7BOIw#4!voa?8KhOq+9@oZz@kTp-zAN$OW0suN<;wVilwhI3-i~{4-DbET?NS z*Kn$_d9L!7`_39d&l`DBQc7(yfA9^@+GGDPh_O*qf(c3$K@ZB^G4q~pq@R^@-U z?JJeZW(uXYVsFX3Ke0vvA{|{ONg&I)I^0t@yVf{mf)En`uZ$KFnkYhY^S}yfQm+N+ zA&t1&svGPJ0k#bLx>ty<^`bRL1RH~ihpc4GH}lF({P7R_gRMJ}<=Ad_D&adAEo+>S zO$x*tt_7r*{vL(E7zt&cNC$Y_I);CtP7luGyCty1oS;6D?jOUnz=2@>cJ2uQwv?Lh zS?j^Az@`_yQxeS$1#|t)@d=l=eE;W0)~L4w{vVSD*iQ8jy~C9L*Pb27Y;1d6s~P&= zL&ml`HisE-A%?4R99dGkC0^{@H_H<>J=xdnPc=cGFOJ{A#Zmv6fvshYDbjyAY8P}) znw-$?c#Yrez7kO}X*iyyKwyy9DkLHmzAKUJe(ejJ<@!^#kPwD={d`w@zN;ORqotdg z3q>M;+G0x9=bM=UX7Pk4!TPorvhSw4omAC|f1#?UgU{*HNcw!ik8PJWniH4ek#INN zB#7iIE#ANdkbFq&?w57HGHibf$|gH*Xn^MhIqJRKoohS5A;BJhEM8z}??GxfPeMGC zNom=~ml64xagr8-K_vo)|BisFu9K> diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index b8c34a84c..468d195de 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -228,7 +228,7 @@ Configuration DomainJoinFileShare . (Join-Path $using:ScriptPath "Logger.ps1") try { Write-Log "AAD setting NTFS permissions on $Using:StorageAccountName" - & "$using:ScriptPath\Script-AadNtfsSetup.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn + & "$using:ScriptPath\Script-AadNtfsSetup.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -ShareName $Using:ShareName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn Write-Log "Successfully applied NTFS permissions on Storage account" } catch { From ac436eb641462f1ae3be386a2efcf23e74517457 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:15:24 -0500 Subject: [PATCH 012/117] updates --- workload/bicep/deploy-baseline.bicep | 4 ++-- workload/scripts/DSCStorageScripts.zip | Bin 84180 -> 84181 bytes .../DSCStorageScripts/Configuration.ps1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index e8c50ce12..e8f59b0d4 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -753,7 +753,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 4a64e246bc37b8abf3ad896baafdf1d8a87ec16d..abc3f1ac60daa4944ff44de6583c6a37fa033a56 100644 GIT binary patch delta 178 zcmcaIk@f0C)`l&Nt_HlfC&q=p4~&^~nT>%VaC?ve<5ae=fXW3DCVv()sFd#AC-M8# zdYe?2*_R8RSsZ$k)ZM1Qn_s5B_nPh3x$l;UTYbJA^HVGR$E71b_TH6CFa32k{&$Yx z_ZPb}E_c7+`!%m=cbnm_w$A8?4}avh+n6(U2%uUx{h~W#0Hf`6B@ae(<`hfD=?#{Q Z64OgO7_}JZPM`0=sLxj7&d9*P003hYP7nY9 delta 177 zcmcaQk@d<%)`l&Nt_HkwTjRnPJlC_m#Kyo7usz6taVlHrhR2MD|8qL{T|eEuas8iD zfo>ZtdDHrs&**K*V7T-lrTkLz-Qf8z{i+ri+n=4o&9Pc-Qb=b3?Yo;`|vqT3OHkXWVXU&e$P Date: Mon, 30 Oct 2023 18:44:32 -0500 Subject: [PATCH 013/117] Add local test ignores --- .gitignore | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 8dd22420f..2d42a350b 100644 --- a/.gitignore +++ b/.gitignore @@ -55,4 +55,8 @@ Deploy-Baseline.ps1 workload/bicep/parameters/deploy-baseline-parameters-MSA.json # local test files -localTest \ No newline at end of file +localTest + +# Ignore files that might be used for local testing +/workload/bicep/*.json +/workload/bicep/*.bicepparam From 014b900cbe631130f27338b731958decfa1ae00b Mon Sep 17 00:00:00 2001 From: Sven Aelterman <17446043+SvenAelterman@users.noreply.github.com> Date: Mon, 30 Oct 2023 20:19:29 -0500 Subject: [PATCH 014/117] Update casing in file name --- ...{script-domainjoinstorage.ps1 => Script-DomainJoinStorage.ps1} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename workload/scripts/DSCStorageScripts/{script-domainjoinstorage.ps1 => Script-DomainJoinStorage.ps1} (100%) diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 similarity index 100% rename from workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 rename to workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 From 17a183d184b62d3d10f36c21549eb531a47e6fa3 Mon Sep 17 00:00:00 2001 From: Sven Aelterman <17446043+SvenAelterman@users.noreply.github.com> Date: Mon, 30 Oct 2023 20:22:33 -0500 Subject: [PATCH 015/117] Disable deleting drive mapping. Update zip. --- workload/scripts/DSCStorageScripts.zip | Bin 82678 -> 82703 bytes .../Script-DomainJoinStorage.ps1 | 3 ++- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index da77018698fd4c91f7e22a6d759c4d42fdfc738b..031ee38067c523f6c33853b2aac78aa7d4dc6fc8 100644 GIT binary patch delta 2414 zcmV-!36b{pg$0j>1%R{x+&E);qFz@HU&`g@2mk`~VP|D7aC0%`S#59I$PxbR0QnCCTBzjKWMU%;il8aLN^(wjwk4QK(ra@# ztjU$M7mCa5l9uJv|Gk$#IRO`cUv{5A+XRI#wbtgv{jV&q0C8Hji~e7KEsO{F63K(n?Es8&}RHrk+VS% zTtgw@9O*gFk!KR<9l%m#Wx@9lG%A=X{3zu-2Ok+jW{HM3FA2N>KP^>8@NzbTPa;d? zO2bSjzG7(_00HsBKjp=ddxz0K6DbG3da!}J50mm7wZeauxFBQvVaCo=RO^W7jiin; zT_6JbF8)H{)`O^0r*GOITgx@OiI$j zY@Wy!ZdmX%Z3j6FUIq6+gjazJI(_fLs>t5A4*j;0>dU?B&bXE(uDFr>{F#_R?|ak( zKK}~ca4?9vd+-h8yLO;X2Ayemb%ZCRe^{R@k-*Xj#S`6s>9`O75c#o;8HGCrIeO0T zFGQM*3cdsv;giV5_?eXGSKNgO2wnsDkHM9oZvkW@V7vJByzzAm^86rs(cfm?i@g9Y@yOMunQ(q$`tCT!hz|$Fl$_!r2~UKl_2c7 zf++UkEDEQ<63lji#KuSza)C@WEU^j_C%DxJeXl)Fp31qZ1C?G8?|CT61K^!$Rs>tv!65RF2T?Gk1MoJR zDPXv&AU$$~9}axOR1sNCDbs2%Gx*8IQPyJck?SwFzNNie-)^LwQ~J7kpY^$@ATwZ_xQQu*r%GTUv3rc5b~>73bv| zLsjfqjTLRsm>n!toF(h}M8cE6cujG1YGxgAy;acqGRshX6Mz!aC`04~giGT}D8jgf zet6{sgI^^(`0mvxxoP6J1 zo7)<;Y3*A}-K*(3=g_Uf+P&<8KUQ;=i7Qh{So$Fo#XwLAnwJ7eD6#0aTgJthx+`*j zpgfHQ^zVh$$4C_=52V$W1Y~)_OMUfn!toKND&H^}+T35Kjr8u`(^b z6Hum%>>~XwB{oyxO>ZR?4nztAk;DUk&QXPusbgg)$PL1l1ZO&xb8+c-urt7Mh#zCE zK(c-Z-JiQg)OU9;^>?@a-EOTh{0W&y+`bL9?GY?A1`O($W}fX(Yh`X^YLh_s^XD%7 zscja=w_W$Gy2U|^*jCahc2O9oh<=2kcwas z-yks)4|J%x+hE4yHpmsza9crR`xJYtt(v*`@ywiLCc+ zd)GKuzjoyS5lYO8bd5ekB}%^MYH8<##-7n>@(#QgCH{VE8jsH{ig{c87VWMKc?)$g zv$8_?iPMFOQFxnw=+na}=pOEW*=ubw5#ACHHKbqo`oJ@-W!(k}Q!p_HsS8vz(rzpTx(h!-nvnmLvt+$mpGuJDORjUS@5#t}R?F}*9@PX$=YkoL@f2tA4VHvl+n z&r4cyjAR8p&&Grww76E^GIO65IJq`+l`;oBlRh-rVt6d8GUXqoU5hK=I)7j=_op;l3<7-W-*TG z+oAbF*}CKX?ZfDJIy(K_EI@bdoGX^mni2Nonki%mpEC9?DJ+r%`IX7SOfZoUhhKqaZufWZrr1P9apyhpN1`onanu0 z6~ym%PeI|JdwbXnE1|^3x!sTef|Z(1>_o&$YB?)lh=rZOXmbIhxjn#z)P>#$V+$Q- z1JD`QjPj0QNV=T9xzw)}&NfSF+dT)|`DS3R-@5Z`HPVT$JKn@>qa0+LL@`-mPscVs zcalQIVY~1{*#GG+E#O3AZ+Opn%!qJB0W&62I@H~E5{4HEj==?QYGg&0nM-`{5jp?x z%=-^={oj|`K>^4OdZJ!e4qwXU=Li4*YL~A<0TnV+V{&P5bS*@0ZDDC{N^fayQ*>`~ gVP|D7aC0$GO9ci10000400aOA0RRB=K>+{&0NEI#YybcN delta 2384 zcmV-W39t5#h6VP81%R{x+&E)eR$f;ZG?4Pn2mk;@9RL6v0001UV{&P5bS-3WZDDC{ zYHw+7b98TVVP|D7aC0%`S#59I$PxZ*1O5*KTBzjKWMU%;4nb2umE=@c+Y(GU>9sx_ z*5pds3&mx2Ny~ET|9+Q0IRO`cpLch*w}SAe)6qB_hWNbImkTCR_)+3tVJ;P$ap*>o zEYci5)9U^p?41qAli}!;HVjjUnC2j-(Cz=y4?#yfWlG3>h%MHygryx8vsl11Fj%l? zE>hf^LO$nieXz5=`Vj48J0poD*o>51oDbxv3sGXz?}2WaK0;CnxR(}GVd5%`{; z%KWrQl93uLvV7ICA9b!oI{O(~&KhUTDMIdBi+&#gXCD#%1<`wn;AuXLA4Z+BL_Y(z z74oQ1B43U1XCyL~IKRB0;$d;ABPFt2$n-JwpN&0diod+dy#m8^F)GF^pT8{fFvdef ze}`OMiHMJtyb>{2FDt}<=J3nAWpw`Xm@a9?h03Jdh#qZALd$~;;UK!<47rzk^ZO^%pn?^w=eTm_jv z@C?{zOi}LRTkwvgicmVtlq@pHWFn#!6d5V25p|Z?XLvQmg?wXw^JgY<+Kk^yayAHp zYse*BB0Xmr@=Oe!16YW($oU?EhB;HYA10h<;3H$mG}iF$HG$XQCxuE0UQVa*S){RC zYM2Vemn=yFARwOmr#wG$?=bqOBH`ed4>oZ3VO(6IR`{Ec%(s&AR82k{t4Gv!)fPZA2Q=**6xF9{u z=CNGjhB;4?W{|_+P4Ear_a<;brypHd7TL$vq2HELeR*`<8P~GF6?c+%w#5`W-=iMz z`B!Ln`~9%J2j4KhD+lUi(3y5`j_`!^-&U7O#IP_z@kF#6nV{juVIkpDZ8D^&6RoEb0acGbd9ARP_qy0YD z7}n-(qa^EwEsDOijbM6P%rlO{4um8}ERodXDsEmX1scEvA+x5BnW%1 zAo6`U3%e6wF=o3!Vq+u4@~5`$R+($`1T4H|<9 za`pv-Ho}6A1X4w%@FQTODXF&q1Q`f0Tx1e?Ya>B_s*=~C(dzcyG8?<~J#}HYoKDln z!-4fadvIH4{A+>1=#Ro9&T^~{;5#C;?OTs!>{28c1K^!$mIoWyK|l15`(ZGl1Mt?H zDPXuNAw6=0-|hQ`sY0@vQl`;fX7J;+qpZc?Bb{AJqSCEfGJmM+wbBytk2ZX)OS=8h z<*$f;vd-ML{oPBL)+U58DHa))4CS@q-|%^kCC_(zzCr7kz$Pm$Y-q*d*17dTRh*YA z3{|pcIaV}5V|K7aaTc$t6A6z4<2A+6si}3u?M6ZC$uvdvO#n(vqZE;25H5{Np$Ov^ z`rR8R82mEX!FR8Q@m&+YAqSZ$wOsAj(_?Gb&@ftC@8__+Drk8r<|9clvhPVk z-`v-*No(I)>RwG&8HaWm*6w8+{E?cmRNRMqHD zm4j=$sLUiXtHs?D`>F)K#thuIIIX!nLLd z^THy+UPe!`*l(n-sR>VsL`k*%Z??4mGE$;Tgne$d=lmSd`QWe_z*ra{N*iJ=qjf<~lTP^6Oo**`YRU99r+& z_O5oWe&xymLX?>1$qIdjN)&w0)za3v#-7n>@&UY81^#|-8jp(x#k`Gvi*}cWyoV~7 zSy>|dozsPiQFxPo=+o0E=n?LJ*=uYv5#ACHHKbqo>cBItWz_}>Q!p_Hi3?OTEtMcjH`vv=I)7j=_ov=l3<7-ViAt% zo1yti*}CKX^?Z0d8J=F$3(!M5XNskCxq-gJr7&8i$PJy*aIe$DKf}>p=Vb3GlBrvw zW5XlGx=MNRpxCv-1x}VCy;yIkxTV`W)_}gD*SpaD)Gu#9*Y44Ojw_r0Ps5hPRHhu; z3gY*Nr=V`XeSg^OmO_b*GrJ)M1S>S1*olag)N-1`01G>V;raqbb9;busdK###uhrv z8lW?-9_1~=kaRhHcd1_~oK2R}wnq-Q_07QEzIW%@XrvQeb-an$S~*D9iDI(Co{nvN z9wdd5!S;pV(9%%T;k%W3Z!>HPGh`VZ3hH<$B40mw93R$f;ZG?4Pn2mk;@ z9RL6v000000000103ZMW0Ma-C0CQtfEcWN&R@X>Mw7X>N0u??M3@2HHUZ0002Z C?1yOp diff --git a/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 b/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 index bda935181..4a8380c8b 100644 --- a/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 +++ b/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 @@ -182,7 +182,8 @@ Try { Write-Log "Unmounting drive" # Remove-PSDrive -Name $DriveLetter -Force - net use ${DriveLetter} /delete + # HACK: Disabled because it fails + #net use ${DriveLetter} /delete Write-Log "Drive unmounted" } Catch { From cea51499ff3a1be594e2cab7f4bde445722fff78 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 30 Oct 2023 20:45:52 -0500 Subject: [PATCH 016/117] updates --- workload/arm/deploy-baseline.json | 868 +++++++++--------- workload/bicep/deploy-baseline.bicep | 2 + .../.bicep/azureFilesDomainJoin.bicep | 4 +- .../modules/storageAzureFiles/deploy.bicep | 8 +- workload/scripts/DSCStorageScripts.zip | Bin 84181 -> 82660 bytes workload/scripts/DSCStorageScripts.zip.old | Bin 82678 -> 0 bytes .../DSCStorageScripts/Configuration.ps1 | 199 ++-- .../DSCStorageScripts/Script-AadNtfsSetup.ps1 | 110 --- .../script-domainjoinstorage.ps1 | 23 +- .../scripts/Manual-DSC-Storage-Scripts.ps1 | 54 +- 10 files changed, 562 insertions(+), 706 deletions(-) delete mode 100644 workload/scripts/DSCStorageScripts.zip.old delete mode 100644 workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index de870c7a7..4333b823f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10900661510408138769" + "version": "0.17.1.54307", + "templateHash": "15589045726498954361" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1250,7 +1250,7 @@ "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/", "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", "varDiskEncryptionKeyExpirationInEpoch": "[dateTimeToEpoch(dateTimeAdd(parameters('time'), format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))))]", @@ -1458,7 +1458,7 @@ "version": "latest" } }, - "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", + "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip", "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", @@ -1548,8 +1548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -1657,8 +1657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -1787,8 +1787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2148,8 +2148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2257,8 +2257,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2387,8 +2387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2743,8 +2743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2852,8 +2852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2982,8 +2982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -3356,8 +3356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4410961505353116676" + "version": "0.17.1.54307", + "templateHash": "16933483947927654925" } }, "parameters": { @@ -3480,8 +3480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -3589,8 +3589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -3719,8 +3719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -4080,8 +4080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8596842132721557367" + "version": "0.17.1.54307", + "templateHash": "9723296804992458231" } }, "parameters": { @@ -4474,8 +4474,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16114201815220186510" + "version": "0.17.1.54307", + "templateHash": "1015616738226483875" } }, "parameters": { @@ -4618,8 +4618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9475182064400951000" + "version": "0.17.1.54307", + "templateHash": "9976669288431551452" } }, "parameters": { @@ -4752,8 +4752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4737981453812272169" + "version": "0.17.1.54307", + "templateHash": "3402933947779868845" } }, "parameters": { @@ -4887,8 +4887,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3112143349780297195" + "version": "0.17.1.54307", + "templateHash": "12988075953101096314" } }, "parameters": { @@ -5059,8 +5059,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "123582376075481853" + "version": "0.17.1.54307", + "templateHash": "3289166297924789550" } }, "parameters": { @@ -5206,8 +5206,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -5433,8 +5433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16367350850509170627" + "version": "0.17.1.54307", + "templateHash": "1145398762062008037" } }, "parameters": { @@ -5602,8 +5602,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4259405973831985687" + "version": "0.17.1.54307", + "templateHash": "15503229472224280826" } }, "parameters": { @@ -5753,8 +5753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8241310064803100775" + "version": "0.17.1.54307", + "templateHash": "7352784420507326330" } }, "parameters": { @@ -5965,8 +5965,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18140433925264498395" + "version": "0.17.1.54307", + "templateHash": "16579532157576436548" } }, "parameters": { @@ -6297,8 +6297,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -6480,8 +6480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16175402431461753105" + "version": "0.17.1.54307", + "templateHash": "5539435599928560626" } }, "parameters": { @@ -6659,8 +6659,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -6928,8 +6928,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -7008,8 +7008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1941283932562101832" + "version": "0.17.1.54307", + "templateHash": "7759814680098607558" } }, "parameters": { @@ -7480,8 +7480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -7713,8 +7713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -8023,8 +8023,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4384789363478882487" + "version": "0.17.1.54307", + "templateHash": "13214055304476289623" } }, "parameters": { @@ -8359,8 +8359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1621329966427438172" + "version": "0.17.1.54307", + "templateHash": "2369963613204181171" } }, "parameters": { @@ -8623,8 +8623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12788403587110473233" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -8868,8 +8868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7097336330611846796" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -9083,8 +9083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1621329966427438172" + "version": "0.17.1.54307", + "templateHash": "2369963613204181171" } }, "parameters": { @@ -9347,8 +9347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12788403587110473233" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -9592,8 +9592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7097336330611846796" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -9798,8 +9798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1026634425206978147" + "version": "0.17.1.54307", + "templateHash": "4126277245845030634" } }, "parameters": { @@ -9921,8 +9921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17311918279735735244" + "version": "0.17.1.54307", + "templateHash": "9764104744913843180" } }, "parameters": { @@ -10128,8 +10128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16308363173981707308" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10268,8 +10268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5826842078108214123" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -10477,8 +10477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16308363173981707308" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10617,8 +10617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5826842078108214123" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -10840,8 +10840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17944965207907926954" + "version": "0.17.1.54307", + "templateHash": "10436531327774101026" } }, "parameters": { @@ -11174,8 +11174,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15295044205283590639" + "version": "0.17.1.54307", + "templateHash": "12913964363513527115" } }, "parameters": { @@ -11367,8 +11367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15804363095104832975" + "version": "0.17.1.54307", + "templateHash": "1508597549221173835" } }, "parameters": { @@ -11590,8 +11590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14113542671107167377" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -11756,8 +11756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14113542671107167377" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -11917,8 +11917,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18431427062084145620" + "version": "0.17.1.54307", + "templateHash": "7449417204208520653" } }, "parameters": { @@ -12154,8 +12154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12242,8 +12242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12330,8 +12330,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12418,8 +12418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12595,8 +12595,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13709403264411118702" + "version": "0.17.1.54307", + "templateHash": "10975402800010178371" } }, "parameters": { @@ -12874,8 +12874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9097564864750485498" + "version": "0.17.1.54307", + "templateHash": "14753481159691076868" } }, "parameters": { @@ -13266,8 +13266,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14279396732857224845" + "version": "0.17.1.54307", + "templateHash": "2314964423044495570" } }, "parameters": { @@ -13484,8 +13484,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11898077884422900461" + "version": "0.17.1.54307", + "templateHash": "782391975946165786" } }, "parameters": { @@ -13737,8 +13737,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6664287599840054041" + "version": "0.17.1.54307", + "templateHash": "7203259033747042619" } }, "parameters": { @@ -13915,8 +13915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3347591711902057245" + "version": "0.17.1.54307", + "templateHash": "1752140700494840741" } }, "parameters": { @@ -14122,8 +14122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11399700354114664956" + "version": "0.17.1.54307", + "templateHash": "324317554219687604" } }, "parameters": { @@ -14351,8 +14351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9797264344352680473" + "version": "0.17.1.54307", + "templateHash": "6421047844253253523" } }, "parameters": { @@ -14572,8 +14572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9142980469442901472" + "version": "0.17.1.54307", + "templateHash": "17010593045994332917" } }, "parameters": { @@ -14840,8 +14840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7819863254022282170" + "version": "0.17.1.54307", + "templateHash": "12892308842611713996" } }, "parameters": { @@ -15069,8 +15069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15372026578985083473" + "version": "0.17.1.54307", + "templateHash": "9066192464594903933" } }, "parameters": { @@ -15230,8 +15230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15737913196788172522" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -15353,8 +15353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "943002000979437913" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -15547,8 +15547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -16127,8 +16127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -16705,8 +16705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17288,8 +17288,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17868,8 +17868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -18448,8 +18448,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -19079,8 +19079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17190342760761631424" + "version": "0.17.1.54307", + "templateHash": "3496664578163970555" } }, "parameters": { @@ -19246,8 +19246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -19435,8 +19435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -19705,8 +19705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -19799,8 +19799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -20069,8 +20069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -20139,8 +20139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -20723,8 +20723,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -21304,8 +21304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15737913196788172522" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -21427,8 +21427,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "943002000979437913" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -21618,8 +21618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -22228,8 +22228,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8962719925031018247" + "version": "0.17.1.54307", + "templateHash": "17450213271810432516" } }, "parameters": { @@ -22369,8 +22369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6512125712723276282" + "version": "0.17.1.54307", + "templateHash": "10530929595373885258" } }, "parameters": { @@ -22739,8 +22739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -22871,8 +22871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13473011612578499281" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -23008,8 +23008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12036621733642341793" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -23203,8 +23203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -23386,8 +23386,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -23589,8 +23589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -23786,8 +23786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -23921,8 +23921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -24135,8 +24135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7774490315865318008" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -24366,8 +24366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -24549,8 +24549,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -24752,8 +24752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16707004874708060114" + "version": "0.17.1.54307", + "templateHash": "9857842888967195839" } }, "parameters": { @@ -24963,8 +24963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12172667945223907975" + "version": "0.17.1.54307", + "templateHash": "2377303483140510674" } }, "parameters": { @@ -25039,8 +25039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2530846489831075796" + "version": "0.17.1.54307", + "templateHash": "1764649882380429233" } }, "parameters": { @@ -25111,8 +25111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -25242,8 +25242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5693310049980820424" + "version": "0.17.1.54307", + "templateHash": "205693325076049461" } }, "parameters": { @@ -25499,7 +25499,7 @@ "privateEndpoints": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', createArray(createObject('name', variables('varWrklKvPrivateEndpointName'), 'subnetResourceId', if(parameters('createAvdVnet'), format('{0}/subnets/{1}', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.virtualNetworkResourceId.value, variables('varVnetPrivateEndpointSubnetName')), parameters('existingVnetPrivateEndpointSubnetResourceId')), 'customNetworkInterfaceName', format('nic-01-{0}', variables('varWrklKvPrivateEndpointName')), 'service', 'vault', 'privateDnsZoneGroup', createObject('privateDNSResourceIds', createArray(if(parameters('createPrivateDnsZones'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value, parameters('avdVnetPrivateDnsZoneKeyvaultId'))))))), createObject('value', createArray()))]", "secrets": { "value": { - "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'AAD')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials')))]" + "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'AAD')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'NoUsername', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'NoPassword', 'contentType', 'Domain join credentials')))]" } }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))), createObject('value', union(variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))))]" @@ -25510,8 +25510,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6512125712723276282" + "version": "0.17.1.54307", + "templateHash": "10530929595373885258" } }, "parameters": { @@ -25880,8 +25880,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -26012,8 +26012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13473011612578499281" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -26149,8 +26149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12036621733642341793" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -26344,8 +26344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -26527,8 +26527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -26730,8 +26730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -26927,8 +26927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -27062,8 +27062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -27276,8 +27276,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7774490315865318008" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -27528,8 +27528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7384659277214029075" + "version": "0.17.1.54307", + "templateHash": "11864719595815359922" } }, "parameters": { @@ -27809,8 +27809,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4871686244874116600" + "version": "0.17.1.54307", + "templateHash": "547922033158170612" } }, "parameters": { @@ -28645,8 +28645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17813916616294233801" + "version": "0.17.1.54307", + "templateHash": "10525586211840772754" } }, "parameters": { @@ -28800,8 +28800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7443039450447826518" + "version": "0.17.1.54307", + "templateHash": "3109828817825228978" } }, "parameters": { @@ -29116,8 +29116,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8727835156180887119" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -29368,8 +29368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14008437777249069704" + "version": "0.17.1.54307", + "templateHash": "4280335810449335065" } }, "parameters": { @@ -29653,8 +29653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12339568584101080218" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -29872,8 +29872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30078,8 +30078,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30279,8 +30279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30485,8 +30485,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30681,8 +30681,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30877,8 +30877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31077,8 +31077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31285,8 +31285,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31486,8 +31486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31690,8 +31690,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9244336776798438387" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -31856,8 +31856,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16997355648608834977" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -32059,6 +32059,9 @@ "storagePurpose": { "value": "fslogix" }, + "vmLocalUserName": { + "value": "[parameters('avdVmLocalUserName')]" + }, "fileShareName": { "value": "[variables('varFslogixFileShareName')]" }, @@ -32136,8 +32139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2896530815646551587" + "version": "0.17.1.54307", + "templateHash": "12836745950301434989" } }, "parameters": { @@ -32219,6 +32222,12 @@ "description": "AVD session host domain join credentials." } }, + "vmLocalUserName": { + "type": "string", + "metadata": { + "description": "AVD session host local admin credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -32333,9 +32342,10 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" + "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]", + "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, "resources": [ { @@ -32366,7 +32376,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -32402,8 +32412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4609051071217741500" + "version": "0.17.1.54307", + "templateHash": "5115421894814797429" } }, "parameters": { @@ -32950,8 +32960,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17399845773033742131" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -33145,8 +33155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -33342,8 +33352,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -33477,8 +33487,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -33684,8 +33694,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5299530817966477918" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { @@ -33808,8 +33818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4867276107242068354" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { @@ -33966,8 +33976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16319997867476904230" + "version": "0.17.1.54307", + "templateHash": "10541476086832691043" } }, "parameters": { @@ -34187,8 +34197,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8477599286867291799" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { @@ -34301,8 +34311,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2796131294243404206" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { @@ -34429,8 +34439,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9471266450275905523" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -34667,8 +34677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10258593462798216268" + "version": "0.17.1.54307", + "templateHash": "1150612779421396008" } }, "parameters": { @@ -34891,8 +34901,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6048855322985506812" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { @@ -35020,8 +35030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3454304478574190517" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -35259,8 +35269,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "540685418622192635" + "version": "0.17.1.54307", + "templateHash": "8639862570197941224" } }, "parameters": { @@ -35456,8 +35466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9116292018335087361" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { @@ -35553,8 +35563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8826781769055434429" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -35789,8 +35799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17195855523120591769" + "version": "0.17.1.54307", + "templateHash": "2885217159765875903" } }, "parameters": { @@ -35980,8 +35990,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18313788100863691650" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { @@ -36155,14 +36165,7 @@ "scriptArguments": { "value": "[variables('varStorageToDomainScriptArgs')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } - }, + "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]", "baseScriptUri": { "value": "[parameters('storageToDomainScriptUri')]" } @@ -36173,8 +36176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13091364540241869728" + "version": "0.17.1.54307", + "templateHash": "2307914902179659195" } }, "parameters": { @@ -36205,7 +36208,7 @@ "description": "Arguments for domain join script." } }, - "domainJoinUserPassword": { + "adminUserPassword": { "type": "securestring", "metadata": { "description": "Domain join user password." @@ -36213,7 +36216,7 @@ } }, "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" + "varscriptArgumentsWithPassword": "[format('{0} -AdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('adminUserPassword'))]" }, "resources": [ { @@ -36267,6 +36270,9 @@ "storagePurpose": { "value": "msix" }, + "vmLocalUserName": { + "value": "[parameters('avdVmLocalUserName')]" + }, "fileShareName": { "value": "[variables('varMsixFileShareName')]" }, @@ -36344,8 +36350,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2896530815646551587" + "version": "0.17.1.54307", + "templateHash": "12836745950301434989" } }, "parameters": { @@ -36427,6 +36433,12 @@ "description": "AVD session host domain join credentials." } }, + "vmLocalUserName": { + "type": "string", + "metadata": { + "description": "AVD session host local admin credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -36541,9 +36553,10 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" + "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]", + "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, "resources": [ { @@ -36574,7 +36587,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -36610,8 +36623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4609051071217741500" + "version": "0.17.1.54307", + "templateHash": "5115421894814797429" } }, "parameters": { @@ -37158,8 +37171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17399845773033742131" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -37353,8 +37366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -37550,8 +37563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -37685,8 +37698,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -37892,8 +37905,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5299530817966477918" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { @@ -38016,8 +38029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4867276107242068354" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { @@ -38174,8 +38187,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16319997867476904230" + "version": "0.17.1.54307", + "templateHash": "10541476086832691043" } }, "parameters": { @@ -38395,8 +38408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8477599286867291799" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { @@ -38509,8 +38522,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2796131294243404206" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { @@ -38637,8 +38650,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9471266450275905523" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -38875,8 +38888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10258593462798216268" + "version": "0.17.1.54307", + "templateHash": "1150612779421396008" } }, "parameters": { @@ -39099,8 +39112,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6048855322985506812" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { @@ -39228,8 +39241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3454304478574190517" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -39467,8 +39480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "540685418622192635" + "version": "0.17.1.54307", + "templateHash": "8639862570197941224" } }, "parameters": { @@ -39664,8 +39677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9116292018335087361" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { @@ -39761,8 +39774,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8826781769055434429" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -39997,8 +40010,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17195855523120591769" + "version": "0.17.1.54307", + "templateHash": "2885217159765875903" } }, "parameters": { @@ -40188,8 +40201,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18313788100863691650" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { @@ -40363,14 +40376,7 @@ "scriptArguments": { "value": "[variables('varStorageToDomainScriptArgs')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } - }, + "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]", "baseScriptUri": { "value": "[parameters('storageToDomainScriptUri')]" } @@ -40381,8 +40387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13091364540241869728" + "version": "0.17.1.54307", + "templateHash": "2307914902179659195" } }, "parameters": { @@ -40413,7 +40419,7 @@ "description": "Arguments for domain join script." } }, - "domainJoinUserPassword": { + "adminUserPassword": { "type": "securestring", "metadata": { "description": "Domain join user password." @@ -40421,7 +40427,7 @@ } }, "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" + "varscriptArgumentsWithPassword": "[format('{0} -AdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('adminUserPassword'))]" }, "resources": [ { @@ -40497,8 +40503,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8648238951029079364" + "version": "0.17.1.54307", + "templateHash": "14889137037653853520" } }, "parameters": { @@ -40576,8 +40582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8447272874314804308" + "version": "0.17.1.54307", + "templateHash": "11940163391569342138" } }, "parameters": { @@ -40734,8 +40740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5091916529584467175" + "version": "0.17.1.54307", + "templateHash": "10835079600690809858" } }, "parameters": { @@ -41045,8 +41051,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2996410650525322037" + "version": "0.17.1.54307", + "templateHash": "10362929169289211539" } }, "parameters": { @@ -41436,8 +41442,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4871686244874116600" + "version": "0.17.1.54307", + "templateHash": "547922033158170612" } }, "parameters": { @@ -42272,8 +42278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17813916616294233801" + "version": "0.17.1.54307", + "templateHash": "10525586211840772754" } }, "parameters": { @@ -42427,8 +42433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7443039450447826518" + "version": "0.17.1.54307", + "templateHash": "3109828817825228978" } }, "parameters": { @@ -42743,8 +42749,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8727835156180887119" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -42995,8 +43001,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14008437777249069704" + "version": "0.17.1.54307", + "templateHash": "4280335810449335065" } }, "parameters": { @@ -43280,8 +43286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12339568584101080218" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -43499,8 +43505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -43705,8 +43711,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -43906,8 +43912,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44112,8 +44118,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44308,8 +44314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44504,8 +44510,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44704,8 +44710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44912,8 +44918,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45113,8 +45119,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45317,8 +45323,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9244336776798438387" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -45483,8 +45489,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16997355648608834977" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -45723,8 +45729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45943,8 +45949,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -46158,8 +46164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12985795676096332650" + "version": "0.17.1.54307", + "templateHash": "17926581562507911667" } }, "parameters": { @@ -46330,8 +46336,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12570414431099862364" + "version": "0.17.1.54307", + "templateHash": "231872691044961836" } }, "parameters": { @@ -46423,8 +46429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -46598,8 +46604,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -46867,8 +46873,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index e8f59b0d4..8a7d8ad95 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -1152,6 +1152,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if name: 'Storage-FSLogix-${time}' params: { storagePurpose: 'fslogix' + vmLocalUserName: avdVmLocalUserName fileShareName: varFslogixFileShareName fileShareMultichannel: (fslogixStoragePerformance == 'Premium') ? true : false storageSku: varFslogixStorageSku @@ -1195,6 +1196,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr name: 'Storage-MSIX-${time}' params: { storagePurpose: 'msix' + vmLocalUserName: avdVmLocalUserName fileShareName: varMsixFileShareName fileShareMultichannel: (msixStoragePerformance == 'Premium') ? true : false storageSku: varMsixStorageSku diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep index f5878b553..57db208d0 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep @@ -18,13 +18,13 @@ param scriptArguments string @secure() @sys.description('Domain join user password.') -param domainJoinUserPassword string +param adminUserPassword string // =========== // // Variable declaration // // =========== // -var varscriptArgumentsWithPassword = '${scriptArguments} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' +var varscriptArgumentsWithPassword = '${scriptArguments} -AdminUserPassword ${adminUserPassword} -verbose' // =========== // // Deployments // diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index e278d9930..3a7434b1d 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -43,6 +43,9 @@ param wrklKvName string @sys.description('AVD session host domain join credentials.') param domainJoinUserName string +@sys.description('AVD session host local admin credentials.') +param vmLocalUserName string + @sys.description('Azure Files storage account SKU.') param storageSku string @@ -109,7 +112,8 @@ var varAvdFileShareMetricsDiagnostic = [ var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var varDirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' var varSecurityPrincipalName = !empty(securityPrincipalName)? securityPrincipalName : 'none' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${varSecurityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} ' +var varAdminUserName = (identityServiceProvider == 'AAD') ? vmLocalUserName : domainJoinUserName +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -AdminUserName ${varAdminUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${varSecurityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} ' // =========== // // Deployments // // =========== // @@ -190,7 +194,7 @@ module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { name: managementVmName file: storageToDomainScript scriptArguments: varStorageToDomainScriptArgs - domainJoinUserPassword: (identityServiceProvider == 'AAD') ? '' : avdWrklKeyVaultget.getSecret('domainJoinUserPassword') + adminUserPassword: (identityServiceProvider == 'AAD') ? avdWrklKeyVaultget.getSecret('vmLocalUserPassword') : avdWrklKeyVaultget.getSecret('domainJoinUserPassword') baseScriptUri: storageToDomainScriptUri } dependsOn: [ diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index abc3f1ac60daa4944ff44de6583c6a37fa033a56..7d84066898a1e5193b6818f2d8e9683da00eab09 100644 GIT binary patch delta 4061 zcmV<34Om0000(Z*FF3XLWL6bZKvH zE^u=($=!!v+Xj`2ux+Im<%lhAU zCrUCU(=S=8eHlL_5qY{d9`AXm{Cw7I0FIvf+juf{N3MRP(TAZs0H1%y^Kg*}PlY^& zc^EO6a{&Qgd0`Bnco>KA0;J-?TQKl^pC_?uHZrZlD|c`=n$AX(@mBF{8A_182-gZ8 z!zhA#1|o?8^?Rmb7Jy_@lHDbj3X(Wrg=H^T;ZI+%fW<2GBH3#;&VC`oYfpHqW}{1{ zw9yY!nqrEH?yVOG9y))!flFvBk+AcRnan#c3UP^zxf&-?G!a*;wc2!xb*ThK`Vrc$ zjh+{c!C?H5S|CZH>ya6F*JFn#;P3^r>^cl}ywhNY=WpKL;@ydQpd^BATfutFik8H`qIE)=LGgB1@FysoLGr|24|us_Olfe;V`lRObV z>*+W3d(Ke$ci93sx2Xb3Doo{&$q;W_u0nrH(39%On`*#X){ePj0MOzuB1UxB-kimiH>VcZMqOTB)AT{-os zH+2Wa)eyRs3bD9)UPN&v1Q&guv`ht?Gr?la#U*rb*Vi30*=;v%Q3L|G{y}PgLf%{B z%*Tt18>WATm@=QXpX_$q=oMeBuq5c6Y~y;+C0633YD|@_H+->RqPLbmwMv^j<^h9< z`(8xXVm!6<{{NF8w@QwUsZq4V8(x>%A`et#XJv%RDk(}a1J3(GL;CL zrw09!YCQ&*nXi;J-V|%bxUAZxp*6$nrw$&EBvKu!hz`YJN>v`+lhv1tAdy&^7l%v1 z917cuMJbK*P%sUb9QsQ^>KLclMb}sYOi*NL{44hr% z`^|q=rSER+vN-RQ=|mw{o^^5#kgpfdjuo;CHP%I^AisrNG2v{^o@FN#6o?W}JW?~iU?}m~o`mC52dsctTmWutlJLP-IU+z0s1QWM%K@D^2j00Ga_%p3o2{35EL+u{Y(qA(FPwIDwASbsx2xWh{ z{(5_wV7oumBnoqYV3RQ_a8e~iG9Fk#5$qb!t*#SuwN-V#FKikaPPMNI0qtUzQm4W2 zg+rP%f|y0%rM?G;eW%eL$#VX-yOHt@%1VEjQ91{iDY9nh=;uL%>vgppU=q#U-kw}@Bq@kxg$dh1YwWsmf<4m^7VGY)~ zhi{(5G@r{cPhyvLUYRq>(iOe(O~+U*w$=6tVawo;a`%0#y~1lxVYHSx=N%LG_`<7y z08mQ<1QY-O00;nimyA}%0h_l@Hvu354)v8@S85<^B)|v&07xB|wLSqPe{FBu$PxbR z0QnCCTBzjKWMU%;4nbW&mE=@c+Y(IK>9sx_*5pds3&mx2Ny~ET|9&&OOPQ1zzZ5>8 zML#4F$=zq(pPAkKdHeONtswmAWHb(kA^zU#%LNlD{3!9SFqewWICP^(7HN*3X?1@P z_D+Z6$#8T+8-^)FOmmP^f9Upq>4%^ro-!rmF2ok=SHjW`i&-pS8W=2CG#4rEO(CCi zw?26NYWpv*Uu8_OMF%DPYfQg*&Q<4_r7=UG6&ye-R|VhsnHHS0MBsaVBJ-0XNk(e0 z$nsUke$=@V>Fj4{IcuCTCkVM~E&6=~oPI+17ewzRf~WZ~ei(Jie-ix+*jC7+LWz7e z#>YrxEOCB$LB+%3Qb$T;xsd5&>OUKM&J=%nm3sxI>ta-lSw4SR6h4bImP-v&q4<&|NdO2H^4ve+`JsD$h2k1`rgicdTT|5&7AQ7q26(ik<^4}J*V z2m5dLz(2J9e<@LpWn7RRX7gAsal@P^Ni)cP@Gf`+qI(m#B-M{DESvIU>(FmYslGhA z?v!g;;EFrRkL4Txiuu;>hxZfC$)K2aZw@g+`fsaCC1O|@p_Cjg_u-!+JCYHj^1z}% z&-uN%NaA767vL&l9NL;Vl@k4myRcxvs{#KpxDixLe_Mm=3@h31DjX=TI5bEJ4zZAp z(SDz6OlXB$J&~T9aawmb5N`28m8Bi*=i!kA$=?Bdg~8xAH`M4vm&q! zgC&R=}>9NT^b10_*n8q=r@F#xflk?1=*PS23axS7dEJczS%o32kKB{ie zm`sqfFPO9u4gg3XRa8np0ydhGYP(O6fdIorCXu){3ZyD|of@rf-z~GbTi;U`hRZ3M zJ_ZNY`)uI0PWjgYlhGfAhn(fuO~7|VXve)Cf6LgVNH7P$JJl=?Hn4+!=pXgNU_t@# z)|)9|xGEt%a)jUQ`-Z7PvYJY!(OzcoQ`9OJIu?7dDLUaO>RqpeoMG ze-(x**|R)`G(lr^utaeduc{{)9tXy2ilb9g>xj*U){|+9>YD_VSVk!##~@r8mqHQ7 zE%duLPB8dov4ihk4dc6^e?ty3Q*KF?;;SnIHp$(XxJ@5TthDME?9H`xoBN(kLlp)4 zcYY&1HxGY}UQeNHMQ&iZccAiI%bzewxMCPwm$#iI9AZ|Qp_ikVr1Ww zguc12VUyOrwbZ?utTLR%%CvSb+u)DXjHTknbP|@Fr6TVOYC*F?APL15-A>oI7)y6a zt{hz3MP((CX^ob>uu0F-_DS{+(nzgLTGHm z{5uJCH}SdM?lf$fZK@MF6W5O1T75j@@FQ#h$iN5C{;6&De|Psne|PIY?A8ixACt~R z*qczBW@7g+U{J+0huRj+OXgape=^>;FD}~fr=|lrzHPg26J_B~^g^3AxOii^pN_4ggQkvw~I}A%8;0vpJ!2B%#&*+Yhl+GjF%5 z+}@5+g2X7F{986 zcFq(_>Ba(mhf86!e@u}ZI-}uEr-y%rqn*z2&Qm1Q2t;ASkYcl>x_D6RTHykZiz2;P zZ>YGX+dI;LzMoQYf);W;euu zV1=fL9g9dwEvGpQQgk*9*S9K~+W^j`&h;)BTPT<{KxbS%Ps>||A?b$t?q-o$ul&3RpzMJrNQ z(cUwP`ROI~9~AL#mvlz~Q4YzKURRcm;%Pkw003Ygm(xc9PdcYI0RT*IXJ=({E^u=( zP)h*<6aW+e000O8^_5;%Y9MSRzz6^UNF4wG8~^|S000000RSKX007Q7m!U`jCJqDu P1ONsB0078A0RR911KYi; delta 5584 zcmZ{oRZtrW+pQCR$jGx z2|8N5hdyhW&&XPirNyDVjxU5CROn89`+q;3>^%m|x!|MLiUj7*1@L(u= z^d1j+dz7y?VK2!+7~Ik4ZA6+xzf{ zQm5%U{O6~}`w~w5+p%88BE;U$^TY}0H&vGb%zaLHZRbPCZY;e5UvH7I>h#;J$l+N- z=lj_<9W+pYdW)$`eq#Dt%+7I*3THXt`Gy%#U?(UIJVr2*7ov%4(U?|PS(TEaqf+}u zn>sG?;f;Ca`VBEgKCAPXS*dwGqIko`gB~aAAE{PW6Vos0W^zroi4zG4nlxXbnCuZ| z9dbdnkCpu)Ivx8>XW)prASdvGZ51~zuS;8clwfK@($>vn=i{9rzr|Vx(^r!~JW}N- zZxxR~4*DkSr3&DIW23y_*-$eSGprenYIw@5^$IZz>OlWH1K66O&8|I^;VH}Po!2S@ zM$0ApGgzso0^N={1VZA(z51cS16e!WIo9f~=u(T?O)vDm>C6HSOIyAJ<{43cM|)_A zeiWAgCyqG8FkG(d=m78hm8jnnE@Blv3-EueXx5PBe)aJWUwEG?cVIYvX2=zPx)cLT z$cL<`VEp0wJEeCiovL8Dy>br+1yS%^s5#W@@>EudFbV_|%6^e47tjQQ-|X(rtHgHx1@@61ocLHk1L{Mlx&=ck3K;jT zP%;9VEem7HK|cLGZrsp=nFf(7O`?C3W4-fMce(N^TB7n>fP!{g75UA8Q8XQ-(>6~NoB-uf>NjebnaMo=qYzLyf;v2 z(M^6wrOYy1apM`p#7GXzwyIO$8_?l&qsiTPWm*;Ht72Bmd)1OQzt>ej&oM7$Dt5hY zT2ymjad|mWX`1Gg^~la(l-?fX*Zre5bax;i zNI{xR^_!()=sc?Gbv2x+BnqTp7ttq!=`PjiEAxX?|QF>e%)eYn&v$x60(Bj7Mai91+|$ z!WZR*>x5e-z^c@2w3J>*hd~$JJ#AcfBsfgI3q3-&$L8!8Jj2cO;8={y`B#*SqGEC3 z2kv3ledx==52BG;OYYUyo!JOxAY4r?ktN~EfR;`%!^AE_KV+R0P?ZN_fslsvj*6En zCE9Wr&`pJvS2T4pQZkS)%%h|~JKH)pF)89v&`oRUw1?{k*{b_4(-oY^&IPuLm;ST* z-c{sx-a>(fuZ)q@m%Cj}JaXpTBj$Z6+D0{tGU#;Z!>u=tuI0xZiG&mSZm~|F)rC8q z8&JzMjeg;9GGA&caa9{_G!FBkdvqVDujTjbX*F9iP5hvagI-W<7%^v|_}6jxyR6U@ zaQb!8^G$rs==W!&KjzdDl70PaaW{(Ppi{dzAYl)@y|)D`3NSfg*!3 zO=u(MZowdSMgNc0#lT$YUY3nZeoUHBuZk{d>*Cd9gQK8**yx|`QbR>InU?1{|9bSm z)Y!_x!Aw>0Xu^5c5F^`n4X5H!KsUZQ0lUDJxvli(UGie? z)tenPCw`TAQb76cV#)Z9)9!Yv=N7d>XXkZ4YWCnne6!bTKOMbCaGw>@3IpH6up*5N z&K~I-i-mw-G$?+!seU~?3kL%e0C-CP08sv0hT2vh4sM^h-&6r!pRj7s3xM)8U)CT-bIHVnoo5hIXvP)yjc)A`g zA%SymCj%AAP>bn`ml+@nLCBomPP+p*Wyh>R1Pq+j64W4F%Nn$o2sA8?m#JWO6M`?1 zg>8+Et$&wRUHVv*MXfh@*Tiz=7heg`fzb@R9qk>ERyX;?zWoV^F?Xg*7WITuu@3^M z6S7pO(lCNoLb^Pr2+vkJ{)L>ZWM9W3N2es?7s*KYp~Yog$@`#O=~s5|C>{rEQdKOG zyTxJLQ%Ae}qzC=xsjM^sk+-WZ^9J^riX7Iw5WjQQF-;~yxXRmt1QGe3(C-$phXN=T zmUP{RqnIAcuT#S_xmKO4!v^`v#p@#;gM$!gjUBhgOQeTXO#e~)NVO@znqZ@SmLQDi9ymQe9tll9+BEaq*J(=6b=bJ=ZQW~Wf!p5?4XVl` zDhu)O!B;1DmGsZ&S5)82mi_-tL+(P^U^4xd8BCc`X( zsHSwog+CrgLxu-ykCAMj=P9+iqbYeCU#XcBtuksFmn4v47%56BOYa}Pd134Sfu zLDp3A()kTzVVsHh=~V_lHMLEBR02(SAfF>fD(T4uv7i97|_7(KRif`3bizsWbjJjXpS*Q=GjMIUWyBp{^~(ilxP0zc|R zi8*p^Ebep5q*so9qA0{fC>2>mTH1}NPqOUbr@;T!+>@sjr zCrdZaw+S(*T_o~jR8-ZgKpjce6tQMVHYUr4CxegY)d)Exb<(+#zOXF=WH_bF=T~7T z$&-aTZzOZ;`MVthMM?2Z-%JufQizr@^mRFx7vKGe2{EsL6s<0(4JKJbQKpp+3a?Vd zCHK~VP2$Z1u|03tV4pMc*prGF>m43^Cwf6X>`xG%^#S_Kq+52wIy}I2rZlFN(ddM+c zZ)>z+Kv~wgXrJPB{pKLlE5duo-ztr-Kt=0EAsJUoT_xl@zOGBASm>Y=kra$SHrZs^ zmIprs{t?HUFAStIgPIFq1Cwv%Ts$mo*b8N3+~g&h0`@Y8+F+&MAe0G{VLl~j@?=F^ zYCm!XXuU-P@2S;VGu?0eLE6#Ws*5EBbx3?(I*9+F8y!2@!<}A*G&eWuSrNG1r?wOu z+2iVH^U~__dSgUdVj-10HjRT|oXK$awQwxCy$J8p&>bP|)sxo~edZ;hhB7(^*}q|l z4PgE^Lhm4=L7CV9Kn)E5@b9J8NCRo1+aDcWmj=k6oY0>MDeE)_D+YVyNkAbj!DR|% z70x(CN1u&&DXctLMq!(L0tGfASI{+oI~YH!KoFT}j+`V*?ttj7#LjZR%5z)m4-|Qr zWF~>a21CzoMP-Hnyep36FRo|lLXwPVlr?Lc93G+-l2VThwG(k_*c;jaD)2yQ< z8pxTSgbm6A&+~5sO&+hEbA8$2a?8q9;R*X0+R4kztg%^ITJ_A9Pm0h#IQn9-Z$JH+ zC>vph0}OR+11(>@cJ$~G^Y8a~x6L_l`PHsN!Yayxel27^l~ekdPq%h}Au%!{MZ?uKecpDu%6P-hw6UH_n9}gT z$5}bS_NX7}=+S#xc*OZW|6XTV@sMFwgvop>k5`s1Rc@VBa-;6H$MZ~GmUE}~F@!7D zAMmY{u=8R4>=<|(NS#KqE!&5=Xh9LTg+@8zn=lhfgLN9h&hQJ`_%%NxNUPeZMt#s? znL;bjPwOPc@ncR8YA4ef{B`aIm++=>I)@E4C3n-5_}Qa&di zq9a&UGHLIViP%25PxG>Qqt?3rd#B@5=1NnAz;nG6|9yA$_{Z-kV1PdM@!6ckt5y;m z4?vs1=(#x*U33rj>@JMgR|j1E1SW=+lT77H-5yuEa_TCYY7foa590;3;U-;C1%T}I z6O{JnXqzP`4l}1HHtD$oofLnqY|K_g)DA5dJ*|8|%)z=4WEXhUu=BJt*ITh}*lw%f zTFxJ3^F(q?M=bXyPm91AGRkeGaL#f&zmk&Bz9Xo4(3MR&)gSW+Ah(c=#@cE|2`7(BJUg>wv)J2JZ=$ouh?c zf;Lbplu7oETN9^Zo6bdK9n}gU#KMWr(7>+VRottpZ#YKgM?t;+A_lai2t?jklvuqb zM((Gt@iL79En35A^7x;aE=0>qT$|HA++?I| zt+*Qv=U+R-wV8V5-xm_S0bNlne+hC=*d-c&WjZ_Cr0>b9^~Q3!#PVdh--3kz|8yu! zJeE4lL4B@_p+5VPM^j3R5{&7k=C0DtEs-nT!SBhZX*8)Jyh!DgA>XyOHm9!agYVG! z+lKx2WJ-Yu;>GK?eUsRO3SULh?%#jwtnJrA=R#^K2#0=WjvLxoX}w8jSH}q5ql-kU z7G(}Cqj_#tgc|eV6XHYK8VqPAtHL^pT}z*&wRb4n#m+|B46eS~x zBM#|nR4O<<=$Q`zCQD&Zf;d#*ixq9+9k=VN=95GHQ^LaKVh|rWN5?7$ZWvTLjszrW z6{Iavz+_s`gq$!4aVrkcgmo2f+HVr^2xgUsk_yC6C2I#i;W#2iDC4@u!~t13#h4#x zte(PB>_l=sLDIwBjr5kKMXN!xO`+me7^Q(R$-d{@{qm#`D9BYA9upAYM@ zY=Uf+l$fJ*o8_Bn6#Q%F0j{hk^)Yg$dG$p;g6SvL9>@WKCO_YKGryPIu6Og7RsGw~ zKchLTfuAQUJ%>0dWqE8&&csZ>3lp=j;}MMeNhj`T<-m^JpO}$8p=R4GQj^%pZ`XW|861x u5Ww)ST8jYxe=PZboBWsk^dFD^W0EP6S}hG^Bftb;0+fLOz-NVj1@J%ZilGDm diff --git a/workload/scripts/DSCStorageScripts.zip.old b/workload/scripts/DSCStorageScripts.zip.old deleted file mode 100644 index da77018698fd4c91f7e22a6d759c4d42fdfc738b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 82678 zcmZsBQ;aSQu;keGoUv`&_8HseH@0otwr$%s&e*o@f0KRL%~nz`o%C~8SCyg+C>R>h z{{oIhL47$OOACS#80deA`QJ>)Q{2+V)Jf9A$kEb7pOK!Ko|E3w(n0b6EI|Qnx8kXr zQj)6nQ2_xF{sjU;`G1$_9h^*hgB zz3LnczDhkNapr!T&#velg(=zrX&xSr6zhgpL!KS#nlY!n>)(BS;R(vm!JZHznU((oC~D2QJHro z&_y3|TlR=jR!XdM9$%+ZdHwzUvCks!_NF-nex9secrRzFE-FV1?{rN)7bSOj!W7U7 z35b9?x&oCWoEP}tP;Zoyoyo>>@neKP*W&OtIs&^1Vrp7)CS|*?9E!691n=KobOhI$psit@wu(4Hd|ThP0Yz1N zspG4^wwDG|d#n7B?mt#dn}k&gkwMz17d2gmN89lq!yXxyK!A> zo*kbd)8;f2lihu~4jbx9NbC$QplyE5eG{C1#Gfrh$zSHD3=BmrK5dfEH9DgubVKC*k%5^{su% zVa9^$wR<#DPzM3oCu&01#l){aAC9AIem=k%U3$J17l?uVUR(m2r4{P%Vj7Hpw)3yo z9qcwxHH&Zy4>&sr>1?c@ve_#my+MK-BS$kZ=T?>Qzhn`gD^4ysf8QVU{eGq-&;@n9 zGIGT8S|nkuhXecUv)u-LnU`5EViszA-&x=k&-C$)wN^}E90n0-8WxwUepG((P=8(k z(OL|-+IK8`PrXmO)_}RizUaihxlY)guQe8Y(=Si7(sJgick?k1$@gbTd$p%d&Ul{g zqj<7@}*NP`(fBHG|v+)4x+)3Rdr` z2|am7`V_A%5-+NrDFX6rZu`n@?h{dFq+szM#kIz&cHc(FHB69?Gf=XJLi$we@LBpbqkc@s|Xb<(Mz8mzvj5_1qABKVrF7o`u+arKi#)!boihG4L4yN zb3`4uf1_D*G{!9!1QPn)SE2L>c6qye?p?t^+e`Gj@k%Nk7@}mYsV$xavR3DYrptr^ zp|nh&v#vg=vb!yW@@E7P*lH*1c9X;q4pDK-#(j&N%KY&s*78O@S{I@iv?cXkw?wik zPYHEDk7dp@<`=VkZJv6tMGp+&kWhX6fYF*C0qXijoB@~=P6aJ%d8tTnTA=5~`@myV z258{PHe-ylU-hf@@UME{QhrL82}$lT5EaMQMHAkBif)EPp)bXehKb|FmJZ|anOWtG6{oSm3yp=v->&p=~KSFvjvl&hmy^Fmg6iRn$Pez zb8TPTwQNnwTz3!7GGOZXD_I}KFfR5j zj4wK(geMY6|0M_((D=9f>?X<|et!#t3;#(22&4WJu?8CqW}WR04LUf*V*c@&e#0_0 zy+5mA34h%@p2Y;B%>WtmrzA`bkG)8V53OZe!qKvaen#emZMAqzWi-(8;5GWGBSpcM z0^q>>`;Cu|?|<+8^>AbEc(a!4F_TgRo^SoN<#`W3(z-YQOz?AP9QSHbCXy6%b)(C5 zi#X2lg!2IZuI(8!GgL}->6bT0Q}v0_pRs4d*=MDboA5g1?aOcZmSr};ugBL`YQMDm zqb87Nx;nmmVyE|e(ieMgaV9^oug&XNsQ_asrQ)kEjDNBB0958xF2G^k68Va0n>c z3_#L6nmA(JG=Hl9XTW?SYn?jZR zUFa?y%Bw$#Diuh26R1aqM<$4Tk4C)B>a~BFefQgZiDTfgK-am!bbxQqqkij|SpPR> zg>wA9N{1&ymP@cxMu!b+$H=-emkvbt;H2{QLM$>AbpAzR)IngneE~S=sHnW#0%g(n z<&nMZ_4$+P4fpK+9_0G__%jvm?dQF~iSa^i;F{dGtQ4=%@h>U|L!LQj&Oyf)lDvL&U@Qa>kQ6(kLPMWzBP3r0;YPXGRITaxZaB}dy>$BMvdWx2Y236w9DLcs0 zQ?C!-Sbj;zzBc5R8NHMudub^y zNeZTosys6@1*1j8K4mScOXpTdEa|8b1p+Ji1u!wf_5~}S@~HXvR#Up5XvvK@b}{q$ z=pvpUD})v%bS8MYP*QNafYG!;!})ciqBc({Ix=mU+pz97_6Adf!qyh$q42;rMW;lc zBJV{Rt83%6fiY%qQOW8=#OegrFn7%5Q!D=RUOm2p!1>uDe#{GSDz1==fp;GyxI{Fw zzi`J9e_}hE1Y?=@6i!ATe+RQ)kBN@?Dvc|syOrsBY`vY8qc|$$WG%*Jq9N>ZZH$t5 zht`qRT)M{%nvp+?*YJoj(RDoQ-3^+mZQ%HQgHR}_&bMo>wJ^tBw6jJ|Jow1;f)a$5 zj$-vB@M{tEZ=SkQGt zDYt?G_WIoB5^m1M1NpAzYZHBfTL6jtc<2D4s0}BcQ{QXvwc$prMre6GE7C@rICj&H zhh0T;<3jC;sfO)kQ}}b{Rh!w|$h&G1K-37@T0`l&zkzd>ghd$U7zd-wdeW`7D0*GR z%9%qTJah1R?TMUE*}R4qkr1iiw-JEE2>Qe^i0?13c`eUkkqT0#?w$SuZWN3F5(pJ| zk1axp01mM)f1N@$0~VPOHG7gcXFri!9&wiJTzj;(Sm}I#AIH4BAg?M)R&MIHPGg+_ zbJK;ziKt)UGWvEz1KS&vH*dPM;HrR%figMdt9pMxfwprC3Hrl+^Y^Q=kMo=WiQ3%U z)5^aIUni=Gl@k?$jiUO@DM;33FnzO%v*t3Ga8WbA7MfhPcyOm82lt?+%K=mPMXyek zcY`~$8DT5=B@hct_QKYY=VRb(uhYd59lXG+eCwN6)^{g78B|~ZezHO=HTN!=)EeUh zSj3rCh*8`eF8IUFheuHd%esshLA4oVdFWbw=FD0_AnR*&xHYDpkoqhwXUYC>Dnnxb zwoet)L`#|Ry+=lb?*yq!3<#j;L11qYpa_HxMzU&b(M9JLvX7FP%uG02ij}gHcG~3) z9QNVfmuFk4uH~FspWMcm2Aptd;W>MYlS_>aP;kya!b)zBJV+UDMelC)8{DfNJH~ zsD~N1TJ_kFn0xjNZ^99|52fEjia|Lz>2=);+q3F3&cN2c$wTTO*={R|a~@UATLl}5 zgbdkK%ne5Z%&iCN8I74#wqh3HRZw@$FARCq8QyEO#NYF&*t!bGNhsv8z~<4CGO^p3o@n{2w+UPI<<18D7!9Fhl?GHQy4zH*nz zqokbllHM~M*<{qp?8%Ms72@6OTz9zIkAN{vqgi^uHYG>QCws z^T-83reuWicB&0?qHd`+XazS6XCHf^kxowF!g;jbs7d-W_8V7Inbp|=OQBpo$x>iV zGJ;LEZ`Ve%jpRXxy+bF(J?0Q3MrHXzy|iv-!+IC!%YK|-i1}p%QJL)_b;n*!3Cn6^ zq^Sm|mDuGOUX`|YI(DfTeFfg3&Q&wZ=(v)oU1k{PlI-5dH*^{ECngp5=%9` zf7D|T8@ufmApN@jcR+csLFa{d5Zikys?kZ^>){yht4s!$7$eqg!}_t*L}JBIki}q$ zCGp$QB9HDVch7;#5p`glnO#I6VP$xn5)ufanJr+(<6dLs^SwO{7glGJ-P|?4P!K8L zA|?7DmfGV3QV5LLhuU6@qDRK?TjvPz`+ddpv*W_SjhkH5)R%U9Px0>BSp7?|Kvh-; zlHAhg%$+&-q9QiNdGxr(SkwIC-MSrPsd~TYxhc=yGc4MhQmGD z5|#jPLR5d!>k)4lCPw1;zIy%QNkB8efDuMtQOO~_-f|$;xLRC=_o3E8EcNS1 zwLZ$Q?QitXBu#7P2_ssXwKg2Q1X8x8r^xcFAA{@L_AE_MfwFU^rESv>Cr_POd)NjOIxdZd+P zrk*DEAe@D8$W(~&1PQvq1k@4C6pl|tEYU&R?GRRkO+<-nHlVroKJP9zGx_+$Wr!hT zvt-)77Wkh?39rbZ%be`EnmuaFU&?RCGFy4=kpnnIq~V~#io9vh6&Gidy|u{rsq35= ztu^FIKRa3>WMnoA9}x^+9@E!cYoN$!ohORs5|P>C<%yCgl-XfyG@f3MI-T2F)b;FM z9l}%(a%Z<6nPcA$g-@eB&6fXo;@(k-2XKKuZgh&Zh+Hv_4=~b4dE)z*?5ySQ`@lht zc?PXhI-#kFVEk<&UA>y^UZAe^{1{f~0`Jqi3C>P4b84B+fS=_WyN-$M=_)=q@zu5a zf_HkXdf#8I#&f}pyEBVg8ntken|heg|DdG7w7?%<#RsX-mtgrL#&=3|*J2*f8#v?h>RaGM0mt*95(bcv=4<&C>mZxyU6r~OcsL*D^%*H&H-hEJ8 zTU0Z6Y-mlUwfJ}@X=}>w@fsf<3p7v{hJf;T9~VI*4$mR^;yck1B#n_8lw| zM_`+DzoT>r@O@5|VfHVgGU|YghSCWM2ciQJgB%Q^`4|5cMano6dy(6b9(g9XF#~NN zSPI28eg_(N3Eo3E0xPtm60%_5WgWre1~w`ZK}??eHF+qGK(^Q<*ak%;yU2mh@lZR* zdy_I0^JP1zjN({slhsafo+4t&-daLfM!enh5G%seD=F2B<%GyTM!S(PCCC0UdfGml z5A}|kN8&efDo)Qanf{jj5-{~m=h>f~k+W)>+^__Mr;|A&Z785}B)0Pv#N&5sr@9w>X>mrVG}%LGE7&*PvJj$6-K z4}1`W2jnWT>@VlPflSlC-+vBe;(ZH3oMTcyzJ3bf3WJm%op=1nm_`bm9EGWtIT3tN zF#^94I$pB3g<4xD>*A5vGQFPXou;qEE2b0sCYR4XWk*!r>XF`Z-%WUFv_!0@IbDJ> zbi{?3w}>W2!6%%%EqjU739XINo`=iVg!S5k$ zU&hQ`(>`?ciN`^(T>gBbQq}y?(NeTzYkKfLTB6gf-Ijro!}2EqQF<#$$9MCPT}P>pZHe&sQxy3Sc#j?0bB5)ccg?PfBgUMK&eBOFKi`y=rN5 z5Q9dFWIJvXq=^(6n6U(#k<7+*{>2@I-EO!YtFh`>p9ETqa><{S;D@nZ2*Geg$m$50 zJH#hnP1<{C%2CntHccvQ_$S5QaN!oV-$?i;vt}-I4ytOtd2UCT)mC`@E%I>O%i~bD z*&}DRhKfDgV+$-1y%ODXKwVGz54^-9_PQjQBn*#e-= zj>C#UVcXGbgI4>hbzaT4Sr0eu%C=p)%6Vk*8nRs zBc@LSm!gkN{RyKZpMo!A26Qwc(kVX@xoMa1sdx1>t7@IXJPe+smy2gCs(Qg(l89wX z?$SpvOnEymkEO3^VU%B$SGL^cLWeqNHnAG~n{yf@d;u`P80vu~3NulU{8A%1%OW-I4b_hTX zcs2Ak-!+&h*9f`!8#ji-vPADk|58Gel>_ahIQQ_peQ~gzvaha}T(BOVDq4;(g*Mb+3zt*G5FW$)6eWq4Y0pMwR1q7JJ2NdW7FZUeP61OO9i9=YL2Zii>c4)H z#1{YiH(y2$$dthBN~)D169VDsnd}YDuOjeVJEF_27FdFX+ifT@goO(gb)!Gf!J9gq=n`qlyE(xP%;1qQIW?^iogL4bpf8;#+u?f4)ez(|2q(_ z$UAm=md99(r|KL2@K16E<3=H+?F?=lc};aEQna5EJ634 zJ&a?D7ZUf0i7~F5nQ!$%9yH#|<>;TDH?f#p(g7xq<)DwY^wA~%QbRurDTg}vvrph{ z*R#((>z9iVI8hMC0FJ(ltHX1iU=WMgS}5&4ZL^h*G9-bVf64_adYu~L#ejButl!NE zorBsbN5nvxM#&Cn0atpXMUuYo5&6<~^dn5lX%;0Sc1R{V?m$q|yB0!+B2tGKdWQ}~ z4c7Df+TEWxg9XY%pPp|TS`=r+o>fGT4^WKzq&d^E&0r4*345OLJp7hn9XMxpTLXmb zL0neU2?@D`?x>ptc#$kV1l*zvaRu2IL&B*BwTN)!K+1>!=+N~k2%l3Iq`rgwu?G0@ zh`$GvL?_TWt7t|>7e{G}!}3B%%vlY){fMMeluc`%LG-RjkhVXiK$dp;EF{oCzQhcNadCOl?oHg5!;*gLM28|aXdRl=+QE>qeM5o#OLBU z$f(Gq7?(&pW3<6?W;r=^Xz$qKPorU3V`^JmQ3r>O6t z0;@13o)nkJ9rB7CY##rfW|mxpLE9D!7jm8*aw}X2TL1(7rPU1e z@W2*Ds=&VbBhV359%@7ukG2PK269z3afDa=Yec$zFjtX&QA|1koNJd9nFrz!(hAB^ z&U$i}^o%pw265EHDpg4pbKKqp4KWdB05(G;DovBbv!i;_v0m0;1B_g_{mrK6$dL$gh^i!q-Ef(_d4}{L#N!ho9~?hQ7k%d^q^G|43rzKoprGVFBb& zn$ocG$r54BI>CJ2KFLV2C3;OVxT_giLV@Jd%^(evz zukGJp3TC`d*HKm=X4wda=Rc<2tMC`##;M#;1f0DKQESP8$W2ol1CNmXX@J z-fkbku{?9D-q)anV;b`xqz{CZeL@6L@!3_atHumPLbm^_zPE89S!~uYMC)xQN$8@y zpK@fgLF1}7bagvStK#nC^^O&74!NY|-MxMBXc1PPAaE5Nvu81bG_&N<=UL0$WnHxF z(ftJTB#gq_?cc`Tz}R#~0E?Z9?A?_XAHHqrDqS6XxR{^GZnjvt^ql+?8>~;k#Il8t zp^hcBro-Tr)7UUmx;vhF? zdMvRh>S!p{_R0vFxo6BFR(wSPO zGSsFOfmIu<)FMh0cFMi~RAO4t#NL+Sm3~6gxmEZ_was%mwtL5pb}`<#yAEVmBf1#^ z9cDXOw`5jeMeHnGXG%XvpJSS2lay(z8<-dvduL&Ha}-@ar&sUslccZ{Pv$KNZc3x#X`g+c%nxybf%sqR%ns*m87+0C~uNAI6 zsZ8;U#0%Hc!})2mdxN4lCN-LdSEXN*sogcRb*TTNR6!{s=|x~VSr_(u(-AL3Sy3TYn%_Q)(#z-P6n`R!^P3@$xmxCSi7;MEzSPL@EXtQ;@kx!V%VnP*p5Yo z<#V((os{EYgavZx4UQJtDbFa?V90go*SvPBzc%5Nc+y+1iN$e~(lEaU5k4yE8dsSH z0BCkA0{}bCT-wYQNm+|#T$7U0n_K5mbQE@wdj@oD0y1t85*Qb`656!Ku4gs~n945Z z>8LaR#o3^3C$7)NU8#wNomKT?tKc~|k*zG{MpJO6fwTsS&ZMzC`(P^^;l_5fedDt` zI%#&-9T*VH@L@qj6FKzqr)}JAq}rJb!SS7;a6|MsuGS$1rqt8(=6cR{*@N)GlHFl^ zovt7{XsgbOIdX8AUf;}yj={TujYva}$hSJVY=5b=u){>d<-3GnWRs7V@mjBKhQ~aU zv9PRt0ny2T^HO>HwHoG)kB;hF>TB+{3|1Z(=W$4*Nqo1WmS`DdgJQx2!0^t1Vr^TtEIiBmCFYGbV|Ddlx=##)HCvjFzF@ zC*obwH(xFo$*i@b;#}Jm9rNdH3f^~+z8sV8WB1vR1Yl1}6wV0&&GFtVBj`ckM}*u$ z;b=cO<}PuaWT?L%2n&$8A>}n4NZR2Ic*7|u{}zIcb0IuPqnw>NcCw_Q=Uq(hVozNL zis(ODAz+}l+)V_}49sQOBv=S31()#N;{pD~(4)wy=)gZevxp>t5qU0M5?$$pfw5Hm z&UpyW3}wDt43SUxnkYST9)sfdEhCZAZg8b9{6dF2?qQW!w~BOoJKCN++MoYurM6;m zTU}hey*BWS-6&d(WwDKi+}#Yj>lkxgU^E#mB3iS|fOb<(Xm0WE>ydvQ@DPeS{Ad(ckrY4*R z)>aJhw5~#N_U;&j_ry#8RLM!2ibrrHpmC-jF+9qU|%n(}F$AnsIcuuPER={`&$nDPe)LUUR z-qFk|R}6inMrV(6(Yh6BTU0%=o}$wYAUBDQvG(nx-?r*(>nL@^illtz(F++++b z1a3thoe53`T$&0pt{f)Y_-2tdJ=kQ}aSX*VZz6e&XgAK%Wb3D(( zW9C->8M`Tbfa3|WSVL8+S^DejZnE)cm3f&xh-5r-ro6n=OotJvG+v9c348Sp805CU zkM2uv>K1*laJS~?rFet#DH`Bzh0^qqY!eSoSF*zpfl^t4_R=GYosUJMW+9}FK{ofK z;{`*TK8B8@-0`H6{qDEk-CeM{Hs-0@H*ZazJCuic9XL;;3VyG4^L3XlNppPGuD=#N zc8$;GGdBb^YjVDy)f?yu?F4J_XR>B{bW}(fXhreNISecCb1W=-w4BvxKFvHN!IM*K z_uIMI|77ab&42d*+X@}f(T2*=AOXOu-e`7|NDV*)mwoX|kR)}tq&po$Da;jZk5GVV za7D}f24z`VQ5cWx9NsxoVe$=B|6W+oX!LwS=n(40@7mm(=Kfp309PEn7sB-!v3=e? znxww&me&#quSpYu$>Y+dx!2Q(L#O#`qFeB|N6dA^ha}yCgoC%M_Z+A?f$a*@QVqjJ z!g}6?UBH^7hP?MQ`K0KY&ZxdkN+@G&aE}dOS=}l}2ZmEl86mO^G&600SFH->)l%OC z2%vqkO~(2!Qj8GooB2&cEOV~g=ico8er!9zZG&$)TW^;PP-z!fk`GX88>-;@dZ(-h zf?!_g=Y)$+KG-*(YyFU2#%87ly&_MS<0a4al$-LJY=4_sS5~_U_&S-unBVBB#rUaU zRVqZd4Cdhnc8mVh&_q|G2w-b*8I3BRhZ3ZE{3o&x= zuN;zqL~**>Np)M4#-Sm45}vV5Md9=i?Un1ov5otky0|y?Sg`DzOifDbCXMVNpBJf+%sd#8UR)IoUv<- z?~@hf6;0kgzOlP#)z&SVLAMG~Q~Z3yAg{a;6$%9-7Z>T!%R%XyYZGxHT^cNXQhdX? zuET_EuFMXa1Ft@{Zu=DFt4_VKSzYS22p)*@>6J3y>948{q@{e&L!2gEple(Av*Gl1 z1!(UOltT7vU6Q!hT&K zet4wfCGEaLpf+Vq?74uV>FR{k79}C~AxU!z8d21gRY$buQU$1HFhMMt*b-MI@z9E!@fj_YK8`FaUowy8*Wu+zIeEQlw!n&kqQUIT zv5Vi=Qu`-h>RJ zNtKw26QR-3r1=L23|5@XhE_?*t_*LQ{+uYOJ{rmNz=kuS3O={TcZt}U$0xI=Wc?QIUI%l6!f)V(y7_EwcCXc-`8w`FY`ZEqs*H5@+$miFv4wT!QNz z+puNLj46{+73WBDW(~-*D~cl3N}k}9ZnDVM(<2v4R8``VZfuu)bVPz*g6sS%muS&T zdE${Fx-RSsEl?r8ubd+BNZbd}Y(la^T3e`;kVdvbAon=p&NKJ%NSsk(`d1wD9mG>_ z+fJ^U{>vgUdRNq6Q72VONeDL0gDDC*j1oe)-cAB; zjI>KWiZ^RO!^SWti#S(;V(82<0eQ7QcExr%t5mRH?^PjGA*o#pZK9MPh6(Q524ddc zzjodO!Z%w`mvCNAOU?nRsp{`O!d;8&6!7KE?i>)OXQsSi_e(w?e_2Qi=-yu+9Ue>o znBNi|I4hZ|p1P1_*1X?$Vb3sIV^6vqTb~R!&z%*7ygb}5(u9A+163l8Dv^=O{|7Yb z0uHZAcfmA?cbF!4QBJQrA;%0UvKY)ne4Z*4vR;xJhldk?Q*IurzLHU!Bqyq&*&^fP zfMh7#j7r6P#t`of-7^p9*f!buY<<%OMg>?axk2#myxwoy{~w|y`>g$>g`~-mD(jU| zdN=rAu3R}}XhLG*p*xZ7(f4lVP<L}hd?JMm`C$JGf5zmDWch$o~n$g z9Oj6HVs$`@`BoV!^VFaMGZOtUe1aej>qoYzi`DG?=I%~ zD&Iv9NLr98qeH=)vA%}HZ+$lnevm_bczM|faiLc<%Z9?CR)+75fg2jk*ctw`eNvGJ zq#5$SN+6v34hRTgpXL%}rxFxnSD1-ga5Vd><^91B5yV(cNW5r$!gnM6Ooy78C8nzR z@*9!08un#v$X^ro_3;o!$#DQ`ahvJum&HnLadi*yKq7q|xoF^m4mm6U69{h#*+hCD zHdar70=9ogNZjEO^9)M1@In)-cK1&1ND->M%x*!Va`@8u-S0J@fRF2VFR)rqu3I)c z$B5*C6T_dArr_r~$)5&E*sBg)Qnfq0FQCSa8Vm&?CUd3;9x$Q5oUzQ=;rZSNu$1qK z4H&@x%5%Fp1$+SfN9j(W`(3t}bDIri-P1VNz5GObM-&)d zBjWdn!mlbRra{bo7V$5!`P8v4FSyQYl&`&l(0^ zi8F-UGspKKxcj^hRpsQ+cARJQ-&It2vxbK5!!LvDylM{h%*eqOHE)ZUL5SiWK}Z}c zxk3c%)*jqqoHrYx7hLoCR7z4umPra$n4!QvKji2&is)P^Hf5r{!y6202*Qm3^x!cc zJ@opq2zv3zoQ}lg`)3qEDTaPu@dt*yqX(=s-9WzxtfVK`_!@muF&aKeQ`^5Dr!f}Y z;0`zsACrnP(Iz`nsN}3lZa~ogwEkNI>qh%iR?QYCYG6N6Nw1R)jOUf;)D1_4NsNXG zy8sJ@ApFN7J`orAJn}E+g~xc)M6tTrK?SDR0c}(rrMDvUZ*7dl4{)j3q5!FhFLOuj zZ#K!=f<(xKJ#*-Cy4RD{7_dal71Ifh+Buvtp6tr~%d9zv2!Z*&-RO$KsSZjSRAOajU1M9;l+2r33wq_`IS+ll;)|Gvd+leAu=3M2l>M*qnC2&_pYZi^(T{z#uR63a2K9 zEGn-m^1cHv{8q@v?0wLz7`eM2;=M;1zZG6ip~quGmlS*Imeio_61%P_VuqpFlftFC zp6`=hfZ^#2^c~C#6y1QJpJ)Q+Miy<~1lS=29V64VdQ&$&O7<<`1S{3*ER6Qx&m!xC zCmcg;xw`LW@PSd7rj|}y`~Vp(U7VB)q~>wt4J~xIom~clVWQV{PSJzEj+5W46non~ zsGWFn5pj+>IcD)NRFOA3q>E0yqXn5F?026ss!aMpbVfms5z#mPq&x}?+Mk#i@}vLy zOz||j+)M_`7b~Sw2wQ3WDP%YvURb4lE*coT1X4D~#zUL^P3v?ox%3^ao%X z!pjchUwQsFnre5fRQc;i<{D?w28m=-G{xiSVyP1Sf|a4jH3tqIAk$Tb3Q(X-{0_ao4*8e`QBri{9kXr=hYVQ{nfphHJTd-8hOJ@~nK+1EaP zZ=UvkzegkY@0W)?r(rqeexn?zy<>RtHE$aSNIx3_-rwIF6H&@)nQYV_>+9~#2exlV zT>=C*c??4Z31$+XZKDeq^KPRDO_c1i;V@lzY0P*FFu?SdGapt%1>>poaM~@ucl6g? z$HGwQNrOUT-ZiLWo=g5#W3_i{?wyjk81GlCITZEN(i&0X_PJ$eY2yr4z}KztFOM5= zNVJgtY_7JWV>&&|nPR1p6fGheJI&fxkc80B4 z5x3p;=tGqUS@}7KHaC?$MtoH|m46PvCKO@)HCS(}!Mn(^%op0oKvl4UgYJ7Bs4 zXF)3Hs4%vi02HL)f4D>Rqp%g!wp<%KXPV)Np$K9eU09<;-HJqkIwab+K*NFoH-s0W zuY6EpKza{Ir~y^mz~C)wJ3MELljT?x#N1-qlV_pZrMvmKpZ=*{2@@89_fidZITWdI zmGBp&-Qk!kM?KcVoLwtwlJ)V^T1BG`cU5yh3;dzXwqcXzE1iEo^HeX*SFF@vE7iWj zzI}c#R7td2)8(z%Y?sGEs#arW0l8$)n;SJt#dBl=`vSkdTHkh7J~S8q(w(J94%}N+ z9ur@6{A{37^mpTee}jvWvXBTJY<%<8s9qF@VSO;uCfpH|d+e8DfuvxX5dW!qjR);} zL#G=rlDWpGo_XmOACqDyQCe9h#ym&btf8GKPPT`?2#go_CWXUW9ei7w0=NPQ@Z*vp zgQRrCclO*oM0|@XOD}z1%VvM>?YxD%P>u9#1ioAb<70~TJyI$Y}ec;xBp$lnZ; z=eTt^i&BDqd*eLz*@$qbePl1u{#-pue&Q?IHVM^ALvBXNBAg?LM`A)pfdOMJSb*qa zC5-VOKFrxQp{m%6GOABzhtu7s3eoeLfdp?~fwZAwb!Ee8U!UB!UnQ=c6Dz1=sdKgL z+a>hN?T)fU=lH!D+!@^6RgLNM8l7VA`P?xfZB4GP=-8ic_e)xE9*FzR;tEPSMSN}A{2gGX6`d3 z6Nzm^`7udGhy~fwGr(-8w(B65XT!DK$w&tpN*YF(>_lqXb!`7xs*n%GusxpO<&$vJR;+>w*T&UE6+sjOo8#n7wP) z=wJKBEnkM^Z!*rzAsY{_sJJbVCk9ZNA_ZfZVqyAuE{vA5rk@4DHI{RfN6Lyz5hOV< zb&f)I+P|aY@AKdEo>5PYP9>BrsC~8`hJvNGiE!0aZQJ3__!DjbI~#_6T!EuG=)1QM zKd)j6J3}IP**t!#__L}xmOHvadhvD6FqeD##mVd8`7^Y;aS*pC`m2=h%AwkdsVF3whv><^!CH>4GM*E?z) z6P0KN7P9!SL)7)B9?W(?!``!NBsfn{CAq(pu~1d3hq0o*LK5HT3w9ZalyyC*k7Jh+ zx`klwFv?ll+$JZ@<{d-9^jR=WGr#$&k^^h2xz#<-KsQ91lFnTG_1v2lxCFI~tO#;R z$oWhTQ$LVbTZxyPjGQ>Z7MTHN(NYs1Q^7@pg2cvp*32?9c?-)fc_@(2lc`29M=fF) z?q@EjM)L~bm}7zlo%>(bj!q}((Cu0OBl_978I4~RG`PMg=PhHSNb1xNi@D_AyGlTe zXU*uLjXnYA;NOvLw%&>tIIBT$N8T$THX17C7`7knwV=nUIc;F;rP)sz2TWe0)j>3{ zMNq$_lj=fbIbPIz{#FN>K40W$IKCPP65!Nm!pYE2n*S1VC`s%v`#BrO0Ltu?sm3{4 z99oDxz5TZ?co7Owbm%R-^{$39R{U?_Ha@^S+BKH7#wI$B)0aX7<(>S&sKsFEN|2)j zYfEN%7YLpUk_fUeJkT#b5);cFl#dQGA|^z`vGT;vVQ9(ZwB#gZfsujX!87ij0XhmfSb`|x(fa}DzKfR<`r4vuWEy!dORE3e@A(a?kEBYR#sZKQmV7R2AGzq_A=hdCjFMOWh>Uacr>6YT7fjs zt*(UM{)_djDnk=UBWELpi@UlH+Vo9PhZ-l|_i9(S6 zz-?oe6Z{qQPw92>G+^Ak@>@+{)>CJboC=i9F_uiLPqu$2N(vhoJI3$|QUKGMk12Nu zx$v*EfI9W14eIY;6m0Lt&!EcZN5<*GDqVyI7)RZ5g~Gz-6$~e3QlX&NHy=T zfGTm-x#Svc11jOCW>A9^Q$WMQ);6J9DA zt8v?cRS8}0e55w->y^|TF5DTeAqE&$r4&<-7`G#jkd0(UK^f6q1vlGdO`i<=9Kf#W z8b+3pk^N1=ZxB))$CK3dEjiDl$(zEXG$L5=kV@b!SVUBBll?~Xv!kpIV`Y+fa0Dn* zJF~$jgIw9npUCo1sl}gw&+H6CqZc??Gb#pU|979Lj`Qn3QR0q)QWL@@kQzW`0+a;3 zo@Ss4dR?1XSvxby8B3@T9Jnx{9Z%1mOCIjAIqIlyHBdcLCM-Z|&%`(1-Z~>C<$Bq`_@sb$_)fUK7>}FFdr8VOHtsTq|KY$ksgP= zRJBjKlo1>4*8-#oBG(j67LDHmkD9M-a+-O7=_+r@P0c#^q`~6qa?BJjdpx5=lq5t#@u$1-0O+ivtAPGl zb-$Uw%SoKQ90lj{F}z5l8XZNOJ~pZaaeIQMB+qpixZ?{{bn+C(1JEMx5IcG`VV+9c;*&$Rrjk_wa8Kzq1e2ir|V2O9zagTV5=1j z2YHJSjiIhb70S}aVM5e|Z0ed&VSQ)vM5zy`7#y25Wp6zzb+~$FI>yYv97BDZXKvI) z`MzP>UcuAzC4uUv#ffvzR*_`qvupw^a446F5iHsIYl!1hfo+=!UEfBw>vtZ!4Ya#X zJl-kEEmM*yqqA+9cQvXkNMH&zlOwKCd9Yth_jB%;FT75X_ZY;oB7Wrw(X_hN>b6z1 zy-3byF&CkH)Ik=OdYb-I@~2_ulQh&w@~jTq*M^_wAywIP@m`5);cD|FKMWUOZbaPK zmJz_svruJWJbr99Vx7pCuNb$YfM?lKH)ZM`l=IQQB_b8P%Vw`}~+ z5#Y~dC3QG?Dc?J9tnc0T0Nk!M8cx^yjq(HeJ!8Ptt#i$aNe-kzxfs~B6Y*o4Zf>jX z0xRz(t#vit-e^jg`^)HI*Bi|}m!`_Mv4_LZYqL{ymBV10`8W|m*hTt>bqXN?862sn?(efm+V0uyVTBKK$+4!{$8*fmW?+FB| zg`OHJ*Sf|wa&rxcY`-kS+*LT-mDy}xON%Chl0hTG+5`l1WHft*8o<;G2#W#yh1Rt^ z$LF7eLyTono2HuLeU0I7geL5=WtPkMtYNGJOCS9S9mS%|i8bdTHeLtMTiH+R<)-;# zV6BPIolcM7<8RQn0>$V3G*>e?>uON@_|9IKp0RaY>xC&VZ#t>0g_`t`30E77?2Y+a zben~=wpzBPfv{tDJuO1TjYBdQ>M9=*B+BDy@okcoiz1QBSwd6`>;!>NKbL966}{@= zg@^*7OG+x?w&PgyB+Trl8;uB@UR(MehN#M8B~%LSEig1P+V@Wo=L>WS$+3bAE0upb$kGpsj@og-01He^p$giAEaOFs-CihdQJi3;ylpD770ySL$$bO zJ)k|zAsq|0KihIZu$9JBRpwhEWjDa?f9iY5Uf(IKZe{;LlkdRl&i!4j|FyPA$WsNP zHN+NVP=*V-#(HRZ!ZWjchp0;yDCP0;za+Q4P5_6_rkn3uf80Stl7u?cXstO^g4JqX zLDzd0;eTx~FOg=OOK-0)O(<&&7`5t_;w|W9kL#yHG|x}&kLy|)z0a9ut!4bM0%+9@ zpb2+5EZ070{?!5hsL9aJn^EkeY{4~-wU6fLh$@zM&EXMt)YJZX@GQx$s!7zps-g$x zK8Praw@Z!5Xa15MF6KYDy|Akc_9(o#M+ZSKb8%CfoI@kp80Y7#s8c%;%*S6nD`rr< zy^VDD!8g%H8ufwhp`KuY`}ZBi%Fe=iy4i^PRtP109PtwZYYZ; zb2c))&89Q4_Gx8j(O7%nK;gBr9rxMrq&M%~@LVP*f&}^5^89RhwkOnQ%hUPsv*p=p z;NJhBc}J(gi@wCg5OOEc=T8^M5>*I|N(|BQM02ghN^XPoDn{~M;J&8|IM|1^+q;xc za0z2qFTVy$SAz_8uJ+C8*{@C{r8Qlfja@J9OIo@<7#pu!*tGuE2Z6@@7O(+g1@l)p zgH@nc{ieyG+Gw!+zzs*YRp5YruV$g|IAA%E1FY?q3N)wfr?{?d5fK>Up-FbTq{!k? z6JU3wT@8bN`&s%klWZ89j3;GNc2ks(465%c%$e`8EK1RD7g3oXh!VDlq$>Ydz@SHQ zbddtyF|4IQh2nh10C0A#5YG}L!n+fBQF(4hl5e(0V_=gRo5E8rJgE;31Ro&p)`H|F z_H(0C-#W$}%>ERQpEK&RWd{GkGG5u^(0`Ve)t(pvM^@tTdI8SL=%~_Y%4C&~kO+dD zR;J3wgJ_S^y74WJHH*(WH99OweoY zQS1o*PjrJ%?i#B_?2>g?uq#{SwZXnQNE8v1`6M$ghgGAfMAE~r9(=vUYKfi7{3e^` z@tB|LnpD-i+}Yl~xw#q4Wa8veKHC-rx5o)A52ocHF6VFmJ00&n`QnR5HK9>8p$3MM z_@sC1-mNq<+t0PsVENTvQkQjQYB+G7MFF?B@9f1v&F^1&;a z)5kY?x4yJvZ8t_SOG&8?x``w8dYUPtds<#}OdEuE<8exgiM`9GwmqLsDm@&0Ie2hi z=p!~al}(X>{mk=eQH%z+EMm%w9gk;e1~e|v#|1K)#T6v%gb{w!W$9Lw60b4MsL-Or z2A42M2o&3)Y<;6C-t~uc$oVl#y4;V>tuA#i*tF-T@m7HL zTXINU*_>Xsyy#s#{&=f%b;iQz>XsrRBe+3r@4)F?BD9>ef3A`&Dag1}`SP^dDB`cv zX>x_3DrJsJ8R>!i;V+Pd%=dsHopW&5%dDc&?BXr@s+~RT82o*>@59!X5S$>_= z2njrrKpj>&`J+B8dhi}i0|n?JF0j!@1&d?Pfk3g5!r`5=R8a+Q^msuMi9xm(A7Nk| z@frt*Pw>?hKTGDAzMYm6!|!Q9;N(g*DlnAmN;tP%)D<4SN$01Sa=Zj%jWSnRBMbb2 zPUY6~!0h@>T=EcWVnde7MT#>P6h(1joSA9BO$HrA!z7XR$T%OBmO(Pd7E5fA2Z(`4 z+rDC?6uFk*r~bUWO4wp3Rrg=xssWRzP)a;BI5GGP)>a^t%1O?X`I&vvrD%((VbIKc zXMPLatEysbr+5~=3QJW^u#OLI^EidZ2*{J5>oTMae7T=l>K!5;=vaXb?!w^9~b zvWS!qDh4zVI1B^PdV1TQqDFDkMyPm!xI(HPkl$8&KK#Cj=actsrHLR$)(+co>ZsdL z2!{dQ3|^uq$bLaL7aUSE2)rRmPWDd5bVJ6u! zY;+1(zU44JmgQ(c3@qLLglD#a0Mr-GtvjMAYrffCMo&2_80J($%B(lo&lkv8uD{Y_ zo${)YHAL<*vTSdsa%YIK?ret7=D5Ho&k||H#)~RPq03xTjW#V_vFje^FaK#x#X2qQ zvmz^vj5gUhtu@<{-O{8+Eo@lw0wU3Edwa6})KilhY}R~ijvYybEql*<3-isMBN1J` z9N`64o7OCBHra%@Fd_O1wl&iFd+7h)pXL{sV$D||XubUlX|=td6*li#wcXP$8OkDd z;DvHFbKj$MgTcsB@(-|9hS8UUN3fp46d;rG_RZ>5P6Z*??%rX)iE)~os=(UL#ccnh`paWdq4lw5ou?mM}w~h z5AM@~N*jbHgU9RfCjC2UU3usyG>ksI%LlB{p|gS`=dOy^C8vksy_EFJh+j?Z;a0PB zuM$#TMQUnIueZm0FmaXjG9bam!CoXcktsa?#bavJMi-GbN!RG^X>^OZzXV)$_`Jx{ zMk`8xmgyOlZ|ohFTCRsR9xHrW3I}}j!?e;Pk?E2mc?;7OMW)tgKF`@vHN18*mJB#W zNy5yKM+4kxZOkLkVj4J{i%+xlE1qS>thFI5D>NCzvS1@8^q+%loGoU;H0Y3OtCx(f zbF=+S3Oe%CugWl2zkfQ$c?ghhqP6y{2LSO4Xv@1pI!-FOI;R~V2Ffu17``^Rlil-sw_3kHY)DG7+*LFNWQf96#`>ZY^$}EO z!o0!NTa}I$)3}HR$A{;U1f*1S!Gi?lHNT*TDdRbsOlrR{611w1m%>|a@FJlI#8#Pd z5$-n72D8+qVOp^=w5R3@d}N&TP^HJ-*AX8@Wi*(3bNl$-6ltp^%o_)sIsKm zz7+MgXXzEY)vSNDNXN_`M-fnl1dr;2~v(6A@fAN<|Wvxm1?vEWW~|C^4wyQmn~iP#s_1=Ww@$wxm_t z4MwYBz?_d`G%F5?H;^2lj+6V@Q?LcP(@2HbptNyNjl-ZKW55hg3Y`fkh7)g-hoObf#WdL!26Hk0@%Z4hQ>)HEfx#*r+hAt`FvjiriM)r$TIyUsG1fOrT>2>CGUCU6vWNSb*@sk zk@1H7Pwi=2N_-I_qaG zl6W~)Ow{1lXS2(hQ%~BuVKQ122|H^>TWrP=K}1blMH)_km|T<*`?f!ci%kMa2e)96_A~kxm~F%})Az10d^e8Rq63%FnTfy_!8ed(g|uHb zF&Y@Rt@NGm92Vw9qHc3usO0h-g_Q2h;n!C4BicGxK?2S*lXN_WhF|JMUTx^#ta8Rt z%MIhJS(0CxT$-?0nS0TGk>HIpaaM~Y-OG*r9494h@HzeEXN78j^u*1@rAb|F((p@y zjRH73)6yjbJ~Zz=b)1RM3Rz%HTDzxbz3HYoB!fE5CtrOI?|Yn)6@T)HDlZc^DEsm{ zPsgwL(NDRIX17rq{cTMY9z@vN7*Y732b6eR@(t7^g!(lZINK6Y9)}fZ1kS|re*_8X zNW?@YlH_v_W^4Bv&r;%D_8^EEaRnh+p;u5obsp`HXWmZzg#EHSV6%QPF~G3GNd|Q09vQ?pum~tGC!-HL&dy%q(ss&@xAT)eYAW&;6Cb3#>3kAr zi&;{nqmyi^WfkT1c{B}OUYlm4=>j#JR!KwM2Y(;*_b>r?y1*^DQonpD zD$%E+kpg<6Zel|JvF7wwO&l?-hUpCSf3YvCvx5As4wf9Zup*vRbWQA(E`yx`R&0q4 z^rw*I98fCozUMjHoI!U#VtJWo)#gt0a4VW_MMu6)AHJnFZB!0O?Fu4Rbla4M7C*RZ zu#$Q1SQ|Ev9yw#P5MglXK|9YS6%@k>d@vCk(0JtHiX7{*G2W1Iz}cCWeVzUAOljZd zBKXCtrOivVd7?DE58@}Ri(%z%FW;AQ9CVd1K3KL=izO2l0lm=yBZGKkpjKQ{oUy6KMV#BA3gGA&UlF>Uv0cLoVNzG ztuQ|W@Rwf<246pD1NU73wFdyeSAXNRp4P&!wb+WyX0JLlA3q)po_yH`O&{?d0*b3v ze)#AylD<`SYe^bnRI{TF-(jmA+~w&^@y`+dd4PXToWt7&AL-wI4QD9wG^hZ^qY-js z&ANeG(-wns!|2jUa;OU)b#$83fkSU{&Q_a^SBv zEwTwq53701PM<{wvmejsvrJ-YnHVtYpfo=;HjkOwmle5PgDc_8Fd}F#hC{231(+l7 z@($1)y=Zr?@6?Ps`^UTS#VEPlI(e~skk6nX#uMxV1IX`l6g+m9bg&<&eH64I(`d$ z{6Oc+3L3eh2%IpOY8(2mTwLpB)~a!-r?|1>bkKIxmh6^Z;wh3PK=` zlN-6+glRr#Xu90o*hi8Q$CiV=qKI!XOsM+}qN#wXlWK??TWCrowbjipc7!D>4}xin zF59MW_oL2k2M77^EetRYp%sj3fnWr3DLy#L#>v~0ONP`YUeKK4Wv6LTR_wN9Jfp97 z10T|J2okr{`VT>@&_uw%s<7jd@W|L^t03%PZ#*VQp)6nV)htW~@qlY2f?8)mT@NjX#_`N5Z+0=mufoQ>E1-vWVy#qFx zh3pi)Sy%4=;H7b57z8@|*}Z{$9<0wxTv)IshP zU+hVWPY@w3Po5(DGAO88goOIK6dGZ=uyI_9Dm=d?qQjGFwnc@{SA8Nz->L@83J!$# ze4CNg*!#T6$o%0W-(ti@V?UpPy^|F0K`@4{I(?c>;j8|;KgNrdYay*d4T+iC+|-?f zuv(JyV45^3wP?Ln0S07ks|#F%QngW{)=LdGBz~#kkr=EvNeuSUmKaMmUoXs8735wd zGy$$gwQaMi1~sg{wrYAcp}mU0cA7T?wGa({QEk+1b)UqNV$5uy`BsU$fNyoT#PSXB ze@wZ1mf#Kp(3e@^Kcv-!pUGtV6ZK1VRvR~51pv0Yn!K$F+5=aB(o3;%PkS1;!LA(p z2KebciOjw->rlR?;zsT#!5Q@M7}}) zfLoR$p?ef&>X7zN*$=ceh7lFh^i9G}4$P+*?13y~f@54N`-MR+Nj&~<9X7iykNn!T zt10Z_V1JUs689kC`L6N|w0^JipMOgzPtSiI=X$pBjUp*gr~ttySb32SKofu@f0`Ez zP;UeD(G(A1&*X7zj?b2{_T~{v1PJrx9sjvh@@h>}B)E|F&YjjX$2GEO>*)Z5_XGy$kv(%bp>~1n{Nt}$_o?4~ z)Q<%&d;1IwgSM%qy**=$+3Wn&LH_uC$NTanzWXo#yI1(`kN$VR;Jg3zzk7%8{zGsh z`zyRA!u#{iH@HanyAQ9lV7o^>u|LYdG!hy`ZYh`)Wuoz9{P*vs`Ne8D zZIzINR+Ew6!Ea&%&?*GR=c6ya@c;b81N6RvdJgu)fS8Y&zb~?sPQ-ydiVc=M(M2C} z_oXk}`H}yOu{=E9inVuiGJthS0xhvPwjT9=(&68od0Yag&5+W6#bLSOO$!f7rlCr$77+}DO zt^qnvW^+statC7X&FXIg!)V{z&WCo`5)B`kn z*bDofq<0!Q^fA*1l>3=D0NTo9jX0wm_GxKa#xvF<;e*-@`KvvnjZdFD96M}53u~sX z-c&byT>^KN@vi6{!N>9q3jDk-xjT)YumE(dqj(B-%J`P$zbR?-wAXb*=;!Da5u`Jn zGmap6dE~)PO3uZvT}p6->yT_>EWH|Xmre?Y#hPx?leR<0<+Hn8BD)+O%=-AqNRZvK zb{v++Ls&nb04kR4w04Y^!^X9~J~Bcc`|TrRq}hL;1SVuZt{s!*vEkO|CxD4*yRIFf z<&e>=-;a!mvY*$Ai2AaY;2ZAz3V0^O?)w=zPXmv&8RpV+BUZl0$0bIRfLCFUkHR-gZ|8M zH{RTz$C(Fxf|cw!e~(Z?{foBC_&T{nC=y-(RSf`9eThJJYM@b&>iWXt=` zSa3gs{=$F6LKbuajM{jsf}X0{Eo80DK+wEa0@**wu6J&b(uG;}oz2NBODlZLz%cn? zL;g}fiX!^l0S{%N#t4Pcs&;wc(H0WCr` zR+i^Fl%Pa!kl6UJ0Y1`_&kNCW5LdAhKgP|kQv9IU*#lX5f!E-srMeagljMvhadwrI z;v(<)e41kBVHby5v8)&Li&K1Bh*W%BvC4#}OwWg%T1k=;^u}wJJRdc|@%dy*$g*{` z&~b9pKjXQEiEloD3Oc1D+{m9Tv{3l`L+l)W2qu45EuzGaiz_^_&fk$8Abx!)O`VM* zxgvu2GoI@pm&{|nAz~S@IQy$bn6TX2)U+XIaGR9<+69Nnk-)kaL z#AwyXS&mv6+BEve2)a9IWj+O!d61RZz`9OEn>aWdYUXQ|EW&;h*m!F!_T8p=iTI$8nZqI=KxN?vjm#J49Is7{VOtmXqyeN0@zh)@u}rk zFcxBXPXvC`@pH<-g5Uz?N>8Afm7{yAhV9b z{gu%VtXn5O`B<@TsYSe=3yTumrlY~1;&K8iQ^;pEr4=;fgWol|q!oG|m$b{328%la zL+?qPrI$%5ENQRg2x)klVtV5P_VK$I$ESn$&8t_W4hHjb{4jVK^6z@*cmq0{Hq3<3 z(Q9(WFEuytapwo07^2m>8G;kUz|NsEKH5BX&mGA6=-*&h4XPXB(8oZoDGw#Iru^p) z?n)SHc!rSCi;CUFB!3cJev8}1qEZ(!j~KVwBpfu;$v>}Hel(+|f3w1_(_14C%k~Gj z-OJu=HZI5TF*#d1Yak&W!=Gf#V7fU;E=6AUOe;p2^I8JHXLZ_$rwxsC41L5APvGQC z!@LQR?t5e>|*Lmh9k)qvog0P z;aWhz=fjXrpmiv9UFT;pWpV;JzI$zblVt`s->2mjam!lY>}1o7?VAo z4u{Mwj`^la&n=3YDh`_nmR(~Ta0ZQquf+V-Jfdd}$+y2m+%-q%xjNrOnmd12bECYA z-r1`PtuEgZb*uX}OkWRh>A<{b@6=fH?F6xfU?JM)G>il>Bd3HoW`*fab>dP7wv1o+ z6+PM>#g<8Fr*+Cp^4&Bay{Va7hL`ift6({CLy+ze4HOjv&k8yvUvM6y^g^F9IlxsUR z+B3bINgmJAO|X!jq5lIQ#zh)uRlVz5>zgsOj+=$|N4eG_o}JmKwQCW=lK1AfHc_Nn z^5;O@l8e|Xd875g(25RTl)j-02Z|VQmKhU^++y6>%>h!1N8dW#4Gd?iXo)5A9K6WD z2FkB8x*U=t!IT?ff!9}4dIM|rSSb#)fB5X2=J}h&oRqhw^1aHO<7TQCMQ|Y*M1n;{ z!4-66CM`T-QpY?QoENvSP$HA3r*~p2dRZiwuWT$#-X)k;iNUbKtK87l&^eidnKSl; zz`A&_*d_!B7>;spR#Sp;tFG5q2 zY_2b+QGNMX+Rb4mzk*{Qmi3P<>mKu(+3(8_7O?5V?l8U?C+31ao$0gHJs*4z&~OBE zXHnul8|PT9B`YFW4v%nC%gG6E?j_l{NUrEB{_h_967BtrcUUsl9y05-?i6CTdzG5U z0PKPk)>BCzIJ$tjwl^Aqkt^A?&buAy>{+|A^oEG2RXFYyEQ(R`eUUHbd?~&h;D>&| zW}lRCY;X3nFS-^gbd+RXVajIqvw^N)7pD*QmcJpS9pKvBbasssnMYeR5?xW#naBvY z6Lnn#y8heU??)YRS^Q{{z*M`LB>bY&L|n{1W_!RspeTf|k!K>1C?WVd$il>#B|(cW zZlhw6p&1ec(hXDlzZ|^&=+6y@aC(!fnwLA<+v9vx4rb}7$jkh)8jSMUc9QiM<#voy zhW+gebo(7w|xbu#y|6KysQ6xohCQC@z226PXEL0 z3?&PAB$>jf>623(-!`w0jajL8_I~eSR-!og3t;${YNeNlCUF_P z0eJA|wv0xUyn1Y2TkYK8u^LRemK^A+-r)5di;^ElVz+v-vy`}tDhIR$HG~u>W+XvW7IPUsc!o&9)m zHNjcKm#90@#_LXNf$t*(k=);XK4#vT<|BiL06`AY+Al61LMym9BwTz^-SD0@0d`P_ zYIJO`JOO&NG@wTYpmu{IdD}A@J!nKa5C(kQboFfvh-KjkS~&iid)8M}Esi3gZb6Iv{017YT8U0(b_}_h#U}9fK^XwmX{UDrxObBLB&uiSmLwE9Yol~K`4CTXP$G35PkCqFg0*jAJVMSN{a zARqPvp0!QzWl4vg%;*K(5xE~{^5j?jw6>An4bM zymjgCxW3FX>(s>Jxr0U)AdF?IJyx*Ru^y|7E|$AC0)v3vB4K#&b%D5r0$r#N#Ryp0TfzHn{}36%9Xu(HfYDJ_ZV@P6#>NNsuB0ZJ%LSSn9v)dSOFfe8Wf2-Dsf zD8O%?rq*J5p)FTR%ZtAC`R3ehKOXnTWk1OF4%1@>V}Q-c+fI`(er?~b~T{jJ}QT7$C_qX#*Q*m9!QjmT1% zBFp~1V=5QZZ+r{dp%3ib>#?r%K~Aaw(;~io1@F;hXYYA-XsZ2Sv)#hkoHwmhNtF86 zx2;qOkNHVxBi9ON7*XIQ{67A$V)q_JMF3j^Emesk!8lL+0xv+I*bC!6D41L5AA$n= zbP-Rdx9b<+NF1L49x~SeESj@XI*;jq{4&B<_(|ph0E@K>2v1l~3c56gh%^Z5_t7vu zO;IWMG)1O3&f1lIw067aMVytGCp<8HrM8oIb5pBp0^^(Yhi4VtalwOuU z3e@6S)C6YrYS7DEYgK{x5ZWdHKho>fn*S#L;Y;1a@7ICmCO|7?xK0Q0M(Ja-T?=)T z!_ycj(iM}iyVXV3+3q%g@%=tHFVY#n?sd1jo4Vo+d#XK9!m9NJDHL2xTxnagL7`XV zGkot=cTM7{YtX5?HqB#gAbu}*CwfZz-=U6moupT%13T!9>O`V2@ zQpe9T49;F8A`~@CZdAK0XTDc!AwvZ;SCigq;GMNwfHZF0?D@v8Y&M{`G#Rs3 zXY48(5T;K-Z@_}uZy2b^M@7e-NF%C@nkMs#do6|mD~qAw$yA^XQa{D;D`#k(ofvjS znsyF+?|^}i#NqMi8QxzbAgSsiq6%hxgl%oKc)uvE7rJXg~c?rwI^ zx6R}fH~e{hY_T!Xj4L)f%<;E;MUS9f&#W3Tjur(a$IBo3VoL!-4G**Ho&A&Nr!USA z&yM$=A8y)=rOyC~mhydCtu^Kx(BiPol+YuAUe|{e1^C!Zv_jN&i*eutJB?YtXb_QV zZb7^Ap=nO2EGMxzWRym70O^Y}crS)`8aM>H`k>J|rE6pINe>owxOSjI!l6ksw!qeM zN8}4RwtV+N8{HP*>PFle?R?=3a;pK3vnXe%(H<}P5xQ+~BObsNrO=v;AKHjwfXYZE6)`N`2xv8*=eEtuU4kv zzPyge!;gn==U@|uOIR%_f85fyGxDnZs>5fP zD{b?9;nM-EkmXmc_gC#OuO0Rxj`j}ZxB#D_+@SX4Y~2x)7e-X>TKa}{$A74U;U|}b z@*X44O!O!~#6`g1p4odS7mctC3M>V)8>C(pr7YSeDw7dz0`q+^%dIGnE`9tXaSjW# zJ0ygM;=VEVW4MLJn>oE14~YV73PAVv8G+98zVV{Z|5XRpSi0l>UU@o&aYyL}$|r|@ z%7LH}7@l&^^+q|*SRF<~?*^Z>2eAU7s9LL0uq%c3i0-ko-CDW;=#z{UW5<_x7loxi zoM+EzwdSl)>_&yU_EDqc`dbjr4WJ7samoql;6O(92WelABEiIHHd$oEh$^CE9NgMk zMwR;2k;?PHhp)QHQMNIoq2%Fy5vN8Z$q^C9&^D9cVzm(1kiH{BuX^>SO^RCIh8KcP zsikXojw%_tDMTzXHl6I8r}j}?$)vl)-hzGcfz-_ZD|(=XwLGWP{gMsHSSem zn_W+HUCbp!rjnJlPzQi3))qY0RV`U=mu{m!%A^!6WWo;SmL%F+sSiucR#RM4P277t z5XYucJUGt|PDK~VC`Q8*tyGj1MS?aevx9IK(J@q!ugeJ(Ey?CCWz?|9RBBh*Ler1O zA9Eo>W-u-;SW-zg=j@jFZQ4*0fJ0}2NHpI{%$+-k4#ez(9w~D608~MFUa37$UYo>z zA~h?<+>tjE6JYXV3H{)JGA10w(xP_+gUgRiE#;Qn*|n z(99Cz#QwaFh9_xv&dvK5$wQhiHQiL!iqMJ{^!Epa%Vr`jCTyr1VT1l8Mkt{m0R%;=$DDJ}vfs)D$kBO{Suz>l~pkpl5j5QY? z4>}w^`r=EB2av@1mXk!p{_uDzBPz-pn~bGdol3-gX#|mH5Y=!x0?ljqhIdt5di}Iv zx*QZy!hRtAX{*ol$EB+?2VU4Ed~M@X8=2{}6TWE+pBkQ`{U*6*OzSZgEN6hARAdCtZD05JZA}N8@bQ- z1L#%C5zkG8NbLYx;E$6V!rr6m^e23y4?b+8fcjB04f>Ymv-NFVRem2M{;ezKcBQts z@N#qBZ{q>41=lzu*?es1sb?Y*Z`W4S=iho}U;R*e{lUswYpSc9!nH-k>~8MAJ0I%= zcO9gFc<8hc^zJT^4@lNmgszcy%H8`02ltM=G+KY!Q*A|M zIkW@sq;_-mz}Bzf+$Pqj?Vz54yNriDuMN!Ahlb2@KbOnYrBc_xF zU|=+-zK|5x^Gbi8koTdt$!q?o1bMkd4WEtR)$O6#sOkH-c~x)GCi zBq6#aD7wMZef~T<1|uv3B8!ra&c-+H@pp-yo%TfxP;dxFv;} zJdh&}#OjsWq}Y)vm=Ay87_5lA@`n&u10s^*I7eO2l>5epYda0e*l8g; z;t+Vh0Rn46z~E<~BkRD3xJ*q?!$IYUErC518YB&FVtHE%&v3)fg2d9sH&<*u^7@UY zpk6m4>d44alLNlO7@Y2%?L9v{KRlE7)L6&v&qc&1Kkr(Y#~epYOo|@3B)TMFCbmmx zJH;4#j))3qyrtV*_GZf_4r@-MkjJ)ZA`yGN=U}OGAYyD#<}v}@pN#pT zYTump(8v%H>!Xnyf`>|-HRjU8p<$SO1BY_%GJra%m{$sv26Ovb(rSv?do8kZto z6bZn+$&&0K3bw>NXHC(3W)A(Hciz)nXQjk^AJ_=u7s^JPPC*VOG57DJS%udU+e|4)<%-9-X{6KYek|6;aEhfaLT5Bw7|1OBpWX#|ehl;S|X;Lp#Wc>CPI| z6sFLM#cfk&dV$knAj7RZ@Zrv?&g|CsvE$D?FuOH>?S$H2{cfSVVba`p3j=S))pqo3 zhyAbh_{iBqu>;B5ct#gXg8)mIc#g%n(NVn|Ri{f~b}^_mq8n#X>F*VZxp@lwh->*< zr&R_!&3qPv)q6yxuJ&U@urc;QVZNc&F{jpr%cz;D*2l=xDw554fM6$3wd| zNzt*cGh-|UE>qf-3KEnl6b^fsj;-oyvW6kBGOTN6^-##wGgz~v{JKu-r1J3S08c%o zWAADI_DO2(%m>hhJd7nRSaaJ!p2uSNASV0_7GUEI1NBUG?dbN!-~F>#ovAW1@mhq4 zTaY5SiQ&l~=qD3GwoK3V7tf29xN9D0$-Gywf8B*vw&tnm3y;wRnz@?rD#^U8Z42;~ z#t;A+QG$P3D(}?RTWjv%MK$TO`Oud)x`?f0uHByXIr=Sq*b#ZjdVfK z=3cl~b1_31(=`k@e+~{u>NuOkO=mI1)9Os5Fz)=fs1q1-YCHHDVOn)(G$p_ff|q`F zlai^_pWVbFdQSqTSzCFdMmh_P^k+HnY0Clgd#l5jW)%tUxKJ4a@OYRVs<=8aXryrpN9g0;A%g}wRs2jg8Xyy&4 zk`!$(9aU_Yzc=l~POz9}H~R%0=2rB_RfI)eb1X$O&sj|2M6V$O`Dsi$0j(tbzZ-3l zG7WSMT(5*ri-QE(j8uEIzO_zT;uKtD>i8lr+&C*&B#hUw;O@Y~qWv$)?Ri{WC6Wer za;!F_o@ebv6>E^JFUorn7o*8mlnky0TXN4hklo+snPMGKOV4G!Q<5!CU8jo`i=i8n zqnI{7M@2#tE1uG?8a9U6xREa^nCdW9N3$_zu}e@ z&L}NMy`na1#;_s}tv*x~WY%h+Zs)-=s|}M4>SGU*E|cyuL<&$~$Y@5dJY-~2wHh*P z=U;lr3{Bw<89o=FE#3r2(uomeIS(YDA`0`Cm1Vzstvk7gAdK$wbo3^vV4hTqrh5#( z$D1zVEQ;|GHZ)!ZjHn_YWjM5+XK^T5GkT^02Aa3m9Fd9FKeJfD(KH1MONB3D+Y%uW z1SJpyi_(u5Z{G^n)H?}nl_JQf1cMZHAykn>YGdG^1bDuiR z@9nvnq)@*~rc-ul$b^;Qfkh16fx?GH#%pOxFoi~zi+-^boViGU!QZo%78!$mtBnqn z_C_r+`SJ1<;&D3MUjUV6T&8GIoNv%D<-2_OZw0S$UvWV)Oi#*R|ii5cAM{uSyulVvZ_te-`r##~=hy zGB~1^NB%J>xJ3bs$fPGntiN46WrvmP|) zfR9{5Mg19VQ*<7@9X){O;a3-Sj$M!C=09e7zIXm&`1<(d_4(P0;rZ*~-t*Uc`}-#^ zj?aC?F&Z3-L@>4E3kv#Vl;#sG;+`)%afTg6&rgGZ`hwNvo056yqpASeis7X6wVb5$ zfwvd#kNSqj;n~^A*$!dK_bNvE7Kg$mFPPoR_0?K7PX~9~@u)?>*$w%;<5BO(!$+=( ztaLti%Jb%M|MlVPzZ~qpesTPl!jqhlfhNk=@8H3lnC5r}N~1#5lX#;m6ut0tnh-JHPf+D-(upFd4BQ7gFv-SE zGbxW2^Rc{%(VChin7I^Qi?Q##%Mt}`ATPw-c!8Vl^%h@Hb8e6l41~&(;4uw+kr!Ue zqfNvMJ|AvwJ$QV#xplsG_Wj|xm|nhe%;e^o>WD#A+uQv|51)Mb)z^<7eDRnm11*S~ zt!RN^7TKE&PtKw$$Vhpk*lIcLEHjMHJmCfLOw&rbF>#45EUdwBK20mSee~tSS2Y#6 zF=}i<^p$H=hwp=8#Uio79{-7Fl<@IiX)3KMziYp%;ZzeTfDg`+lOhER9_q4@Ws*dV zDI2lmEes@G)Z_KY8 zz=*Det?;oT3WBVKPk?Cn_*qQLVI9~%vWZa7X!vNMDKmagyJ#n^LRqlGAn(j__&8gw z;t7Rmogs?OF+#8Fiu;#Ztyfv^o7bp8KILwrW~^3RLF>=Tt7#jMHR)Svy8pfR|U3B-|233yPMHB zky}!^-5+^o@CIMt?V3y5mtysQ|KY1|^g`^DYMy-;&ASE5`qq(+Si6TjElvQ9N3Xu| z6}Em-c&QhWmQ;lt(}Zg)Xbs3?(Wle+stlw37|?c#(HDg(N0WZ#xCN>-;6vL#=P6ku zA%va)LV7v%MH^H6DZ<|btpYU~@Hx!JqK+S#F8~>>5dWwUfgcPsJY^LMPkbnxC0TM) zkHnXNgi%a>QHan_1}cFXO(T?0J`Q%#O#q)i;0PJz)Hi+JvCJM=MCa;YO%pR0x8N=t zXU~RRwhogv9l6QIzOTO>CRbED?ECuL2@4R_wk0ptkAyB7RI^ebtiM4u^)(8M`M&<< z!~|E3@p--erqmQxjmdet{^soYsWYsYlWwc-FJz=}t;)?5xzKFC*7K~&>F4MNaj{)2 zcDnG^uFSuEIEcheO?1%=^LeuDRF*r; zhkeWjX2(K^r)~lBLtNlij4;t@9V0dx`_T(6oG~mf963?5@VG161vg|B|CwE?>ASs^ zbN~J~{?eZHH9r0|Ha;~JfByvN@C~e*QLy&7mg%^^piuR^Gxw$P_mp=RF6IxSrV|uG zFNGCxU;S=CuzVRhxd2B%xWA-JlsCZ1$EN&nF`LE3?T)cXWK-1I5WMel&L(-N9yA3{ zvh{XnqaDcQqaWBsp5vrq?k0u8*@A6)UFMjUQQLamvBt;z#`a~cJy}%*1rz3|z!fI* ze2wxkc|Z!hs)AhPo+eq-+c4h%uEN#3w2D0;`JLgJAWD{o2*qV@Tbl=OIywqeJ)dLU;Sm za7zCgoh&MTCFigI5&dFq=D!X__i;~|HO`zdM1-0hqZW@}P$*zA1Vic<0q%WA2&H3x zOin4zhs#x>NK3KLuG4v5eqY4%Nz@;XK=qa^bPpD$@fcG+OQLVYtY6$4{rrl)$TOBF z*=do?(lRM2XKq^Eva>mtDZEuDvIR72uY<$p+@W!y!F|VKayuC$45v`AtYG2-)74^k&MY67~ zr1*h^_z{g)1OsNYqrOn?Y*^^e^E8<4?5SR)-KKyYm)CMLqSmn5NEDhT+WmsL;-any zzUgj7-EN?2;#L#oZQ|?csc=_;WgGn*+TeUNM{vW%XvFTDCF%SW zk5kn|wR?93nZe`>-$1fQ0w@1gAa4Ji- zj>*h?s=~U1O)-f&6Oxt;8j4ZmQFB`u8I6Sw()cRNOAxQ+U|v4-Ck;S|J;6j*@pPIL zw*#;{Coq?+V6Jl$-#+5o2YmbS*O&3b%jAo|Rw*G3-J0hm<(rSne7c~RJew@R>URn; zTk4L!d$cm@KkTCl>I3)n)3VRQh`fggR@kR~C-so6a1M}%f=T#3s~w~9wWuBDVBqO* zxk4X6KJuP)JUG|4y29>B(!Y1LETRO)UaD)f6)Xa8O-#89@NSEp=0;jK=j)pRt(bQ6%Haef^na^RN>BWr( z!HS5+v12Xb&;^AktR%V)?kdK(2>GFyf}F=`p)*a2DU|(z!Pr=r-60d|2AdK*sfCsq zp|;nxcN6{8ar*XC=bat2xGtG(No+G9MY-TVOKhX@RVB8Yqxi45@q;n2W`A1Bi1%Ww z1M*cq%BR5iXdYqoM91aFuS^vVbcps$kHYh$n&jisT#T4r2VMk~fjxqQ zJzq&n)N6hrU+M5lP z_Gx(+%yVW@nT{!QjbsOH@U*de6Hq-W6i>*5z-@5Guvx67n7g5wzMG}zL7R%e4-0?w z?lBBaw-pQ)_W}a)vU8c!&teDgst1j}&09N`aFc{w2Nkl#oG`t3bfg$_wd7sBo@mYg@z-KMT zQt{cKl4rsL6{zRdYMNKyx`|jez@Dw1u}nK1%kt#Aa=i`o72D}YJPK)WP%A?9^btpceZOt~Fvm?^%Wp?9aZqqU(=AQZr5uLk&iX*>-=%}@)1qqUT0gLdnefNyJm5@%U5 z)kV)|r`8>uTH3@}vsVv1c|2K$bfw1oi`Xglc+3n)~6SuloD@&xIn#uivY$px5cEAtD-K zvn$hF3iQ`egJ#uLwIF^lUxhWHRD{6}tV<7iMsZ2~CqA-I0X@i)*y3vJw0@CnZSO+y7aBs>S>r>T)4ueiIjVcM%2Lh^@%);xZYdm)O2V zl&eDfz9P}8E_R+G0+GZ(q({aIJ7M%R8MZ-})JvCEHmwqXyFD(il4?BK3HMMBEw-ks z7)R$;Hm$8yJoQDw;yNQb?4Do342HQQVxUA$Ef7~lj=@LY0QY4hem^kfWn|%=kqFg7 zuN~Hu)-Q9+HqPl~Jr z>XPjOaj;XN+$BUqeJPwvC>p0eX_4~N5&%r=mY;$gs72+oIB>)PBNtsfvXo%p^@M1U z`*Osd>;Nhzv%I6YV6D^&jPLah{QF4`Mj=ynu=`^6HS0@A3o#Lt)u$WAP}2JGs4Uf{ zqXtlyEG|rAyf!eO)IeCSmXS;Eq=ncSzDehEBZPpJAT+ey%D~#kmuXO-63AfA4iKON z1D13DSfEiy_h4aH>F6UH=F3~YNRz?xJUOIxddLdOND=39AeL*q_0Rdt$qfD%$Y&mA zIaa3KCG^cY`d@U}-J)&V8hB(i&dy2t+hgxmXymcg$O*Y>;wc-hM9jlWc1E*HGI5xW z{}h+}kZPBFLF@&7$C&~&2YB5GL6eTFmZF9C3`NcnpWe*nD6{fq&mj{URRAB@t>r>f?lJPUt(T5jYt#RucVsqr#Q;8)rj7$t;rh!>wFsP$rh|8O|8V7!Y) zG|u7iYKh@fNLK%t)b;P_-qEwegCL0*0K0*AZKf8JN_{4ln8U*; zx$?9!#oY&-PkO`JL=sh8Ak;DPEFP759fa&~}#EfDz4FN0tv7JltZ zWAc0_SBv9>0UH<$TosxkJPpdN0%aIFp`-nJgP8ZxZj<$Ci+esWz*uH{;kk7VbZ-%S z?6`Lec zk)MBq`3lRmvPx#wA$J%?k&1z@774wK;Ux|@(11i;1L*yPvAuEGu+Ou91XEDN6K zhWn~zj}n;;yNxUBd47W-Ov!Y*JPLJminmso^+>nW zl|CTLDM?>vKc;r{?7n?K?dY`L!m#wz`DEsb&;6v+w$(goO{lxskoDNLoDe=B%S{Mh z&pzgasM#?7fD zUKHtgdy?Put6bzP@53sxil@_lk;mg%JpZseixwL{rC4$~+&IddZ3g(qNG-S7r8Pcs zLu-~cB&I1(R#p&>aJZXN2xHY!5!e8h6aIE@KBmC8BHccqz&Bd175KI1!$i2TdqT|L zxN^We$8a+c4uuxzR1zB`~E*m2JR#c+50-N!WJ0PS@o5QGaH$RAn zKz=sf7%@Q*Pj*)#&3_?Xvxp5 z2Aans+UJ9L=S+Fwmj#HDk^>)409Y!bZjvrT#bp#oOTE3cOWv`R>fG_>kF8DOFuE;G zVjIA6Cb8Yc4`dSe{7#UXBN}V5kVDfIwuD0^}pMgD9}!Q4o9bTzj0XRhFi zQ8qk>ClBlS8UX1OPm3fT---xlZBF;X|DZKpq~q(GTvAGUJT{MrSB+iI;qSngKdEuKq+B`;CGdqqu|j&XXhW2c@~r*3bp z!$%uL;3c&*0L{*_f4@TJqMr`Z65}ftX*o%#thXaZ9v4rZAq`*A&`S97cIXc2!+135 z^T6L<^scK#)9HG`qSh(nNkk$Qom16 z0pDMUYmMnNNi`{wgaEU|r{m-j=j2v&v8bT^8@#TijArpIWrQ1#nc%%#RA8BH`QT3| z?+BnznKl60TXojlS6&EzJS-C(#8ph^zUee!gnX-~E^k*0W2%Z2@Xwd7Dq_UyVQiGM zi!-1Yj^Qcm;;zzS9=JX^%V8WKz3Je5aQ-oMZx#mT`vFskXsq{|BAy1rDlV!Lv!nK0 zJU2m+1ndDXH#;~YUmuMbL;E~bo{l1K?P)x_t93{hey!}0CSxXSpokK9sY~=+E{1tg zanOiY30h4q*i5!By?Oh`G_EWyPBO4pvtnaPq};jB)|RPmGE+i_r`lM1RU}Kn@jKQ3}|l*>(N~ ztvh1etAuKo9^t_nq%1;vr$@BPi=#JLe#0{m4WeUM=3=5|>8lW_et0e*n7J|cwqQn1 z`Buw|LwTMjNm_`2JTwwRxCjplETD_b>q5CgHM||q(`|_pYqSp?y|_)sC5xk@a{U5T z_`|`2|E%JRau=cB+xfqpDtTM&Vz>X}(F5o>{DrQ=-x&U*?!&)~0Pq1wfUl-g_$!-) z&%CSfNst1I6$$)>?!sRrh*3@vMFJ$kz`rd>Q|8ePlk=LR6~ju|SDLc^y5v<+{K#*n zq&89d=f%J1D|Mj5k8K^jz6L$h5TB-=5D}K{3e}4G^v`?hOt?G3 z-<2gAYMXUls6GyQua6$6I^QjW)a1QwY)4vHrj%{lK2U z_Z4=fXE}h+on7lSfg>ypdcXA(bj2`0tr!kWo{Zg~AqFGNapjKJH=*p;!kVnoiq+>0 z$fvL=tK+{X<^ip!$7)%HeR3qU-S#VXJ9c*`wD;c(p#_Qu(t5o}$Z!=n)4uTgLEIxS z9T;q-IE$z())nSGPR-u^Q@ao3gYS}C-7hF-Nlj!m*O zl%K*bIXPvR(}gi-u|W52@^(H=M=82?rLKTZ#}pJWNf4!Rbiwj5V~1)73E`d**j-8S z0W_<<>CweSTM_@~<&X|P4upw3kS4*vV>JhCdKzjAgI4A+KKh`aYxkgNRFXyso}2Uy zKj=*u@j~7Z4i+mnHFa9I3d;}&Yl(S!_$_%G&*oF06^rU=v^DwR%YI4GD%a_<(whw*qTO-t`DvLKp=jGhm2`Qr=N-t zD56l)LSMNPL?0|KLQPxEZUlTJ;Fq<)8eItZ)VdMyY26sQ5LAgU(0WZN9yPXX@r=VN z7;wOLHCxfD?eJ17{BGwqaPfKnBQ2iRgV18c#iLECb`@G9VRC{Ern#}ebZ_zcUFgM< zb_Q{cHmJ*M;Z}YE$1!C%q6{_NO7ALFZu*K0|4<>oLMdNBDb=i{utc>?tBq0p?~11AH{W0iVKd z<7UD&(Ox}aGp6lYZ|OK!cisFR0$pnmUcy^qKv>>WV)XK3dPzbVxD~+Fy(OUznS<`f zpgzLY+%AxNprH%7n<76}3LEhRiY#+l-y>Z;9Ssm?*H41l8&LhA+&0}`?nOtJQ2-Ov z!4xe4;`lhvlCE1lz3c%;`s;7<*vb$S;7&M!-P{a0hJqyOV8n+=fRw1SPuG~;w^`k; zVYBAHDO7_1^)Z)IJSFR4mZN(iyChFI5%H2I)bja-JjR+ejrms8gF@L9 zlY!P7HAHJk-lBn)5C+Y9_|*?!WjNV8+sL0k(8;t8T)xZ8U*3t$IsqcS{SjK~1p5xY7h*ful$*a+}(K z-H1)j#4HT#;8~JgRgac9&My~Ja)Mtj3Of0gX4gqsrB`gtHO35BSGcf1HONyU7WquOZHkm}R3-6j zP=^CoP4gm|8$pQZQ^wueX?~?3^Gtt;*AI9I9mLHWu*>2RjaNZal&-cyt;`o32~G@L z^weR2J&pi{A|EeCA_9WOnHnqS&_!{NnL!EGH$TvtR}%Xjsg7@MZU#5v=RsavZAUc# z!b7dk1C1XApNQA*_zjxc9hyVTpXfPoq8*FkQzvkjCO#C1TGEA-6X!0~ShVr2vVtO6B2CIcfDsY|7^K7n&fwx!sPzx|>%T_T3Kgn$$@IJ-doI}jb8L`}) zz*%-L^y~{mdz(N8fNKvvYt9qt+x+`T82m}IwKp-Lz08xU6+t&EO zw9F885ieMUr{0QXzy8-hqR1uLo-}R?@8YsuZ+ynTLPc11GV+zhGQwYR$JrJq0}#h+ zd{6r;p`X)jP{0t|Q;{6)655S-(9S(~(0<2+}y&=QB+A zi27RMc3>xmDGX<+P7LtSy;d-V6aUL~}0spc(0>CK||Hur{o68ZvpgTBeT=cZHO2T_>F!BvG~ ziS|sN2lT7umTEzvaL_*e%p*`Y)%WUHqD; zj}gd^M}$J;Kk%kwhU?5r*h5Jn+eaf=sj=H_{xj*)*y$2or3IB~4?JxNzi>o4oDV^7 zEs4nd=CzT@>T#n46~_Fac}qID{rmNYt&Oj~t#Gq+g1h4KoR>C=+HV$jkniEt}SNdS@pXjKS)ksI}IgOxi zGbjf~Hra60m8Me3xAV=IMAVVti7ZORY;+uGnXF^5y--3$YQz?Tp?e_+9=Uq!AKOkM znZs?e7GB2XuDi*a;zm(RrBC8PNO`1+-L}Z|jN}Q3#b-mvT9>;Ki?P$nVGaDYEj?%t zYMpky({A~ff3D4Iij3xiOQPSb7}963Iv)2AN}TtDMfF)m!yvU2 z28yAp_Wo!1@>!0XAH)vGA@X25NMUA8>iSeO&;U7wHel_+*vMI>TQwz1rBcFGr}>E*cC zf5$wJq{~vBP6XuF`!6J&~FT4zww^IP_LCx&R6>-8+ zxEDSk7~BbV*sp3U7PRdUpE}DB>DimS2}i!-@k5u0hont%);m$R!GW2O%5Qi)))tao z0q;Tf_C?&;R>#?Az(y;;R;=V?hh_Z318cmb95+e_o?)V5NWKC{R3(XQ#wGoD2Nvb1 z5LgB};+1`Yi2(iy`$rUH10VlRU)*2_M>aF$9CDygup3Bh=FU?#a6C>eI$UNX=vtt4Q!$_ z#rn~volo##o~V~ZQQV@Op<57~Sbx2z*CpaiRDMGQ&<^nhy+b%`|L&}GIfUz9*Z zUvfnN$??d{e4Js=N%F-yK+YuL^B|-RoKe#j&4&6M(P%)1X{HS|Q=1X1q2?0LXP|s}`Zq)UzH6J-(iMf;53;Se%*scY-h6#$fgy#u? z%K#;jeRP`{bZrY;D$#&A19<4Ly~XUkD;1$DV0!4#iuQ<9>8iaktCx!H&$$6}2g#;u z!x|EQf_h17BmVdzF^7sn#b)Z}#RU(}mNG*(*&L!I#QfFO@V0JCW38#W22_vXmdn;J z!6E@C*|8MBJWKM~c{VO=^093v5fNBTfYVsma!+gfP)x*p-S8_0@_xu@{Milt?P{9o zl~j&YO8DjLK-CS>kS>Q$E~}hN0Q-m}cHz)V5l0}(%SWOM`Kf zIj0Zs!9;WdMQT6&p7tdIGXMeiB|JWK#Lqlmv!ArF9U{6l}ZdnlrJ$Z-xq!ezuu zO{OF2kn_ha_bDR0PoanAe!6doZws3N0$objL@MP$`H?JtI#@`U9H5tgImr+Do6H*I z%^c#9n*qzC#PYI}zXDezWhINdtnjwSNvinzF0>)o;27|l@i;rSXRX=kpiJmNJ6S*7 zc@ae{H+9PiM_oV(&ZP!g_hu^4>+1)WF!SJb;Cxsg;tm!689qNpeP z5TPmrU%C74K&KUY@8LU=ReTGsCNX0RyhZggU_vQih=0p@Ma%!PHs-bgiv zo^Uc2Pv=_G#148pf-~XxIS}FNLomH&rtdw! zCToF-8EU8@Mm$@ae+f4VF@!{WkgNg0Mud?x^s%Yk6?C|R6%Rrmk;(~ z023TKj2v_Z+P~oDG+Uo(Tr8i%C_Mt(pC~U9;Qe^h?YEaxV927)4UdnC_@X3gR-$cX zEX&xJC#vS-6TlJck55e!4-(*Ew*wW10 z(?|K&DVhLOF0W%iH_tK?<_e7#2=X(iEg|eXXurvG#Xqt&1|CKpE>PQ+4~aho9UFVB zy?Mv~_gw~-91x`_ij_Z!5Uf;mrfTZNSZ5`oz zA2f0j6xag)D|YZmvFip>KHA#rTu8FRo;_1rZ2^3|39c7;yb9p&;i4>1+$!_AHkr<; z&xZ-v0Bt2MTfe>0Uhv=(VL4ja>3`51agI1sMKffUYr&aAGHaAACP+xeb`WXpz9iHo$dZMncbbJY`#sjpY6L@Iy22ak7O# z{cYRs6Ig$`H|Ag7kpGF^5CZ+L;dR%=KmCxCkKAz@k4*L~(8+j9HxL5GI!n)mcy0+0 z53Fo?81@$z0SUyIaHd~+i@~k?S?>5^_4%X%TY0}C^M}{;5acF<=XXg%q&}>mu8B(O z65~p{=CY6Q$-TR)GEBGXs*F}aU6ptW#TUdi{MYNKiFRWj+0T!XBF^q{3jyMK87ZxZ z%?G-`vNp)5AhiH-V1pcjet#g{4vYRkY<7y&Dh>XOxc^SXxn;%u^>f@^5pj(D!gDt_ zZrd1!;#Esx5}_vyME4nG4WE%F2;IeeRIp}BzLh>Z546ls;u07Tg-BrVyKZ)&1%;%U zz1bR5E}Gee_>v)m13Bu1uM7$>6sZ0yDOi*SK2Swbpcrjs1K~{+9(zc5C_0V>UIC|J zw=AGZ#vKP4dvqb4J7wXVKmlrSiUa0aVjf~eKhD~+JF*@$Npl>sZ~`DIzT|UYl=v1% z;w=F%j(>+EL7%i6jn+ORO{94g#X_@HTsFfa<|6Xfh{zVZ?cHIBC+6fj`|NnT_%yzVWI+XV&XAzY2jg}b<|3eITd+e^CfYreb$czHn>spMA_U5c9TF)68_IJYD z8HaAWL}>y*S)eA5$RCzlB@%JpK~1L%ZnSK)BrI;#Ie)F2XATkL&Av-W@{c^9H$1`l zx8Vue<3Lobf-fMOF%=N5gbyCRFQ2heh=5T216<dHaL%VvX|G!X=pI??w+?c}Xz(uL;LcoS>9XWQjG( z-jA0|doe&;R~=D+B?y`6!_i#GLV{zDrZkj2{>5WYmW;YI%MQEPc%qKAn7yD^8{?Z( zE$5O@HzEr*&%>DtK__6$fsdaH-~<5dXO{7qySO$GSrX`lWCemthnAWSNj~I0&Q45& z!MtWcr9aV4#0WF2YR9sOM%pZ~arit#C*Cj)Ph^7a{klzK!t88q%wz9UG{uX21kHLU zopeWq-&>95^b44GEN0n#8`ZQfcESwk#I9I-T@%JL8sbB9Qr`sC0E{VMm87A9Wfp2ck}cBsY+*V~Nu>(7dPDQ#h+`MjIZ93U zt{3R%9279bQ9@!dHhnkAjtG)MOc_Q(wyD^nEG7f(??P=hR89R2%M8`%n7U_XSi<+% z0u^wM%zFE#_Q@GnD!5!$0Vy^m5DsJA1?0Rm;YQh|KC?_P@7gTm8;&GL`>8011{`I^ zbm2b1meLbNiV)0t%+r2d#+r(jQALg>(K$uy!MSf1=U;dDu@p@1Vsr)m&PrH&? zvk^Y@5*$21us-4;?~_L8wjOsEjR;9BDw$HgURbnMo500OH(iQmT^;G8XyFE^w4!52 zPzM97Ia@0-*@!+LZFPa3u0RXTzmmaXWN=5(O<2bkZb*rTrw)2&F#tp%pim;*l;Yfy zhq^+Njj#jGF}pX@rxXK{DiRKfqK(Y}VF3ET7R~s2Ebh+yqQZ?rh^fZVLR}k8gqwiK zEhBnwtcjh7e{N<^KOcT3+r7_mnsJhb6xby3ATEPD%F1yKvTKF>?oPR87|Gum&1LK; z+;Mx+we`M^m@Uz>X43?ne2~)BDaFa!7~4=gNXccH*X?50I)4>EbpUZae|vHI^9knm zV0Y^L7S#Jct#|)}eeP0H|I5k#FDLuEoa_<0gO^wSSdx@dWHRpn?j$(p9d(11LH%U} zIdt#jmC{JWhZip2{55w#_f*C}yqID_O3qMnfwlu4XHoF*sn=1F@>P5{hO8}_ro032 zb7``=K!tRN7A}MqT5Ef*P0)-pAd>@Dw~BBcR_`UQReOZkmG$t)p2vj$E%wWP9BFRx zLuSnXvI9Doa{1)BXaqifbi@oiJDhDJcXUp%?Krkl*Tj}VmS^22fwQW3a)oTaU^x_C zyVnYmBu8$VB?R@0%DxChy|@ zcmklI9QCjl=+rT10 zZtM;|bs`^hYW_3<1=mbRJ&{6S41fBD_vA>>j&it0l5LN7#gJ_ZUI+Z%7v`&Q3y`Wp zUXLKj@JF4P`4r2Wj?>tSFg63(39-iZ5{oVsQg#vw#)9t@3=*@uxJ;eO61f?{3F%ai z>_Ub|{L9fLIwnrIH$+3wug!Kn7aTf@IH|vLesip?Jp)Rr9#NMnRtuwE*%y_98-w6J z#j?bzk2^qZ`m6(yERgIWS%+pUBY=PCgyjYwQI?6Aze_4gxLPg%WtDxzi+q+nPOt+- z8Q1Y`+oZUPs~E;pq6o9c7lK4*dFV<>5Rt5q@NnZmk4@9!ZWkocINKu;q?txU%3mEL z7@#WtF$hc4-<`4d!;*K$uik!0--0%m(R&mK0rw;5>qhMNrfP4j_0fC-ZvxE+%Ce>v zteHpN{^BCGLCgngrF?_mMWOS<1AP9eGQV+F9&TbzG1&=2hN=iFfwMeUxtYX9kN>-JQ3L70+5nq%PJb#HuDU9A$(Ngfx zS@b&%oca_~`u&&+hBLhSO6}_q{JWTs{`PNpO5w89B@|XX9y=n@{PI$9A#RJ_LTlPh z%bJ6Y*e|`PaFJa2PCj63NhE{4)Ye*8=cuT;AOFAm+3L6b@9NRpkKev0kFL;vV~HPM z4!-Q~AJ#h3FaH7Ga#`uOgD-mlwpqE?-^s}&%aqjbAvAGD5MS*?3odQjj~^mE+?RmW zpE5+)E~dW_r9PL9%hI=^0nMwuQ9%8ZL-?C*jbkTYMA5uwcM-nKbO`BE6J!gVS?ESz zo6#f;LgsA5iTisxs+RnF4E=kAp+Z3kW-9LV?WI^Lfr<*Sk1O(;{i(r`bXz=WzT z=0|YsVbkK`R-~AG-_w8a*&6v8>^@3Vscn(ovMY0Xk7X@RlF1PR_nCuoi@Ac z)Nk@{fo&8?%{Nq~HbYYwjs)UwDm%^==!%WtT@~pXH4|TQ$4q>_Vi|U74<|{IEEvSg z6mRuVDR9J<`r+XR#W#6ws;V%$ot>Daqi&5MFs3_ z7K5gS#Bmp5%W?b{2p-r{5Rr~V0%W`ei!4M~6Js?AzoI8TaKI;${K^{>-;q|3Ia(TM zDC=U5mHm4lq?h6+$^vYcU8T@MwN#KTcqdS|?1#(Z;5%$MvR2&Yf96>%Md@b?x( zznA*XTGpJ#>~M^J)Wy!UX1Qj->D$AGYEuH=w>FjaF-6Q_YZW6(Cq#w_#J$MgwK-Njd)Sp9`T99}s1 zxNfbqS!<*jMr^6g@PR#*U14PFLlcI=MFAflpor;2=DN}kifdTHAps6?`BDiZC((y9 zy+mR9{^Q3U)~Tr8>M)=@T!SH6X<-a2m~gDh9)wuJ#T-mVX35{eh#pmjgy=`4*%)m; zcGSisL_&hWNsu=QEH_++6uFDGLqz1o<`9fE9?1zO0+_L}tGGbWP7=my=AgrU=kOkR2d4t7oh-I-Mc9r?md z=ON~YZ-J~rtA5bx^CjAJ*c;4rB$JJG*%}fPHRF1^cqZ6tB9?5iorv(3?OJ|u??MX@ zyKLG~8#r3d)qX-T49AE~53aIZdu7NU!J;2Q;eY~8+21x?GX#Ah5U{bx-=puTAF(6d z6dDkgGPdFfRmo@nMr6;KS>NQXC4a!u_bXod>+298GMi0pZl>t@A8^-7;LwhxLGCqsQj<%G`?1 z`aqLH*WI)C;R^$lccb;)Bm1^{PYIU8v7x@yOkqj)EeI_%N}voNtr+QNj9a>>a z7j|+vYYMX+CM0`P6)j3OUbP$uP8tLo>suO*pJ0c|==yl*TsQ+)0=Z{QM>KTFJwm|~ zjd|Wc_Qm%3rS8yk{NXT$drMw@kuED>+tUO^kE~4i{G5kCxR2hzk+HV6|34~F#T`?S zsWj4llI{b0wuOQAdhD!_w~^l@v*O5^X#|QJ?@v)V7J=Bu&^74EF$vm|p7C)=aZu!{4$tU^^s?=7+R~l%j}-X&4=B_Y4htRVRChnFCh9 zH3FV^6_(T0;kMnt&=U|%ZGZ&l2(Q%SbC~h{6WUTu7Y2(>>k-``rt-=GS}`41@Q^s; zKvm-i)ex|d8@&So$gSXEnhlJ-SS7?NE(Mgx8k#!W_vn9uu?1IlXGqpHp?;&gXC$Qp zt$YpyulGs@QRd2W0Dxwo*kI9^X#9;`P2qiTP$hD$`7S%`w80A55HH} zu@yiH2$N$1KMA}I5x%#k33q*`yJ-1Mr945HWmCSOGV?WY~4qkIdF-IOFgdG1>pub*P$p$1toSloQHw)iHP)$kDe=SWg5!cj47mBIT%*29&B z_?{m(DoX^$;@HeH)45_t*iIV%58TFo$PR?zvW^YTttuGcgeoD(Fk2K-`=*B4)Ap&! z38}#GFYe1<;e`NLm;<;I0lEcCoao2GKM|wzD?C1){Vwq9j{xn+tJg4_lNVY*U!&?E zRN0`~5x<=h_`pNNP}R|6it_7i0-_EvMT9Y7J$>-Eg}zsX$g2wN3bm1*a1K88#r%E zcAq%c%rSGOzYrM*G!062PMxbH5?Bfj9tQz>=natYb|OJw$aN<6VBX~?AC+SiaA;k4 z_`dn4toOmOiNQsFmw)n+pFJ3Pia;o)4!KNgu7psm%07pKgC~%1P7@nJz$4*}O;t7! z5uN}-hJ2E|4&IHz<9ah3Zk5y2<>nnZvA=mbu;-tT8*>||SLKVmj{r?TvcD@Mh!y_% zD|4o72%;zzn~Go~5bd|vLeTDT4{4xlnNpDx-bYm`7+809iD0nLP;BwNy4cTIoJ6Gm zwKO?Tz|!QQ*S{7f{?$$klZT>FrRu+yB`G&XB_BNhT9n?mD1p7=-=i!`?5F!He2e_M zHy}RMtpWMrSIQ(NL% zb%5Jm=mazI4w@hw#drgnDv=~QSm1*=EM61`5s0Uu#0avFcR9-6JWGgg`S1+khu|jSwLMNBbz}RK zjSRl@Yl~~!T?tZg6aoK2@QX_qt}fOWu#mv&gAbJVGz5~Nem^id9}jLkn!cMu)f+JB zw&yp~;?;?s--rbt=m@OioQZCGBgqW4Hzq6az%mSL<%t3O8Vfl@?LQ32bt3#oAUyh} z!`$%5yKxwX7CdtGN(PI^8IBLaVU=ypjZ5(hJ9;j?&`1R19(0ME=|O(rJXdYG$IP)4 zE0#0uf;C&IGgvvBa2SPB-jh?-6+_>#*KrSveKa-AMPh$4NdkhdMI_xbT|b3Xe=Vj74oi1yIvZ{zJ|=jd zEz-}oX!u(q4lW(%>2O3$;2Avn5BcE}8-Ma-#(W_(=xrdJy|(SoPE5A-eEg^A)t@&+ z-;uJ84>J%Q>&IS?`%A=t%Z2qVCY19BMd8Co+N6urp$Lg}NJ*UY8pmhB(R8+RjC&N& zk!p(qghMMrQ@9pM+~YtIVg@-K5_C+VIiEn-pmU3b;fd!oq$1KxATfc4e&Yz&Puj_K z0`xS#nkTS?{S*o2lcc-SOaQcjY(m+eOgXW`QHduK&8LOzN;Cn`2BHaNe=^a;4sTC1 z+#9~6XH7oRZD{YibKvWv`zJQ1(`%~Cm^z!OTl9kywPK56=W?7B4lAdK0y?Z{B}{gI z*UkA45UilsWUaooFVK$}nmsC3La5*ciC3st{$+tSZ2NRze(a%trJ&J!5gcJ#+@ic0 z+)}_M34-w1J_)NUz7lAW_r0?Nmom8cL#A!|An?keq)lP#AG~rxbK(--_qFt)=(vy^ zwRHx2P3#^DZ#t}b8li=L?x?k5Li|%`5v(eQ4J_}n5!qST`=M>pE;bL{JH_HAEyLgc zkC6Qmuz&ahAZhcRtHAElmBH~()(vFZZstmGpr!ykr8muK+-2AM*oQMn!R9Qvi-`O; z#8D)6XG3;agiN$amLT-@9eyFK4&=@L)I#ey|5@}A z-Er4hi9PouTxX!-UJAuqF9taG;S@k{p<8Wz2Ob5dgw*vWAkFPzcO?QUf>e&+-uvyQ zTQoYL7a(olDm@A*YHYg?^``c=xf)7P4I|*>Kj<04QBDH!_@U=ZMVk%%Z*#h>!ffL1 z29XXQT)1KAy?I81GddRdS-7@Hg)f2-kvJ{~{>51~B_#sVw?J(;78Wu!eKMIpbC?ZF z6(bUw)e=uq#gZV$|1fb|2HyCQxMjm4!p0i6!f zH_QA(lpQyHl08@F3)?jhkeq?23oH|%iPZw~2i`@CzJP$KCM6y`&bAn#$}>0KA$uqn zZWQMqk)o1m?rCi^|NQQMEoTTvCl12zy`#o1>f;9ji)Ph8r0lQhy>vi8*!tT@&4po- z7^J>P*31xrCJpxAeO?LVW2R-9Mo&ulj1>4n6~B>!Hz&XEx|6N8PCs!ozQyt<>fyWX z7ujyOHP)v!vp&-%x~+k^awllpAWvFDEnQnS-k$B&B-@2jaJ(sD2VfjEP!)|`>_mz< z=6T6=$K(Sx$F*?YA-SDN&{!PlsPf~8WurK=-yKOOi-XaT05axj(>sNo=}V5J z`M5*C2+9O1_1KuvLi70jAG-0|=i<31FK>v7IHy5uy2%`SSny*^()?x}t?L$p^Vgt3-!ygDf;Ech0 z8=(J)<5pkTqa%kMvh>nlaz;_E&C%9u;p%5*gU^y1o=cOd+M9oiU+cqBd|UM|*m2|F zDe7fgLGerg5t39f*wq0Q=my!YBY|K-dlJpr;MISrx54|`*;?)3WQahhora3(gPuZv zRCC*?&%Er{W~HgHS~!|2J)P)W5kXoNzSUY(iH#izh1lCT68x~mY_^p45&C^ZF?V!c z?v{BrwKaTz!e#|=v1P!u^8Q=pAz8MD-4r--0YP$ioG}}TWY`W1R}4ra9Kc-^%V}`1 z1S(oIzqFHl+Q(8;Hd^#*1)6zVg=^rjQCVMdxd{^v1w^mYA8}hfZo$JkejN@Q1cE$g zyXYW3IMMQDBK=1+gKf4m`~=j6Wy<|y;EUYAxcI62W|=IDmNN!V@Gc@rpseGC#EtN0 zBm|t`i8SQ!ctYgA#ll4cdqR@n`T)*+b~X-# zp7D~5miIZL)AB1leHf)m!4l4^@Q;r^?Ac&ohG!2O{16lSB9-3)nU8tLD(v|=*vpQL$e!P0;uFNX@HoPg zF)0C$#i*2Tw;V}gZx(@Xw&uh0d+?|K0b*mL8v>s9x+37g=bk+p7$%bFj*z+_a7fLT zJqtPc&YlnHR>ySGCo^XfQuU}F=v$7Ud%kzUUEA==^QZV1n05G_GP@7P5j$bLNG)?- z-6E*8$7&8xq^wwjjbRLcc=*akClh&{(p4Bg@VTy^CT4 z@!7(BOtxh>X=uZ$3fsFOSPjY)z{5^65-M z6h$Y~N&L=3@V%wKOHO1D*2{2|2s6UqtJA!dd=yLs-tU5u2~Mg4k58@p6uTqLVsl){ z9;wiQjje|@cCh{sSdpz&u308%WkI{55E}>7TuN$w%(zp+NLvUPbno2U+xPSgclpbE z2b=rJiIIS%)Gti3>J(d;b#s7kqJ?$_Gi!qFwB-0$D96wxK-RU;dVaCt2jVLe#M;M; zDY!sX#{Y{%l&t2i0}jtWuZRj%qoo>;%blhQ0V9r# zD&;)vBI|#t?`IhDh1{CH`Bpf&)RVXMJubet<3B>7No8RW=ow#l6J&1mLqL*Qhha%5 zAEawW6R!VKH1V_bZ2pr)I7TM&#D*tSqDNttKT)tF84xI(;bUl5f4YDVoZ>xjdSiy@ zLPkuqhyJJm79@9g)KW-R)DapYLy{6TAxW*|w8-}2eJ=JgG}x85c8DH);S*xCeOd75 z7Zzkk@$h+%=CifWFC7IiA5|*gC^kqM?cqZqp>bi+t?u!x!x#e{Cl1%xSrY*h>_OoF z4jmR)ly$Q=!%-rLhspar9gNXn#71=B@F!;7Jy^UCV|z1dJUZl$R|uI`_R#QxEPx6g zYld^-TY{@hFM|_HwyiQ;=U6hA>P%P7`M$S+18Q&I!71Ud_2r0wcPn#<>IluFl=}iR zC)l*Uer?azNVBoEedrB4+@<@YuUW{Y&a;5bYe@_8%>~Vuo;8^+U>LBz#J&L!z-{p{ z=dyUUhu4`dhzqz7vd8=#c5Ht*(^LR~3Y)R3tE(?auz)cPat>>KO3S^0ZlFS05NC*9 z!2WVW;Xy2Z^dF3fdmQVuG_B86gPhjEi&|WEaV%PFz~@Zjt^S*1`2^w_YmA2bSD4c*y7@3BrN^O14B)*3-;5_@ zd4u1dn~6fTil)MVJM}8+t3Fvwwt-EnkmBUOo<+|yn4;A6k2K?7hiOSRWluRs%A86j zlcCTK4k#$!eA%$Ry6b8i^nn=M!a1?X%rJ4gyw4S!b5vwLV`DSi_=*G6Xk<2;br#&^ zi6$5V7n2RRd@&AKgdNgw8K<;a74Ln%`KXXc_{etP;&eGwS|70j!>5vLUePT@HE zFGSb7X`UTisd)N@H)xC6O5CsC{XMWSQEenu$OpcnuxvpE{)JFbAPU{=%}E~gxP-Dn zb@52x3cm4i2Jm;mDGHc)JfZ=v&}{;*D_UP)OdQwKHr~_i6Z`DwP)++Tluz$)&P)ql!Cly3}zhU84}xn5Pwa zIa|x9w%!A+7ZgQaHeiOQ4JTUo5Ip3t#L=l~&ngd3g#EF*hI6q*^n85}V6R3R7)217 zG<$+~efSFIPCq_hb}?%U`(w(wE^sg@Y50IA`h}+O9ESDi#)eypa%k^10(Ij{ zG(MxA>YvPL-lUU0#^20yc=&zw5})_*VFL9t=7acXKA+lOkB`aA#6&gG@ZyWu@L5^7 zH=Ta7kJHK2*-$n{^B&g8eL#JIdGKXfaLou}s{cp3 z;3RXz5dq8<58;_H*t8hy*hDqJ%LZ4)&sefV9;)v^4o1L7wD8=Ju2$}+c8_o(Wunk2 zC+Nq}wQwS+F$z1jB*2lj8+F3$F@TJ@zs0`OpWbV{@xfr{BfrDm)LFLu_O#_+GJ}aA z^xe~4Oba%=TlC#YChUzwp(RCO5Gjf!l5B9MDzg^|om=u)NQOtg`0=msioxT_K8QMp zT)Oew!eBN@RMck}Be=Uq){>`~W1^D7(#=S)pcoZ)yKXjJG7li>3l?24g*-|mJyON8 z$4o6-2eA!|hQx-2Z&PB-hxe>b>4I)(_Vv0u)B9*k+lMnXWOZa0{!wuRjL}1Q*u)xy zR93tTUeF2M*Or=LO(#5;TZ7PMK=9dEm5o`b3i{&Be9JLH4){{F zVqP|m&RvV?aHjS(+E@=k>Vi!hsSw?DY^crW*i4CFK__e<|5AY1iOf`vp*|lix>&=& z2pqLkL_*Cz#+t{`0Ps1o>ARU`XsWH*!ID16AazH!aNKYSVyJP@uZ}6-+D!N7oyc8=O}A`rv2lOI}RRfHes>&yGESv7+@?K&vuN2 z-mz_BstXKm-n!+HYLDjR765l=?^KPFz9?*Xd=}4L;7Q_{MLXjM0TnE|yTGK5#Fo}u zAd#^qKeQGL@W)!2HB&*wwrwc4tX%Yyh zFOf_E9vUec6R!k{h03Q5K**tt&=VV*Isv24gi1^%X`~Pwv#nJ0ORG@vBFYduTO zF2EBIs}ZD`BQc`kmlOI9OB1whF@YZpoa|yoq7wR`%c`-NWf)x*?a-N4r5YftH<=jd zKN4f2`~-C*tHIVw%parr1UrU2E7YE;_Z*+8x2zrJ1OMf}op69^DI5R0*Xh5%_bc{> z!bfo3Z{@5FBLX z6F++rVvzqjVK6R9ybRpIf&RXTQim2nY`o2u!pUU?aCYST=nC@3E9dgr5tN;XSCR;I ziSKeL2B3bnxpYGI_WIHy0%*Kzw|}PI6dJpk$c=i_8m@&e1qw=^5Um=bidYSvup|>@ z-44mJE*Oyq&h5I6G}q0TeE4@npWePJ$+z*l`_uj9kKt`?K0t$(FkfB?-xB6cO8g;F z6dy6=Kir0}{bBEaoo^2ZB{>xrr30?w{*G>JZ2KoK8Ie!6?~3I+EkB{B(1UeJR{CAw z{oAT{A9CN?*0NJ8I|gX&b|!x(z*}Th`l#&Ww8@GaOQ0;~7CGyR_%u7ya9qA>{Md7U z@6=Mn)a639MjT>IJuuSPv@MjZ!2))WJs|<)z*&7_n%O^^TWC+*KZMAAV}aj>Ifn>Z zcNH7^UKn5o~gDZMxhgx0C>$iT4`mlinG4hdZQ zR$K3T&NBHoK9NZo9$x-|2uoCtcOou>=rxA14}VZcM9pD~{zyb+C}dy1#P89%2P+KD zO^jwEEEn0(TxP%cQ4cZ8dUwU&#MTnx=fHaIN!gIv-YM-pqbSyu^K-bDzy~9wZ~#nV zd<+AGOYr0KDMnSMnRwP2X&(}A+##^54tH?d=I1%fn8-uxYML4AVUT?YC-DKsnw4{h zw~g?LIsPdX2YJSph|=82!iX~@U=t&oAbn|R$6hSHjdNH1aN~j}kI4FP=GMe>#u^AJ z_z3Ng_>-RSct&T(8)&2!EZJ@C5!udjIUis~a!&4aLrX|PY){uDm(F~XbXbZ*!FxK6 z?J28-6iBB*BLjf*=6ptPQQf6G47Z@QsW0<;ev=+8lX)?PC1B%u9U-uTP)s7cWfikR zHc_wg@b8;sqr@5_6N)moF_DN(L{n=*j4MIY|A>4pYvvFRV4MY(%c?eFdDGVM)dNAL z6q~o`2;;|oy1zDs#f1+B=c<;+#{^Ull1p34&LfW!<5g-lR|!jG5yH0~wwF(aO?2^3@R9t#YGR1|QOE`}SfEOmNIyw13v z5ww^n>bGm?m8>lApf*{sN6FNop#G*EK~j3SYKeRb=srA0ER6*r1?@m+1qY)TXNC@~ zQZmtq8pfTjX07Quv?yHJ0jDu4IPjf>Zv-17*@NxakPD?X(hLJlaB@`W8@WzAz-Y!- zR^Hs|+t$q?k*v)NFn%z>gzCYyy%wwB8&-by0RL;W{Eu(6xJUdX{sr_VBi7$0SeQf! z!^mMl?8Xc8u&HuJ9h<@GBjpi?kAey^3n;{MNDx1CQdvR74!1OX32wSK)2H){VIdL+ z7=GcA(I#GamwE$Tm!5$IgXNmhO?7~h`>USJt^GP!iwnLqS?0+IZW4S`> zs2b~G*O(nts5OE^T?QP!i=mAyJ`)UaffId52haiF#PL+%b{9fqT)pnrYg^6}NaHUFgOff*)rVSS^r_ z5yMBj5;0{uMHI5hVM2Rqkt^#wbGq;8J8RLN0WU?P`qWt*jXyHu-^ zH#K6ik)WyK#`|yvl7nv(>tk1oO;7=nbtt4as1GE)8(Q)_cr!R?KcEk3{-Wp|sdd`* zPMeZDVlS}gPk!J z|4%&QZ1&w9``F@zMjZ>l1zMchiU5Mxz>}J)0I;07+>6#Q zDe56Yf$my%>CbskfB2Qdzoa7)+i*%NS-_oD85S9NpF+i$Z!gAY06}U# zXaba_abqe|59rnwV@-1lBMu^RiroC`(H6e99KC;qc9OTIwc>^Mx7g=A0=TwJ?ek&m zbEZ=&w@cOkQu-6!M5`AzoZ9e(SbgCa>evXBlOEO&V8n0%=SSmYVXc||#$q9xLi0c5NVSL>Lh*-Jw}iF?-s! ztvT70|L_K{)g|qnLT_CB;3i?1S$iK1yG~btdm`u+a}6ED&QGG)Fd=Y961IcL_bzd; zYH(^UNjEPn4+O}3Mnfz37)){LL;Z4m1>zT}@!9{18kZ$nVQ?l@_y?cT^kFAIrkPb2 z!x5y_r!i|^V|%{_C;D*XS@$KK#U5_(!hi8KPD12xx)w%pMhi&o4*@Hf)QMQzq9H1Q z!_%`&6BtIHqD>=Rb|^(y2@t?p9j|%whQQ-f8@sCun5v*8~DfD&gec@v*i} z#W~a0p12zXM-S|dStt>0gT0n*D5c`W-!+Z^37j@@O9`{1U(^uodq!A-ftP zhoF;K0i{w9C#NE{60V%!dKV&f1E@)_S>}*xIY@Dm7zZEXosx?J-b9gXQ$ProE0Igd zMzU%6&BvTl(}(M7gxtxASc6HPKOno}9b zPQl<(tw|U6T_HsX4|`rxa)~AqcR7jeOF?a3rnBND8r;a6k_HoAfl4R=Uh7!Ays5__ zef|xi(I)ErsEs#@SQbV*kxGv-j)o?xbrjOxzJPo_KRjZ9SaToK7Uy=`OSj z423jH?1Pt}<)<2xmEYum5}c^zDxv)!Dc011@xCzwN-P)(D=dRTi?!ENm|M|+adljf z?k^BDK^sUX#$ccIp7)t~=l#Zghi9Whj$lhs_ju-*&=uw-M<1*E3>#wUR>L`=SVy$# z=~LB6RNE9Ow_75yTP18?pkNd2nQGdQ+-Ki+?9m0vUXk7nbZsWO2ZJO>MV(GTa&XRz zV`3XTa(E7OGJWp#J1 z#)@5>snZcSa;+&^^5U3kO|-L2D25Ri>+Y#)pAHrXyUGy%;arMBtoIND>?ddp$+XXO zd_Hqvf8JWaPa7n7Syw<6=Y?%x)BfSldB=nITtTL94QaQ1lGzc=UPq9|khYtE|2Q0o z4KKp*!}E#E$XK(h_OL1re1KL`P;3}nwQDVXS1iM9&S_|Az?MLm4kUB2SgbVImr5sB za>Nx-c;a4XyTs40^RTc8C2<5i<4Bpmp(hy)QgWHRsnHz{7dWzyv*U&W~@%(6dC`^>FW7Y^M!Iq zsPQRQGtt~K*N50{&2rw-y-yEk;`dHKThiai8U{ApMprL>_ewQ#wS$L(OvY1o5q+~k z{2`%6&`Ll$25Ygn%ws1!rVhTMN#oaUtghRz>f);hX#w9(G~rto;Q5580saZ6u(&3IbH@W9i;e z+D9+T2=l{zPgNI&7F8k9oN<;~_C`)f936;AXKNZWUf>afdWmtfu^Y+$d+URo2*)WN~@J`7CKOlfEB!Q@Q^ z9MUE{L6Z&|r$d7~$>J60s2!3R6*LXw;qZe8tUU`07{zrriZ!3ZCc13%K3!BlC_Ml? zl4UgDwNGlogC(b&7I;uG`$p%*&9X8~I(~IGP_9V}mnC=QNEj?&n3)!h9YoxEB}z+2 zZ+9BAr&q$3{J3Dp)YZj>L%sWjsBELcE-l4IswH!;ri?Z+p&@ zK?7eOf#mDD1WK?9!u=FAk)LOqC;`XstPJ4Vt-#ogZD)$l@h95&R8uq>AjKAYXWTs~ zQb9knN%J`os}tv0kA&{VQ28G7%h~uwRzsU>-qfwO@8)HA0`&7gwSzcs9$1z@z>A&8 z`bkv3!GtKFM*5)cQb-wFSom!Js1gU=m`-pwz~s z^8q_b4#$ClOOYAouy4b5Jh-22W&-X}GpiHvMEc{?)x7-<@$wh^;p1CVZCk4|Ye-o0 zwi+)Ga`qoQSd`{7*ySEG%KuLoHcY&Cj2ZWjD|7xyXCB2%j41SP@V4&GJIK2uA^#dv z;-l&LUS8dnnEt)NM^KdQS}{o}5vj6EU3_!;gY1~mB0EAfM*8T-5!4^1_D4}wP;j>< zUj|#~R7ScL9FOoGZ$XL(v}tc7gAh9RNA?%1;9K|g|Cy}?=7zz-AX^}J^K5_h^==DW z0>f#u&g`iv76=slEE#*W6)WTfnL>{Mp|PDUOwT26fBUyRJm54fe9p8>Q_fRMeJH|l ze(#M{{>vhz#U)UK56sddcYA@SV)+6=M_--O``+uY_+!0wYr4Sb(SZv%;^q{iwCf4S zBb^L-U+ z{A9^JQLgPgIr`==HbsSVto_aTZHc}KEiRVFt!Lf3r=ULdm`yw z_jY*CF(ieww%nat!PIk{_j@^FfEEx&)1k74ev+(OiOQM=r6)+S1UHi3zJ~i+m4MhwjVITx0u<%@=XeOqlgP?BQme-D(K`I zTL2}3)jK&Y0)TI%MsPb)dTeNB2a5PK)DVJ5wb@{L_(4Y^hqRSIY6Lg312JUUcnCd$ zl=ongNE?Vmm7ul)2@~2By%;AnUUq_GusOE>4_8i^TNBU!*@eP+$Ao@K-!=M5C#kFr!jgv2Qpj~?TrH4Z;7HKLJA%p7!320 zqmoyK`GS(moMncPI~oBW=JU#9=>)ycTSa@Nwv{A&|<70K3i-l1w&ai5KbK>lg+HN7Z=Y5Pd#%o zKgBQ>o#(nW7&eou)62pnpU#wXS2vmT+j;SP)m5|E+{5E)IDAN=KIcwu5#%B2->CA2 zkjk}ZolAhB*~NVKz@91isn&4Yt(Rh})IG^H@|oU$bw@O=eiV%P5a+#kgx% znw3?)@t6Y`ca26VznVTgK2$CB{>6(){H_7- zlFqy5OtR9jR{$g1z_=CjtDC#dTfSY%)tT}{!mU!ncPZ&@3)Fo$^ZBi9!;}nRfd;^+hqUpxooVG z#!!3Bw3`D(v$1V=_pk`?Iddh6<{1( zKOC#geB+|^^7!<2c4a?Q((6`juzXyXp3Rq5?J`*{X4JQ{-14ndyu7?g9%QPc+9LgI zoaY9;7l85n*sxRA$Ms69QMx_PUlr_^!xFuUme)h zvuPiVF~Dd7pEi@tOzw15zipgXa>Li_XQfBxirp@BJagsbW`+Jg>K6^*-FqwxGY!JO z%?g<(x%~R}t%LsUyjGtX{uPY>Fw-n`CvBsnJhX=|)nkuz8*-jK)=~f8AWw^vh-cq<>PL@OYg)V_r`um%ZYA+C9m~$^07O_WJOK=k>gj>!JS-7YL4BDdw>(%x3K(ng@lUvKi|Ohd^Hhal_IspZx5+A8-mt*TK_o+o&Xn!KJqyw;wSx_$Th z`q0g-8_U$exR}$f9;U;L*-jY`=Ig~xZd$0^W>(6&wCb14$#QgiHAU=ug6CX&t(8xv z7tOStEMK;iOugQ`xmNPy)9Up!^MF`oa@xLq*4~tE>*b|8wAZQRcZ`J_E>4a$#?Pl|f8 zYAdCoe$fXQqc`(xq|VFMMQ-$VaN0ho%nJR3^KwT`cTV1BR~L=dTW&sjJ!saij+;;B zVs@&VZ>@%1Jj-S8N);@Fl$4RK-scsxi1pOuyp%T1M~&*Et=^VXV{OnMTxVzX*ZgdK zX_+_A>tb}NQm*+~Yc2OGvjGO$V+c4gaU&r=iF_dw7q3=Hw1(M8$I52(T)tdU#zZcSD%rcc%4_~jX%e|MY-f%BsFxm1yOVwr z^aFsA&nY$Xz1Pm9Zj7g5YT2DMIC*G=%0n!Jo?%`qxLu@yO@%ePaI@^5z*>B_M&&0+ z9-w-iVdLR0siL)6eQ2KHvE}s+^l$Y|IjuY^sajj1ddDMumtWy`&zS?zJDARa`?90n z!E_G1zC_VGTEo@Nkm(&*#xYqq1Q66*DDn@CN*N@GY)u{1y zQO(a&Cy%e$(;PShDDy7}3!^hR-Jekb44{CKSvpTtZ zxSklTmTBg?=fnJoc3|XAmIp}C-H(((`|i=Q%qiCCPBW$RdD76*wUc?{te8tbEY{lT zV>jJCe|;{TSbFCmUtHdf$|-X^&e`+XbM^7H+dDXZF1PJfI2 zu68%gkE*SQTcWo=y%^-cL+}Rh&ZmMusK6{&tatGt*R(JKd z$Tu&WS{v)9tCO4a)9bQ%Q$09tPR+u_WvO>}wa7hduhmvNYrdRb3@!?b!R+|0Zx_4z z>PgFJ2PgLzou%1oO-wvr*7{_6k}`)i^%e=zfvq3pQz@?S@E2nMME)5?}rf0RQ z8+EnJtHbWibL+IKBG$Lb-cCjQt|hTPHXL40kp_tLa?nE>nc;Kq4*d&zE~S!5Vx1s2 zY}{ugdKBnT0E6gJ$`hJb&R(*hl=8XE>8(Y&RGI!mgVUi3gG#PC zs63a5K36y`f-Z-7%+cpct4=Oc^XPNgFntbmIe>xnxt5^IMZp8@nTwci0OPu)2?78YQ3Bw_PmP&mNnn_qEofb9+DN z-<;)ca+#;Q%SAbNak@GwH@lDZgXQzFm9?#lWm213$JJ>%T{|v4-y23Mh4C2OWUln& zQ{%2btc;PuR~*~D%eU98o+>x&dTMt1h9rYN>7G3&yVHIvb^V}qYFc^vR59}PhtWA+ zZ;vbOfvPt8rCRl>Vo#Lus}$8&#GI(}>FOYJzfY%JRk%dUREI8!gpi+-+uxjJ7?TKdBzpRCmz%XPM7-d|r< z*2P+R_1Zc?BKI7_Xtl?;uftjP^(DPH>z1F=ulJ=+=kBqVyLr8NogUkRhIvpuwQG82 zIw{{g>Gz{W_gp*aSE@>;q2m3m(z2|&RXWZmQ`EVT*u!XktX>{JuhGUD&)b`W>+1Ar(6}&C&ke2G&77^T>%*s$%sgMT zA3B3V`E2yqeOR4T9=nFHW?)IHA{{>amahQ}*xw3eo1Im8CBVy9TBSVFzz!CT zn~7ncn`fuX+h(`-y10Kh#`3h>xKS&&_1BBMu8!Bqvhj%4nT7|471$t>RtAJ`rb=bn zS}9&)9z$|%sT3cT{%yWD%uMmx)O!nF3raarUnTMsbk-JXOS#Oa)Z^!;S@O1dwyaOG z@^F^`yGKzD|~3YKv*(Y}rb; zlW6s>+v>|}-q2r{N>eM`t}iN$dgZqH*q&rB(AH(v7#8ee(#{R=yuG(F>f~xN>kMCQ zq-YMZFXhoRy?hw;TW#%WkZE2W6!JF@>A~dWsb9>`jnk{^YV+c}o_*8OYdl|`Ur%!{ znr$Rs^^|?^T3pPs%jEFkwzIO&?(c^B@MM1Sa&zC)*U!p$ywqFS${kVwrpccETsyhM zHUmRx_KO#T!oh5CpP!B{nnU%pP`~ZHRhRSr$=TIPUG(p)rSvj2>qb=B7|MDuSHLh<@(u@1qFnj%!8Mg-gwDnkeDCe@-!g|P$cMj<) zuftLA5%XB7^ic5I=pQm|RBr_~`bvO}KATnU#>5`9cGk3;ypqqO`iPUzSa;CeAEIGL zbKkYuH=nY@N(Siy&b-0=LFZ1Uq2x>X$JM;t8%~VW==DBVoYV)Wmz`DN^>o<0ULBmj zoj!J|uP3%)!Z!73d}5Ta{J0)A9`m4IJXcn=TxRWk- zD(hM&|9aC_o*g+Tw%tKGkx{;@CLixpn5IZ38a?xA`k1~S4o8Ixus7ViWwV*a0kb!> zD=Q=iyElu5Qa$dzOgiJCl0k1WHrlshSt#sX!S;~3+$~8=&duIPO36&-c@V0XXUh-D`8n!&EFKNdMa0W zHZqk~XH{A;+P;R-wvBi?jlLUH25q!)F#E>(<;JLtQWpnzIo&Rw7S#s>uX9)G`Rq79 ztrzE4cDLKpMh8#1^XXVQ8Fot-%iiU~pqxC-986B;nPauOzDqrxJ~ggS2bJPQ_Wte} z%b?@_@%8Za`K@+vnmxT9*!Ks|x9MK8{8)ME-_P$my|cU3Q)8LD)zo|?xyp49v~{a8 zI)2pkQa5R~0ERW!m#^vb%YI5RlZ*1>!7QDt6H7CRPK#tZBPan>vXPh(p>jSC*9oW@}*@?rpD{MIlR+vR`Z+Xv6Wkld$*~< ztfZFC@fApcwCBwyFq?%Vk{eW|1@2^IT&cQgJ-pVaXiXAJhUn; zqkq>uFO`$U*IMd&c2c~mRomv>L^-w#*P|h}1vk~1J$bvmE1e&YuZ;>)q5Fm7hqqDl zx^iEr-z-;WhBAF#sMh*={DfnO4b8 zGG~)nHuE|(*W-$LQ9drTU-XNLS??6DE{tmJ7A-@$WhVQYxtLzhnv-@ad6hiDyq;^U zW)tn^x^|WsXHSNY&nMP>u~ximKD{=_r?;)+OQZL8d8%F$@p4(OUe;2B z+l%rgUMp|f<7fS$z0SSd-dqiC$Ls7!Z#7>}PnBFjK*i7{v+OZ1TZ-N5u4{mmmZjO@>uu`{$>q-I1y8F(& zbJ84j9~8h9WV}J;I@l*xx4HbZJgKhxIi*5qRLLlV%e?ZepcjvLOl}(3-&Cn6mV+mz z>8etqGQ6K7KB+ufBd>=!uWYlaY|ASrc`bd>d#H@2b8MHY&efNPn{EeZ$wA*Km!na3A0w_m-+w1X89{m8`L;FC*PDu4XMlSarS~!vUuDW2-U`X z@*1dB2qZG{7itwCQ#7HVp>pr;#xYkZ?h66$B|RD0 z@L-q4OQA_C#>oa7nY!*Um?M$p@=TDPe4yAySl2w-tGiJ_v3L9UT665>h9ohPD%q^I zFAS=UY?Ek*905V1fqDY*cvyMjW885H<#LJBj@4wfTkWZl?}Jd+3WF#$M3L<(=Rh zuAxKBe?T_m?Q~wbaPye#U6lernaHqbQe0lI@@x@N@Ocy0bKSmY2#Mc0T+(c^6KDfv zL`Lo9uO-3r9L#Bpy*wWm+3gju&r0-ty#-JuL9;H13^KqBgTvtN?(XjH?t{C#`{3?_ zySvN59S(kQcXyWmz1_HX@7vh!=&p*c{;DH7sw1;Azs$6wJzBreGCP)#URz%YqV27; z&6*ZT7v7f`=xC1C32Bm47rQTh9R3x>*i7iv*5lc#X^vS2F1HVx@-o~K%~d1nceco@ z6q5v?P~hmK@MONzE*0}SE?~ZaR|{H`4a;v=m7G+?@M60Z@a^ftyFqBbj~@LQd(w=L zF*77mgFh>n6H%j2fmVSMn6JYVfdX||5CKB|gnWv#^$et&l1Eyd3pUTuQli;dVBbcz z{|u#zNo=}L6ACA%xDc>YoN4pUIGD$K0ch=s7GdM%2!?U8Z5IPNhZ{BlYB7l8j&0Jl ziK=fd)vQYRQOk*=6`wqv45RtFu#Z<5^a!+rzSu@bobs8{w@<}N9)8Cm@uJU{9M_n; z{M)5L`BRv8>NqZg6_;79OFgyGYYOwT%p5OS+wTq!2oM^rXHl_|-W^fDisb*DV7M-1 zXJfN_w&6uypLm3Hb~K|BlwOzw)a z6;d%jPhhgXzwl7-7B4s<5sGNbbjfr4VJS1zA$@&oi^yu*bV787Z7*;tpr?8pc zyE8^L(E5HuW5t-RCI)O8oyui2m@=kN?l`GzwvI$Yr3BKSoGt|H6sP~Q_f|HA#cUCW zdgNq8=gr?`@Dab_&8&&w-e#a1VB^WX5?s9Rzl!3UI#^gHZETPy@0|^T7WWig+u2zKG{Fk0M6sK9IzMp#5d=cWkU_3GOXA9|VD?zD0 zH4nP1w<(-k*A2&pNk5s>Y_2s1IB=ASL?;ehUK|^@$$h2iyv`Ewym&r!bCJ8frQZ~Z zDfwS~qP&KMLchBQ;A*+`my2TgcOFW1IKSF#3)r|0gWRw5pDr+W$%mtQ-2Wc%hB-JJ z0)!r3+ekcP&k%MPqNn0N2Q+WhK}r;#o5FYS=DKH;0(X{ib+>rxFT8l!4m4foIFx#3 zzI;B)tisdGnV*9mP9KXH?+%DGuKZ-CPQ&@6k7u0FoCC8w{0;iXY1}O59wMkN8E-4M z#7B3d<_&i)I-?BFG|qR&B|-H7AJM+*id1upE0rn+B$1u`QtgJ+T!1-({8U(2IX92W zk$iU%{^}}z<3DT{hBH*@vAe&WO!0TeBb4H{9G&oC`r9+@Q>_;>_}TD$o@IXX8(h~I zh-h(BKLMpZe{8|8-gTxpAHwubK~}b|4@2wv?Pb^Nw=?YxZdUIrgyEClDSfp0C6i|YX* zCgI%uhw?_1@_K&OUArXq4Bde&td1I|K)xEt3^EJDlT|ty%`DkET&Gt{&t|Q=(Z0+* zrdr)%#jAbgf{WC-j@8nr)@1QUNqD^)GaQ?I!NmmwP#7=2cTPx&f-`HIH6QJd35@!4 z?o{;smH9+BRrYVKtYb10AKI3$m(&uL{EJ!I`&`=RMRKM#d57}Sb3iw{F8RKk6I;u=1%gZBKYza2Q$+dT# z77eRQq({>h((BPspARC2HV9Tmn;~oL0@2}VVAH9+nu@@(xzr;Bwn&M$=XjIZX9WNq z{Y-S#^150#N+WuS?yshWv1WS#BItR0V*2qKe&3q+yMuoB>ABEx z0(rWA+V)&zo&Mh)otCf8hO&B`*T_Ub-V}v61}?eAS+bpCrUEMXNT6IO&|Lp>e1byOmeDE{eY{_?i%Ev zrv=8uhS!~nP~enGf4-MVrwp4sHuF|s<5iubXmOzjWn`Z^zcgdF{4g9=f8>(b}Fs z1D8KEEEiAUxx@Cn(HOi-c9IT8$gf1)^^^&gBT3S<3ln8cIBdftI{oqI6^G^=7&Y-E zgJEGNqU}L*vF?F~L}zBO(Ekw0r^~T)p$kLngLA#)GR}GNXJQN;8QQX`otpl;5SSzD z9AwSVkGt8U#Ka(UgtGU#u92LRmdQ+x>2GUc@}$AbVs8nDDRn>+9&aAvYk$;7-*J-6p-VD{-lhgr$R_4K(JSHm;RO_!{k;yEu9n_fhtNt7l;qMp5sfN^NbnnSdYf`; zdv&^wp`p!Tjs9-=gy=ed8SgVeIRv9` ztHHXyD6cbvX*%7ht_Y~xVjfF&;vt`1lHX+wfu#;k_yCreNPb|R*jim_p;6B{!DrIJ(!;N#4uzbXpzHG3h>WoYoMgwA_rePh z3^c%{x5f9zwN@=)$fDCE34py{6nGw zWt@4mpgtge9%)D^(jh#Wh}(a3V?kqRk;E+urKVZTen48&-$f|il(HE&8i*dY9Oa{6 zy!w}3gZPwjNOe=y++%x1zMAFINEOM9E98!#&`d>3(JE7v2YK(DBXS~E58}N z)y>-CPu$eiBvx|&N6+qxS&iMO7OukVfHbnoX^mTn^HDbpCI}9N_i5sMg=py)Hv(Wa zUhnfM6gqxfIcnl@cV}afBK92iSg(5OSNPcD^&&G4g*N(pUt$~@*&l5BEds?#(x(qr zHWL9h_R11iuK1=zAXK0!o-@G3;OfiG3Oo&ayXN=s^?SbR0auWQ{Duk!1_leZ-i)g* zW3QgeN(2Tr$^{1Y>+7npoxO*Oor1E0p|b^@y%Xc2m*({DSkp!a_-9yb4Zbxj8+k+l z@_N_~k8)PnI*)xZg&Z=eoaBd>gztt=`)d}Tt9Jm{GgwoGsAGdh)8ncY;)@fI+Q#vR z{!oeE=iOl=*2n3h4$P)%d(8XBS^3&2z2A$S-^;0A*e3x0(|(-qeZS{zNa_^`deG+k zc)wN0@_Rom`FsZOdux3zIKO3HNuBEJ-dN%{AJDyvfO0I~{^Z`4eBMiX^?Vd}SDeK8 zJ%Rk*2Jk;?^>S-lsC3Cm7j$2Ba)GhO^E7ki1q14>xv#(8A3wpyU6*g2?m9{R^e;u! zz$I5}b`teBP0{X4^oy_GWk0VEd%Qh%K>Qc>bLM_lnLQtXT;G?a9?$-1&<8N_xkN4C zPsg)1r{7DJ+xvV;&+O@ft?ZK)`5X51OUd5CXLOd|s|nnCiQlV8@pIMl0_f&`^^y4< zRn^8DBu5=MBh!mf#P%zaP%QvY`JC&aop;!N@DIO;rT6O_u%>fG;#+B-S4+SE4GcXDBt=udRnAcf+4=VSGB( zknE4#jLSrj0v!%B79K6b8&i@DfDf8cD8=I>=?YbQ!lW^ZkQP#JwdN9&hqPE7;*dj>i)txO{XGUvf3#T=>)1;=CGOx(8rTp)!55^B_VwGD68IZ&U4tpA&g<;(@Tt7aQJL5vnRsAd1Tm@?DHs-CqG@K+LUY?0 zou3V>sOAwCQ5Q`agCvVn9q&9nyTxBe^E{RMHcMB{i?|TVBy;noc+#H5zGrKoo1R)s zgMfUL2Q;jq6lYoMZ_=a3&tzS_7K5A{1nmhTttYp;@R3=lRF~JSzqlqFSiW2E|B=8K zt1byZi~+)2@6EsxsJV^^FX!VB2tUqanFRd}mEUYgxgd$rF_ljtxvZQSG}uu)qv(dEdt|Te(RS$epmOQ)KYJz5Q{y!3 zQi|TM|AC?5WFi?|E$sR`%znxp$YvnC>2KVQyXS&8>g{RM{ID|R+HpTSE>p4dwDVpW%{+0JST%!I0p)w%@?Wzn@1upjtf9P-#Gmqfo}5p}_i0 z9~EBQE=l;_Cb#0zs3T4MzXREY^HIQk6Jx?;pp1F^g@!1RI0L*f5zD=TM5?W-zI6+y zm7HlMH?{@hc<}d;)5TvNz3XvQp!m&ls{7f5F=z1jXLk_~e&Slc6ajX8x(8*rS=r(2 zidS}q*Vlb#my`LwOXgM0FT`9643w)6f}JOha!(4mNon^?%qx$Ozak5vg5O-_*szA? zvLdfYTg=-veu|&w@vQ9mkGqDiF5h%!-8>bbV~oINJl?unp(|gup~!Lu)*Js4 zpi*(cs^zNV2-b(t+779H@u3(U;hju~F3AB#cua|`h3`)|3=E}edGrPpXE$Y|hs)p| zFG9#ZZXPP2AnqDU;eW>1cT_9_8k!Mi-M48 zbIK^iVlpl*R4H6<^C4NaUyvs9A0khsmi8D_RfCwUXG9I8L!%16D%bVOgB47?;8EAGXZ znLw@c+m|U&02Im0z=vU~_t8~JMWfMmRmiV~5!tX1el*72)`=1sq1li8T6|%5U;d!O zyTDYjb^Y;hSdCEmI%VFl^UE-k-u2-A#d9d=o{t;I3-ePQgyT7E30kxB0K8PuZIvd0 z&C*<@yFKLs(j4%qM+b(vyX|A&bw5NmuS1;9KK66Ban1N5pD{M;jMp(}CfKp4FI!>A z+6*_ncAX)l=i0x!o@qa(B9F!KzL|ci#Uil4?R{IGx=hQGK4pZ&`xOI#3g3r05RZcy zVqkc~BXKTjP1n1NyHW^gzT-$R#Y>QhF%K@dqQ_h_2@bX^Fu-ILg&QHKwTO_dXOZp$ zypH+G@|{NO>>cE{0U0mQDc`t69yI@&h+@xNb+4^ASPmVMx@@$Lx2>NBlKn}RDow{; z;29RupQ5@IV(=@7bw=*i3e-4vJl8ls7us8=FBBbC^{l@-DJ<|p?LIbc{D_-N=h)2D`&?zbn?Yct|FWmH!i}MZEdQz#^ z@M=IrV3!DqW_je^=*cNMkyrHgms&Xy->)A%BDQQz9Rj~lAkfF1JWdm0<<)YMe?*wQ zg2vIyDr00e+1bJ@$N2W!P%Thub`J*XOe0M}Zdj4sIe$m3P)EN(+qv)H_=95@BFDAQ zi^}~@Q$i-&9dJX&l}5V!-ghB8s2RQ?4j#@nSC0SdR%@8XyXhS4G#>}2unndvE&rSS z3o{O3C2?*_dmiHBT(sEdBxZ2D7B@dGBNG3OBXK#*$kFcy8Q3}}k9kwBvSLxzxLr=} zhRd_>w35@JEsPSQcm8eWUKTP9wys|3b}nIrvehATaQ`&@xEWv*hI738NWStb(}_t# z%%(E*(gf1Ot)Y@DP%0a#y?C$qxF(ZcLgpUQv1;W=bGmr6Q;Acbg{%*>C%PgHI2iQv zAWPqthE|+B;@9c6o_N7sdecll+nV}Q(}Uc@^opzzQhB3 zw(YU~)~=JZI8}Vw$g5vMgwv5c^VQ`<$#On^gc&i1s4*9z@;%{r?Xl6doGz>Lkw>%1 z{^7skJb8RtAKquf;?8C6*>(J!;8{vbUjy1C_GS8y2Dwi_`n)rMF0Qd@P}AwbUd(J! z8Q%8S+RoV?v2R~Ptu~2ObeDEHo#TmY)z%M^AE|bW7`DRhe^G=iDeprg_eK-Uj6&NZ zgoCAnA`{?Ax^w4()vub`U%5_WUvd3a$Lc}5tf?b`Qfm{zR%;Sl zEt~D$mIjAuKs|5uy@@HTNN=KT(Vrpeu2s zE)wKBSHKBAc%Tw_wDkpCkhD4Kf5&&bG&V{v#U?s^NAti-MZ>anai-cXm6i#9RMM8- zr&FLhI6-^5up=BA>sOHfCfh~f^W);f*joENCKI=8dUl2O`fq=B${)fq-{;~AlO*k~ zjf;bv;8WYzLNMB48woH;wn6iG6B+@u*q_Kebn4qkWa1qQM>?^zJaTNFz$+=QSa)hqQcczgYCQ!Bf&EVC zrH+kA7`^jA8Gdz%vXVa{Ic6UjFqqFqt(y(ZYJ6zEdogJ{;{Uv-?l_i6&aH)P??T+-J^ISw+Pc8Y5^@dL@0hwX!LUqFqpS! ze-7$wfjLyYf{(2{EqS)(uWP&^Fe}*!9)>Z2y3(j^cgCZ#1(>nyivGGJsdObV4_!PG z)=Ukq>p=dAdf@V@}eW(O3{9&ey)-o zPT74S>=9**sy{r_TMCZrX56Yc-T2(v#dCTQA^>v}mAi^ZByypeE@TyWr^D--kL0U% z-l8t9YOb-nB#YB%SS2%#vg_$ssulNmlfx@agCPD3HL#f^L>oIR3l_J1 z*AIDtcJ`3)H<2Gc^=39P^v~i~n1HU>r{T}tlpud?M@W68_h?Jzt#Dm{nhrMDVUUQ? zPS%+#2$i1y5enj+SO2|tKBgf9dnp~*q7lBp<2E_lt=`R<^Ec?Q2}rZ%NEw`h$%PsY zVF1z%FdTB+<$KfNpb-`AwyTLIt{o9tM}eG%uea^K&xtDdM%OpsVuraNxWMY`tGeLt z_Hat0DhMUxkZ5>{7FR0+s2vPwzk|-`!gws+^Z0%mg#BIBun{1@tN#O;bknucjV*<( zGpm5Oi>Zk>wtd1hiR;Q*lhZjLVJ9}Tcc}ZSiNV-*qj1?r_T|XNqwJ;5wK9rOMO<$4J)svckhjd#RtF96>RWi z>b)_j?$ya^{9K!`1#n{6yxTl1aPsU}IEpH~S!e}a+ZyAU_pknd~tR+=bv!s z=dU-i-S6faB-&fgq<$1kUqjU;4(E3tzs+GMOm&{;#p&u49iuArtPpgn7%i$4@Hs{Q zC?SVYM}|A02e8t3kv-nmZWG(iSRr@^8NTB&)SuTNAU#y^I!!R2v@3+y>OuPSl0Wyke5c}tLf~t)_g{rsL9$#nTa`%64Ioy-3 zIhmTVb$jv8qf~?&gTO`g+_184HSy)6dS!I?)a zsLo%!nCWx7DPYAjQv|bG$E(PAp$^kqaldb_YE{S;o<5&2L%$E;08-zEV>r2<3)0IG zX$I{RmxbMQ&4oscG;(xf_j!3sc&xb7uVkiI`nL-i(;izyEeV2~%FgvKTe|FZQ~IaC zhNx+f+dFFj2JtIbU_epHI%d*ZJzTy^Yj-Q6#@$VW&Xy|sbZV;jMyP{)B0QVNtLm== z@f)m1#`{jaQ9U7U- zmTy}r<^{>G)ehWAQ?MYDpCB;RESreJc>dywhDYG>KuGc_2f%Ccwg;JalL~rRb%&CB z$$g)){(PCBv@E4FFcz;|3FkE|b{kenHM~Y;q!` zBSqf-P7Lw$DqZ!s{{2xUviI;ebbW8YN%baaxr%X$+R~h7#9KHv;^1e4?u$2?eb1_q8e`5R9n;%k*4sRD5E)GNJT68;Zlinb!_yM? zKwIa<#=ZAWFY7iXCcI136DhzD#GX6qn+sqd{lt|u;JSFYi9Vs`fhwt{e-~+AmtTtW zfMGr*BL_b_K6qAtN(xtH@1j|>Xm2HHK$Q6y;cjI)rm9R|LsX)_C;?UB`)G5ons_Vo zzZe}REBRgui%4U#<8}F5YDn!Tn&hZORZXc=c&y- z&U@G}`DU$g)hwE0MZMtyTFgUq>!zCY+00PmVVc`)G4*|h?`ioNrC8=io4CkX6!?}T z2nEF$^1hw=_gqGlUfz?5f}aCDF08ny`oFxAM{yab4KEUWC4Pg=AI!~+y~Jaqp0za@ z#IE|B=F7yEc%|3KGOT>RbZ`G{il$C1AY|&ux{60R#$N7{#=;E2&Kmnr)j;t%5oR`D z)EfUfx!X%pg;>%Na|)(Gcg@+ks=xS^qK<}M66sY60X=CLdyOop>CBZ0n47kjGkzMc zE=iq`EY=z{4dX;^Bp|7PkA#UonY<;I3FR<-g}^o2RLG?VC7%8D_%3(%k7z$2PNC&+ z*`7TbvQGQr%Go{#F|4E1BT)4AbWwUwG!iFvv9zE&r$A8^uQZQ-p)4+QVLC!wgRY|{ z_)_#2e!|_#5aO8NYrfXM)?B6$*!n|Uekh-v4Mu z;T((TVKROmsLyJ)sX}<369JNP`pzud? zowJsGbzA2T$`Ww)Qq-#kZGZgYuOd6f93lx-yOI#hpjy*N0Tlh7cR$7vYczg#Akao3 zyg8f_eb~zo(anI>c-`CV$w_&0A-=25SfZGh@;M8_8&-=spo(Rku}tT%+MK1WOHr(3 zHHc%vlWiPu>>k+C(^>s8g0W?AH^2N5eamP#ykBLn=G(k_;NDS%kvz&t=IW*Rll~?? zWspdNvWMxE`1G}KOs@DxOW>cbEr#zAG?GMD7f|^c)rTBJnm%}-LOA^bUR#c~8EnT` zPg)tF*{2zYsVAo!anFtr24hKAH6JzYjsRbJ zexmcjzwtFLPpjx39teXl!Y9j^*m#+Vdq1BPtCW{oDaXdcs-U6{9dtW!gE(%G)sSsQ zEOj@7$T>B~_e3QWXQ{m!f|t_~hNPUzX*NwGJ?=JmMVS%uewdfCqXq}1n! z1DR}d!BH=+Vn&h5%g0n!J5`sn^L3&jiI@+)zFA?Rry6^UPbbfum~~Of&-VUmxDd-7hfG_-E<$@eVNioeDN28h?zs; zwTOASjuwpOTSIB@_MiN9?~JxOA3b$4iP8o*ylWVtU8{1v^kd)r{kHACcN*d2Q~bL! z_KAEy(l%er_N~8RIIfda`@`BZ8UBXJ2$^XKKs5>$C(brD?sAAUoO4&`35^5nSHk5*x-!yAZ z6=6Z=S&Z?)*F3|i)Rx?T*mB#k`Yc}SoRXaP@p@cRmQm=)?&h%%X%Bri!)BAF#F3mc zg}M4;penvl{bzcoY=Kz1*oS!T+)#+LICCtU87SK+k>zi(?ykl6MQIlg%nRdt#2W4G za148VYbyNW-==VVS2V4hObeTdC6e&23|0<2abMim%8yRuJ1Gy&9!uCO&%HVk$L3$l zG1O)6QUU5YgrH*cNIXI;74Dq+)tCM_s{XBZnO>PJ(VxAfYMJ|GOIrhNn5*etix;9A z9>r6I()hg!=oAjJM~D-fkEZn#j6P^wNj1f0kVZn$>bvE&l9P!par%Y%%nr_N_%gS@ z3e!{$?u+m>r=6p@PjnxB%dELXp|@CCN@MIr8e*w-4cc42BCaQuANeLKaSL$Amo3Fb zj=h#_3*7iguA)>DN*c!P1$aZa#!V)5o-P^%o_D>?mS0ZTQqv72=ecn&4ja7l!d|T$ z^HUvpoYAdNZx8}O zBV)W+_F)7`7Z#n}I(S)!BU|MQDW_}B>Q3lGk#F<45TzM^QCAGX}MWJZ6= z*v+W>z94!9`SR^dK#FSQ%u0qfAM8d5snZE*;i z-!8|FZ)1S;RM`Vki!XOT&*1uD2)N4Gm$MX-;+ZS)^F1fsVuMTM?`e{HYWm<>kqgJo zYOD5_mYQ(^-6uA3mIQ}{P=ok@kk-p_;Azw&;J$I%hhBZzDi^eb@|9Rmiuw`?|33A; zJ305NN)l~t`OvuD{jIztWy2?A8Vs5xRZlrT@wyFW^8v)?7XF82SkN)r;hN8gKL0Gb z+e3^CIG13HLq^pxo~lP=UY9U9n7r4JLHKrC_lN;ecotMBvor~Z^CN3Z?!%ow&O8Q4 zH@_khtfzD+HBEX(P#@Pe$&$ika^^B*B}?Dg<%*ouK4lV$b}i>t0%@DYPm`-ou#MC9 z+b{PciHO4(X(<}4)J&3 zw!Hx|?#e;@3scw2lt>63-dTP9 zCpQW_Z!R{7ZS;22UplRC&QIIHq>}TrlIxdQ08b!RKzUZ*@6^(K2NJ}7PMr`pcm2D%3-@-TKEL8Pm#;V2@@e(Mb|Zf8m2c_N zF$Q#p?BA7Y07UHFeiQnJ5hx06w;|&LnpPaS*D0&{9vQej!GN>LjQ%0D^b~?a_fxs{ zi*gy#0lB!8rB}X6-b7m0l~`60Mb&AcqqKik;HFM;pPLi8-*Jv@zU`6{PRcpN zz665-ZSz;5J=WHNWNxA}G8*1=%#>rWU~zbl*81O^2&($Ozgv62j`N;GY1cHK>MF#i z6*~t0YJ;zs@$JBlFSmAMVW0a<9LHIbn;&^&Z%hVcLVL zepW+`7}wYcZ@5Z-d7E~E77fsqT4pIqL}~D&z`#~mJTrl_!E2MyUk|yVwasZ7B8&89 zR%TE@eiQ@mD$Rz%4YB|NXL84OFbC@cRlozHaU)zZijB1cFcJnmP6d~>heR%K{mmu5 zA4=jYDzuf*X!<*iZiHC4V8mgCEW`cKkJb78Xnih>b<0|(Ff$@2y{l#PV_HX&^4n6K zgYMG>NK5KIRqk>sgs8vC1d60MD9oIHQA9;fggnE?1@N1iL{i{QWvbC~yA9Lp2i7AU zEqiOaW#PU7Rq?=@okGw{0c2`qvm)-y(CGE{!O^K*Kb?COujL3E3`oTV>cXxCTPwfi ziv2mL81`9Gd(9{-XraDdkpd8Sd4(4u-}DKbwzw|u`bX{8j!|#MblJy93@iOW=a3%Nt0Nfjb>?4+u%#eI zG-gDS#DufzHkDr?c;htOo6vskfgUs}-6$i19WD>>Sesn^D~;MdOhqxiY04PNGIw^_ zGfp!rxH>}W5#iZ>GGF}CfH-06u|*cR!1UHt>&5Ea7->?5xwx4omr7yW6I8SwnO&Q? znGIQGv!z&rAEAt~?3IF$g|PE>%uxriTI?o9$mZ#*D>6J!beZrUTgFUmCN@v%B+C?A z@os2*Pk~|BjhlaIx!Zx_NO3EJRwE-6SB!xu3-s3n{Mvp%Gg}gSw}YqS7j1G2h7~hA zY?Yj>Cl8Wl9X3;uTma$XbW1|S!GI*(^1V5|h%kLdtxCA%g~ann2+%fL+2nkQBFsqZ zMLjspYOta8qe)v{%RCV8t|Wk<#M3(x=wg+$7X3L^8bI?SgGV6!z&e>g&S_X`wuI9O z@VAt6{JwM{YXdI$&(s#U)?)e?;gXXLu3$A+2MFB=d?&*GY|9 zF>Y|`p8ow7fh?0218yOsFVqW3Z+Br;(YZ^xRCpLNIFul5FW!DdV0z)Uvd;N30le1M z7^<<6A=Q}7r!!;)u4}5VG6$4A(PSK^{K#ON+jBqJ><2Jme9Iah(xs@z@l0w-zJg@>nicn{2LQoM5jmdERNmh1crgEcWlw z^E5pQLpa3_<42r%q$b%E&aS=;d>@*}4&P%>E}3O3Q}7`_Y)i1J4Iv^=UpQkon2C_VQ6%i2tC)T(oI zINDXSQCik26e!QjL#LSMnS{g}Igmu`5T(c_LxN6oXA8x`Wj z@kcF6ehEN>T?OhCGiyY5h8lZNv0j z5)rO+_gs_wRZs1WrJZ3IEZ_KJxY$JGSFOgN^AVTyBb^TX9!}0X-G;bWu(i`D7+>@3E5(=9qmL_83kH_9*H{BW*nrHm-Wb zb!V!nsF^Pb<|;=%uRlpIU(tC7q}?Xh`O7v51G98)dQ+d@uvJj|F6=8M(W=1%W&3M; zBa?rPx*K4LQULvJ@2mb+bd}$h*OrlTEOwE7qrsq-boqlozF;W_Ym6L#@_MoODp$oF z|9ro8DK^1wp&GgyysSB*5-%+*?-vJQVs213JtMf;7-L^LKfrwN8&gR`8YDmSZk!i| z45wzNDZ0F15o7gUsq6U1EZ$QNnKQs3wuPHEeJz4M|G!@v}Pml6s{Dc#T1Sqw5YcxMqm@v&f;aou@VPoSc;ET7BZOvp>GR zDh9%c3!aGTy*jMpBoEc!++zXGNK$R*mX!}2xwK50L0)RLQ;AOpPU#1dI1O34#hvwg z?RqZ{P6X*T&iBRxIUsz~2i2_ZUQhY$4pN^bZn6u9{tCbUCT~1aqt%ANGfzIh#84z8 z7#Q4_ypgdpH#c?skD$?2?u*T2_|;X@_{ks@4`vy_t%PWq;Hs{rg<7y7oDpP9X7GJ2 zo-yCK>2njjK7bZu;@173>kv?;xDHpfwFn#4*Fd**{_*o@rN%@r|D8;QPG$Q!42h3< zV6XLV7^sl-z@WvV*RL{F$%g9<1;~Krm;33`#JX_4MWO+$>CFPtoB_ zOSXT9OSCO2B54_rVGk|D|I}w}zoJ3?u--$8=}B9omD{@i{l>XwcyaIelK(pC`fBCX zYRK$)Iq#@ND>*4eEzKu%)n5)B@iZB*l~`5$l09kANP8- zzCk9r0b`FcEIoJl@?i(3H&E^}$t;D>in|CzJ+7S_N`6XaVcgo+X`zj=HOzHMLc+5B zu;+Qii3sRl(l*IhHpb_h$zmT?_`Rm2z@+_RM=@)_I)lpb1G5NukAgNwgwH?GOg{JJ zm0j)f^S><5Fxcn_m)hIh`;|7R2E3yQ&C?-mf<{Z;=@_mlUjuzGIf<4cRcy@ zW$utpPr~X!<;xT0C&?e#FxPWENKc>4b#rTO3A`$qpXI;_ed=6Hg(p*bQryuuq(jSe zI1-DenZx0qKlvay%l-jK+&)TTLr@M+J0K{TIscqP6cpz%l^XF0r(LQEF2Y4`(CB4h z(5SVbQ(Dgy;ybkUscq&v+nC{Kg* zl#@I5)+mt>|C^@Xd$A7RrCNmR6-#UCxA_F6(1muCFFv?AKGFx&tXIUAC0{hYSa!V# zKV&o7O{oHre$2Hw2~!G3PiNkap+gxlX}!+K9pim&46k`)Pv=+{#DEJU)i6zN56un3 zu&{_@_29wPc!#O;$4wfY<#5Q@zYm{UT_HT5nEBM9%T3hCM`X>x zpgSpwbUKc@J-qLhKavv4u@x8M&~hDz=EDn75u3(%w2%eDES5?rgiU2*)66e5rp$Dp z()q3smd#}pFLt%BV*f=da7`r9FpZcH6`-MFQC1+iq^y{`vkrxL8{e9fIj%;7q#W5` z1Fc3#b%=P)v2J7#vLQ9X8%Lh;0z)~K+wjS<%(sY*M_87wE?5JATjU{9-}U55t~CGE z>HJB98%m{-gdiZuc`f1Lcf4eHDIwb4N=0O|e>Bw5DNuW=K~^`3=9gG84g78#a;#9fz(o^25T9Fu0>k3E(Z8TU1^BLwqpfjb8fwy z;s*z^=zB$igZt366Tz;ud1EW!41<>TIi*yPvWR1ACDPt>m` zCSSK~_phexyL^O*O#a9qM)VXR^U%81=}IL`tnB`$%)fUa4DeH!XUKajlH^lPAf2f` z>aOMQvW&~6Cv}-Uff8mo37&oISh5TbHMgMcuVxaC#fYp3D?m^cU###OrWI7eJ&eWY z0$V|MhgW`2$34EQRmisd2+z)gY^iLVK|Z5_!Vt@?b(9vh6R~pow^a-bnQEoPcE97IpocnRe4|`bLp#H$(lj-R-m>RI zA{E^e{f_46DUOgXR;;XEYn1_+YiL8qko^WaoRiBaD~WcjQ+Em7Tvju4%)TVuT3b8HL#EN9ro&%ZFsi9ZI_A za+mv)?c4eajjd`RCa1W4j|2WIsSO)e=D%CrlN2Z)E-r97_l zmYe#a^mYQki`iJ}%uo4<GnZoHe+e$FPz-+a4dk z<+Bu_h#2M$Lg;VQEZNHu;YkaQ83SPO+(Fwf5MoYV{!V31U5LZzTob?Zn5*&jX$Sr~ zbNaZI=~HIOrpz^q|7^XV?A`2kJ6y5&hobA!8L^_pDFKWys_)NQ-DO@;sO kxc@IL?!Rzz9N_=II^F+cy7~t84GjA0cVSiVKc=hy3x8)4=>Px# diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 83ab21098..cd600392c 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -1,9 +1,9 @@ <# -.SYNOPSIS - A DSC configuration file for domain joining storage account + .SYNOPSIS + A DSC configuration file for domain joining storage account -.DESCRIPTION - This script will be run on a domain joined session host under domain admin credentials. + .DESCRIPTION + This script will be run on a domain joined session host under domain admin credentials. #> param @@ -58,15 +58,15 @@ param [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserName, + [string] $AdminUserName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $StorageAccountFqdn, - + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserPassword + [string] $AdminUserPassword ) @@ -124,144 +124,97 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserName, + [string] $AdminUserName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $StorageAccountFqdn, - + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserPassword + [string] $AdminUserPassword ) - + # Import the module that contains the File resource. - Import-DscResource -ModuleName PsDesiredStateConfiguration - if ($IdentityServiceProvider -ne 'AAD') { - $secStringPassword = ConvertTo-SecureString $DomainAdminUserPassword -AsPlainText -Force - $DomainAdminCred = New-Object System.Management.Automation.PSCredential ($DomainAdminUserName, $secStringPassword) - - $ErrorActionPreference = 'Stop' - - $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) - . (Join-Path $ScriptPath "Logger.ps1") + $secStringPassword = ConvertTo-SecureString $AdminUserPassword -AsPlainText -Force + $AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $secStringPassword) + + $ErrorActionPreference = 'Stop' + + $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) + . (Join-Path $ScriptPath "Logger.ps1") + + Node localhost + { + LocalConfigurationManager { + RebootNodeIfNeeded = $true + ConfigurationMode = "ApplyOnly" + DebugMode = "All" + } - Node localhost - { - LocalConfigurationManager { - RebootNodeIfNeeded = $true - ConfigurationMode = "ApplyOnly" - DebugMode = "All" + Script DomainJoinStorage { + # TestScript runs first and if it returns false, then SetScript runs + GetScript = { + return @{'Result' = '' } } + SetScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + try { + Write-Log "DSC DomainJoinStorage SetScript Domain joining storage account $Using:StorageAccountName" + & "$using:ScriptPath\Script-DomainJoinStorage.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn - Script DomainJoinStorage { - # TestScript runs first and if it returns false, then SetScript runs - GetScript = { - return @{'Result' = '' } + Write-Log "Successfully domain joined and/or NTFS permission set on Storage account" } - SetScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - try { - Write-Log "DSC DomainJoinStorage SetScript Domain joining storage account $Using:StorageAccountName" - & "$using:ScriptPath\Script-DomainJoinStorage.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -SecurityPrincipalName $Using:SecurityPrincipalName -ShareName $Using:ShareName -DomainName $Using:DomainName -IdentityServiceProvider $Using:IdentityServiceProvider -AzureCloudEnvironment $Using:AzureCloudEnvironment -CustomOuPath $Using:CustomOuPath -OUName $Using:OUName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn - - Write-Log "Successfully domain joined and/or NTFS permission set on Storage account" - } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage SetScript: $ErrMsg", $PSItem.Exception) - } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage SetScript: $ErrMsg", $PSItem.Exception) } - TestScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - - try { - Write-Log "DSC DomainJoinStorage TestScript checking if storage account $Using:StorageAccountName is domain joined." - $ADModule = Get-Module -Name ActiveDirectory - if (-not $ADModule) { - return $False + } + TestScript = { + . (Join-Path $using:ScriptPath "Logger.ps1") + + try { + Write-Log "DSC DomainJoinStorage TestScript checking if storage account $Using:StorageAccountName is domain joined." + $ADModule = Get-Module -Name ActiveDirectory + if (-not $ADModule) { + return $False + } + else { + Import-Module activedirectory + $IsStorageAccountDomainJoined = Get-ADObject -Filter 'ObjectClass -eq "Computer"' | Where-Object { $_.Name -eq $Using:StorageAccountName } + if ($IsStorageAccountDomainJoined) { + Write-Log "Storage account $Using:StorageAccountName is already domain joined." + return $True } else { - Import-Module activedirectory - $IsStorageAccountDomainJoined = Get-ADObject -Filter 'ObjectClass -eq "Computer"' | Where-Object { $_.Name -eq $Using:StorageAccountName } - if ($IsStorageAccountDomainJoined) { - Write-Log "Storage account $Using:StorageAccountName is already domain joined." - return $True - } - else { - Write-Log "Storage account $Using:StorageAccount is not domain joined." - return $False - } + Write-Log "Storage account $Using:StorageAccount is not domain joined." + return $False } } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage TestScript: $ErrMsg", $PSItem.Exception) - } - } - PsDscRunAsCredential = $DomainAdminCred - } - } - } - else { - $ErrorActionPreference = 'Stop' - - $ScriptPath = [system.io.path]::GetDirectoryName($PSCommandPath) - . (Join-Path $ScriptPath "Logger.ps1") - - Node localhost - { - LocalConfigurationManager { - RebootNodeIfNeeded = $true - ConfigurationMode = "ApplyOnly" - DebugMode = "All" - } - Script AAD-NTFS-Permissions { - GetScript = { - return @{'Result' = '' } - } - SetScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - try { - Write-Log "AAD setting NTFS permissions on $Using:StorageAccountName" - & "$using:ScriptPath\Script-AadNtfsSetup.ps1" -StorageAccountName $Using:StorageAccountName -StorageAccountRG $Using:StorageAccountRG -SubscriptionId $Using:SubscriptionId -ClientId $Using:ClientId -ShareName $Using:ShareName -StoragePurpose $Using:StoragePurpose -StorageAccountFqdn $Using:StorageAccountFqdn - Write-Log "Successfully applied NTFS permissions on Storage account" - } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC AAD NTFS SetScript: $ErrMsg", $PSItem.Exception) - } } - TestScript = { - . (Join-Path $using:ScriptPath "Logger.ps1") - try { - Write-Log "AAD NTFS permissions on $Using:StorageAccountName configured." - } - catch { - $ErrMsg = $PSItem | Format-List -Force | Out-String - Write-Log -Err $ErrMsg - throw [System.Exception]::new("Some error occurred in DSC AAD NTFS SetScript: $ErrMsg", $PSItem.Exception) - } + catch { + $ErrMsg = $PSItem | Format-List -Force | Out-String + Write-Log -Err $ErrMsg + throw [System.Exception]::new("Some error occurred in DSC DomainJoinStorage TestScript: $ErrMsg", $PSItem.Exception) } - } + } + + PsDscRunAsCredential = $AdminCred } - - } +} - $config = @{ - AllNodes = @( - @{ - NodeName = 'localhost'; - PSDscAllowPlainTextPassword = $true - PsDscAllowDomainUser = $true - } - ) - } +$config = @{ + AllNodes = @( + @{ + NodeName = 'localhost'; + PSDscAllowPlainTextPassword = $true + PsDscAllowDomainUser = $true + } + ) } - DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalName $SecurityPrincipalName -StoragePurpose $StoragePurpose -StorageAccountFqdn $StorageAccountFqdn -Verbose; \ No newline at end of file + +DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -AdminUserName $AdminUserName -AdminUserPassword $AdminUserPassword -ClientId $ClientId -SecurityPrincipalName $SecurityPrincipalName -StoragePurpose $StoragePurpose -StorageAccountFqdn $StorageAccountFqdn -Verbose; \ No newline at end of file diff --git a/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 b/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 deleted file mode 100644 index cb3a961e4..000000000 --- a/workload/scripts/DSCStorageScripts/Script-AadNtfsSetup.ps1 +++ /dev/null @@ -1,110 +0,0 @@ -<# - .SYNOPSIS - Domain Join Storage Account - - .DESCRIPTION - In case of AD_DS scenario, domain join storage account as a machine on the domain. -#> -param( - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StorageAccountName, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StorageAccountRG, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $ClientId, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $SubscriptionId, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $ShareName, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StoragePurpose, - - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StorageAccountFqdn -) - -$ErrorActionPreference = "Stop" - -. (Join-Path $ScriptPath "Logger.ps1") - -Write-Log "Turning off Windows firewall. " -Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False - -Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Install-Module -Name PowershellGet -MinimumVersion 2.2.4.1 -Force -Install-Module -Name Az.Accounts -Force -Install-Module -Name Az.Storage -Force -Install-Module -Name Az.Network -Force -Install-Module -Name Az.Resources -Force - -Write-Log "Connecting to managed identity account" -Connect-AzAccount -Identity -AccountId $ClientId - -Write-Log "Setting Azure subscription to $SubscriptionId" -Select-AzSubscription -SubscriptionId $SubscriptionId - -if ($StoragePurpose -eq 'fslogix') { - $DriveLetter = 'Y' -} -if ($StoragePurpose -eq 'msix') { - $DriveLetter = 'X' -} -Write-Log "Mounting $StoragePurpose storage account on Drive $DriveLetter" - -$FileShareLocation = '\\' + $StorageAccountFqdn + '\' + $ShareName -$connectTestResult = Test-NetConnection -ComputerName $StorageAccountFqdn -Port 445 - -Write-Log "Test connection access to port 445 for $StorageAccountFqdn was $connectTestResult" - -Try { - Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" - if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { - $UserStorage = "/user:Azure\$StorageAccountName" - Write-Log "User storage: $UserStorage" - $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object { $_.KeyName -eq "key1" } - Write-Log "File Share location: $FileShareLocation" - net use ${DriveLetter}: $FileShareLocation $UserStorage $StorageKey.Value - #$StorageKey1 = ConvertTo-SecureString $StorageKey.value -AsPlainText -Force - #$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ("Azure\stfsly206dorg", $StorageKey1) - #New-PSDrive -Name $DriveLetter -PSProvider FileSystem -Root $FileShareLocation -Credential $credential - } - else { - Write-Log "Drive $DriveLetter already mounted." - } -} -Catch { - Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" - Write-Log -Err $_.Exception.Message - Throw $_ -} - -Try { - Write-Log "setting up NTFS permission for FSLogix" - icacls ${DriveLetter}: /remove "BUILTIN\Administrators" - icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)" - icacls ${DriveLetter}: /remove "Authenticated Users" - icacls ${DriveLetter}: /remove "Builtin\Users" - Write-Log "ACLs set" - - Write-Log "Unmounting drive" - # Remove-PSDrive -Name $DriveLetter -Force - net use ${DriveLetter} /delete - Write-Log "Drive unmounted" -} -Catch { - Write-Log -Err "Error while setting up NTFS permission for FSLogix" - Write-Log -Err $_.Exception.Message - Throw $_ -} diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 1f22afba0..897f80401 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -63,11 +63,13 @@ $ErrorActionPreference = "Stop" . (Join-Path $ScriptPath "Logger.ps1") -Write-Log "Forcing group policy updates" -gpupdate /force +if ($IdentityServiceProvider -ne 'AAD') { + Write-Log "Forcing group policy updates" + gpupdate /force -Write-Log "Waiting for domain policies to be applied (1 minute)" -Start-Sleep -Seconds 60 + Write-Log "Waiting for domain policies to be applied (1 minute)" + Start-Sleep -Seconds 60 +} Write-Log "Turning off Windows firewall. " Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False @@ -169,11 +171,14 @@ Try { icacls ${DriveLetter}: /remove "Builtin\Users" Write-Log "ACLs set" # AVD group permissions - Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" - $Group = $DomainName + '\' + $SecurityPrincipalName - icacls ${DriveLetter}: /grant "${Group}:(M)" - Write-Log "AD group $Group ACLs set" - + if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { + Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" + } + else { + $Group = $DomainName + '\' + $SecurityPrincipalName + icacls ${DriveLetter}: /grant "${Group}:(M)" + Write-Log "AD group $Group ACLs set" + } Write-Log "Unmounting drive" # Remove-PSDrive -Name $DriveLetter -Force net use ${DriveLetter} /delete diff --git a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 index e94542dca..699b64d5a 100644 --- a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 +++ b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 @@ -49,11 +49,11 @@ param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserName, + [string] $AdminUserName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [string] $DomainAdminUserPassword, + [string] $AdminUserPassword, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -66,7 +66,7 @@ param ( Write-Host "Add domain join account as local administrator" if ($IdentityServiceProvider -ne 'AAD') { - Add-LocalGroupMember -Group "Administrators" -Member $DomainAdminUserName + Add-LocalGroupMember -Group "Administrators" -Member $AdminUserName Write-Host "Domain join account added to local administrators group" } else { @@ -92,35 +92,31 @@ Set-Location -Path $LocalPath Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Install-Module 'PSDscResources' -Force -if ($IdentityServiceProvider -ne 'AAD') { - # Handling special characters on password - function Set-EscapeCharacters { - Param( - [parameter(Mandatory = $true, Position = 0)] - [String] - $string - ) - $string = $string -replace '\*', '`*' - $string = $string -replace '\\', '`\' - $string = $string -replace '\~', '`~' - $string = $string -replace '\;', '`;' - $string = $string -replace '\(', '`(' - $string = $string -replace '\%', '`%' - $string = $string -replace '\?', '`?' - $string = $string -replace '\.', '`.' - $string = $string -replace '\:', '`:' - $string = $string -replace '\@', '`@' - $string = $string -replace '\/', '`/' - $string = $string -replace '\$', '`$' +# Handling special characters on password +function Set-EscapeCharacters { + Param( + [parameter(Mandatory = $true, Position = 0)] + [String] $string - } - $DomainAdminUserPasswordEscaped = Set-EscapeCharacters $DomainAdminUserPassword -} -else { - $DomainAdminUserPasswordEscaped = $DomainAdminUserPassword + ) + $string = $string -replace '\*', '`*' + $string = $string -replace '\\', '`\' + $string = $string -replace '\~', '`~' + $string = $string -replace '\;', '`;' + $string = $string -replace '\(', '`(' + $string = $string -replace '\%', '`%' + $string = $string -replace '\?', '`?' + $string = $string -replace '\.', '`.' + $string = $string -replace '\:', '`:' + $string = $string -replace '\@', '`@' + $string = $string -replace '\/', '`/' + $string = $string -replace '\$', '`$' + $string } +$AdminUserPasswordEscaped = Set-EscapeCharacters $AdminUserPassword + -$DscCompileCommand = "./Configuration.ps1 -StorageAccountName """ + $StorageAccountName + """ -StorageAccountRG """ + $StorageAccountRG + """ -StoragePurpose """ + $StoragePurpose + """ -StorageAccountFqdn """ + $StorageAccountFqdn + """ -ShareName """ + $ShareName + """ -SubscriptionId """ + $SubscriptionId + """ -ClientId """ + $ClientId + """ -SecurityPrincipalName """ + $SecurityPrincipalName + """ -DomainName """ + $DomainName + """ -IdentityServiceProvider """ + $IdentityServiceProvider + """ -AzureCloudEnvironment """ + $AzureCloudEnvironment + """ -CustomOuPath " + $CustomOuPath + " -OUName """ + $OUName + """ -DomainAdminUserName """ + $DomainAdminUserName + """ -DomainAdminUserPassword """ + $DomainAdminUserPasswordEscaped + """ -Verbose" +$DscCompileCommand = "./Configuration.ps1 -StorageAccountName """ + $StorageAccountName + """ -StorageAccountRG """ + $StorageAccountRG + """ -StoragePurpose """ + $StoragePurpose + """ -StorageAccountFqdn """ + $StorageAccountFqdn + """ -ShareName """ + $ShareName + """ -SubscriptionId """ + $SubscriptionId + """ -ClientId """ + $ClientId + """ -SecurityPrincipalName """ + $SecurityPrincipalName + """ -DomainName """ + $DomainName + """ -IdentityServiceProvider """ + $IdentityServiceProvider + """ -AzureCloudEnvironment """ + $AzureCloudEnvironment + """ -CustomOuPath " + $CustomOuPath + " -OUName """ + $OUName + """ -AdminUserName """ + $AdminUserName + """ -AdminUserPassword """ + $AdminUserPasswordEscaped + """ -Verbose" Write-Host "Executing the commmand $DscCompileCommand" Invoke-Expression -Command $DscCompileCommand From 9d5c5bdafa1368f0322a782cad76551e959ccc2a Mon Sep 17 00:00:00 2001 From: Sven Aelterman <17446043+SvenAelterman@users.noreply.github.com> Date: Mon, 30 Oct 2023 20:48:59 -0500 Subject: [PATCH 017/117] Enclose SecurityPrincipalName in `"` Delete unused variables to avoid Bicep warnings Bicep linting --- .../bicep/modules/storageAzureFiles/deploy.bicep | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 0eb4c9cc3..ce8bada79 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -99,7 +99,6 @@ param storageAccountFqdn string // Variable declaration // // =========== // var varAzureCloudName = environment().name -var varStoragePurposeLower = toLower(storagePurpose) var varAvdFileShareLogsDiagnostic = [ 'allLogs' ] @@ -107,9 +106,10 @@ var varAvdFileShareMetricsDiagnostic = [ 'Transaction' ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' -var varDirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varSecurityPrincipalName = !empty(securityPrincipalName)? securityPrincipalName : 'none' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${varSecurityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} ' +var varDirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS' : (identityServiceProvider == 'AAD') ? 'AADKERB' : 'None' +var varSecurityPrincipalName = !empty(securityPrincipalName) ? securityPrincipalName : 'none' +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName "${varSecurityPrincipalName}" -StorageAccountFqdn ${storageAccountFqdn} ' + // =========== // // Deployments // // =========== // @@ -136,7 +136,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts activeDirectoryProperties: (identityServiceProvider == 'AAD') ? { domainGuid: identityDomainGuid domainName: identityDomainName - }: {} + } : {} } accessTier: 'Hot' networkAcls: deployPrivateEndpoint ? { @@ -172,7 +172,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts privateDnsZoneGroup: { privateDNSResourceIds: [ vnetPrivateDnsZoneFilesId - ] + ] } } ] : [] From 736f9ebe69e901e87b512d435ee2514669a565a6 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Tue, 31 Oct 2023 09:00:50 -0500 Subject: [PATCH 018/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82660 -> 82667 bytes .../script-domainjoinstorage.ps1 | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 7d84066898a1e5193b6818f2d8e9683da00eab09..09e14d48d56992ce9d7e826105c80d80f5df42cc 100644 GIT binary patch delta 2245 zcmV;$2s-!Vg$3({1%R{x*fw_m^73c{aGM&oc8;_t1#TriQsj}re1bE(*jLpO?Kk>>cBR`&;C?{qkx3`Zxl zVVFY1GzU3_ZvU5l2s+{^Q$p@SY_WbNEbXwE#R8^*!Gc9|k>cJI@;P_wgV(RN|ML1( z#uQt0P{O~)^o!?Qb&gpYGXz?}e*v^|Rq&mkX~8*51it4dGCwJjWTXa*EMIl(N1ZE? z&VGiLv&I>7f{?q`qTffr=_iDLLG)fCc$yF6hf$|2(a(Twg*+;h$X8>0j6}u~=a&~$ zJS;ACq(qhrnLeiev$5w)@t0S*S75j)#(0S6?~to25%IB-e^(;r>Scx4 z9DaGXjLu#j(@7rviRMbLh)WAi+GS;2_@47CzjkHA+3Q@QgtJW z`my3uu6P=8l;WXQnMX?k=n&2N6lJKa$r1D0JCd^*S3#!tJOd`C(D`2IfR6;)?sog_ z9r%Xoea3X=J|cj3C{=`-f5J@3B7;mOB3eO_kzpD&*qUYb0p3h;B{#mQZ2!zePTTQg zN#zDZa1FVHOC<9wLsp8Rvj+>27CGM`*f3`*_rrwq416RQnZ_DEynX%ZmLyaJObV5f z06Cq)XOYHosbMM|SBWdK#~-BZ zGC{=-i4IBXFx5FCps%AZ6mDzhQAEQ@@rmc)AB$8hip4os8cz-OgCBzT!T#Gl@DHtj zN|a+67o>;TJeEt`Fy~3q46+}*3m$>!-UKd4^`i^RqWsu8^xIOZFORM}kn`rf5m0Vvrb?e#tEk$ER{L` z2t+zpypKr}8D`7Y0qV{HgvORDSpmCZBB4y74y@ZZof>A1Ys++CuqP6PJy#I z0YCz&qEh$~f3VS%RNH-m3(FR*`)-+y-TI!oFkDWj>Eq$RdY?VG ztyBKBz+m)8;UQ-^Ruk|Y5!!aI$1-*)5{v=xPBqJe4eX#F`bYgRn9u=u>&+A}T$PX> zIl}MueZy2CSxqU^XfHGP@!C<=V(^j9E+tXv)-9Pof7JEbYKizq8$Q-0-TvtES43H7 zZreWh5~j5YVN8lehDAepZTL5Qo@0sh-JWmI`X#W*iVGWBcer(KeNYwW{*T> zP0*MfEK!`rtLg;9eG`BZ(g?{(O2?oDR zcJSS+e_?#r^l!*PX38ze()sF2gH3WbI&M=(6DzIy1#5F{-R8b$(@;gh{+-`Q&&}bl z(d#LcrN}ib_XaA@oq4@Mw|Y?T=JeRwHZ+XZ*84wf#|m0riupuRjO=@o&^PxrY|`4d zmbzDyRffG-8P@J)8~l-)u~gicO2U$}ROEd@ev`ny~IVYgOj`08ERY9FPUqZN_*eFxM;(lng()w+jif|s~p6LYe|C-tZ`p*p%rAVk=b3)7b~i$YVPXyv7pQ2;z2G$lr8w84 zhoJSX;_2I_8ML2tJhUOc^ z7ZMfp{(3e%nhZ}ax_1-1RQjQvGsRN6u|VJ9QWz~$?#>UaU7%+|unGX+Yo5>uuApGfM zG!BO${@&`#1rsU!DDkf_mx|3ebfZWXX^x+1b$<}{PKV>kaCAZ&hABi$bC6T$_J8Sz zpd+3#CFCx|7VB5S(hiGREMOWKELb!bDeg@npL4f9c>QYoFRx!^OtD1=CH!klzj)47 z=a{82L!cELKz}P&1>gCZ7M!z0;Cp@|^OGV;MryFg@>R!v)VUJr>}O~>Yn(AB2)S!5 z`h5hPenR*cMDHbnr};2`70|0Y z8+*w-L5`QsQFDt~>@XNbpboTO?u4u-E z%B22%uw6kOevQ+Y#qZt}iuV#(#DnxoD48xevE&X3X$_Q;svA+(j}@PC#nXtR6c4q^ zJX#V!hiKNPEJI~YjhNrwk(|xA3NpRt889)0&i7IWd?e6zx7%;;z&BLyGnO;=5dpkI zsUp-AW`9Z+8DugM(F%%;4AZE=)-1CR@MelDx$#Y9`)4L{+KwMfDmNH{Yse*BBAI6y zvQiA4Jy?je$oUSzhB;HYA10h<;3L7vG}iFp?dw;!B%vZ;QmB*!$mtY5i!_!?4O5}` zk|jw12o>_&KjHbIdxs`ZMZ&=^f7nFdg>i9-dVk@+N?egW{vc(S2`Y9-bVyQ%sm>7r zeI0$FbXz-*G8#^bPdo?zSfpZ6EY7*o7&X`rehA(N`)~KaKeYZSQI2I?kRE39ST1qH zoF_>$$bRrHcm$$*6SySRk1i~m@?-1JZ%e7ZJi6|bYgyomJIRmb8~=*=*6)Y+6VAz? zn16O}4lzRdZ>visVptfVlpHPh;h!Qqk`bfwz@k9U`MtSF;$hAg;3{Gq+L}0(68(z1 zuwcQf0sk?$5mZcDgX;_{+3zYGD6Tj(NC^(Hkd4uPpKDBP^R`ivb;A~A-&)7onu;A( z4+C>htLGY~*OS?5BF7-Np0hE?OnG94J~i3DNe3L@Wy)37@M7Gu2&Btk}_kPT#_ zVS!zfSi!AEAUD^YAH#AkqB$%@k{HYqkiI^uZqS%akh3qCv=I&fNFY^IN-%}Tc%PE>Z1_##rY~Z#|`PTxI(I16}oaNX} zz;{Gw$GslQ*riA?2f#bkEDtuYgMR2A^}}F70r1wFDPg!OAw6=0-|hQ`sY0@vN~Y0X zX7J;+qpZc?Bb{AJqSCEfGJmM+y?@mb@sBortV_E6(dDm*vaZ~=eeNYpYm>rQ6pIX- zhVt6*Z}>dN7U{b^-=OtNV2c$OHjM6Y>)iUFD$dIlhAP>!JccwuV|B1ZaTc$tCm0?F z#%qeBQ&a1R&4$*KX^QHb1e91tDI&)pTp5=_5yma_yEjfS_+_z!?_Le#yMLj7Lk==i zZb_Ent1AOG$=#T^O&?9HwCWe^&9!x#`<_ih6$Sfuej`0M4}XnbPoZo@ZeY20pz>VI z>jS#ggJw6U$JVx?VYIeB|KT`R(DG8uCz4`h-;;#Cxvyc9*1omWy_&2toW;ttb}!rD zkJOB%;>L6mmYk&`?+a={vwuP$3B?xOPS>~?OLs}G99-K)WhIemjh4NzNzc;uN%jxY zNUcm-*%jSExc~k``vF^F+Yi~Iu4?VMUf2FH*P1fS3yTP689l{jzfr!XCp;w+v4kR% zUobj@%rtXrt!JwqI1ZKnGnw{ZpIrYB`4sahE0X*>33WH|x!vwGY=4<;suMXA*N)s; zeLUmvBWwW3zz5L&scrUuclSbnck4gw)(UMOlg>ogn^2o(V)rm$P{lNd+7``A=31sQ z-nTC<+VH2Q13A8JyKm)H4q`;MJx*{m!sH{z9RNMhVX*A6)WFKjXi7JOjw6rC;oZCU znQ=*tV(YVR4cN1iX zW~*^%y>Dl>T3r3gy#s_OG0l?|`V5sQ_>OCktuu{-pwr|4yf+0te>Bs?MT27A#t@g9 zKLH&fPL2p~*@ULdFMPG6J_B~^g^ z3AxOii^pN_4ggQkvw~I}A%8;0vpJ!2B%#&*+Yhl+GjF%5+}@5+g2X7F{986cFunkOXx_D6RTHykZiz2;PZ>YGX+dI;LzMoQYf);W;euuV1=fL9g9dwEvGpQQgk*9 z*S9K~+W^j`&h=R?7+WZqH9%)vJ-o$ul&3RpzMJrNQ(cUwP`ROI~9~AL#m(M`~ e$PM+CURP=$Y$U)4002mrq(T8f2FO7H0002a7e3hl diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 897f80401..c885d2328 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -179,10 +179,10 @@ Try { icacls ${DriveLetter}: /grant "${Group}:(M)" Write-Log "AD group $Group ACLs set" } - Write-Log "Unmounting drive" - # Remove-PSDrive -Name $DriveLetter -Force - net use ${DriveLetter} /delete - Write-Log "Drive unmounted" + # Write-Log "Unmounting drive" + # # Remove-PSDrive -Name $DriveLetter -Force + # net use ${DriveLetter} /delete + # Write-Log "Drive unmounted" } Catch { Write-Log -Err "Error while setting up NTFS permission for FSLogix" From 597c926fc5a2ba5df5c8200f79f24af2df91f290 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:05:21 -0500 Subject: [PATCH 019/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82667 -> 82681 bytes .../script-domainjoinstorage.ps1 | 13 +++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 09e14d48d56992ce9d7e826105c80d80f5df42cc..b8fc787ab50209f7940af8454df47d2f2a9c5681 100644 GIT binary patch delta 2322 zcmV+t3GMdlg$4PA1%R{x*fCfq_{VQe8JuN;Q6!tzdV1IF~yc0l<=pBG6oR)b}huRHdo&Xq{#KSRq|j{31M1RH-=a(l`JS;ACq(qhrnck=V zqp=rE@uye0S75j<$Hj!@i>E~%#dwJ5?~to25%GzVS0d)>X@%GvetNfz-#NC|Hwp6+wo;d1WS~|G56jvM?q<;iMOk`uU-{%?w+dOTQWZkew(YMjDwx(i- z)x*G?)bhE8>Gfo`p2|r`@5;R1`vcrYaar=H6WE7I!l?&KWzLU*Nau?8F=-;hY}qD2 z-8q2J*m5OnU{_2elquAKb^E4M!>n;_nGOv0RD!VQ3L-y*i?BNd7Gu5(Btk}_kbezi zqG5?ulUTv6Mj+SMeK>>FLPQH#i6k+YB_O@MSKXj7m>_4LF=!)f0FXecs1$w#Y&0d+ z4j&)`0Y=MAB5~~`NLBJCG+N!hTV`XozNan>m(ywbcsQ`xXAf@gf`2J682xcLhs}j;9NBG^oZCFnlVX`+ z(NJC+{tX`&SR#G5=Nq(s32d_B!iLrzZk${1RK^pYqac%O?s5J53+xd zMrv)s%C6`R!dGwJw(qbN_Wh78>#Eki*Ynyx<62XMd0`P@FQaEz?0xMjtD-mq%b72UwL|j{=u_B(#ogOH+Qi-G`CB& zy;rmsU7;rl(tppCf2|Cuh!-htIy9Cb+&N#BuJDN*jUU3b#<@B;GYu(SQUzF_kjuozAw#RZDM}OYALk2P$FI$hNn~# z3^7D3!r6N_G+&4mvqI!7jrg&;W1ZqliH3N8eLp&#j?O=Ix0Ah8`Ys7`#ZtQ2Kp*2$ z7_U;~kblm2bkOPH&uDzmIXk#(e<_(-B|2U_dMv7xKX;1VRd}9EQc}xV z4ucdO4x`NtjOO;R7gFc?5R5%^@HN1Vfj8#&HdHHGhEeH8d;6b&N}+ACm$uz=(5-I< z_U71~Yonn~bnO7Fde!=oZZgZHk+otU=RZ2yJ9(s}y?tmVWq1+etef*)kruH?9Tj+w sV1b9{;(w6+zX6xeK>^4Ol2~6?*m-j8)d&CpftRF00YL`cK>+{&0A%HMJOBUy delta 2308 zcmV+f3H$c>g$3({1%R{x*fHc1g=}>i>Q-yGxmr8NU=hphZ6<5y{cJI@;P_wgV(RN|ML1(#uQt0P{O~)^o!?Q zb&gpYGXz?}0km>e@SUG&!8uC=zUL=0KPi%Aqy~#DUv=z9ohy;feukE_#u;;hkh|8R z-$%gdCxm}N^j;!(nh)cLQKu}?&wy=(JSvpPS7UsPM1RH-=a&~$JS;ACq(qhrnLeie zv$5w)@t0S*S75j)#(0S6?~to25%IB-S0d)>Wrf%retEZy&R!nVCC#`{ znbf}zwoAyvuW|aa_}!aA@m?Z}c#vKRCDR2bmfRsBt$|Wfbt8)UvEoy%cp7n(;-OZV zM@s_e5P!}36lJKa$r1D0JCd^*S3#!tJOd`C(D`2IfR6;)?sog_9r%Xoea3X=J|cj3 zC{=`-!c55`gG?qOT0xPKVH!2qnq~F@-b`^NH@>NC|I9>A+wo&b!-UKd4^`i^RqWsu8^xIOZFORM}EzZ>visVptfV6dW!0;h!Qqk`bfyz@$LW`MtSF;$hAg;4)$y+MGC*68(z1 zFk!)~0sk?$5tK|@gX;`4+3zZBD6Tj(NPh_qF_DeYexGX$Z1c8Jl6AutMc-P-+M0?T zRu2PnP|N2Urq`3%Y9hxWeJk^N>kn`r#bwE}PGB3x38x+`l{xdpa##+EBt0lQ)%p-iC;tlKx88fJ}a%XDC{ClZ7`R}lFwoQB;Auo&}QAQ3VWg@0@y z6AcTjn#2ljH3GT5?)(^*a}mv9DU!rsmVos2QFVjHV1k@|!Jv(>0YCz&qEh$~u+fxM z+kJuz1Q;$diNv*$AXUlh&}eo0ZkdhU`kuNlTu!Iy&+A}T$PX>Il}MueZy2CSxqU^ zXfHGP@!C<=V(^j9E+tXv)-9Po)b-kGiTFnwKGr4O{^;^oL|JEU+dlUarnL!SOo~N@ zMMHUQ_&0o>V~OeG`BZ(g?{(O2?oDRcJSS+VSLy0Z^%Jr z$}P##`RYo8O>#FnZc|4SE3NtkYjbVg=DugsP({K1o!>~$&Ec=n>nW6_$TckY1}e{; zdA&imdQk7?^w`=qG>q2P`+q-d#|m0riupuRjO=@o&^PxrY|`4dmbzDyRffG-8P@J) z8~l-)u~gicO2U$}ROEd@C1_R%B%#=%+wK|{W9lx+m4j=$sLUiXt0KAXg^>pZ2KWw)K#rL*Ynyx=2}yPd0`P@FQcbe?0+}X*VKfkL?Wh8 zWa0}(XONj-h|pT6RU>-gDR#OYFpGVnQNI! zd*8meXv3eH26BAcc7NZ>s~p6LYnR=TbmrTQb1&!?!Y?w9*;o76+$Xa@`DNxLvXx!x2yAHBL zz129h-nTtl?OgrJy#s_OG0l?|`V5sQ_>L=(tuu{{pwr|4yni1n+32%+pWc8&;d*@U{xFMPGD#8|HD^G@5y3f23PUp6mA8B7A3Pf*t$ZSVa~I1)bGuaA zdqsQE6?&W?{eMjOb!A9Jyhw4=p|J$vPWZBPg-_&Y{1C1*&eg%OX-MgkD!}@LTxRCt zaoD>9zzKR*(267EPw03yCUlM@wAz3BA(m?9?N*iB+c8Rz*oUGLC*QJdG)^-LVF=K0 z+~7vPqEf{^H-6mJ-)hTwFK^ae{DPvz_3xH$do0Isw11wflsVv;^r3MT!(&k?#>UaU7%+|unGX+Yo5>uu>BNpjq@WrEoS`N=DlrIpEee1AF_?ooAzwPIT4rx5oL^ za*(bQ#bkv&ooyWF=tLi+g_6a#p_yahO^l;!&NoF`#3FT>?L8x@pPpL(K{Edam)$`D e$PEZcUss^C^|Qwa002;zvO)nt2G2nO0000S+Kngx diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index c885d2328..8f5e80e36 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -165,20 +165,21 @@ Catch { Try { Write-Log "setting up NTFS permission for FSLogix" + icacls ${DriveLetter}: /inheritance:r icacls ${DriveLetter}: /remove "BUILTIN\Administrators" icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)" icacls ${DriveLetter}: /remove "Authenticated Users" - icacls ${DriveLetter}: /remove "Builtin\Users" + icacls ${DriveLetter}: /remove "BUILTIN\Users" Write-Log "ACLs set" # AVD group permissions - if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { - Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" - } - else { + # if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { + # Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" + # } + # else { $Group = $DomainName + '\' + $SecurityPrincipalName icacls ${DriveLetter}: /grant "${Group}:(M)" Write-Log "AD group $Group ACLs set" - } + #} # Write-Log "Unmounting drive" # # Remove-PSDrive -Name $DriveLetter -Force # net use ${DriveLetter} /delete From 4a560349f7a24e94ea8a500b80de2b38121d0d70 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Tue, 31 Oct 2023 12:19:53 -0500 Subject: [PATCH 020/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82681 -> 82670 bytes .../script-domainjoinstorage.ps1 | 20 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index b8fc787ab50209f7940af8454df47d2f2a9c5681..ed690b07627940f54da4e55ce7500d8a9d01cfcc 100644 GIT binary patch delta 2309 zcmV+g3HtW=g$3?~1%R{x*fHc1g=}>i>Q-yGxmr8NU=hphZ6<5y{{CWHJtF0jX>2x#> zhavvn>dOTaDf}q$uP~R2%{X+UNET_1pJ{b}5cbZ7MzN*jhLL`-v#Q|R`8>4%^r zo-!rmF2ok=SAW9N4vSeVU>X=KSTq+Y?oA<|bGJTt{c8I!uU}YrxEPru+c|pa);!;OSWVw*(W9mN} zd(ISpd6jzwrt4x$1iK}3ItTwRHXkCnUwQ@I}|oM+%8!N@e$@Zs(2SAVx8p(0>XsFVcA=@dSRG?q&ZQ=#~h zB}o7X74qCa<@u3&hbB)&!oe?p*hJrjadC-y;lD~;kv;w(WtRymc0_bYQirL|5dnQ2 zeW7$)JC8CNPK%E`2meH*Vo@wExY8Ik*bjaP-Us_{_rO20{wYyTWL%IQX7gAsal@P^ zNq;lQe()}M1fqKrxFpq&E-ah!W9!gwOR2s*y6%i?S>TF0$&ck5|BCt6?}zsj&dH#d zc5jX_Li%s3OC@4h7@?FLE%)J{B0H85qw>I_K+pNTxk%z+&KKY+VjS9w4=Ca3950$+IG`4daB<43^5A9{`cg74KuwM26Y2b%MG$ zfY3N{B`aW8Oe9n(G=X*dW>UkdabuYd4E98VuyF;E@4{KwodAom-USjNBT>i(GJnyq zz^+NG;8r7$o9ix4U^y4j9F`(U3}y*PUmsOBXiO%^*%wUO2nPTpkSZ#r9|0RpNwwW4 z$UuPMB9lm58wFC8yiSc)x9^tO+^z4a3&Z6UO&@~;>wPwGTW9=hfywBP!XwUd>?Ytl zBDCXPk7evqB$xx>ooSW_8`wcV^nZ{0VKAWpcDDcoKh*W!YKizqn?BYh-TvtES43G?ZreWh5~j6DVJwP8hD}3x zZTL5Qnq!Of-JWmI`X#W%iVGV?cer(KeNYwW{%W|nxL^dSfV(KSAW$L437ij zHO0}XsddC=L+i;jMfFVrN-U!kkz)|9j7y;i;}-he8z&h2ve?0QuZHp6(7z!EnJKp< zOYzl}0h{D*Ox&iACRSSY3-;#Py3KvhrlE?0{X4&ro|}iiMz5z(wjwvM+&fTtF6Q+C z-ReQJo6}=!+t4stTc7`M9Dgflc`4>2NinkTNkZS;*RV-z-&*QkO;#DsVr5#pmu>Jz zYQ|D=V>$^-&Qp>11+}1AA&`V(i*BcDT#Ti=Bv%fu?V_@h$h1bwUf85(Y5OGm2Wg~M zCavs>?jYQM|DpYWt+4HfY*AOW_FS)P|AcEz8RmsWgtLsEVzb{UUw_jRo|1`JLXpWY z7@b3Anz^;svsDiqhsyt%O#81-uK$O8iusfkN&cOLx|{giZg(2C%r@1DoQZ2kZmm9^ zariMd0A%1pX#dnU`@g$;p})KJA9ibnwogcBBJ545O*6537%-?}nnP`i<|T72QyK5u zpFg+ZPfZ7MeA{;4%73dI#E5KroZx7L$w!Vm1bU#uVA*4-ft8ujlx_wcM;?{KyLaz5 zPo4+{(H#;qL8eG$Zi6}XHbE|#hWiQ{+b1|MZ8XBQN6RB?>B*)@-e}2yfYhrpzyVwda|6v355?!7w=oiAz*8 zWq1rsXwfK*bTk1xpG;GTW86d*~mG4U$$qk-oW$<)OJ5HhY7LYoUE;-#bTm|B7% zhKNOY_TEg*HzLKV5IIXDexM#$r}#pmA>LolhsTrQ>F4g<$zCe`kc63HDcx+Kk8vrC zmML;bXMZ%@>Gbf=aJ17o*?DMxDVatk3NMBpn<~}MgJL%oUT>(luiHD;fIg(x+ue(P zc>}ukqIQ(p{Qn=ebEY!oI8sm>c=!agzIv^xPzoi|&g_O55UkJ?*b@;cspT|>L5jYH z;rjALa~tQm)VbaTV+zH*2Iy?77emVsDP3gW{YM8trN1^=O4}ZZZ|j?Zy*+T@Y&6n| zuKNA99+LBPT}`HROla`LN5OoMIZC2yCSiCJzCU> f0m=<(VqaIDs`!b@2mkCfq_{VQe8JuN;Q6!tzdV1IF~yc0l<=pBG6oR)b}huRHdo&Xq{#KSRq|j{31M1RH-=a(l`JS;ACq(qhrnck=V zqp=rE@uye0S75j<$Hj!@i>E~%#dwJ5?~to25%GzVS0d)>X@%GvetNfz-#NC|Hwp6+wo;d1WS~|G56jvM?q<;iMOk`uU-{%?w+dOTQWZkew(YMjDwx(i- z)x*G?)bhE8>Gfo`p2|r`@5;R1`vcrYaar=H6WE7I!l?&KWzLU*Nau?8F=-;hY}qD2 z-8q2J*m5OnU{_2elquAKb^E4M!>n;_nGOv0RD!VQ3L-y*i?BNd7Gu5(Btk}_kbezi zqG5?ulUTv6Mj+SMeK>>FLPQH#i6k+YB_O@MSKXj7m>_4LF=!)f0FXecs1$w#Y&0d+ z4j&)`0Y=MAB5~~`NLBJCG+N!hTV`XozNan>m(ywbcsQ`xXAf@gf`2J682xcLhs}j;9NBG^oZCFnlVX`+ z(NJC+{tX`&SR#G5=Nq(s32d_B!iLrzZk${1RK^pYqac%O?s5J53+xd zMrv)s%C6`R!dGwJw(qbN_Wh78>#Eki*Ynyx<62XMd0`P@FQaEz?0xMjtD-mq%b72UwL|j{=u_B(#ogOH+Qi-G`CB& zy;rmsU7;rl(tppCf2|Cuh!-htIy9Cb+&N#BuJDN*jUU3b#<@B;GYu(SQUzF_kjuozAw#RZDM}OYALk2P$FI$hNn~# z3^7D3!r6N_G+&4mvqI!7jrg&;W1ZqliH3N8eLp&#j?O=Ix0Ah8`Ys7`#ZtQ2Kp*2$ z7_U;~kblm2bkOPH&uDzmIXk#(e<_(-B|2U_dMv7xKX;1VRd}9EQc}xV z4ucdO4x`NtjOO;R7gFc?5R5%^@HN1Vfj8#&Hc~5EhEeH8d;6b&N}+ACm$uz=(5-I< z_U71~Yonn~bnO7Fde!=oZZgZHk+otU=RZ2yJ9(s}y?tmVWq1+etef*)kruH?9Tj+w qV1b9{;(w6+m(W20$_ Date: Tue, 31 Oct 2023 21:17:21 -0500 Subject: [PATCH 021/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82670 -> 82676 bytes .../script-domainjoinstorage.ps1 | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index ed690b07627940f54da4e55ce7500d8a9d01cfcc..1f21438a74799c092df4bac6c3de3e50d2de4705 100644 GIT binary patch delta 2317 zcmV+o3G(*tg$4A51%R{x*f;vu5HW3Den!lznYij?bz72t&=5wyOOgKsjP^&zk zB@y(9W`9G9GE~;)i2WU$sKtWoC^tue1ru}VeJgYzL;~&h`@`-5d_nczV>Bqpv=iIgBt8Da`ymF=D3nu-_*9hXQH6(__3mLiy^pyLcs-+d7dLH zrO-Qqm5^n@4+u6cm@dLN<2;8D2}a4(z{{tPAAfx%2{i$;QcDt`=5u&2WUAH%=0fu| z%d!X%D&|Fa#*1VB4o#kmj6+!caDjdZ)A9oK!hf~6BzwY2FD=UE zECdbUKSo!Al4)=BImb*6`x+aHOAakkqJLvdWNUOdX*$4{fK0S>xL>6Itw;0^!aTL~#h`aeoFZ#e5e?gp5QX8-J+G zzzVA-v4UTXK)$bgcM9vJNS3e`S!OXSK>B*8x>0K|LBT#^&?eXbAc53TDf|f7YD%gd zeuoSM7_V}L#I=(kb;;Y%==6tvnTy@#o~AHdPNx~-;lOsEJGi}b{;9-Z3@7n1X9ZRh z2t5(Hc5lFPb|Es10SL|wE216jXnz=oC&M_J(E$Y8%@i)w}gpRlJvL3{|mbHHNf7V|K7ibAOg@>Jto4 zBkMKI(W%loVz;0Tl$5Bx4M2ryBoR3U;nTPhiZFg**uV0EA*_-eLjP)fO8^d;6A#(b{JJhkxx@Ny{rSZ%B%jeM1uZ=B9>iT8GY3|7y0$u@|et+P~~V zIME9x#g(ljEPE?OF%(pS7NtNEN*%iEu5mG@?wVXV`s@}}nM9_wTK2#u-Ami=vVSBK zy|H2CR`f^lvllPBx7Z5%Va!%dRU6OEybe#fF%)4zTqfAdm^l{voqzPTHQ{?A5mP9! z@dcB&klSMJtPNb&1IMQFex1k6A)Zn`XJuA=BcQH3KEK;f!;abJCQ}RX*^^sm zh%*j9!2*B`{2IDHb?yFd?p~R1ZvBVbTBGe#(wPW*7i!l`tR5B&>X>$@?NGmDuVrfO zefPtMF8rx&Ajh{||9`Ez%0Z08mB$&jMi_kLxYs}rGz?ZXmI_!E8ExTa(Xr*x1w4QL zVt4XHFi5VEm_1}VsoZa{Q*RsOni;sMptXI54bx5`+-9h%K zx0=Sz`>tneoNHLScYqir$|BpK&rpeyANT^0!*nY8bH$sPDV-7MO zsA$TK;I#%xoa@m;(D_pH^w+lK4QD{j5z#xAm6l}oYj2OxKX^7sTE$F-_AZvk_I9bU z_mcLaE6g-Q`hS`6&$S^H@e<8#hsH95JLBuh6(NzM^+UWdI9ErfwjrfUstD^7a+#fr zr}5w#04L~0Nh?l}KcN@6m@oyB(B|3Gm#NZ=;IOXT(ScQh#NHN_IQdp>qjj292t$B| z;}$oDHI-`i`SIhr{?=R08+o(s;#U+czJGUgJ75Klqkqj@rObiArVov)7#^!CdGnp* z#YAmS(;YMn#nI=4+e#Jrl7g#dORd)U(KCMwZ5ZF+V;6ijJB}gedL@j#P$FJBj!&p0 zSYk+6g0uH-Xg(1VvqBV1Cj6DYWu4|Lg@y!weLFsxjn6*xuP1w@&217Enn}9ZKp*2$ zn5-poNPllKKIjeb&veNX)#0JZwsW+`pE<9s_`EbP};{y1BW z^rGv2C*Ag;UNz)4pKS8j!-0LA`shG!Wsi#N_Mx4M;Yo@UZozj&I>b_X0toJr``@2| n|3S|G2A9%70muy*s$W;$6!PlO2mk9si=*5pds3&mx2Ny~ET|9&&OOPQ1zzZ5>8ML#4F$=zq(pPAkK zdHeONtswmAbTkf!A^zU#%LNlD{3!9SFqewWICP^(7HN*3X?1@P_Rfam$#8T^8-^)F zOmmP^==Oi#G9~0L#1`vUf5OrZi&-pS8W=2CG#4rEO(CCiw?26NYWpv*Uu8_O zMF%DPYfQg*&Q<4xr7=UG6&ykFj4{ zIcuCTrwF-gE&6=~oP9+27ewzRf~WZ~ei(Ji68#L=R>-45iF`H2$4F!>e{p_!LB+%3 zQb$T;xsd5&>OUKM&J=%nm3sxI>ta-lSw4SRdh#qZALd$~;;UK!<47f2S-%WlfEk-`=sD&A19Oz2_M)F@?_eQU`n_&~~@mZ|}f2 zRPPg(Gxrezyd$Y1)D&h)78ztR5zz{Yj11GL!PYFZ5AbG+E4lGaW&0;4a@vj`ODZ=Q zf@{bnTq2og8M0Cgojq8Hw8;4m!G<|gxgRE+XW%2j$TZgQ;qB{Jf43x|B4ARelmy7> z6h4VGmP-v&q4<&|NdO2H^4ve=`H_2vCQn7e!7qQ$h2k1`rgi;p}9|3su>Q7kUF(ik<^4}J*V2m5dLz(2D7DN#;j zT#z1S^H?r%!<;8ce>2E_@Gf`+qI(m#B-M{DESvIU>(FmYslGhA?u=_$;EFrRkL4Tx ziuu;>hxZfC$)K2aZ;miR`fsaCC1O|@p_Cjg_u-!+JC+fn^1z}%&-uN%NaA767vL&l z9NL;VlM?-kyRcxvs{#KpxDixLTZ8KiE7|WV94M|hG)M`Kf3T2^(SDz6OlXB$J&~T9aawmb6BhA8m8Bi*=i!kA$=?Bdg~8xAH`M4vm&q!&^U4>D_~blBvdIhfpz<4Qp2ioW0?*N_C$iPaRrg@!dcjz0E@BS z1ri}6QOE`|f6=hOu1T!mRwIy`>n=`UITz6!mLf?EW(i1NA5}MKOeV@*5BhGT{Cg3|FwBufnW$aQUm;>OQX_f~Y*g-$^e~&=ufT$PX>Il}Mu zeZy2CSxqI=XfHGP@!C<=V(^j9E+tXv)-9Po)b-wKiTFpGKGr4O{^;^oL|IpE+dlUa zrnO07EQ&>jO+$HY_&0o-V~h0No^R0lC9uVc3mZmvxOHxQP!;Fp3PY9bSsp{0ps_kw zqBx6Jf7KHVj|1a1#nGv$b;M>v>&Y}l^-TgwETa^WV-T*4OQ8tk7W&;ACm8&)*ui(N zhVk9dzaa;iDYqm`@zs?9o8)dx+@_BvR$BE7_U78U&3(_Np^Ae2JHL^hn}@$fucuJ9 zA~&$yJ5YHp=Jf&H>Or%c(_?Gf&@ftCpZ{Wm>zJZSY5G#!_)(Itfe8Q<3)twV+uckc483Zl`NpjHSCIR}QZ2qOy|6v_{Kb z*raD^`y~4ZX{1&rt?Y{KAl!fdq5XiZu6`>#)~|A%~v`IHq&{+)!noA}&rcN(_L zHr0uoiEBr0tv;S{_%SvBWZ*++|I{}7zq@;(zq|Dxc58*UPe^AX>`kamGqHOZFsNdh zLv4%ZC37uP8SmSlKeypeO$Ty(+jif|f2$nCh-`bD;An)&M~*uLdZ5E#*<-1Jm6_3$ zZU!Ak9+ktpckee(o(Klf9TGD^rbuOOgE{p!K`xnw`wAM{Cpa)|G{Ut<%Oh*)$)-dx zccO8VU+*T!4$W5M(0bp_Y_+)hm3s#WQDT}WEA$yEQScqtAY11e2SKOFA$V^Je|$bL z)5PZn#k`FniguTV96%M!tSk}!&goXgD7;B3^yz85@(7{qG)|5PZ`p*V%rAVk=b3r2 zb~i%7FgXW_OH?%FUh*1)QasnAhoJSX;_2I_e>B|b^zhGcw9`4+d1!wrnMNfFFNPkQD%H<}VmB3DZ>YGh z+dI~PKBU*%-HU#C1G@I2c9h!u{~xww?zjeSJ#gV{G}4K#`u(;ZlJj(3O{R2AXz;{G!F-T8N}_8fVR#ec**52OVHT}OUEzDr ssQIT?-hWW*zX6xnK>^4OYGPkko~rnX$_M}eZ+{&07n&f2LJ#7 diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 636dc1cd8..41c761508 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -180,10 +180,10 @@ Try { icacls ${DriveLetter}: /grant "${Group}:(M)" Write-Log "AD group $Group ACLs set" } - Write-Log "Unmounting drive" - # Remove-PSDrive -Name $DriveLetter -Force - net use ${DriveLetter} /delete - Write-Log "Drive unmounted" + # Write-Log "Unmounting drive" + # # Remove-PSDrive -Name $DriveLetter -Force + # net use ${DriveLetter} /delete + # Write-Log "Drive unmounted" } Catch { Write-Log -Err "Error while setting up NTFS permission for FSLogix" From e3b2e8acb34fc09410f068d6abab773bbf0d0ae8 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 1 Nov 2023 15:55:29 -0500 Subject: [PATCH 022/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82676 -> 82678 bytes .../script-domainjoinstorage.ps1 | 5 +++++ 2 files changed, 5 insertions(+) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 1f21438a74799c092df4bac6c3de3e50d2de4705..96314aae8decd9be2ec390f68235f1d874fdb77a 100644 GIT binary patch delta 2315 zcmV+m3H0{#g$4G71%R{x*fl`bf5nB;Y{sFRB&w7Jex}v^LEO6-jwi#>Ic*q9NSNWErqJ#G(vQI;Trw@x zA*2rLSHdzLi#aS{1{f?@G8Yo}N+{;suaBNS+5gkiCpmx9Y|%jp{}|IRUU1zxV=`q3 zw1PL#Ds;&Yex?QQStjs3KUc+hnPnqASmed3<35@~3px84THYFO%sE0HI*WcA0T*u( z{t?l8nc%V*rgx)GS!Nyp+lqNoYEi7l_?U>CW!^83sCZmnnna7d5K7*s{)4gSO!LQA zxmRMiE=GUlm=*KKMINSji0JQ_>noA)u~t_i<@#}jxEy|bw~XFBKBiBaajA1r(Sxrpk06uY^`|!HFdgNJwj-wbI>$qJFITlxr>%j#2{DDi3H$1RbK; zkfIEgwK-yc2d8Q_<2uUCQDDKu6guAu9SD&?+ueU|zkL8-QN0hC&OAf}2u_qvP*a#` zRpyYZOe8BPb27}J279yIJ;1XmuH@D?we266C}=x=tf<^#2yUQIaEWA|=g3MabdF#l zWLfY7f{hENi!jbO&mlyDQ8G2~>iN?rHzc7ZU{Y#H0@QR0AB0TR(!f+`zGPVz0Yb&R z2+x0capK>h$y1SW2&*41&<|l;UZP(3uNGHiPdJe5GDF2qhz?2WP?`b}(AUW)3b(cM zD5BxKe9H?6&x90JXTBGFy~p;400U3 zi0*;tUPnGi&Akh&qI};v^xIPDPxr37;6{IyxMCyuzIfxGG2Z(9_;$c~8FZ%I>k~X7 z^Ox177AY*OPzsKg|L}K_pQ?mWdSFtZ=fd7xWa+Tr3-B2+j$KY%D20B-U6`;CYytl+ zx)zj7dxI}IW^&lo*ic+?Xpj<}U?N+i!#+0{*!FFsB`WVVrU5!K5nqYar6O;(bh-#4=mH4p4s%APlx# z*$UVd6B%U+bzt4T?bI-9d|PHBi#<^w+_{1%4&fs1PJpGD?*fUCktk#Xl^IxI)g)H% zs}aceb??t$ITy(smLkh6W(7!J?^S;{Y78bQ*e49y1RDS(kUA=b9|2oUNwvf8kbwZh zMXr#zb`qp6c^w+9Zr?9+vAexzTNo~<(+u%&V7<>B+};KMTw*YWqxgig0;>sxo(NsL z*JC-m6dA?<1Q&)C(GGUhkHgb`98Kr|g7sz!7_KYGfE*Ea`=Mp3n5?FhX|#WrS^RYE zC}%N*NN1OdsC4g!%paQV+Ukh-M;AWMCEfn$@>fJzXKvd)_cCUT4Pi`*MUF*72W|K# ze3)a24E>(3(E25E$%+dbT6ehdZoN|#@8udpRqR=fAx+Sj9W2wFrK|b`!_&xmO>=ar zbdK09Xgwt*s&4~OVH!z9PC~H)=dhQN?jb4{fl_KA;+#09?f9Bf_y3>Pt zH?POuzNKNbcDw(>cC4i3m6*3A#mc@V34L>0!zQgmXQ_WRS>@P^RbhYaU$!9}=^2ya z+Ex;ly_2Ho3o1dgQXmPX4&8OvxEND+Nv<4xaf_-1%7k_e3J5P-5c?M(-fE z#oSpNxU2_`P33=0r2T)#2iN~YJf(cf%B=WCKy5lczuQm4j@hOrQ#0|!lUu8gGY&t+ z0)Pzs2HHQh?f!4>UYKug{hQlbqwO=&nFxCqYS&Dx9u^Ghn0BabQNLubWoqqx`{Tzp z{Jv=*$G2_&t-8uVjKr143ARQUeB`({Ko2wwRyCFiSQQyf;bwo)vE|VPym;|)ck)Cq zNH$2!9x|O&?l;(}w+V8|4BS@G+CIUCX{QjbJz9;dl_#45#omdgO@7^UkR9r+#)E!>HLTq`K#US)k*&~Ys6@#Re1UAeGuQ}vP2NE8ti(N8d`dah!P1Eu%XF$yn(R-GamSpy8Z;#MFcs58{#YBbnE|$mkc4=$x741b= zm~n>mGvQxqLn`7Wn%fSIWe9i9mz66*B1h|ocx7;|j?RBiGGqROwl8SXb`oz$!sv?}|#Ce5!BvyFR!jWonZKe9$Kg#E@{Y=-k{oLs@zUKb`T8!f?jIcQU0Y2o zlDiE!p=*q6GVx3#S{XGhU?6d~3x^4P%zj~4n)ZgO(g*+mOCFc5LIFSq+Cc#T0075hb)o3APEka9ytLT ze>DI7W_Fh{DKmCl_<$DukVGVRpLyAtXJ$5k-hcdPFN%LUn@rv_%Xlp2 zuz(q0uwuzlNZc!-SaQEUdi-erFOMJPe@wGg4<-C-O22r)b?=nPlp)XtUPGtQB|rF? z7QADb!1w%26=!9ZP4sA$7n`2@XbLUl;%Df1YrHXM2zlr%`h5hPzd`s1L?2{=%VM0~ zjyh+Vxd&_~=1HkVv6J zEFTtmoZ=y(zhka1MZ%|AU5b?JhZW*-_~G3$dHe8~K53?<&XxInuzf-ve@f-U;`gsg z%?Ft((~-OsTFDhBmOLOKosrf`_Y;cxspfO8xlA}p2~ev%pd}IXh-O2IGE~;)i2WU$ zsKtWoC^tue1ru}VeJgYzL;~&hfBVDk0enIA-eWrR5D_3aRysjVVWCx-L#{HBY@p1^ zFoPQGEpqn&Pv*FiTi?{Szh|PL?f9{xa*H9jfkMFrl6jsZE2Ypof|ZbE!4C*FE|@OD zIO9Br5D7-f)WFN9j~{&{2{i$;QcDt`=5u&2WUAH%=0fu|%d!X%D&|Faf5wYr{|-%_ zi;P29{cwSP2-ETc^}>I(xFmbRkz^McDt1hCNK(hr6o`PnPCin&ZJkFE4QJ&WUO;#% zq*#@!cU&7hHFy^N5WR?=Jw1Z(*!ibIIaO&%df3fVwZ;ugo@MPI&!Xqi9T5Gi$Ooyp zb757K?^=g`TPywX&UNS9f2a~yTuZ(y-uNesx8X3p8E{?(ooWB-7*ELjZF8YT3M(s= zf}`U<{8Qv7Dq)l!m=x%_aIh3vIxhGMd`3)TmlNkop_XoI%;knB*8f4Wg?FhRjSV$deo03d}VK=C&M_J(E$Y8%@iDE!sVhEAWE)-Ge z-d8ezY?`&z5%G^Me4I=A!^y?3h_cPxu6rJ2%orQOm=voVi-r!m@Nam(#1a|$Jzt>n zOXQLj7q+zS@YTEZR#m*0YYbJfXElbjL1T8XOmmiQ>Jto4BkMKI(W%loVz;0Tl$5Bx z4M2ryBoR3Uf8o=(5{fW>Vc5U&f+4Ju9YX(VoL)EmJ93bj3P-YZzNXe-liZz-+t$&{ zNvnUs+T2*TyYJpKR8w$x?KjeMclc}dx`e6}`G)1jKo$5iZ#L*o59-~#9(((ihSAz) z|A*~ZNy{rSZ%B%jeM1uZ=B9>iT8GY3|7y0$u@|etf7-w7LO9V2CdHMlBrJO?MKKgq zf)=Gf5=tGq>#lJzrtX?tIr{7tRhdMlwOaPTCf!Th@3Ma+6TPuv4Yj8d)n(wgrm46HVLvdfh?xsJEKN&ik%sYn*FXyLW&X zCCVb(pwCc=k{|d2*?DWQ5%ik8hTutw&#!DZ@u5YrV5fTaW_JTVPg(5AE;=`jo`HgNu2A^L(utB z^YquYLA68UQEgMM*18kUyap zxR@{nlF;Va)0e5zi{P-X+|hwmg2dhyl{ooUZKHLXRR}|XhT|4DhBcLH_WAMSy8hN% z&Kr5N?c!GyExvzubUR=Lj-$<7rObiArVov)7#^!CdGnp*#YAmS(;YMn#nI=4f7?nG z`I3UGW=pNs_|Y?e3vC$R;A0njHam_X=XxcKy-*@vI*w1MBv@idSc0?nZfHIc60<@S zOeXx5zGa=}D}{yxe|kY4Zi-wmr9(5)AZr_}cU|8SL4 zD#@{>pfYg#1hl<+ZKzNQCDP8_h7=I2G<2}1BGJmIc>yDdzJ~Gk^2Km>&P!zqa|qTH zI`amgx2>5B9ZRHik$wFi0JZwsW+`pE<9s_`EbP};{y1BW^rGv2C*Ag;F^4P8LD4b Z-W2lc& Date: Wed, 1 Nov 2023 19:27:48 -0500 Subject: [PATCH 023/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82678 -> 82675 bytes .../script-domainjoinstorage.ps1 | 9 +-------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 96314aae8decd9be2ec390f68235f1d874fdb77a..d5631e4665d503bd4da74d1cbdbce623994ae598 100644 GIT binary patch delta 2302 zcmV3APEka9ytLT ze>DI7W_Fh{DKmCl_<$DukVGVRpLyAtXJ$5k-hcdPFN%LUn@rv_%Xlp2 zuz(q0uwuzlNZc!-SaQEUdi-erFOMJPe@wGg4<-C-O22r)b?=nPlp)XtUPGtQB|rF? z7QADb!1w%26=!9ZP4sA$7n`2@XbLUl;%Df1YrHXM2zlr%`h5hPzd`s1L?2{=%VM0~ zjyh+Vxd&_~=1HkVv6J zEFTtmoZ=y(zhka1MZ%|AU5b?JhZW*-_~G3$dHe8~K53?<&XxInuzf-ve@f-U;`gsg z%?Ft((~-OsTFDhBmOLOKosrf`_Y;cxspfO8xlA}p2~ev%pd}IXh-O2IGE~;)i2WU$ zsKtWoC^tue1ru}VeJgYzL;~&hfBVDk0enIA-eWrR5D_3aRysjVVWCx-L#{HBY@p1^ zFoPQGEpqn&Pv*FiTi?{Szh|PL?f9{xa*H9jfkMFrl6jsZE2Ypof|ZbE!4C*FE|@OD zIO9Br5D7-f)WFN9j~{&{2{i$;QcDt`=5u&2WUAH%=0fu|%d!X%D&|Faf5wYr{|-%_ zi;P29{cwSP2-ETc^}>I(xFmbRkz^McDt1hCNK(hr6o`PnPCin&ZJkFE4QJ&WUO;#% zq*#@!cU&7hHFy^N5WR?=Jw1Z(*!ibIIaO&%df3fVwZ;ugo@MPI&!Xqi9T5Gi$Ooyp zb757K?^=g`TPywX&UNS9f2a~yTuZ(y-uNesx8X3p8E{?(ooWB-7*ELjZF8YT3M(s= zf}`U<{8Qv7Dq)l!m=x%_aIh3vIxhGMd`3)TmlNkop_XoI%;knB*8f4Wg?FhRjSV$deo03d}VK=C&M_J(E$Y8%@iDE!sVhEAWE)-Ge z-d8ezY?`&z5%G^Me4I=A!^y?3h_cPxu6rJ2%orQOm=voVi-r!m@Nam(#1a|$Jzt>n zOXQLj7q+zS@YTEZR#m*0YYbJfXElbjL1T8XOmmiQ>Jto4BkMKI(W%loVz;0Tl$5Bx z4M2ryBoR3Uf8o=(5{fW>Vc5U&f+4Ju9YX(VoL)EmJ93bj3P-YZzNXe-liZz-+t$&{ zNvnUs+T2*TyYJpKR8w$x?KjeMclc}dx`e6}`G)1jKo$5iZ#L*o59-~#9(((ihSAz) z|A*~ZNy{rSZ%B%jeM1uZ=B9>iT8GY3|7y0$u@|etf7-w7LO9V2CdHMlBrJO?MKKgq zf)=Gf5=tGq>#lJzrtX?tIr{7tRhdMlwOaPTCf!Th@3Ma+6TPuv4Yj8d)n(wgrm46HVLvdfh?xsJEKN&ik%sYn*FXyLW&X zCCVb(pwCc=k{|d2*?DWQ5%ik8hTutw&#!DZ@u5YrV5fTaW_JTVPg(5AE;=`jo`HgNu2A^L(utB z^YquYLA68UQEgMM*18kUyap zxR@{nlF;Va)0e5zi{P-X+|hwmg2dhyl{ooUZKHLXRR}|XhT|4DhBcLH_WAMSy8hN% z&Kr5N?c!GyExvzubUR=Lj-$<7rObiArVov)7#^!CdGnp*#YAmS(;YMn#nI=4f7?nG z`I3UGW=pNs_|d9Tx54Max*DGP{JrdE;aeP9R!16)D5*)dABl3xmm<*y| zGU2cEE$cL2Dbzps>)Y|kY<%{ie?8DEZElmW&`i>W2D%oP!elLxI(n1wL2rP6#*>5I z>A`LLcO_H8n5OT7{@}y_I)h&CfA`-Fs~gO%JB+8q_W!?dl}{?ku_YiHzkPz)UY#~n zsDu*f=59j@2v!<8p;M7)Wz@WYkwmA#czbzbxI3_=GKDz=YYH7+1JK*n4CcE$Mm;6j zfjNS5wtm~|SOTRB?CXpFT3v1P&~4)U0e8Mw*srhrdA2&oi>{v+*|ZP!Flr&Ud1RBu z9xCkPv`1#$${H2P?L#{S!;=&z+k)?kbcm(&i67h}=f6J%|ASor4VT(M0mu$7n_*YA Y`1$D12mk+{&0Ja!_Z~y=R delta 2315 zcmV+m3H0{!g$4G71%R{x*fl`bf5nB;Y{sFRB&w7Jex}v^LEO6-jwi#>Ic*q9NSNWErqJ#G(vQI;Trw@x zA*2rLSHdzLi#aS{1{f?@G8Yo}N+{;suaBNS+5gkiCpmx9Y|%jp{}|IRUU1zxV=`q3 zw1PL#Ds;&Yex?QQStjs3KUc+hnPnqASmed3<35@~3px84THYFO%sE0HI*WcA0T*u( z{t?l8nc%V*rgx)GS!Nyp+lqNoYEi7l_?U>CW!^83sCZmnnna7d5K7*s{)4gSO!LQA zxmRMiE=GUlm=*KKMINSji0JQ_>noA)u~t_i<@#}jxEy|bw~XFBKBiBaajA1r(Sxrpk06uY^`|!HFdgNJwj-wbI>$qJFITlxr>%j#2{DDi3H$1RbK; zkfIEgwK-yc2d8Q_<2uUCQDDKu6guAu9SD&?+ueU|zkL8-QN0hC&OAf}2u_qvP*a#` zRpyYZOe8BPb27}J279yIJ;1XmuH@D?we266C}=x=tf<^#2yUQIaEWA|=g3MabdF#l zWLfY7f{hENi!jbO&mlyDQ8G2~>iN?rHzc7ZU{Y#H0@QR0AB0TR(!f+`zGPVz0Yb&R z2+x0capK>h$y1SW2&*41&<|l;UZP(3uNGHiPdJe5GDF2qhz?2WP?`b}(AUW)3b(cM zD5BxKe9H?6&x90JXTBGFy~p;400U3 zi0*;tUPnGi&Akh&qI};v^xIPDPxr37;6{IyxMCyuzIfxGG2Z(9_;$c~8FZ%I>k~X7 z^Ox177AY*OPzsKg|L}K_pQ?mWdSFtZ=fd7xWa+Tr3-B2+j$KY%D20B-U6`;CYytl+ zx)zj7dxI}IW^&lo*ic+?Xpj<}U?N+i!#+0{*!FFsB`WVVrU5!K5nqYar6O;(bh-#4=mH4p4s%APlx# z*$UVd6B%U+bzt4T?bI-9d|PHBi#<^w+_{1%4&fs1PJpGD?*fUCktk#Xl^IxI)g)H% zs}aceb??t$ITy(smLkh6W(7!J?^S;{Y78bQ*e49y1RDS(kUA=b9|2oUNwvf8kbwZh zMXr#zb`qp6c^w+9Zr?9+vAexzTNo~<(+u%&V7<>B+};KMTw*YWqxgig0;>sxo(NsL z*JC-m6dA?<1Q&)C(GGUhkHgb`98Kr|g7sz!7_KYGfE*Ea`=Mp3n5?FhX|#WrS^RYE zC}%N*NN1OdsC4g!%paQV+Ukh-M;AWMCEfn$@>fJzXKvd)_cCUT4Pi`*MUF*72W|K# ze3)a24E>(3(E25E$%+dbT6ehdZoN|#@8udpRqR=fAx+Sj9W2wFrK|b`!_&xmO>=ar zbdK09Xgwt*s&4~OVH!z9PC~H)=dhQN?jb4{fl_KA;+#09?f9Bf_y3>Pt zH?POuzNKNbcDw(>cC4i3m6*3A#mc@V34L>0!zQgmXQ_WRS>@P^RbhYaU$!9}=^2ya z+Ex;ly_2Ho3o1dgQXmPX4&8OvxEND+Nv<4xaf_-1%7k_e3J5P-5c?M(-fE z#oSpNxU2_`P33=0r2T)#2iN~YJf(cf%B=WCKy5lczuQm4j@hOrQ#0|!lUu8gGY&t+ z0)Pzs2HHQh?f!4>UYKug{hQlbqwO=&nFxCqYS&Dx9u^Ghn0BabQNLubWoqqx`{Tzp z{Jv=*$G2_&t-8uVjKr143ARQUeB`({Ko2wwRyCFiSQQyf;bwo)vE|VPym;|)ck)Cq zNH$2!9x|O&?l;(}w+V8|4BS@G+CIUCX{QjbJz9;dl_#45#omdgO@7^UkR9r+#)E!>HLTq`K#US)k*&~Ys6@#Re1UAeGuQ}vP2NE8ti(N8d`dah!P1Eu%XF$yn(R-GamSpy8Z;#MFcs58{#YBbnE|$mkc4=$x741b= zm~n>mGvQxqLn`7Wn%fSIWe9i9mz66*B1h|ocx7;|j?RBiGGqROwl8SXb`oz$!sv?}|#Ce5!BvyFR!jWonZKe9$Kg#E@{Y=-k{oLs@zUKb`T8!f?jIcQU0Y2o zlDiE!p=*q6GVx3#S{XGhU?6d~3x^4P%zj~4n)ZgO(g*+mOCFc4LIFSq+Cc#T006Z^b)EnK diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 17419b62b..19d268598 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -162,25 +162,18 @@ Catch { Write-Log -Err $_.Exception.Message Throw $_ } - -Try { - if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { - Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" - } - else { Write-Log "setting up NTFS permission for FSLogix" icacls ${DriveLetter}: /inheritance:r icacls ${DriveLetter}: /remove "BUILTIN\Administrators" icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)" - icacls ${DriveLetter}: /remove "Authenticated Users" icacls ${DriveLetter}: /remove "BUILTIN\Users" Write-Log "ACLs set" - } #AVD group permissions if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') { Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set" } else { + icacls ${DriveLetter}: /remove "Authenticated Users" $Group = $DomainName + '\' + $SecurityPrincipalName icacls ${DriveLetter}: /grant "${Group}:(M)" Write-Log "AD group $Group ACLs set" From 568e3a4cf4f3a666ea8a5dbc683a1e66d0bc009a Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 2 Nov 2023 09:15:51 -0500 Subject: [PATCH 024/117] updates --- workload/arm/deploy-baseline.json | 6 +++--- workload/bicep/deploy-baseline.bicep | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 4333b823f..3593b2b5f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "15589045726498954361" + "templateHash": "4374850285059951273" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1250,7 +1250,7 @@ "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", "varDiskEncryptionKeyExpirationInEpoch": "[dateTimeToEpoch(dateTimeAdd(parameters('time'), format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))))]", @@ -1458,7 +1458,7 @@ "version": "latest" } }, - "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip", + "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 8a7d8ad95..c3e154508 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -753,7 +753,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' From eb3bdcca91d841d9b174ff3c62f598ac8b67f737 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 2 Nov 2023 16:14:31 -0500 Subject: [PATCH 025/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82675 -> 82684 bytes .../scripts/DSCStorageScripts.zip.working | Bin 0 -> 82675 bytes .../DSCStorageScripts/Configuration.ps1 | 8 ++++---- .../scripts/Manual-DSC-Storage-Scripts.ps1 | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) create mode 100644 workload/scripts/DSCStorageScripts.zip.working diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index d5631e4665d503bd4da74d1cbdbce623994ae598..11cc622ac72b8a693430158538db9520d8d4843e 100644 GIT binary patch delta 1726 zcmV;v20{7rg$4YD1%R{xMKFJ8fnrxH?r+aV1^@tq9{>Om0000(Z*FF3XLWL6bZKvH zE^u=(t^xlC!ZBtWC_U^oU4|HT5_o8BBXU~|T`(vTZL5<-m!y(o%?%Fk!b27%Fcew$2Z&e+k9I0j_o42gfoqeZZcg{uM{ zkwp+PvfzUFeC-Ai`OJeTh?YbuF5D#}uIKSMQq4xHb#&znZ^yIwcskiBp05H)q$h%n zB9B2Bl6yu(91+m(nu?iEB$Ehpk1AS;@6qKbpqYq)CIG01*_4GQL(gaDw^;9OP%~Z#&G3 z1?*-(m=NTEVH(V&9R*bBOy~m&7ywRmdw-EW)_0$Ao{?B znsaKpWATR2ft-b4LjVVT6ZS}__n(=kh_jW7t@{vY*b*#H{Xq=H zIWej~bB6gnk#tLmVu9~L?Die#WzMy)gy3S}q3)Sr3no|uA-W(PNQq6y+=I50)GzE1 zu>MJED+7Pt-@we>`S}e~BZ#Djxq;Sn+h8kSuOVOXope9@q>Ge=CTdKTt+#x+WTL;3 zKeY;bKjA(jA@|%6Z_aw|X_roKaiy?vI&i`i!g0&)Ib(#9`(uMU6N4nlUcQxHzGV{DT70jWa_E?nS_y}!?QFxuS@Pp5OjCVGUD!=-W_IqvB9kcnar;pvSDH!=udx(k}3T1m?e9f%a)A&wm;>$%3B>eSJ)=r z$t4!dnKOpEPyQy*$)G3Ew}H&s8ca@OMRlt=<{kx=nO?iBS_%FLbU`QQ*9|W)g{lU(7W*hCGTa6o?)f8V%~qB zSnr^NoLurqAdC6eKTrhQgOTP|5Cdp7DbXS{QGz7nf#npzt^v&I(uk{_s@@^Daio2! zeT^N^E@nw}91LEl(wy?f)B`uM-LJMCM|&)b@!Rc2!Z$D~gHcNKC=gbl)TE=Ihas>t zLfIG60^YQVVX4)DGxc!=tSlpkPo#hSM_(5u5InqP2i(SiF|M?;GUPbSBK4dkaznvf ze|uUoWh2|;`5sdLH+U#5Wv{*M<8iBsL(dzYnsL7C)iSO$L(?)=iz zc~dgg0aF2kKjt?}<7#TT(s004uRH9`SU0kD^b ULIF1c*O$IR0WSvNK>+{&08ctUVgLXD delta 1704 zcmV;Z23Ps~g$4741%R{xMKFKKm0nktj^b%O1^@tH9{>Om0000(Z*FF3XLWL6bZKvH zE^u=($=!!v+Xj`2ux+Im<%lhAU zCrUCU(=S=8eHlL_5qY{d9`AXm{Cw7I0FIvf+juf{N3MRP(TAZs0H1%y^Kg*}PlY^& zc^EO6a{&Qgd0`Bnco>KA0;J-?TQKl^pC_?uHZrZlD|c`=n$AX(@mBF{8A_182-gZ8 z!zhA#1|o?8^?Rmb7Jy_@lHDbj3X(Wrg=H^T;ZI+%fW<2GBH3#;&VC`oYfpHqW}{1{ zw9yY!nqrEH?yVOG9y))!flFvBk+AcRnan#c3UP^zxf&-?G!a*;wc2!xb*ThK`Vrc$ zjh+{c!C?H5S|CZH>ya6F*JFn#;P3^r>^cl}ywhNY=WpKL;@ydQpd^BATfutFik8H`qIE)=LGgB1@FysoLGr|24|us_Olfe;V`lRObV z>*+W3d(Ke$ci93sx2Xb3Doo{&$q;W_u0nrH(39%On`*#X){ePj0MOzuB1UxB-kimiH>VcZMqOTB)AT{-os zH+2Wa)eyRs3bD9)UPN&v1Q&guv`ht?Gr?la#U*rb*Vi30*=;v%Q3L|G{y}PgLf%{B z%*Tt18>WATm@=QXpX_$q=oMeBuq5c6Y~y;+C0633YD|@_H+->RqPLbmwMv^j<^h9< z`(8xXVm!6<{{NF8w@QwUsZq4V8(x>%A`et#XJv%RDk(}a1J3(GL;CL zrw09!YCQ&*nXi;J-V|%bxUAZxp*6$nrw$&EBvKu!hz`YJN>v`+lhv1tAdy&^7l%v1 z917cuMJbK*P%sUb9QsQ^>KLclMb}sYOi*NL{44hr% z`^|q=rSER+vN-RQ=|mw{o^^5#kgpfdjuo;CHP%I^AisrNG2v{^o@FN#6o?W}JW?~iU?}m~o`mC52dsctTmWutlJLP-IU+z0s1QWM%K@D^2j00Ga_%p3o2{35EL+u{Y(qA(FPwIDwASbsx2xWh{ z{(5_wV7oumBnoqYV3RQ_a8e~iG9Fk#5$qb!t*#SuwN-V#FKikaPPMNI0qtUzQm4W2 zg+rP%f|y0%rM?G;eW%eL$#VX-yOHt@%1VEjQ91{iDY9nh=;uL%>vgppU=q#U-kw}@Bq@kxg$dh1YwWsmf<4m^7VGY)~ zhi{(5G@r{cPhyvLUYRq>(iOe(O~+U*w$=6tVawo;a`%0#y~1lxVYHSx=N%LG_`<7y y0JpF<0f7q*$(3GLmX6|SJq7>(V3$5Z0Z;*_mybdLHv!I<$3g)w2G>CW0001^6h$!r diff --git a/workload/scripts/DSCStorageScripts.zip.working b/workload/scripts/DSCStorageScripts.zip.working new file mode 100644 index 0000000000000000000000000000000000000000..d5631e4665d503bd4da74d1cbdbce623994ae598 GIT binary patch literal 82675 zcmZsBQ;aSQu;keGoUv`&_8HseH@0otwr$%s&e*o@f0KRL%~nz`o%C~8SCyg+C>R>h z{{oIhL47$OOACS#80deA`QJ>)Q{2+V)Jf9A$kEb7pOK!Ko|E3w(n0b6EI|Qnx8kXr zQj)6nQ2_xF{sjU;`G1$_9h^*hgB zz3LnczDhkNapr!T&#velg(=zrX&xSr6zhgpL!KS#nlY!n>)(BS;R(vm!JZHznU((oC~D2QJHro z&_y3|TlR=jR!XdM9$%+ZdHwzUvCks!_NF-nex9secrRzFE-FV1?{rN)7bSOj!W7U7 z35b9?x&oCWoEP}tP;Zoyoyo>>@neKP*W&OtIs&^1Vrp7)CS|*?9E!691n=KobOhI$psit@wu(4Hd|ThP0Yz1N zspG4^wwDG|d#n7B?mt#dn}k&gkwMz17d2gmN89lq!yXxyK!A> zo*kbd)8;f2lihu~4jbx9NbC$QplyE5eG{C1#Gfrh$zSHD3=BmrK5dfEH9DgubVKC*k%5^{su% zVa9^$wR<#DPzM3oCu&01#l){aAC9AIem=k%U3$J17l?uVUR(m2r4{P%Vj7Hpw)3yo z9qcwxHH&Zy4>&sr>1?c@ve_#my+MK-BS$kZ=T?>Qzhn`gD^4ysf8QVU{eGq-&;@n9 zGIGT8S|nkuhXecUv)u-LnU`5EViszA-&x=k&-C$)wN^}E90n0-8WxwUepG((P=8(k z(OL|-+IK8`PrXmO)_}RizUaihxlY)guQe8Y(=Si7(sJgick?k1$@gbTd$p%d&Ul{g zqj<7@}*NP`(fBHG|v+)4x+)3Rdr` z2|am7`V_A%5-+NrDFX6rZu`n@?h{dFq+szM#kIz&cHc(FHB69?Gf=XJLi$we@LBpbqkc@s|Xb<(Mz8mzvj5_1qABKVrF7o`u+arKi#)!boihG4L4yN zb3`4uf1_D*G{!9!1QPn)SE2L>c6qye?p?t^+e`Gj@k%Nk7@}mYsV$xavR3DYrptr^ zp|nh&v#vg=vb!yW@@E7P*lH*1c9X;q4pDK-#(j&N%KY&s*78O@S{I@iv?cXkw?wik zPYHEDk7dp@<`=VkZJv6tMGp+&kWhX6fYF*C0qXijoB@~=P6aJ%d8tTnTA=5~`@myV z258{PHe-ylU-hf@@UME{QhrL82}$lT5EaMQMHAkBif)EPp)bXehKb|FmJZ|anOWtG6{oSm3yp=v->&p=~KSFvjvl&hmy^Fmg6iRn$Pez zb8TPTwQNnwTz3!7GGOZXD_I}KFfR5j zj4wK(geMY6|0M_((D=9f>?X<|et!#t3;#(22&4WJu?8CqW}WR04LUf*V*c@&e#0_0 zy+5mA34h%@p2Y;B%>WtmrzA`bkG)8V53OZe!qKvaen#emZMAqzWi-(8;5GWGBSpcM z0^q>>`;Cu|?|<+8^>AbEc(a!4F_TgRo^SoN<#`W3(z-YQOz?AP9QSHbCXy6%b)(C5 zi#X2lg!2IZuI(8!GgL}->6bT0Q}v0_pRs4d*=MDboA5g1?aOcZmSr};ugBL`YQMDm zqb87Nx;nmmVyE|e(ieMgaV9^oug&XNsQ_asrQ)kEjDNBB0958xF2G^k68Va0n>c z3_#L6nmA(JG=Hl9XTW?SYn?jZR zUFa?y%Bw$#Diuh26R1aqM<$4Tk4C)B>a~BFefQgZiDTfgK-am!bbxQqqkij|SpPR> zg>wA9N{1&ymP@cxMu!b+$H=-emkvbt;H2{QLM$>AbpAzR)IngneE~S=sHnW#0%g(n z<&nMZ_4$+P4fpK+9_0G__%jvm?dQF~iSa^i;F{dGtQ4=%@h>U|L!LQj&Oyf)lDvL&U@Qa>kQ6(kLPMWzBP3r0;YPXGRITaxZaB}dy>$BMvdWx2Y236w9DLcs0 zQ?C!-Sbj;zzBc5R8NHMudub^y zNeZTosys6@1*1j8K4mScOXpTdEa|8b1p+Ji1u!wf_5~}S@~HXvR#Up5XvvK@b}{q$ z=pvpUD})v%bS8MYP*QNafYG!;!})ciqBc({Ix=mU+pz97_6Adf!qyh$q42;rMW;lc zBJV{Rt83%6fiY%qQOW8=#OegrFn7%5Q!D=RUOm2p!1>uDe#{GSDz1==fp;GyxI{Fw zzi`J9e_}hE1Y?=@6i!ATe+RQ)kBN@?Dvc|syOrsBY`vY8qc|$$WG%*Jq9N>ZZH$t5 zht`qRT)M{%nvp+?*YJoj(RDoQ-3^+mZQ%HQgHR}_&bMo>wJ^tBw6jJ|Jow1;f)a$5 zj$-vB@M{tEZ=SkQGt zDYt?G_WIoB5^m1M1NpAzYZHBfTL6jtc<2D4s0}BcQ{QXvwc$prMre6GE7C@rICj&H zhh0T;<3jC;sfO)kQ}}b{Rh!w|$h&G1K-37@T0`l&zkzd>ghd$U7zd-wdeW`7D0*GR z%9%qTJah1R?TMUE*}R4qkr1iiw-JEE2>Qe^i0?13c`eUkkqT0#?w$SuZWN3F5(pJ| zk1axp01mM)f1N@$0~VPOHG7gcXFri!9&wiJTzj;(Sm}I#AIH4BAg?M)R&MIHPGg+_ zbJK;ziKt)UGWvEz1KS&vH*dPM;HrR%figMdt9pMxfwprC3Hrl+^Y^Q=kMo=WiQ3%U z)5^aIUni=Gl@k?$jiUO@DM;33FnzO%v*t3Ga8WbA7MfhPcyOm82lt?+%K=mPMXyek zcY`~$8DT5=B@hct_QKYY=VRb(uhYd59lXG+eCwN6)^{g78B|~ZezHO=HTN!=)EeUh zSj3rCh*8`eF8IUFheuHd%esshLA4oVdFWbw=FD0_AnR*&xHYDpkoqhwXUYC>Dnnxb zwoet)L`#|Ry+=lb?*yq!3<#j;L11qYpa_HxMzU&b(M9JLvX7FP%uG02ij}gHcG~3) z9QNVfmuFk4uH~FspWMcm2Aptd;W>MYlS_>aP;kya!b)zBJV+UDMelC)8{DfNJH~ zsD~N1TJ_kFn0xjNZ^99|52fEjia|Lz>2=);+q3F3&cN2c$wTTO*={R|a~@UATLl}5 zgbdkK%ne5Z%&iCN8I74#wqh3HRZw@$FARCq8QyEO#NYF&*t!bGNhsv8z~<4CGO^p3o@n{2w+UPI<<18D7!9Fhl?GHQy4zH*nz zqokbllHM~M*<{qp?8%Ms72@6OTz9zIkAN{vqgi^uHYG>QCws z^T-83reuWicB&0?qHd`+XazS6XCHf^kxowF!g;jbs7d-W_8V7Inbp|=OQBpo$x>iV zGJ;LEZ`Ve%jpRXxy+bF(J?0Q3MrHXzy|iv-!+IC!%YK|-i1}p%QJL)_b;n*!3Cn6^ zq^Sm|mDuGOUX`|YI(DfTeFfg3&Q&wZ=(v)oU1k{PlI-5dH*^{ECngp5=%9` zf7D|T8@ufmApN@jcR+csLFa{d5Zikys?kZ^>){yht4s!$7$eqg!}_t*L}JBIki}q$ zCGp$QB9HDVch7;#5p`glnO#I6VP$xn5)ufanJr+(<6dLs^SwO{7glGJ-P|?4P!K8L zA|?7DmfGV3QV5LLhuU6@qDRK?TjvPz`+ddpv*W_SjhkH5)R%U9Px0>BSp7?|Kvh-; zlHAhg%$+&-q9QiNdGxr(SkwIC-MSrPsd~TYxhc=yGc4MhQmGD z5|#jPLR5d!>k)4lCPw1;zIy%QNkB8efDuMtQOO~_-f|$;xLRC=_o3E8EcNS1 zwLZ$Q?QitXBu#7P2_ssXwKg2Q1X8x8r^xcFAA{@L_AE_MfwFU^rESv>Cr_POd)NjOIxdZd+P zrk*DEAe@D8$W(~&1PQvq1k@4C6pl|tEYU&R?GRRkO+<-nHlVroKJP9zGx_+$Wr!hT zvt-)77Wkh?39rbZ%be`EnmuaFU&?RCGFy4=kpnnIq~V~#io9vh6&Gidy|u{rsq35= ztu^FIKRa3>WMnoA9}x^+9@E!cYoN$!ohORs5|P>C<%yCgl-XfyG@f3MI-T2F)b;FM z9l}%(a%Z<6nPcA$g-@eB&6fXo;@(k-2XKKuZgh&Zh+Hv_4=~b4dE)z*?5ySQ`@lht zc?PXhI-#kFVEk<&UA>y^UZAe^{1{f~0`Jqi3C>P4b84B+fS=_WyN-$M=_)=q@zu5a zf_HkXdf#8I#&f}pyEBVg8ntken|heg|DdG7w7?%<#RsX-mtgrL#&=3|*J2*f8#v?h>RaGM0mt*95(bcv=4<&C>mZxyU6r~OcsL*D^%*H&H-hEJ8 zTU0Z6Y-mlUwfJ}@X=}>w@fsf<3p7v{hJf;T9~VI*4$mR^;yck1B#n_8lw| zM_`+DzoT>r@O@5|VfHVgGU|YghSCWM2ciQJgB%Q^`4|5cMano6dy(6b9(g9XF#~NN zSPI28eg_(N3Eo3E0xPtm60%_5WgWre1~w`ZK}??eHF+qGK(^Q<*ak%;yU2mh@lZR* zdy_I0^JP1zjN({slhsafo+4t&-daLfM!enh5G%seD=F2B<%GyTM!S(PCCC0UdfGml z5A}|kN8&efDo)Qanf{jj5-{~m=h>f~k+W)>+^__Mr;|A&Z785}B)0Pv#N&5sr@9w>X>mrVG}%LGE7&*PvJj$6-K z4}1`W2jnWT>@VlPflSlC-+vBe;(ZH3oMTcyzJ3bf3WJm%op=1nm_`bm9EGWtIT3tN zF#^94I$pB3g<4xD>*A5vGQFPXou;qEE2b0sCYR4XWk*!r>XF`Z-%WUFv_!0@IbDJ> zbi{?3w}>W2!6%%%EqjU739XINo`=iVg!S5k$ zU&hQ`(>`?ciN`^(T>gBbQq}y?(NeTzYkKfLTB6gf-Ijro!}2EqQF<#$$9MCPT}P>pZHe&sQxy3Sc#j?0bB5)ccg?PfBgUMK&eBOFKi`y=rN5 z5Q9dFWIJvXq=^(6n6U(#k<7+*{>2@I-EO!YtFh`>p9ETqa><{S;D@nZ2*Geg$m$50 zJH#hnP1<{C%2CntHccvQ_$S5QaN!oV-$?i;vt}-I4ytOtd2UCT)mC`@E%I>O%i~bD z*&}DRhKfDgV+$-1y%ODXKwVGz54^-9_PQjQBn*#e-= zj>C#UVcXGbgI4>hbzaT4Sr0eu%C=p)%6Vk*8nRs zBc@LSm!gkN{RyKZpMo!A26Qwc(kVX@xoMa1sdx1>t7@IXJPe+smy2gCs(Qg(l89wX z?$SpvOnEymkEO3^VU%B$SGL^cLWeqNHnAG~n{yf@d;u`P80vu~3NulU{8A%1%OW-I4b_hTX zcs2Ak-!+&h*9f`!8#ji-vPADk|58Gel>_ahIQQ_peQ~gzvaha}T(BOVDq4;(g*Mb+3zt*G5FW$)6eWq4Y0pMwR1q7JJ2NdW7FZUeP61OO9i9=YL2Zii>c4)H z#1{YiH(y2$$dthBN~)D169VDsnd}YDuOjeVJEF_27FdFX+ifT@goO(gb)!Gf!J9gq=n`qlyE(xP%;1qQIW?^iogL4bpf8;#+u?f4)ez(|2q(_ z$UAm=md99(r|KL2@K16E<3=H+?F?=lc};aEQna5EJ634 zJ&a?D7ZUf0i7~F5nQ!$%9yH#|<>;TDH?f#p(g7xq<)DwY^wA~%QbRurDTg}vvrph{ z*R#((>z9iVI8hMC0FJ(ltHX1iU=WMgS}5&4ZL^h*G9-bVf64_adYu~L#ejButl!NE zorBsbN5nvxM#&Cn0atpXMUuYo5&6<~^dn5lX%;0Sc1R{V?m$q|yB0!+B2tGKdWQ}~ z4c7Df+TEWxg9XY%pPp|TS`=r+o>fGT4^WKzq&d^E&0r4*345OLJp7hn9XMxpTLXmb zL0neU2?@D`?x>ptc#$kV1l*zvaRu2IL&B*BwTN)!K+1>!=+N~k2%l3Iq`rgwu?G0@ zh`$GvL?_TWt7t|>7e{G}!}3B%%vlY){fMMeluc`%LG-RjkhVXiK$dp;EF{oCzQhcNadCOl?oHg5!;*gLM28|aXdRl=+QE>qeM5o#OLBU z$f(Gq7?(&pW3<6?W;r=^Xz$qKPorU3V`^JmQ3r>O6t z0;@13o)nkJ9rB7CY##rfW|mxpLE9D!7jm8*aw}X2TL1(7rPU1e z@W2*Ds=&VbBhV359%@7ukG2PK269z3afDa=Yec$zFjtX&QA|1koNJd9nFrz!(hAB^ z&U$i}^o%pw265EHDpg4pbKKqp4KWdB05(G;DovBbv!i;_v0m0;1B_g_{mrK6$dL$gh^i!q-Ef(_d4}{L#N!ho9~?hQ7k%d^q^G|43rzKoprGVFBb& zn$ocG$r54BI>CJ2KFLV2C3;OVxT_giLV@Jd%^(evz zukGJp3TC`d*HKm=X4wda=Rc<2tMC`##;M#;1f0DKQESP8$W2ol1CNmXX@J z-fkbku{?9D-q)anV;b`xqz{CZeL@6L@!3_atHumPLbm^_zPE89S!~uYMC)xQN$8@y zpK@fgLF1}7bagvStK#nC^^O&74!NY|-MxMBXc1PPAaE5Nvu81bG_&N<=UL0$WnHxF z(ftJTB#gq_?cc`Tz}R#~0E?Z9?A?_XAHHqrDqS6XxR{^GZnjvt^ql+?8>~;k#Il8t zp^hcBro-Tr)7UUmx;vhF? zdMvRh>S!p{_R0vFxo6BFR(wSPO zGSsFOfmIu<)FMh0cFMi~RAO4t#NL+Sm3~6gxmEZ_was%mwtL5pb}`<#yAEVmBf1#^ z9cDXOw`5jeMeHnGXG%XvpJSS2lay(z8<-dvduL&Ha}-@ar&sUslccZ{Pv$KNZc3x#X`g+c%nxybf%sqR%ns*m87+0C~uNAI6 zsZ8;U#0%Hc!})2mdxN4lCN-LdSEXN*sogcRb*TTNR6!{s=|x~VSr_(u(-AL3Sy3TYn%_Q)(#z-P6n`R!^P3@$xmxCSi7;MEzSPL@EXtQ;@kx!V%VnP*p5Yo z<#V((os{EYgavZx4UQJtDbFa?V90go*SvPBzc%5Nc+y+1iN$e~(lEaU5k4yE8dsSH z0BCkA0{}bCT-wYQNm+|#T$7U0n_K5mbQE@wdj@oD0y1t85*Qb`656!Ku4gs~n945Z z>8LaR#o3^3C$7)NU8#wNomKT?tKc~|k*zG{MpJO6fwTsS&ZMzC`(P^^;l_5fedDt` zI%#&-9T*VH@L@qj6FKzqr)}JAq}rJb!SS7;a6|MsuGS$1rqt8(=6cR{*@N)GlHFl^ zovt7{XsgbOIdX8AUf;}yj={TujYva}$hSJVY=5b=u){>d<-3GnWRs7V@mjBKhQ~aU zv9PRt0ny2T^HO>HwHoG)kB;hF>TB+{3|1Z(=W$4*Nqo1WmS`DdgJQx2!0^t1Vr^TtEIiBmCFYGbV|Ddlx=##)HCvjFzF@ zC*obwH(xFo$*i@b;#}Jm9rNdH3f^~+z8sV8WB1vR1Yl1}6wV0&&GFtVBj`ckM}*u$ z;b=cO<}PuaWT?L%2n&$8A>}n4NZR2Ic*7|u{}zIcb0IuPqnw>NcCw_Q=Uq(hVozNL zis(ODAz+}l+)V_}49sQOBv=S31()#N;{pD~(4)wy=)gZevxp>t5qU0M5?$$pfw5Hm z&UpyW3}wDt43SUxnkYST9)sfdEhCZAZg8b9{6dF2?qQW!w~BOoJKCN++MoYurM6;m zTU}hey*BWS-6&d(WwDKi+}#Yj>lkxgU^E#mB3iS|fOb<(Xm0WE>ydvQ@DPeS{Ad(ckrY4*R z)>aJhw5~#N_U;&j_ry#8RLM!2ibrrHpmC-jF+9qU|%n(}F$AnsIcuuPER={`&$nDPe)LUUR z-qFk|R}6inMrV(6(Yh6BTU0%=o}$wYAUBDQvG(nx-?r*(>nL@^illtz(F++++b z1a3thoe53`T$&0pt{f)Y_-2tdJ=kQ}aSX*VZz6e&XgAK%Wb3D(( zW9C->8M`Tbfa3|WSVL8+S^DejZnE)cm3f&xh-5r-ro6n=OotJvG+v9c348Sp805CU zkM2uv>K1*laJS~?rFet#DH`Bzh0^qqY!eSoSF*zpfl^t4_R=GYosUJMW+9}FK{ofK z;{`*TK8B8@-0`H6{qDEk-CeM{Hs-0@H*ZazJCuic9XL;;3VyG4^L3XlNppPGuD=#N zc8$;GGdBb^YjVDy)f?yu?F4J_XR>B{bW}(fXhreNISecCb1W=-w4BvxKFvHN!IM*K z_uIMI|77ab&42d*+X@}f(T2*=AOXOu-e`7|NDV*)mwoX|kR)}tq&po$Da;jZk5GVV za7D}f24z`VQ5cWx9NsxoVe$=B|6W+oX!LwS=n(40@7mm(=Kfp309PEn7sB-!v3=e? znxww&me&#quSpYu$>Y+dx!2Q(L#O#`qFeB|N6dA^ha}yCgoC%M_Z+A?f$a*@QVqjJ z!g}6?UBH^7hP?MQ`K0KY&ZxdkN+@G&aE}dOS=}l}2ZmEl86mO^G&600SFH->)l%OC z2%vqkO~(2!Qj8GooB2&cEOV~g=ico8er!9zZG&$)TW^;PP-z!fk`GX88>-;@dZ(-h zf?!_g=Y)$+KG-*(YyFU2#%87ly&_MS<0a4al$-LJY=4_sS5~_U_&S-unBVBB#rUaU zRVqZd4Cdhnc8mVh&_q|G2w-b*8I3BRhZ3ZE{3o&x= zuN;zqL~**>Np)M4#-Sm45}vV5Md9=i?Un1ov5otky0|y?Sg`DzOifDbCXMVNpBJf+%sd#8UR)IoUv<- z?~@hf6;0kgzOlP#)z&SVLAMG~Q~Z3yAg{a;6$%9-7Z>T!%R%XyYZGxHT^cNXQhdX? zuET_EuFMXa1Ft@{Zu=DFt4_VKSzYS22p)*@>6J3y>948{q@{e&L!2gEple(Av*Gl1 z1!(UOltT7vU6Q!hT&K zet4wfCGEaLpf+Vq?74uV>FR{k79}C~AxU!z8d21gRY$buQU$1HFhMMt*b-MI@z9E!@fj_YK8`FaUowy8*Wu+zIeEQlw!n&kqQUIT zv5Vi=Qu`-h>RJ zNtKw26QR-3r1=L23|5@XhE_?*t_*LQ{+uYOJ{rmNz=kuS3O={TcZt}U$0xI=Wc?QIUI%l6!f)V(y7_EwcCXc-`8w`FY`ZEqs*H5@+$miFv4wT!QNz z+puNLj46{+73WBDW(~-*D~cl3N}k}9ZnDVM(<2v4R8``VZfuu)bVPz*g6sS%muS&T zdE${Fx-RSsEl?r8ubd+BNZbd}Y(la^T3e`;kVdvbAon=p&NKJ%NSsk(`d1wD9mG>_ z+fJ^U{>vgUdRNq6Q72VONeDL0gDDC*j1oe)-cAB; zjI>KWiZ^RO!^SWti#S(;V(82<0eQ7QcExr%t5mRH?^PjGA*o#pZK9MPh6(Q524ddc zzjodO!Z%w`mvCNAOU?nRsp{`O!d;8&6!7KE?i>)OXQsSi_e(w?e_2Qi=-yu+9Ue>o znBNi|I4hZ|p1P1_*1X?$Vb3sIV^6vqTb~R!&z%*7ygb}5(u9A+163l8Dv^=O{|7Yb z0uHZAcfmA?cbF!4QBJQrA;%0UvKY)ne4Z*4vR;xJhldk?Q*IurzLHU!Bqyq&*&^fP zfMh7#j7r6P#t`of-7^p9*f!buY<<%OMg>?axk2#myxwoy{~w|y`>g$>g`~-mD(jU| zdN=rAu3R}}XhLG*p*xZ7(f4lVP<L}hd?JMm`C$JGf5zmDWch$o~n$g z9Oj6HVs$`@`BoV!^VFaMGZOtUe1aej>qoYzi`DG?=I%~ zD&Iv9NLr98qeH=)vA%}HZ+$lnevm_bczM|faiLc<%Z9?CR)+75fg2jk*ctw`eNvGJ zq#5$SN+6v34hRTgpXL%}rxFxnSD1-ga5Vd><^91B5yV(cNW5r$!gnM6Ooy78C8nzR z@*9!08un#v$X^ro_3;o!$#DQ`ahvJum&HnLadi*yKq7q|xoF^m4mm6U69{h#*+hCD zHdar70=9ogNZjEO^9)M1@In)-cK1&1ND->M%x*!Va`@8u-S0J@fRF2VFR)rqu3I)c z$B5*C6T_dArr_r~$)5&E*sBg)Qnfq0FQCSa8Vm&?CUd3;9x$Q5oUzQ=;rZSNu$1qK z4H&@x%5%Fp1$+SfN9j(W`(3t}bDIri-P1VNz5GObM-&)d zBjWdn!mlbRra{bo7V$5!`P8v4FSyQYl&`&l(0^ zi8F-UGspKKxcj^hRpsQ+cARJQ-&It2vxbK5!!LvDylM{h%*eqOHE)ZUL5SiWK}Z}c zxk3c%)*jqqoHrYx7hLoCR7z4umPra$n4!QvKji2&is)P^Hf5r{!y6202*Qm3^x!cc zJ@opq2zv3zoQ}lg`)3qEDTaPu@dt*yqX(=s-9WzxtfVK`_!@muF&aKeQ`^5Dr!f}Y z;0`zsACrnP(Iz`nsN}3lZa~ogwEkNI>qh%iR?QYCYG6N6Nw1R)jOUf;)D1_4NsNXG zy8sJ@ApFN7J`orAJn}E+g~xc)M6tTrK?SDR0c}(rrMDvUZ*7dl4{)j3q5!FhFLOuj zZ#K!=f<(xKJ#*-Cy4RD{7_dal71Ifh+Buvtp6tr~%d9zv2!Z*&-RO$KsSZjSRAOajU1M9;l+2r33wq_`IS+ll;)|Gvd+leAu=3M2l>M*qnC2&_pYZi^(T{z#uR63a2K9 zEGn-m^1cHv{8q@v?0wLz7`eM2;=M;1zZG6ip~quGmlS*Imeio_61%P_VuqpFlftFC zp6`=hfZ^#2^c~C#6y1QJpJ)Q+Miy<~1lS=29V64VdQ&$&O7<<`1S{3*ER6Qx&m!xC zCmcg;xw`LW@PSd7rj|}y`~Vp(U7VB)q~>wt4J~xIom~clVWQV{PSJzEj+5W46non~ zsGWFn5pj+>IcD)NRFOA3q>E0yqXn5F?026ss!aMpbVfms5z#mPq&x}?+Mk#i@}vLy zOz||j+)M_`7b~Sw2wQ3WDP%YvURb4lE*coT1X4D~#zUL^P3v?ox%3^ao%X z!pjchUwQsFnre5fRQc;i<{D?w28m=-G{xiSVyP1Sf|a4jH3tqIAk$Tb3Q(X-{0_ao4*8e`QBri{9kXr=hYVQ{nfphHJTd-8hOJ@~nK+1EaP zZ=UvkzegkY@0W)?r(rqeexn?zy<>RtHE$aSNIx3_-rwIF6H&@)nQYV_>+9~#2exlV zT>=C*c??4Z31$+XZKDeq^KPRDO_c1i;V@lzY0P*FFu?SdGapt%1>>poaM~@ucl6g? z$HGwQNrOUT-ZiLWo=g5#W3_i{?wyjk81GlCITZEN(i&0X_PJ$eY2yr4z}KztFOM5= zNVJgtY_7JWV>&&|nPR1p6fGheJI&fxkc80B4 z5x3p;=tGqUS@}7KHaC?$MtoH|m46PvCKO@)HCS(}!Mn(^%op0oKvl4UgYJ7Bs4 zXF)3Hs4%vi02HL)f4D>Rqp%g!wp<%KXPV)Np$K9eU09<;-HJqkIwab+K*NFoH-s0W zuY6EpKza{Ir~y^mz~C)wJ3MELljT?x#N1-qlV_pZrMvmKpZ=*{2@@89_fidZITWdI zmGBp&-Qk!kM?KcVoLwtwlJ)V^T1BG`cU5yh3;dzXwqcXzE1iEo^HeX*SFF@vE7iWj zzI}c#R7td2)8(z%Y?sGEs#arW0l8$)n;SJt#dBl=`vSkdTHkh7J~S8q(w(J94%}N+ z9ur@6{A{37^mpTee}jvWvXBTJY<%<8s9qF@VSO;uCfpH|d+e8DfuvxX5dW!qjR);} zL#G=rlDWpGo_XmOACqDyQCe9h#ym&btf8GKPPT`?2#go_CWXUW9ei7w0=NPQ@Z*vp zgQRrCclO*oM0|@XOD}z1%VvM>?YxD%P>u9#1ioAb<70~TJyI$Y}ec;xBp$lnZ; z=eTt^i&BDqd*eLz*@$qbePl1u{#-pue&Q?IHVM^ALvBXNBAg?LM`A)pfdOMJSb*qa zC5-VOKFrxQp{m%6GOABzhtu7s3eoeLfdp?~fwZAwb!Ee8U!UB!UnQ=c6Dz1=sdKgL z+a>hN?T)fU=lH!D+!@^6RgLNM8l7VA`P?xfZB4GP=-8ic_e)xE9*FzR;tEPSMSN}A{2gGX6`d3 z6Nzm^`7udGhy~fwGr(-8w(B65XT!DK$w&tpN*YF(>_lqXb!`7xs*n%GusxpO<&$vJR;+>w*T&UE6+sjOo8#n7wP) z=wJKBEnkM^Z!*rzAsY{_sJJbVCk9ZNA_ZfZVqyAuE{vA5rk@4DHI{RfN6Lyz5hOV< zb&f)I+P|aY@AKdEo>5PYP9>BrsC~8`hJvNGiE!0aZQJ3__!DjbI~#_6T!EuG=)1QM zKd)j6J3}IP**t!#__L}xmOHvadhvD6FqeD##mVd8`7^Y;aS*pC`m2=h%AwkdsVF3whv><^!CH>4GM*E?z) z6P0KN7P9!SL)7)B9?W(?!``!NBsfn{CAq(pu~1d3hq0o*LK5HT3w9ZalyyC*k7Jh+ zx`klwFv?ll+$JZ@<{d-9^jR=WGr#$&k^^h2xz#<-KsQ91lFnTG_1v2lxCFI~tO#;R z$oWhTQ$LVbTZxyPjGQ>Z7MTHN(NYs1Q^7@pg2cvp*32?9c?-)fc_@(2lc`29M=fF) z?q@EjM)L~bm}7zlo%>(bj!q}((Cu0OBl_978I4~RG`PMg=PhHSNb1xNi@D_AyGlTe zXU*uLjXnYA;NOvLw%&>tIIBT$N8T$THX17C7`7knwV=nUIc;F;rP)sz2TWe0)j>3{ zMNq$_lj=fbIbPIz{#FN>K40W$IKCPP65!Nm!pYE2n*S1VC`s%v`#BrO0Ltu?sm3{4 z99oDxz5TZ?co7Owbm%R-^{$39R{U?_Ha@^S+BKH7#wI$B)0aX7<(>S&sKsFEN|2)j zYfEN%7YLpUk_fUeJkT#b5);cFl#dQGA|^z`vGT;vVQ9(ZwB#gZfsujX!87ij0XhmfSb`|x(fa}DzKfR<`r4vuWEy!dORE3e@A(a?kEBYR#sZKQmV7R2AGzq_A=hdCjFMOWh>Uacr>6YT7fjs zt*(UM{)_djDnk=UBWELpi@UlH+Vo9PhZ-l|_i9(S6 zz-?oe6Z{qQPw92>G+^Ak@>@+{)>CJboC=i9F_uiLPqu$2N(vhoJI3$|QUKGMk12Nu zx$v*EfI9W14eIY;6m0Lt&!EcZN5<*GDqVyI7)RZ5g~Gz-6$~e3QlX&NHy=T zfGTm-x#Svc11jOCW>A9^Q$WMQ);6J9DA zt8v?cRS8}0e55w->y^|TF5DTeAqE&$r4&<-7`G#jkd0(UK^f6q1vlGdO`i<=9Kf#W z8b+3pk^N1=ZxB))$CK3dEjiDl$(zEXG$L5=kV@b!SVUBBll?~Xv!kpIV`Y+fa0Dn* zJF~$jgIw9npUCo1sl}gw&+H6CqZc??Gb#pU|979Lj`Qn3QR0q)QWL@@kQzW`0+a;3 zo@Ss4dR?1XSvxby8B3@T9Jnx{9Z%1mOCIjAIqIlyHBdcLCM-Z|&%`(1-Z~>C<$Bq`_@sb$_)fUK7>}FFdr8VOHtsTq|KY$ksgP= zRJBjKlo1>4*8-#oBG(j67LDHmkD9M-a+-O7=_+r@P0c#^q`~6qa?BJjdpx5=lq5t#@u$1-0O+ivtAPGl zb-$Uw%SoKQ90lj{F}z5l8XZNOJ~pZaaeIQMB+qpixZ?{{bn+C(1JEMx5IcG`VV+9c;*&$Rrjk_wa8Kzq1e2ir|V2O9zagTV5=1j z2YHJSjiIhb70S}aVM5e|Z0ed&VSQ)vM5zy`7#y25Wp6zzb+~$FI>yYv97BDZXKvI) z`MzP>UcuAzC4uUv#ffvzR*_`qvupw^a446F5iHsIYl!1hfo+=!UEfBw>vtZ!4Ya#X zJl-kEEmM*yqqA+9cQvXkNMH&zlOwKCd9Yth_jB%;FT75X_ZY;oB7Wrw(X_hN>b6z1 zy-3byF&CkH)Ik=OdYb-I@~2_ulQh&w@~jTq*M^_wAywIP@m`5);cD|FKMWUOZbaPK zmJz_svruJWJbr99Vx7pCuNb$YfM?lKH)ZM`l=IQQB_b8P%Vw`}~+ z5#Y~dC3QG?Dc?J9tnc0T0Nk!M8cx^yjq(HeJ!8Ptt#i$aNe-kzxfs~B6Y*o4Zf>jX z0xRz(t#vit-e^jg`^)HI*Bi|}m!`_Mv4_LZYqL{ymBV10`8W|m*hTt>bqXN?862sn?(efm+V0uyVTBKK$+4!{$8*fmW?+FB| zg`OHJ*Sf|wa&rxcY`-kS+*LT-mDy}xON%Chl0hTG+5`l1WHft*8o<;G2#W#yh1Rt^ z$LF7eLyTono2HuLeU0I7geL5=WtPkMtYNGJOCS9S9mS%|i8bdTHeLtMTiH+R<)-;# zV6BPIolcM7<8RQn0>$V3G*>e?>uON@_|9IKp0RaY>xC&VZ#t>0g_`t`30E77?2Y+a zben~=wpzBPfv{tDJuO1TjYBdQ>M9=*B+BDy@okcoiz1QBSwd6`>;!>NKbL966}{@= zg@^*7OG+x?w&PgyB+Trl8;uB@UR(MehN#M8B~%LSEig1P+V@Wo=L>WS$+3bAE0upb$kGpsj@og-01He^p$giAEaOFs-CihdQJi3;ylpD770ySL$$bO zJ)k|zAsq|0KihIZu$9JBRpwhEWjDa?f9iY5Uf(IKZe{;LlkdRl&i!4j|FyPA$WsNP zHN+NVP=*V-#(HRZ!ZWjchp0;yDCP0;za+Q4P5_6_rkn3uf80Stl7u?cXstO^g4JqX zLDzd0;eTx~FOg=OOK-0)O(<&&7`5t_;w|W9kL#yHG|x}&kLy|)z0a9ut!4bM0%+9@ zpb2+5EZ070{?!5hsL9aJn^EkeY{4~-wU6fLh$@zM&EXMt)YJZX@GQx$s!7zps-g$x zK8Praw@Z!5Xa15MF6KYDy|Akc_9(o#M+ZSKb8%CfoI@kp80Y7#s8c%;%*S6nD`rr< zy^VDD!8g%H8ufwhp`KuY`}ZBi%Fe=iy4i^PRtP109PtwZYYZ; zb2c))&89Q4_Gx8j(O7%nK;gBr9rxMrq&M%~@LVP*f&}^5^89RhwkOnQ%hUPsv*p=p z;NJhBc}J(gi@wCg5OOEc=T8^M5>*I|N(|BQM02ghN^XPoDn{~M;J&8|IM|1^+q;xc za0z2qFTVy$SAz_8uJ+C8*{@C{r8Qlfja@J9OIo@<7#pu!*tGuE2Z6@@7O(+g1@l)p zgH@nc{ieyG+Gw!+zzs*YRp5YruV$g|IAA%E1FY?q3N)wfr?{?d5fK>Up-FbTq{!k? z6JU3wT@8bN`&s%klWZ89j3;GNc2ks(465%c%$e`8EK1RD7g3oXh!VDlq$>Ydz@SHQ zbddtyF|4IQh2nh10C0A#5YG}L!n+fBQF(4hl5e(0V_=gRo5E8rJgE;31Ro&p)`H|F z_H(0C-#W$}%>ERQpEK&RWd{GkGG5u^(0`Ve)t(pvM^@tTdI8SL=%~_Y%4C&~kO+dD zR;J3wgJ_S^y74WJHH*(WH99OweoY zQS1o*PjrJ%?i#B_?2>g?uq#{SwZXnQNE8v1`6M$ghgGAfMAE~r9(=vUYKfi7{3e^` z@tB|LnpD-i+}Yl~xw#q4Wa8veKHC-rx5o)A52ocHF6VFmJ00&n`QnR5HK9>8p$3MM z_@sC1-mNq<+t0PsVENTvQkQjQYB+G7MFF?B@9f1v&F^1&;a z)5kY?x4yJvZ8t_SOG&8?x``w8dYUPtds<#}OdEuE<8exgiM`9GwmqLsDm@&0Ie2hi z=p!~al}(X>{mk=eQH%z+EMm%w9gk;e1~e|v#|1K)#T6v%gb{w!W$9Lw60b4MsL-Or z2A42M2o&3)Y<;6C-t~uc$oVl#y4;V>tuA#i*tF-T@m7HL zTXINU*_>Xsyy#s#{&=f%b;iQz>XsrRBe+3r@4)F?BD9>ef3A`&Dag1}`SP^dDB`cv zX>x_3DrJsJ8R>!i;V+Pd%=dsHopW&5%dDc&?BXr@s+~RT82o*>@59!X5S$>_= z2njrrKpj>&`J+B8dhi}i0|n?JF0j!@1&d?Pfk3g5!r`5=R8a+Q^msuMi9xm(A7Nk| z@frt*Pw>?hKTGDAzMYm6!|!Q9;N(g*DlnAmN;tP%)D<4SN$01Sa=Zj%jWSnRBMbb2 zPUY6~!0h@>T=EcWVnde7MT#>P6h(1joSA9BO$HrA!z7XR$T%OBmO(Pd7E5fA2Z(`4 z+rDC?6uFk*r~bUWO4wp3Rrg=xssWRzP)a;BI5GGP)>a^t%1O?X`I&vvrD%((VbIKc zXMPLatEysbr+5~=3QJW^u#OLI^EidZ2*{J5>oTMae7T=l>K!5;=vaXb?!w^9~b zvWS!qDh4zVI1B^PdV1TQqDFDkMyPm!xI(HPkl$8&KK#Cj=actsrHLR$)(+co>ZsdL z2!{dQ3|^uq$bLaL7aUSE2)rRmPWDd5bVJ6u! zY;+1(zU44JmgQ(c3@qLLglD#a0Mr-GtvjMAYrffCMo&2_80J($%B(lo&lkv8uD{Y_ zo${)YHAL<*vTSdsa%YIK?ret7=D5Ho&k||H#)~RPq03xTjW#V_vFje^FaK#x#X2qQ zvmz^vj5gUhtu@<{-O{8+Eo@lw0wU3Edwa6})KilhY}R~ijvYybEql*<3-isMBN1J` z9N`64o7OCBHra%@Fd_O1wl&iFd+7h)pXL{sV$D||XubUlX|=td6*li#wcXP$8OkDd z;DvHFbKj$MgTcsB@(-|9hS8UUN3fp46d;rG_RZ>5P6Z*??%rX)iE)~os=(UL#ccnh`paWdq4lw5ou?mM}w~h z5AM@~N*jbHgU9RfCjC2UU3usyG>ksI%LlB{p|gS`=dOy^C8vksy_EFJh+j?Z;a0PB zuM$#TMQUnIueZm0FmaXjG9bam!CoXcktsa?#bavJMi-GbN!RG^X>^OZzXV)$_`Jx{ zMk`8xmgyOlZ|ohFTCRsR9xHrW3I}}j!?e;Pk?E2mc?;7OMW)tgKF`@vHN18*mJB#W zNy5yKM+4kxZOkLkVj4J{i%+xlE1qS>thFI5D>NCzvS1@8^q+%loGoU;H0Y3OtCx(f zbF=+S3Oe%CugWl2zkfQ$c?ghhqP6y{2LSO4Xv@1pI!-FOI;R~V2Ffu17``^Rlil-sw_3kHY)DG7+*LFNWQf96#`>ZY^$}EO z!o0!NTa}I$)3}HR$A{;U1f*1S!Gi?lHNT*TDdRbsOlrR{611w1m%>|a@FJlI#8#Pd z5$-n72D8+qVOp^=w5R3@d}N&TP^HJ-*AX8@Wi*(3bNl$-6ltp^%o_)sIsKm zz7+MgXXzEY)vSNDNXN_`M-fnl1dr;2~v(6A@fAN<|Wvxm1?vEWW~|C^4wyQmn~iP#s_1=Ww@$wxm_t z4MwYBz?_d`G%F5?H;^2lj+6V@Q?LcP(@2HbptNyNjl-ZKW55hg3Y`fkh7)g-hoObf#WdL!26Hk0@%Z4hQ>)HEfx#*r+hAt`FvjiriM)r$TIyUsG1fOrT>2>CGUCU6vWNSb*@sk zk@1H7Pwi=2N_-I_qaG zl6W~)Ow{1lXS2(hQ%~BuVKQ122|H^>TWrP=K}1blMH)_km|T<*`?f!ci%kMa2e)96_A~kxm~F%})Az10d^e8Rq63%FnTfy_!8ed(g|uHb zF&Y@Rt@NGm92Vw9qHc3usO0h-g_Q2h;n!C4BicGxK?2S*lXN_WhF|JMUTx^#ta8Rt z%MIhJS(0CxT$-?0nS0TGk>HIpaaM~Y-OG*r9494h@HzeEXN78j^u*1@rAb|F((p@y zjRH73)6yjbJ~Zz=b)1RM3Rz%HTDzxbz3HYoB!fE5CtrOI?|Yn)6@T)HDlZc^DEsm{ zPsgwL(NDRIX17rq{cTMY9z@vN7*Y732b6eR@(t7^g!(lZINK6Y9)}fZ1kS|re*_8X zNW?@YlH_v_W^4Bv&r;%D_8^EEaRnh+p;u5obsp`HXWmZzg#EHSV6%QPF~G3GNd|Q09vQ?pum~tGC!-HL&dy%q(ss&@xAT)eYAW&;6Cb3#>3kAr zi&;{nqmyi^WfkT1c{B}OUYlm4=>j#JR!KwM2Y(;*_b>r?y1*^DQonpD zD$%E+kpg<6Zel|JvF7wwO&l?-hUpCSf3YvCvx5As4wf9Zup*vRbWQA(E`yx`R&0q4 z^rw*I98fCozUMjHoI!U#VtJWo)#gt0a4VW_MMu6)AHJnFZB!0O?Fu4Rbla4M7C*RZ zu#$Q1SQ|Ev9yw#P5MglXK|9YS6%@k>d@vCk(0JtHiX7{*G2W1Iz}cCWeVzUAOljZd zBKXCtrOivVd7?DE58@}Ri(%z%FW;AQ9CVd1K3KL=izO2l0lm=yBZGKkpjKQ{oUy6KMV#BA3gGA&UlF>Uv0cLoVNzG ztuQ|W@Rwf<246pD1NU73wFdyeSAXNRp4P&!wb+WyX0JLlA3q)po_yH`O&{?d0*b3v ze)#AylD<`SYe^bnRI{TF-(jmA+~w&^@y`+dd4PXToWt7&AL-wI4QD9wG^hZ^qY-js z&ANeG(-wns!|2jUa;OU)b#$83fkSU{&Q_a^SBv zEwTwq53701PM<{wvmejsvrJ-YnHVtYpfo=;HjkOwmle5PgDc_8Fd}F#hC{231(+l7 z@($1)y=Zr?@6?Ps`^UTS#VEPlI(e~skk6nX#uMxV1IX`l6g+m9bg&<&eH64I(`d$ z{6Oc+3L3eh2%IpOY8(2mTwLpB)~a!-r?|1>bkKIxmh6^Z;wh3PK=` zlN-6+glRr#Xu90o*hi8Q$CiV=qKI!XOsM+}qN#wXlWK??TWCrowbjipc7!D>4}xin zF59MW_oL2k2M77^EetRYp%sj3fnWr3DLy#L#>v~0ONP`YUeKK4Wv6LTR_wN9Jfp97 z10T|J2okr{`VT>@&_uw%s<7jd@W|L^t03%PZ#*VQp)6nV)htW~@qlY2f?8)mT@NjX#_`N5Z+0=mufoQ>E1-vWVy#qFx zh3pi)Sy%4=;H7b57z8@|*}Z{$9<0wxTv)IshP zU+hVWPY@w3Po5(DGAO88goOIK6dGZ=uyI_9Dm=d?qQjGFwnc@{SA8Nz->L@83J!$# ze4CNg*!#T6$o%0W-(ti@V?UpPy^|F0K`@4{I(?c>;j8|;KgNrdYay*d4T+iC+|-?f zuv(JyV45^3wP?Ln0S07ks|#F%QngW{)=LdGBz~#kkr=EvNeuSUmKaMmUoXs8735wd zGy$$gwQaMi1~sg{wrYAcp}mU0cA7T?wGa({QEk+1b)UqNV$5uy`BsU$fNyoT#PSXB ze@wZ1mf#Kp(3e@^Kcv-!pUGtV6ZK1VRvR~51pv0Yn!K$F+5=aB(o3;%PkS1;!LA(p z2KebciOjw->rlR?;zsT#!5Q@M7}}) zfLoR$p?ef&>X7zN*$=ceh7lFh^i9G}4$P+*?13y~f@54N`-MR+Nj&~<9X7iykNn!T zt10Z_V1JUs689kC`L6N|w0^JipMOgzPtSiI=X$pBjUp*gr~ttySb32SKofu@f0`Ez zP;UeD(G(A1&*X7zj?b2{_T~{v1PJrx9sjvh@@h>}B)E|F&YjjX$2GEO>*)Z5_XGy$kv(%bp>~1n{Nt}$_o?4~ z)Q<%&d;1IwgSM%qy**=$+3Wn&LH_uC$NTanzWXo#yI1(`kN$VR;Jg3zzk7%8{zGsh z`zyRA!u#{iH@HanyAQ9lV7o^>u|LYdG!hy`ZYh`)Wuoz9{P*vs`Ne8D zZIzINR+Ew6!Ea&%&?*GR=c6ya@c;b81N6RvdJgu)fS8Y&zb~?sPQ-ydiVc=M(M2C} z_oXk}`H}yOu{=E9inVuiGJthS0xhvPwjT9=(&68od0Yag&5+W6#bLSOO$!f7rlCr$77+}DO zt^qnvW^+statC7X&FXIg!)V{z&WCo`5)B`kn z*bDofq<0!Q^fA*1l>3=D0NTo9jX0wm_GxKa#xvF<;e*-@`KvvnjZdFD96M}53u~sX z-c&byT>^KN@vi6{!N>9q3jDk-xjT)YumE(dqj(B-%J`P$zbR?-wAXb*=;!Da5u`Jn zGmap6dE~)PO3uZvT}p6->yT_>EWH|Xmre?Y#hPx?leR<0<+Hn8BD)+O%=-AqNRZvK zb{v++Ls&nb04kR4w04Y^!^X9~J~Bcc`|TrRq}hL;1SVuZt{s!*vEkO|CxD4*yRIFf z<&e>=-;a!mvY*$Ai2AaY;2ZAz3V0^O?)w=zPXmv&8RpV+BUZl0$0bIRfLCFUkHR-gZ|8M zH{RTz$C(Fxf|cw!e~(Z?{foBC_&T{nC=y-(RSf`9eThJJYM@b&>iWXt=` zSa3gs{=$F6LKbuajM{jsf}X0{Eo80DK+wEa0@**wu6J&b(uG;}oz2NBODlZLz%cn? zL;g}fiX!^l0S{%N#t4Pcs&;wc(H0WCr` zR+i^Fl%Pa!kl6UJ0Y1`_&kNCW5LdAhKgP|kQv9IU*#lX5f!E-srMeagljMvhadwrI z;v(<)e41kBVHby5v8)&Li&K1Bh*W%BvC4#}OwWg%T1k=;^u}wJJRdc|@%dy*$g*{` z&~b9pKjXQEiEloD3Oc1D+{m9Tv{3l`L+l)W2qu45EuzGaiz_^_&fk$8Abx!)O`VM* zxgvu2GoI@pm&{|nAz~S@IQy$bn6TX2)U+XIaGR9<+69Nnk-)kaL z#AwyXS&mv6+BEve2)a9IWj+O!d61RZz`9OEn>aWdYUXQ|EW&;h*m!F!_T8p=iTI$8nZqI=KxN?vjm#J49Is7{VOtmXqyeN0@zh)@u}rk zFcxBXPXvC`@pH<-g5Uz?N>8Afm7{yAhV9b z{gu%VtXn5O`B<@TsYSe=3yTumrlY~1;&K8iQ^;pEr4=;fgWol|q!oG|m$b{328%la zL+?qPrI$%5ENQRg2x)klVtV5P_VK$I$ESn$&8t_W4hHjb{4jVK^6z@*cmq0{Hq3<3 z(Q9(WFEuytapwo07^2m>8G;kUz|NsEKH5BX&mGA6=-*&h4XPXB(8oZoDGw#Iru^p) z?n)SHc!rSCi;CUFB!3cJev8}1qEZ(!j~KVwBpfu;$v>}Hel(+|f3w1_(_14C%k~Gj z-OJu=HZI5TF*#d1Yak&W!=Gf#V7fU;E=6AUOe;p2^I8JHXLZ_$rwxsC41L5APvGQC z!@LQR?t5e>|*Lmh9k)qvog0P z;aWhz=fjXrpmiv9UFT;pWpV;JzI$zblVt`s->2mjam!lY>}1o7?VAo z4u{Mwj`^la&n=3YDh`_nmR(~Ta0ZQquf+V-Jfdd}$+y2m+%-q%xjNrOnmd12bECYA z-r1`PtuEgZb*uX}OkWRh>A<{b@6=fH?F6xfU?JM)G>il>Bd3HoW`*fab>dP7wv1o+ z6+PM>#g<8Fr*+Cp^4&Bay{Va7hL`ift6({CLy+ze4HOjv&k8yvUvM6y^g^F9IlxsUR z+B3bINgmJAO|X!jq5lIQ#zh)uRlVz5>zgsOj+=$|N4eG_o}JmKwQCW=lK1AfHc_Nn z^5;O@l8e|Xd875g(25RTl)j-02Z|VQmKhU^++y6>%>h!1N8dW#4Gd?iXo)5A9K6WD z2FkB8x*U=t!IT?ff!9}4dIM|rSSb#)fB5X2=J}h&oRqhw^1aHO<7TQCMQ|Y*M1n;{ z!4-66CM`T-QpY?QoENvSP$HA3r*~p2dRZiwuWT$#-X)k;iNUbKtK87l&^eidnKSl; zz`A&_*d_!B7>;spR#Sp;tFG5q2 zY_2b+QGNMX+Rb4mzk*{Qmi3P<>mKu(+3(8_7O?5V?l8U?C+31ao$0gHJs*4z&~OBE zXHnul8|PT9B`YFW4v%nC%gG6E?j_l{NUrEB{_h_967BtrcUUsl9y05-?i6CTdzG5U z0PKPk)>BCzIJ$tjwl^Aqkt^A?&buAy>{+|A^oEG2RXFYyEQ(R`eUUHbd?~&h;D>&| zW}lRCY;X3nFS-^gbd+RXVajIqvw^N)7pD*QmcJpS9pKvBbasssnMYeR5?xW#naBvY z6Lnn#y8heU??)YRS^Q{{z*M`LB>bY&L|n{1W_!RspeTf|k!K>1C?WVd$il>#B|(cW zZlhw6p&1ec(hXDlzZ|^&=+6y@aC(!fnwLA<+v9vx4rb}7$jkh)8jSMUc9QiM<#voy zhW+gebo(7w|xbu#y|6KysQ6xohCQC@z226PXEL0 z3?&PAB$>jf>623(-!`w0jajL8_I~eSR-!og3t;${YNeNlCUF_P z0eJA|wv0xUyn1Y2TkYK8u^LRemK^A+-r)5di;^ElVz+v-vy`}tDhIR$HG~u>W+XvW7IPUsc!o&9)m zHNjcKm#90@#_LXNf$t*(k=);XK4#vT<|BiL06`AY+Al61LMym9BwTz^-SD0@0d`P_ zYIJO`JOO&NG@wTYpmu{IdD}A@J!nKa5C(kQboFfvh-KjkS~&iid)8M}Esi3gZb6Iv{017YT8U0(b_}_h#U}9fK^XwmX{UDrxObBLB&uiSmLwE9Yol~K`4CTXP$G35PkCqFg0*jAJVMSN{a zARqPvp0!QzWl4vg%;*K(5xE~{^5j?jw6>An4bM zymjgCxW3FX>(s>Jxr0U)AdF?IJyx*Ru^y|7E|$AC0)v3vB4K#&b%D5r0$r#N#Ryp0TfzHn{}36%9Xu(HfYDJ_ZV@P6#>NNsuB0ZJ%LSSn9v)dSOFfe8Wf2-Dsf zD8O%?rq*J5p)FTR%ZtAC`R3ehKOXnTWk1OF4%1@>V}Q-c+fI`(er?~b~T{jJ}QT7$C_qX#*Q*m9!QjmT1% zBFp~1V=5QZZ+r{dp%3ib>#?r%K~Aaw(;~io1@F;hXYYA-XsZ2Sv)#hkoHwmhNtF86 zx2;qOkNHVxBi9ON7*XIQ{67A$V)q_JMF3j^Emesk!8lL+0xv+I*bC!6D41L5AA$n= zbP-Rdx9b<+NF1L49x~SeESj@XI*;jq{4&B<_(|ph0E@K>2v1l~3c56gh%^Z5_t7vu zO;IWMG)1O3&f1lIw067aMVytGCp<8HrM8oIb5pBp0^^(Yhi4VtalwOuU z3e@6S)C6YrYS7DEYgK{x5ZWdHKho>fn*S#L;Y;1a@7ICmCO|7?xK0Q0M(Ja-T?=)T z!_ycj(iM}iyVXV3+3q%g@%=tHFVY#n?sd1jo4Vo+d#XK9!m9NJDHL2xTxnagL7`XV zGkot=cTM7{YtX5?HqB#gAbu}*CwfZz-=U6moupT%13T!9>O`V2@ zQpe9T49;F8A`~@CZdAK0XTDc!AwvZ;SCigq;GMNwfHZF0?D@v8Y&M{`G#Rs3 zXY48(5T;K-Z@_}uZy2b^M@7e-NF%C@nkMs#do6|mD~qAw$yA^XQa{D;D`#k(ofvjS znsyF+?|^}i#NqMi8QxzbAgSsiq6%hxgl%oKc)uvE7rJXg~c?rwI^ zx6R}fH~e{hY_T!Xj4L)f%<;E;MUS9f&#W3Tjur(a$IBo3VoL!-4G**Ho&A&Nr!USA z&yM$=A8y)=rOyC~mhydCtu^Kx(BiPol+YuAUe|{e1^C!Zv_jN&i*eutJB?YtXb_QV zZb7^Ap=nO2EGMxzWRym70O^Y}crS)`8aM>H`k>J|rE6pINe>owxOSjI!l6ksw!qeM zN8}4RwtV+N8{HP*>PFle?R?=3a;pK3vnXe%(H<}P5xQ+~BObsNrO=v;AKHjwfXYZE6)`N`2xv8*=eEtuU4kv zzPyge!;gn==U@|uOIR%_f85fyGxDnZs>5fP zD{b?9;nM-EkmXmc_gC#OuO0Rxj`j}ZxB#D_+@SX4Y~2x)7e-X>TKa}{$A74U;U|}b z@*X44O!O!~#6`g1p4odS7mctC3M>V)8>C(pr7YSeDw7dz0`q+^%dIGnE`9tXaSjW# zJ0ygM;=VEVW4MLJn>oE14~YV73PAVv8G+98zVV{Z|5XRpSi0l>UU@o&aYyL}$|r|@ z%7LH}7@l&^^+q|*SRF<~?*^Z>2eAU7s9LL0uq%c3i0-ko-CDW;=#z{UW5<_x7loxi zoM+EzwdSl)>_&yU_EDqc`dbjr4WJ7samoql;6O(92WelABEiIHHd$oEh$^CE9NgMk zMwR;2k;?PHhp)QHQMNIoq2%Fy5vN8Z$q^C9&^D9cVzm(1kiH{BuX^>SO^RCIh8KcP zsikXojw%_tDMTzXHl6I8r}j}?$)vl)-hzGcfz-_ZD|(=XwLGWP{gMsHSSem zn_W+HUCbp!rjnJlPzQi3))qY0RV`U=mu{m!%A^!6WWo;SmL%F+sSiucR#RM4P277t z5XYucJUGt|PDK~VC`Q8*tyGj1MS?aevx9IK(J@q!ugeJ(Ey?CCWz?|9RBBh*Ler1O zA9Eo>W-u-;SW-zg=j@jFZQ4*0fJ0}2NHpI{%$+-k4#ez(9w~D608~MFUa37$UYo>z zA~h?<+>tjE6JYXV3H{)JGA10w(xP_+gUgRiE#;Qn*|n z(99Cz#QwaFh9_xv&dvK5$wQhiHQiL!iqMJ{^!Epa%Vr`jCTyr1VT1l8Mkt{m0R%;=$DDJ}vfs)D$kBO{Suz>l~pkpl5j5QY? z4>}w^`r=EB2av@1mXk!p{_uDzBPz-pn~bGdol3-gX#|mH5Y=!x0?ljqhIdt5di}Iv zx*QZy!hRtAX{*ol$EB+?2VU4Ed~M@X8=2{}6TWE+pBkQ`{U*6*OzSZgEN6hARAdCtZD05JZA}N8@bQ- z1L#%C5zkG8NbLYx;E$6V!rr6m^e23y4?b+8fcjB04f>Ymv-NFVRem2M{;ezKcBQts z@N#qBZ{q>41=lzu*?es1sb?Y*Z`W4S=iho}U;R*e{lUswYpSc9!nH-k>~8MAJ0I%= zcO9gFc<8hc^zJT^4@lNmgszcy%H8`02ltM=G+KY!Q*A|M zIkW@sq;_-mz}Bzf+$Pqj?Vz54yNriDuMN!Ahlb2@KbOnYrBc_xF zU|=+-zK|5x^Gbi8koTdt$!q?o1bMkd4WEtR)$O6#sOkH-c~x)GCi zBq6#aD7wMZef~T<1|uv3B8!ra&c-+H@pp-yo%TfxP;dxFv;} zJdh&}#OjsWq}Y)vm=Ay87_5lA@`n&u10s^*I7eO2l>5epYda0e*l8g; z;t+Vh0Rn46z~E<~BkRD3xJ*q?!$IYUErC518YB&FVtHE%&v3)fg2d9sH&<*u^7@UY zpk6m4>d44alLNlO7@Y2%?L9v{KRlE7)L6&v&qc&1Kkr(Y#~epYOo|@3B)TMFCbmmx zJH;4#j))3qyrtV*_GZf_4r@-MkjJ)ZA`yGN=U}OGAYyD#<}v}@pN#pT zYTump(8v%H>!Xnyf`>|-HRjU8p<$SO1BY_%GJra%m{$sv26Ovb(rSv?do8kZto z6bZn+$&&0K3bw>NXHC(3W)A(Hciz)nXQjk^AJ_=u7s^JPPC*VOG57DJS%udU+e|4)<%-9-X{6KYek|6;aEhfaLT5Bw7|1OBpWX#|ehl;S|X;Lp#Wc>CPI| z6sFLM#cfk&dV$knAj7RZ@Zrv?&g|CsvE$D?FuOH>?S$H2{cfSVVba`p3j=S))pqo3 zhyAbh_{iBqu>;B5ct#gXg8)mIc#g%n(NVn|Ri{f~b}^_mq8n#X>F*VZxp@lwh->*< zr&R_!&3qPv)q6yxuJ&U@urc;QVZNc&F{jpr%cz;D*2l=xDw554fM6$3wd| zNzt*cGh-|UE>qf-3KEnl6b^fsj;-oyvW6kBGOTN6^-##wGgz~v{JKu-r1J3S08c%o zWAADI_DO2(%m>hhJd7nRSaaJ!p2uSNASV0_7GUEI1NBUG?dbN!-~F>#ovAW1@mhq4 zTaY5SiQ&l~=qD3GwoK3V7tf29xN9D0$-Gywf8B*vw&tnm3y;wRnz@?rD#^U8Z42;~ z#t;A+QG$P3D(}?RTWjv%MK$TO`Oud)x`?f0uHByXIr=Sq*b#ZjdVfK z=3cl~b1_31(=`k@e+~{u>NuOkO=mI1)9Os5Fz)=fs1q1-YCHHDVOn)(G$p_ff|q`F zlai^_pWVbFdQSqTSzCFdMmh_P^k+HnY0Clgd#l5jW)%tUxKJ4a@OYRVs<=8aXryrpN9g0;A%g}wRs2jg8Xyy&4 zk`!$(9aU_Yzc=l~POz9}H~R%0=2rB_RfI)eb1X$O&sj|2M6V$O`Dsi$0j(tbzZ-3l zG7WSMT(5*ri-QE(j8uEIzO_zT;uKtD>i8lr+&C*&B#hUw;O@Y~qWv$)?Ri{WC6Wer za;!F_o@ebv6>E^JFUorn7o*8mlnky0TXN4hklo+snPMGKOV4G!Q<5!CU8jo`i=i8n zqnI{7M@2#tE1uG?8a9U6xREa^nCdW9N3$_zu}e@ z&L}NMy`na1#;_s}tv*x~WY%h+Zs)-=s|}M4>SGU*E|cyuL<&$~$Y@5dJY-~2wHh*P z=U;lr3{Bw<89o=FE#3r2(uomeIS(YDA`0`Cm1Vzstvk7gAdK$wbo3^vV4hTqrh5#( z$D1zVEQ;|GHZ)!ZjHn_YWjM5+XK^T5GkT^02Aa3m9Fd9FKeJfD(KH1MONB3D+Y%uW z1SJpyi_(u5Z{G^n)H?}nl_JQf1cMZHAykn>YGdG^1bDuiR z@9nvnq)@*~rc-ul$b^;Qfkh16fx?GH#%pOxFoi~zi+-^boViGU!QZo%78!$mtBnqn z_C_r+`SJ1<;&D3MUjUV6T&8GIoNv%D<-2_OZw0S$UvWV)Oi#*R|ii5cAM{uSyulVvZ_te-`r##~=hy zGB~1^NB%J>xJ3bs$fPGntiN46WrvmP|) zfR9{5Mg19VQ*<7@9X){O;a3-Sj$M!C=09e7zIXm&`1<(d_4(P0;rZ*~-t*Uc`}-#^ zj?aC?F&Z3-L@>4E3kv#Vl;#sG;+`)%afTg6&rgGZ`hwNvo056yqpASeis7X6wVb5$ zfwvd#kNSqj;n~^A*$!dK_bNvE7Kg$mFPPoR_0?K7PX~9~@u)?>*$w%;<5BO(!$+=( ztaLti%Jb%M|MlVPzZ~qpesTPl!jqhlfhNk=@8H3lnC5r}N~1#5lX#;m6ut0tnh-JHPf+D-(upFd4BQ7gFv-SE zGbxW2^Rc{%(VChin7I^Qi?Q##%Mt}`ATPw-c!8Vl^%h@Hb8e6l41~&(;4uw+kr!Ue zqfNvMJ|AvwJ$QV#xplsG_Wj|xm|nhe%;e^o>WD#A+uQv|51)Mb)z^<7eDRnm11*S~ zt!RN^7TKE&PtKw$$Vhpk*lIcLEHjMHJmCfLOw&rbF>#45EUdwBK20mSee~tSS2Y#6 zF=}i<^p$H=hwp=8#Uio79{-7Fl<@IiX)3KMziYp%;ZzeTfDg`+lOhER9_q4@Ws*dV zDI2lmEes@G)Z_KY8 zz=*Det?;oT3WBVKPk?Cn_*qQLVI9~%vWZa7X!vNMDKmagyJ#n^LRqlGAn(j__&8gw z;t7Rmogs?OF+#8Fiu;#Ztyfv^o7bp8KILwrW~^3RLF>=Tt7#jMHR)Svy8pfR|U3B-|233yPMHB zky}!^-5+^o@CIMt?V3y5mtysQ|KY1|^g`^DYMy-;&ASE5`qq(+Si6TjElvQ9N3Xu| z6}Em-c&QhWmQ;lt(}Zg)Xbs3?(Wle+stlw37|?c#(HDg(N0WZ#xCN>-;6vL#=P6ku zA%va)LV7v%MH^H6DZ<|btpYU~@Hx!JqK+S#F8~>>5dWwUfgcPsJY^LMPkbnxC0TM) zkHnXNgi%a>QHan_1}cFXO(T?0J`Q%#O#q)i;0PJz)Hi+JvCJM=MCa;YO%pR0x8N=t zXU~RRwhogv9l6QIzOTO>CRbED?ECuL2@4R_wk0ptkAyB7RI^ebtiM4u^)(8M`M&<< z!~|E3@p--erqmQxjmdet{^soYsWYsYlWwc-FJz=}t;)?5xzKFC*7K~&>F4MNaj{)2 zcDnG^uFSuEIEcheO?1%=^LeuDRF*r; zhkeWjX2(K^r)~lBLtNlij4;t@9V0dx`_T(6oG~mf963?5@VG161vg|B|CwE?>ASs^ zbN~J~{?eZHH9r0|Ha;~JfByvN@C~e*QLy&7mg%^^piuR^Gxw$P_mp=RF6IxSrV|uG zFNGCxU;S=CuzVRhxd2B%xWA-JlsCZ1$EN&nF`LE3?T)cXWK-1I5WMel&L(-N9yA3{ zvh{XnqaDcQqaWBsp5vrq?k0u8*@A6)UFMjUQQLamvBt;z#`a~cJy}%*1rz3|z!fI* ze2wxkc|Z!hs)AhPo+eq-+c4h%uEN#3w2D0;`JLgJAWD{o2*qV@Tbl=OIywqeJ)dLU;Sm za7zCgoh&MTCFigI5&dFq=D!X__i;~|HO`zdM1-0hqZW@}P$*zA1Vic<0q%WA2&H3x zOin4zhs#x>NK3KLuG4v5eqY4%Nz@;XK=qa^bPpD$@fcG+OQLVYtY6$4{rrl)$TOBF z*=do?(lRM2XKq^Eva>mtDZEuDvIR72uY<$p+@W!y!F|VKayuC$45v`AtYG2-)74^k&MY67~ zr1*h^_z{g)1OsNYqrOn?Y*^^e^E8<4?5SR)-KKyYm)CMLqSmn5NEDhT+WmsL;-any zzUgj7-EN?2;#L#oZQ|?csc=_;WgGn*+TeUNM{vW%XvFTDCF%SW zk5kn|wR?93nZe`>-$1fQ0w@1gAa4Ji- zj>*h?s=~U1O)-f&6Oxt;8j4ZmQFB`u8I6Sw()cRNOAxQ+U|v4-Ck;S|J;6j*@pPIL zw*#;{Coq?+V6Jl$-#+5o2YmbS*O&3b%jAo|Rw*G3-J0hm<(rSne7c~RJew@R>URn; zTk4L!d$cm@KkTCl>I3)n)3VRQh`fggR@kR~C-so6a1M}%f=T#3s~w~9wWuBDVBqO* zxk4X6KJuP)JUG|4y29>B(!Y1LETRO)UaD)f6)Xa8O-#89@NSEp=0;jK=j)pRt(bQ6%Haef^na^RN>BWr( z!HS5+v12Xb&;^AktR%V)?kdK(2>GFyf}F=`p)*a2DU|(z!Pr=r-60d|2AdK*sfCsq zp|;nxcN6{8ar*XC=bat2xGtG(No+G9MY-TVOKhX@RVB8Yqxi45@q;n2W`A1Bi1%Ww z1M*cq%BR5iXdYqoM91aFuS^vVbcps$kHYh$n&jisT#T4r2VMk~fjxqQ zJzq&n)N6hrU+M5lP z_Gx(+%yVW@nT{!QjbsOH@U*de6Hq-W6i>*5z-@5Guvx67n7g5wzMG}zL7R%e4-0?w z?lBBaw-pQ)_W}a)vU8c!&teDgst1j}&09N`aFc{w2Nkl#oG`t3bfg$_wd7sBo@mYg@z-KMT zQt{cKl4rsL6{zRdYMNKyx`|jez@Dw1u}nK1%kt#Aa=i`o72D}YJPK)WP%A?9^btpceZOt~Fvm?^%Wp?9aZqqU(=AQZr5uLk&iX*>-=%}@)1qqUT0gLdnefNyJm5@%U5 z)kV)|r`8>uTH3@}vsVv1c|2K$bfw1oi`Xglc+3n)~6SuloD@&xIn#uivY$px5cEAtD-K zvn$hF3iQ`egJ#uLwIF^lUxhWHRD{6}tV<7iMsZ2~CqA-I0X@i)*y3vJw0@CnZSO+y7aBs>S>r>T)4ueiIjVcM%2Lh^@%);xZYdm)O2V zl&eDfz9P}8E_R+G0+GZ(q({aIJ7M%R8MZ-})JvCEHmwqXyFD(il4?BK3HMMBEw-ks z7)R$;Hm$8yJoQDw;yNQb?4Do342HQQVxUA$Ef7~lj=@LY0QY4hem^kfWn|%=kqFg7 zuN~Hu)-Q9+HqPl~Jr z>XPjOaj;XN+$BUqeJPwvC>p0eX_4~N5&%r=mY;$gs72+oIB>)PBNtsfvXo%p^@M1U z`*Osd>;Nhzv%I6YV6D^&jPLah{QF4`Mj=ynu=`^6HS0@A3o#Lt)u$WAP}2JGs4Uf{ zqXtlyEG|rAyf!eO)IeCSmXS;Eq=ncSzDehEBZPpJAT+ey%D~#kmuXO-63AfA4iKON z1D13DSfEiy_h4aH>F6UH=F3~YNRz?xJUOIxddLdOND=39AeL*q_0Rdt$qfD%$Y&mA zIaa3KCG^cY`d@U}-J)&V8hB(i&dy2t+hgxmXymcg$O*Y>;wc-hM9jlWc1E*HGI5xW z{}h+}kZPBFLF@&7$C&~&2YB5GL6eTFmZF9C3`NcnpWe*nD6{fq&mj{URRAB@t>r>f?lJPUt(T5jYt#RucVsqr#Q;8)rj7$t;rh!>wFsP$rh|8O|8V7!Y) zG|u7iYKh@fNLK%t)b;P_-qEwegCL0*0K0*AZKf8JN_{4ln8U*; zx$?9!#oY&-PkO`JL=sh8Ak;DPEFP759fa&~}#EfDz4FN0tv7JltZ zWAc0_SBv9>0UH<$TosxkJPpdN0%aIFp`-nJgP8ZxZj<$Ci+esWz*uH{;kk7VbZ-%S z?6`Lec zk)MBq`3lRmvPx#wA$J%?k&1z@774wK;Ux|@(11i;1L*yPvAuEGu+Ou91XEDN6K zhWn~zj}n;;yNxUBd47W-Ov!Y*JPLJminmso^+>nW zl|CTLDM?>vKc;r{?7n?K?dY`L!m#wz`DEsb&;6v+w$(goO{lxskoDNLoDe=B%S{Mh z&pzgasM#?7fD zUKHtgdy?Put6bzP@53sxil@_lk;mg%JpZseixwL{rC4$~+&IddZ3g(qNG-S7r8Pcs zLu-~cB&I1(R#p&>aJZXN2xHY!5!e8h6aIE@KBmC8BHccqz&Bd175KI1!$i2TdqT|L zxN^We$8a+c4uuxzR1zB`~E*m2JR#c+50-N!WJ0PS@o5QGaH$RAn zKz=sf7%@Q*Pj*)#&3_?Xvxp5 z2Aans+UJ9L=S+Fwmj#HDk^>)409Y!bZjvrT#bp#oOTE3cOWv`R>fG_>kF8DOFuE;G zVjIA6Cb8Yc4`dSe{7#UXBN}V5kVDfIwuD0^}pMgD9}!Q4o9bTzj0XRhFi zQ8qk>ClBlS8UX1OPm3fT---xlZBF;X|DZKpq~q(GTvAGUJT{MrSB+iI;qSngKdEuKq+B`;CGdqqu|j&XXhW2c@~r*3bp z!$%uL;3c&*0L{*_f4@TJqMr`Z65}ftX*o%#thXaZ9v4rZAq`*A&`S97cIXc2!+135 z^T6L<^scK#)9HG`qSh(nNkk$Qom16 z0pDMUYmMnNNi`{wgaEU|r{m-j=j2v&v8bT^8@#TijArpIWrQ1#nc%%#RA8BH`QT3| z?+BnznKl60TXojlS6&EzJS-C(#8ph^zUee!gnX-~E^k*0W2%Z2@Xwd7Dq_UyVQiGM zi!-1Yj^Qcm;;zzS9=JX^%V8WKz3Je5aQ-oMZx#mT`vFskXsq{|BAy1rDlV!Lv!nK0 zJU2m+1ndDXH#;~YUmuMbL;E~bo{l1K?P)x_t93{hey!}0CSxXSpokK9sY~=+E{1tg zanOiY30h4q*i5!By?Oh`G_EWyPBO4pvtnaPq};jB)|RPmGE+i_r`lM1RU}Kn@jKQ3}|l*>(N~ ztvh1etAuKo9^t_nq%1;vr$@BPi=#JLe#0{m4WeUM=3=5|>8lW_et0e*n7J|cwqQn1 z`Buw|LwTMjNm_`2JTwwRxCjplETD_b>q5CgHM||q(`|_pYqSp?y|_)sC5xk@a{U5T z_`|`2|E%JRau=cB+xfqpDtTM&Vz>X}(F5o>{DrQ=-x&U*?!&)~0Pq1wfUl-g_$!-) z&%CSfNst1I6$$)>?!sRrh*3@vMFJ$kz`rd>Q|8ePlk=LR6~ju|SDLc^y5v<+{K#*n zq&89d=f%J1D|Mj5k8K^jz6L$h5TB-=5D}K{3e}4G^v`?hOt?G3 z-<2gAYMXUls6GyQua6$6I^QjW)a1QwY)4vHrj%{lK2U z_Z4=fXE}h+on7lSfg>ypdcXA(bj2`0tr!kWo{Zg~AqFGNapjKJH=*p;!kVnoiq+>0 z$fvL=tK+{X<^ip!$7)%HeR3qU-S#VXJ9c*`wD;c(p#_Qu(t5o}$Z!=n)4uTgLEIxS z9T;q-IE$z())nSGPR-u^Q@ao3gYS}C-7hF-Nlj!m*O zl%K*bIXPvR(}gi-u|W52@^(H=M=82?rLKTZ#}pJWNf4!Rbiwj5V~1)73E`d**j-8S z0W_<<>CweSTM_@~<&X|P4upw3kS4*vV>JhCdKzjAgI4A+KKh`aYxkgNRFXyso}2Uy zKj=*u@j~7Z4i+mnHFa9I3d;}&Yl(S!_$_%G&*oF06^rU=v^DwR%YI4GD%a_<(whw*qTO-t`DvLKp=jGhm2`Qr=N-t zD56l)LSMNPL?0|KLQPxEZUlTJ;Fq<)8eItZ)VdMyY26sQ5LAgU(0WZN9yPXX@r=VN z7;wOLHCxfD?eJ17{BGwqaPfKnBQ2iRgV18c#iLECb`@G9VRC{Ern#}ebZ_zcUFgM< zb_Q{cHmJ*M;Z}YE$1!C%q6{_NO7ALFZu*K0|4<>oLMdNBDb=i{utc>?tBq0p?~11AH{W0iVKd z<7UD&(Ox}aGp6lYZ|OK!cisFR0$pnmUcy^qKv>>WV)XK3dPzbVxD~+Fy(OUznS<`f zpgzLY+%AxNprH%7n<76}3LEhRiY#+l-y>Z;9Ssm?*H41l8&LhA+&0}`?nOtJQ2-Ov z!4xe4;`lhvlCE1lz3c%;`s;7<*vb$S;7&M!-P{a0hJqyOV8n+=fRw1SPuG~;w^`k; zVYBAHDO7_1^)Z)IJSFR4mZN(iyChFI5%H2I)bja-JjR+ejrms8gF@L9 zlY!P7HAHJk-lBn)5C+Y9_|*?!WjNV8+sL0k(8;t8T)xZ8U*3t$IsqcS{SjK~1p5xY7h*ful$*a+}(K z-H1)j#4HT#;8~JgRgac9&My~Ja)Mtj3Of0gX4gqsrB`gtHO35BSGcf1HONyU7WquOZHkm}R3-6j zP=^CoP4gm|8$pQZQ^wueX?~?3^Gtt;*AI9I9mLHWu*>2RjaNZal&-cyt;`o32~G@L z^weR2J&pi{A|EeCA_9WOnHnqS&_!{NnL!EGH$TvtR}%Xjsg7@MZU#5v=RsavZAUc# z!b7dk1C1XApNQA*_zjxc9hyVTpXfPoq8*FkQzvkjCO#C1TGEA-6X!0~ShVr2vVtO6B2CIcfDsY|7^K7n&fwx!sPzx|>%T_T3Kgn$$@IJ-doI}jb8L`}) zz*%-L^y~{mdz(N8fNKvvYt9qt+x+`T82m}IwKp-Lz08xU6+t&EO zw9F885ieMUr{0QXzy8-hqR1uLo-}R?@8YsuZ+ynTLPc11GV+zhGQwYR$JrJq0}#h+ zd{6r;p`X)jP{0t|Q;{6)655S-(9S(~(0<2+}y&=QB+A zi27RMc3>xmDGX<+P7LtSy;d-V6aUL~}0spc(0>CK||Hur{o68ZvpgTBeT=cZHO2T_>F!BvG~ ziS|sN2lT7umTEzvaL_*e%p*`Y)%WUHqD; zj}gd^M}$J;Kk%kwhU?5r*h5Jn+eaf=sj=H_{xj*)*y$2or3IB~4?JxNzi>o4oDV^7 zEs4nd=CzT@>T#n46~_Fac}qID{rmNYt&Oj~t#Gq+g1h4KoR>C=+HV$jkniEt}SNdS@pXjKS)ksI}IgOxi zGbjf~Hra60m8Me3xAV=IMAVVti7ZORY;+uGnXF^5y--3$YQz?Tp?e_+9=Uq!AKOkM znZs?e7GB2XuDi*a;zm(RrBC8PNO`1+-L}Z|jN}Q3#b-mvT9>;Ki?P$nVGaDYEj?%t zYMpky({A~ff3D4Iij3xiOQPSb7}963Iv)2AN}TtDMfF)m!yvU2 z28yAp_Wo!1@>!0XAH)vGA@X25NMUA8>iSeO&;U7wHel_+*vMI>TQwz1rBcFGr}>E*cC zf5$wJq{~vBP6XuF`!6J&~FT4zww^IP_LCx&R6>-8+ zxEDSk7~BbV*sp3U7PRdUpE}DB>DimS2}i!-@k5u0hont%);m$R!GW2O%5Qi)))tao z0q;Tf_C?&;R>#?Az(y;;R;=V?hh_Z318cmb95+e_o?)V5NWKC{R3(XQ#wGoD2Nvb1 z5LgB};+1`Yi2(iy`$rUH10VlRU)*2_M>aF$9CDygup3Bh=FU?#a6C>eI$UNX=vtt4Q!$_ z#rn~volo##o~V~ZQQV@Op<57~Sbx2z*CpaiRDMGQ&<^nhy+b%`|L&}GIfUz9*Z zUvfnN$??d{e4Js=N%F-yK+YuL^B|-RoKe#j&4&6M(P%)1X{HS|Q=1X1q2?0LXP|s}`Zq)UzH6J-(iMf;53;Se%*scY-h6#$fgy#u? z%K#;jeRP`{bZrY;D$#&A19<4Ly~XUkD;1$DV0!4#iuQ<9>8iaktCx!H&$$6}2g#;u z!x|EQf_h17BmVdzF^7sn#b)Z}#RU(}mNG*(*&L!I#QfFO@V0JCW38#W22_vXmdn;J z!6E@C*|8MBJWKM~c{VO=^093v5fNBTfYVsma!+gfP)x*p-S8_0@_xu@{Milt?P{9o zl~j&YO8DjLK-CS>kS>Q$E~}hN0Q-m}cHz)V5l0}(%SWOM`Kf zIj0Zs!9;WdMQT6&p7tdIGXMeiB|JWK#Lqlmv!ArF9U{6l}ZdnlrJ$Z-xq!ezuu zO{OF2kn_ha_bDR0PoanAe!6doZws3N0$objL@MP$`H?JtI#@`U9H5tgImr+Do6H*I z%^c#9n*qzC#PYI}zXDezWhINdtnjwSNvinzF0>)o;27|l@i;rSXRX=kpiJmNJ6S*7 zc@ae{H+9PiM_oV(&ZP!g_hu^4>+1)WF!SJb;Cxsg;tm!689qNpeP z5TPmrU%C74K&KUY@8LU=ReTGsCNX0RyhZggU_vQih=0p@Ma%!PHs-bgiv zo^Uc2Pv=_G#148pf-~XxIS}FNLomH&rtdw! zCToF-8EU8@Mm$@ae+f4VF@!{WkgNg0Mud?x^s%Yk6?C|R6%Rrmk;(~ z023TKj2v_Z+P~oDG+Uo(Tr8i%C_Mt(pC~U9;Qe^h?YEaxV927)4UdnC_@X3gR-$cX zEX&xJC#vS-6TlJck55e!4-(*Ew*wW10 z(?|K&DVhLOF0W%iH_tK?<_e7#2=X(iEg|eXXurvG#Xqt&1|CKpE>PQ+4~aho9UFVB zy?Mv~_gw~-91x`_ij_Z!5Uf;mrfTZNSZ5`oz zA2f0j6xag)D|YZmvFip>KHA#rTu8FRo;_1rZ2^3|39c7;yb9p&;i4>1+$!_AHkr<; z&xZ-v0Bt2MTfe>0Uhv=(VL4ja>3`51agI1sMKffUYr&aAGHaAACP+xeb`WXpz9iHo$dZMncbbJY`#sjpY6L@Iy22ak7O# z{cYRs6Ig$`H|Ag7kpGF^5CZ+L;dR%=KmCxCkKAz@k4*L~(8+j9HxL5GI!n)mcy0+0 z53Fo?81@$z0SUyIaHd~+i@~k?S?>5^_4%X%TY0}C^M}{;5acF<=XXg%q&}>mu8B(O z65~p{=CY6Q$-TR)GEBGXs*F}aU6ptW#TUdi{MYNKiFRWj+0T!XBF^q{3jyMK87ZxZ z%?G-`vNp)5AhiH-V1pcjet#g{4vYRkY<7y&Dh>XOxc^SXxn;%u^>f@^5pj(D!gDt_ zZrd1!;#Esx5}_vyME4nG4WE%F2;IeeRIp}BzLh>Z546ls;u07Tg-BrVyKZ)&1%;%U zz1bR5E}Gee_>v)m13Bu1uM7$>6sZ0yDOi*SK2Swbpcrjs1K~{+9(zc5C_0V>UIC|J zw=AGZ#vKP4dvqb4J7wXVKmlrSiUa0aVjf~eKhD~+JF*@$Npl>sZ~`DIzT|UYl=v1% z;w=F%j(>+EL7%i6jn+ORO{94g#X_@HTsFfa<|6Xfh{zVZ?cHIBC+6fj`|NnT_%yzVWI+XV&XAzY2jg}b<|3eITd+e^CfYreb$czHn>spMA_U5c9TF)68_IJYD z8HaAWL}>y*S)eA5$RCzlB@%JpK~1L%ZnSK)BrI;#Ie)F2XATkL&Av-W@{c^9H$1`l zx8Vue<3Lobf-fMOF%=N5gbyCRFQ2heh=5T216<dHaL%VvX|G!X=pI??w+?c}Xz(uL;LcoS>9XWQjG( z-jA0|doe&;R~=D+B?y`6!_i#GLV{zDrZkj2{>5WYmW;YI%MQEPc%qKAn7yD^8{?Z( zE$5O@HzEr*&%>DtK__6$fsdaH-~<5dXO{7qySO$GSrX`lWCemthnAWSNj~I0&Q45& z!MtWcr9aV4#0WF2YR9sOM%pZ~arit#C*Cj)Ph^7a{klzK!t88q%wz9UG{uX21kHLU zopeWq-&>95^b44GEN0n#8`ZQfcESwk#I9I-T@%JL8sbB9Qr`sC0E{VMm87A9Wfp2ck}cBsY+*V~Nu>(7dPDQ#h+`MjIZ93U zt{3R%9279bQ9@!dHhnkAjtG)MOc_Q(wyD^nEG7f(??P=hR89R2%M8`%n7U_XSi<+% z0u^wM%zFE#_Q@GnD!5!$0Vy^m5DsJA1?0Rm;YQh|KC?_P@7gTm8;&GL`>8011{`I^ zbm2b1meLbNiV)0t%+r2d#+r(jQALg>(K$uy!MSf1=U;dDu@p@1Vsr)m&PrH&? zvk^Y@5*$21us-4;?~_L8wjOsEjR;9BDw$HgURbnMo500OH(iQmT^;G8XyFE^w4!52 zPzM97Ia@0-*@!+LZFPa3u0RXTzmmaXWN=5(O<2bkZb*rTrw)2&F#tp%pim;*l;Yfy zhq^+Njj#jGF}pX@rxXK{DiRKfqK(Y}VF3ET7R~s2Ebh+yqQZ?rh^fZVLR}k8gqwiK zEhBnwtcjh7e{N<^KOcT3+r7_mnsJhb6xby3ATEPD%F1yKvTKF>?oPR87|Gum&1LK; z+;Mx+we`M^m@Uz>X43?ne2~)BDaFa!7~4=gNXccH*X?50I)4>EbpUZae|vHI^9knm zV0Y^L7S#Jct#|)}eeP0H|I5k#FDLuEoa_<0gO^wSSdx@dWHRpn?j$(p9d(11LH%U} zIdt#jmC{JWhZip2{55w#_f*C}yqID_O3qMnfwlu4XHoF*sn=1F@>P5{hO8}_ro032 zb7``=K!tRN7A}MqT5Ef*P0)-pAd>@Dw~BBcR_`UQReOZkmG$t)p2vj$E%wWP9BFRx zLuSnXvI9Doa{1)BXaqifbi@oiJDhDJcXUp%?Krkl*Tj}VmS^22fwQW3a)oTaU^x_C zyVnYmBu8$VB?R@0%DxChy|@ zcmklI9QCjl=+rT10 zZtM;|bs`^hYW_3<1=mbRJ&{6S41fBD_vA>>j&it0l5LN7#gJ_ZUI+Z%7v`&Q3y`Wp zUXLKj@JF4P`4r2Wj?>tSFg63(39-iZ5{oVsQg#vw#)9t@3=*@uxJ;eO61f?{3F%ai z>_Ub|{L9fLIwnrIH$+3wug!Kn7aTf@IH|vLesip?Jp)Rr9#NMnRtuwE*%y_98-w6J z#j?bzk2^qZ`m6(yERgIWS%+pUBY=PCgyjYwQI?6Aze_4gxLPg%WtDxzi+q+nPOt+- z8Q1Y`+oZUPs~E;pq6o9c7lK4*dFV<>5Rt5q@NnZmk4@9!ZWkocINKu;q?txU%3mEL z7@#WtF$hc4-<`4d!;*K$uik!0--0%m(R&mK0rw;5>qhMNrfP4j_0fC-ZvxE+%Ce>v zteHpN{^BCGLCgngrF?_mMWOS<1AP9eGQV+F9&TbzG1&=2hN=iFfwMeUxtYX9kN>-JQ3L70+5nq%PJb#HuDU9A$(Ngfx zS@b&%oca_~`u&&+hBLhSO6}_q{JWTs{`PNpO5w89B@|XX9y=n@{PI$9A#RJ_LTlPh z%bJ6Y*e|`PaFJa2PCj63NhE{4)Ye*8=cuT;AOFAm+3L6b@9NRpkKev0kFL;vV~HPM z4!-Q~AJ#h3FaH7Ga#`uOgD-mlwpqE?-^s}&%aqjbAvAGD5MS*?3odQjj~^mE+?RmW zpE5+)E~dW_r9PL9%hI=^0nMwuQ9%8ZL-?C*jbkTYMA5uwcM-nKbO`BE6J!gVS?ESz zo6#f;LgsA5iTisxs+RnF4E=kAp+Z3kW-9LV?WI^Lfr<*Sk1O(;{i(r`bXz=WzT z=0|YsVbkK`R-~AG-_w8a*&6v8>^@3Vscn(ovMY0Xk7X@RlF1PR_nCuoi@Ac z)Nk@{fo&8?%{Nq~HbYYwjs)UwDm%^==!%WtT@~pXH4|TQ$4q>_Vi|U74<|{IEEvSg z6mRuVDR9J<`r+XR#W#6ws;V%$ot>Daqi&5MFs3_ z7K5gS#Bmp5%W?b{2p-r{5Rr~V0%W`ei!4M~6Js?AzoI8TaKI;${K^{>-;q|3Ia(TM zDC=U5mHm4lq?h6+$^vYcU8T@MwN#KTcqdS|?1#(Z;5%$MvR2&Yf96>%Md@b?x( zznA*XTGpJ#>~M^J)Wy!UX1Qj->D$AGYEuH=w>FjaF-6Q_YZW6(Cq#w_#J$MgwK-Njd)Sp9`T99}s1 zxNfbqS!<*jMr^6g@PR#*U14PFLlcI=MFAflpor;2=DN}kifdTHAps6?`BDiZC((y9 zy+mR9{^Q3U)~Tr8>M)=@T!SH6X<-a2m~gDh9)wuJ#T-mVX35{eh#pmjgy=`4*%)m; zcGSisL_&hWNsu=QEH_++6uFDGLqz1o<`9fE9?1zO0+_L}tGGbWP7=my=AgrU=kOkR2d4t7oh-I-Mc9r?md z=ON~YZ-J~rtA5bx^CjAJ*c;4rB$JJG*%}fPHRF1^cqZ6tB9?5iorv(3?OJ|u??MX@ zyKLG~8#r3d)qX-T49AE~53aIZdu7NU!J;2Q;eY~8+21x?GX#Ah5U{bx-=puTAF(6d z6dDkgGPdFfRmo@nMr6;KS>NQXC4a!u_bXod>+298GMi0pZl>t@A8^-7;LwhxLGCqsQj<%G`?1 z`aqLH*WI)C;R^$lccb;)Bm1^{PYIU8v7x@yOkqj)EeI_%N}voNtr+QNj9a>>a z7j|+vYYMX+CM0`P6)j3OUbP$uP8tLo>suO*pJ0c|==yl*TsQ+)0=Z{QM>KTFJwm|~ zjd|Wc_Qm%3rS8yk{NXT$drMw@kuED>+tUO^kE~4i{G5kCxR2hzk+HV6|34~F#T`?S zsWj4llI{b0wuOQAdhD!_w~^l@v*O5^X#|QJ?@v)V7J=Bu&^74EF$vm|p7C)=aZu!{4$tU^^s?=7+R~l%j}-X&4=B_Y4htRVRChnFCh9 zH3FV^6_(T0;kMnt&=U|%ZGZ&l2(Q%SbC~h{6WUTu7Y2(>>k-``rt-=GS}`41@Q^s; zKvm-i)ex|d8@&So$gSXEnhlJ-SS7?NE(Mgx8k#!W_vn9uu?1IlXGqpHp?;&gXC$Qp zt$YpyulGs@QRd2W0Dxwo*kI9^X#9;`P2qiTP$hD$`7S%`w80A55HH} zu@yiH2$N$1KMA}I5x%#k33q*`yJ-1Mr945HWmCSOGV?WY~4qkIdF-IOFgdG1>pub*P$p$1toSloQHw)iHP)$kDe=SWg5!cj47mBIT%*29&B z_?{m(DoX^$;@HeH)45_t*iIV%58TFo$PR?zvW^YTttuGcgeoD(Fk2K-`=*B4)Ap&! z38}#GFYe1<;e`NLm;<;I0lEcCoao2GKM|wzD?C1){Vwq9j{xn+tJg4_lNVY*U!&?E zRN0`~5x<=h_`pNNP}R|6it_7i0-_EvMT9Y7J$>-Eg}zsX$g2wN3bm1*a1K88#r%E zcAq%c%rSGOzYrM*G!062PMxbH5?Bfj9tQz>=natYb|OJw$aN<6VBX~?AC+SiaA;k4 z_`dn4toOmOiNQsFmw)n+pFJ3Pia;o)4!KNgu7psm%07pKgC~%1P7@nJz$4*}O;t7! z5uN}-hJ2E|4&IHz<9ah3Zk5y2<>nnZvA=mbu;-tT8*>||SLKVmj{r?TvcD@Mh!y_% zD|4o72%;zzn~Go~5bd|vLeTDT4{4xlnNpDx-bYm`7+809iD0nLP;BwNy4cTIoJ6Gm zwKO?Tz|!QQ*S{7f{?$$klZT>FrRu+yB`G&XB_BNhT9n?mD1p7=-=i!`?5F!He2e_M zHy}RMtpWMrSIQ(NL% zb%5Jm=mazI4w@hw#drgnDv=~QSm1*=EM61`5s0Uu#0avFcR9-6JWGgg`S1+khu|jSwLMNBbz}RK zjSRl@Yl~~!T?tZg6aoK2@QX_qt}fOWu#mv&gAbJVGz5~Nem^id9}jLkn!cMu)f+JB zw&yp~;?;?s--rbt=m@OioQZCGBgqW4Hzq6az%mSL<%t3O8Vfl@?LQ32bt3#oAUyh} z!`$%5yKxwX7CdtGN(PI^8IBLaVU=ypjZ5(hJ9;j?&`1R19(0ME=|O(rJXdYG$IP)4 zE0#0uf;C&IGgvvBa2SPB-jh?-6+_>#*KrSveKa-AMPh$4NdkhdMI_xbT|b3Xe=Vj74oi1yIvZ{zJ|=jd zEz-}oX!u(q4lW(%>2O3$;2Avn5BcE}8-Ma-#(W_(=xrdJy|(SoPE5A-eEg^A)t@&+ z-;uJ84>J%Q>&IS?`%A=t%Z2qVCY19BMd8Co+N6urp$Lg}NJ*UY8pmhB(R8+RjC&N& zk!p(qghMMrQ@9pM+~YtIVg@-K5_C+VIiEn-pmU3b;fd!oq$1KxATfc4e&Yz&Puj_K z0`xS#nkTS?{S*o2lcc-SOaQcjY(m+eOgXW`QHduK&8LOzN;Cn`2BHaNe=^a;4sTC1 z+#9~6XH7oRZD{YibKvWv`zJQ1(`%~Cm^z!OTl9kywPK56=W?7B4lAdK0y?Z{B}{gI z*UkA45UilsWUaooFVK$}nmsC3La5*ciC3st{$+tSZ2NRze(a%trJ&J!5gcJ#+@ic0 z+)}_M34-w1J_)NUz7lAW_r0?Nmom8cL#A!|An?keq)lP#AG~rxbK(--_qFt)=(vy^ zwRHx2P3#^DZ#t}b8li=L?x?k5Li|%`5v(eQ4J_}n5!qST`=M>pE;bL{JH_HAEyLgc zkC6Qmuz&ahAZhcRtHAElmBH~()(vFZZstmGpr!ykr8muK+-2AM*oQMn!R9Qvi-`O; z#8D)6XG3;agiN$amLT-@9eyFK4&=@L)I#ey|5@}A z-Er4hi9PouTxX!-UJAuqF9taG;S@k{p<8Wz2Ob5dgw*vWAkFPzcO?QUf>e&+-uvyQ zTQoYL7a(olDm@A*YHYg?^``c=xf)7P4I|*>Kj<04QBDH!_@U=ZMVk%%Z*#h>!ffL1 z29XXQT)1KAy?I81GddRdS-7@Hg)f2-kvJ{~{>51~B_#sVw?J(;78Wu!eKMIpbC?ZF z6(bUw)e=uq#gZV$|1fb|2HyCQxMjm4!p0i6!f zH_QA(lpQyHl08@F3)?jhkeq?23oH|%iPZw~2i`@CzJP$KCM6y`&bAn#$}>0KA$uqn zZWQMqk)o1m?rCi^|NQQMEoTTvCl12zy`#o1>f;9ji)Ph8r0lQhy>vi8*!tT@&4po- z7^J>P*31xrCJpxAeO?LVW2R-9Mo&ulj1>4n6~B>!Hz&XEx|6N8PCs!ozQyt<>fyWX z7ujyOHP)v!vp&-%x~+k^awllpAWvFDEnQnS-k$B&B-@2jaJ(sD2VfjEP!)|`>_mz< z=6T6=$K(Sx$F*?YA-SDN&{!PlsPf~8WurK=-yKOOi-XaT05axj(>sNo=}V5J z`M5*C2+9O1_1KuvLi70jAG-0|=i<31FK>v7IHy5uy2%`SSny*^()?x}t?L$p^Vgt3-!ygDf;Ech0 z8=(J)<5pkTqa%kMvh>nlaz;_E&C%9u;p%5*gU^y1o=cOd+M9oiU+cqBd|UM|*m2|F zDe7fgLGerg5t39f*wq0Q=my!YBY|K-dlJpr;MISrx54|`*;?)3WQahhora3(gPuZv zRCC*?&%Er{W~HgHS~!|2J)P)W5kXoNzSUY(iH#izh1lCT68x~mY_^p45&C^ZF?V!c z?v{BrwKaTz!e#|=v1P!u^8Q=pAz8MD-4r--0YP$ioG}}TWY`W1R}4ra9Kc-^%V}`1 z1S(oIzqFHl+Q(8;Hd^#*1)6zVg=^rjQCVMdxd{^v1w^mYA8}hfZo$JkejN@Q1cE$g zyXYW3IMMQDBK=1+gKf4m`~=j6Wy<|y;EUYAxcI62W|=IDmNN!V@Gc@rpseGC#EtN0 zBm|t`i8SQ!ctYgA#ll4cdqR@n`T)*+b~X-# zp7D~5miIZL)AB1leHf)m!4l4^@Q;r^?Ac&ohG!2O{16lSB9-3)nU8tLD(v|=*vpQL$e!P0;uFNX@HoPg zF)0C$#i*2Tw;V}gZx(@Xw&uh0d+?|K0b*mL8v>s9x+37g=bk+p7$%bFj*z+_a7fLT zJqtPc&YlnHR>ySGCo^XfQuU}F=v$7Ud%kzUUEA==^QZV1n05G_GP@7P5j$bLNG)?- z-6E*8$7&8xq^wwjjbRLcc=*akClh&{(p4Bg@VTy^CT4 z@!7(BOtxh>X=uZ$3fsFOSPjY)z{5^65-M z6h$Y~N&L=3@V%wKOHO1D*2{2|2s6UqtJA!dd=yLs-tU5u2~Mg4k58@p6uTqLVsl){ z9;wiQjje|@cCh{sSdpz&u308%WkI{55E}>7TuN$w%(zp+NLvUPbno2U+xPSgclpbE z2b=rJiIIS%)Gti3>J(d;b#s7kqJ?$_Gi!qFwB-0$D96wxK-RU;dVaCt2jVLe#M;M; zDY!sX#{Y{%l&t2i0}jtWuZRj%qoo>;%blhQ0V9r# zD&;)vBI|#t?`IhDh1{CH`Bpf&)RVXMJubet<3B>7No8RW=ow#l6J&1mLqL*Qhha%5 zAEawW6R!VKH1V_bZ2pr)I7TM&#D*tSqDNttKT)tF84xI(;bUl5f4YDVoZ>xjdSiy@ zLPkuqhyJJm79@9g)KW-R)DapYLy{6TAxW*|w8-}2eJ=JgG}x85c8DH);S*xCeOd75 z7Zzkk@$h+%=CifWFC7IiA5|*gC^kqM?cqZqp>bi+t?u!x!x#e{Cl1%xSrY*h>_OoF z4jmR)ly$Q=!%-rLhspar9gNXn#71=B@F!;7Jy^UCV|z1dJUZl$R|uI`_R#QxEPx6g zYld^-TY{@hFM|_HwyiQ;=U6hA>P%P7`M$S+18Q&I!71Ud_2r0wcPn#<>IluFl=}iR zC)l*Uer?azNVBoEedrB4+@<@YuUW{Y&a;5bYe@_8%>~Vuo;8^+U>LBz#J&L!z-{p{ z=dyUUhu4`dhzqz7vd8=#c5Ht*(^LR~3Y)R3tE(?auz)cPat>>KO3S^0ZlFS05NC*9 z!2WVW;Xy2Z^dF3fdmQVuG_B86gPhjEi&|WEaV%PFz~@Zjt^S*1`2^w_YmA2bSD4c*y7@3BrN^O14B)*3-;5_@ zd4u1dn~6fTil)MVJM}8+t3Fvwwt-EnkmBUOo<+|yn4;A6k2K?7hiOSRWluRs%A86j zlcCTK4k#$!eA%$Ry6b8i^nn=M!a1?X%rJ4gyw4S!b5vwLV`DSi_=*G6Xk<2;br#&^ zi6$5V7n2RRd@&AKgdNgw8K<;a74Ln%`KXXc_{etP;&eGwS|70j!>5vLUePT@HE zFGSb7X`UTisd)N@H)xC6O5CsC{XMWSQEenu$OpcnuxvpE{)JFbAPU{=%}E~gxP-Dn zb@52x3cm4i2Jm;mDGHc)JfZ=v&}{;*D_UP)OdQwKHr~_i6Z`DwP)++Tluz$)&P)ql!Cly3}zhU84}xn5Pwa zIa|x9w%!A+7ZgQaHeiOQ4JTUo5Ip3t#L=l~&ngd3g#EF*hI6q*^n85}V6R3R7)217 zG<$+~efSFIPCq_hb}?%U`(w(wE^sg@Y50IA`h}+O9ESDi#)eypa%k^10(Ij{ zG(MxA>YvPL-lUU0#^20yc=&zw5})_*VFL9t=7acXKA+lOkB`aA#6&gG@ZyWu@L5^7 zH=Ta7kJHK2*-$n{^B&g8eL#JIdGKXfaLou}s{cp3 z;3RXz5dq8<58;_H*t8hy*hDqJ%LZ4)&sefV9;)v^4o1L7wD8=Ju2$}+c8_o(Wunk2 zC+Nq}wQwS+F$z1jB*2lj8+F3$F@TJ@zs0`OpWbV{@xfr{BfrDm)LFLu_O#_+GJ}aA z^xe~4Oba%=TlC#YChUzwp(RCO5Gjf!l5B9MDzg^|om=u)NQOtg`0=msioxT_K8QMp zT)Oew!eBN@RMck}Be=Uq){>`~W1^D7(#=S)pcoZ)yKXjJG7li>3l?24g*-|mJyON8 z$4o6-2eA!|hQx-2Z&PB-hxe>b>4I)(_Vv0u)B9*k+lMnXWOZa0{!wuRjL}1Q*u)xy zR93tTUeF2M*Or=LO(#5;TZ7PMK=9dEm5o`b3i{&Be9JLH4){{F zVqP|m&RvV?aHjS(+E@=k>Vi!hsSw?DY^crW*i4CFK__e<|5AY1iOf`vp*|lix>&=& z2pqLkL_*Cz#+t{`0Ps1o>ARU`XsWH*!ID16AazH!aNKYSVyJP@uZ}6-+D!N7oyc8=O}A`rv2lOI}RRfHes>&yGESv7+@?K&vuN2 z-mz_BstXKm-n!+HYLDjR765l=?^KPFz9?*Xd=}4L;7Q_{MLXjM0TnE|yTGK5#Fo}u zAd#^qKeQGL@W)!2HB&*wwrwc4tX%Yyh zFOf_E9vUec6R!k{h03Q5K**tt&=VV*Isv24gi1^%X`~Pwv#nJ0ORG@vBFYduTO zF2EBIs}ZD`BQc`kmlOI9OB1whF@YZpoa|yoq7wR`%c`-NWf)x*?a-N4r5YftH<=jd zKN4f2`~-C*tHIVw%parr1UrU2E7YE;_Z*+8x2zrJ1OMf}op69^DI5R0*Xh5%_bc{> z!bfo3Z{@5FBLX z6F++rVvzqjVK6R9ybRpIf&RXTQim2nY`o2u!pUU?aCYST=nC@3E9dgr5tN;XSCR;I ziSKeL2B3bnxpYGI_WIHy0%*Kzw|}PI6dJpk$c=i_8m@&e1qw=^5Um=bidYSvup|>@ z-44mJE*Oyq&h5I6G}q0TeE4@npWePJ$+z*l`_uj9kKt`?K0t$(FkfB?-xB6cO8g;F z6dy6=Kir0}{bBEaoo^2ZB{>xrr30?w{*G>JZ2KoK8Ie!6?~3I+EkB{B(1UeJR{CAw z{oAT{A9CN?*0NJ8I|gX&b|!x(z*}Th`l#&Ww8@GaOQ0;~7CGyR_%u7ya9qA>{Md7U z@6=Mn)a639MjT>IJuuSPv@MjZ!2))WJs|<)z*&7_n%O^^TWC+*KZMAAV}aj>Ifn>Z zcNH7^UKn5o~gDZMxhgx0C>$iT4`mlinG4hdZQ zR$K3T&NBHoK9NZo9$x-|2uoCtcOou>=rxA14}VZcM9pD~{zyb+C}dy1#P89%2P+KD zO^jwEEEn0(TxP%cQ4cZ8dUwU&#MTnx=fHaIN!gIv-YM-pqbSyu^K-bDzy~9wZ~#nV zd<+AGOYr0KDMnSMnRwP2X&(}A+##^54tH?d=I1%fn8-uxYML4AVUT?YC-DKsnw4{h zw~g?LIsPdX2YJSph|=82!iX~@U=t&oAbn|R$6hSHjdNH1aN~j}kI4FP=GMe>#u^AJ z_z3Ng_>-RSct&T(8)&2!EZJ@C5!udjIUis~a!&4aLrX|PY){uDm(F~XbXbZ*!FxK6 z?J28-6iBB*BLjf*=6ptPQQf6G47Z@QsW0<;ev=+8lX)?PC1B%u9U-uTP)s7cWfikR zHc_wg@b8;sqr@5_6N)moF_DN(L{n=*j4MIY|A>4pYvvFRV4MY(%c?eFdDGVM)dNAL z6q~o`2;;|oy1zDs#f1+B=c<;+#{^Ull1p34&LfW!<5g-lR|!jG5yH0~wwF(aO?2^3@R9t#YGR1|QOE`}SfEOmNIyw13v z5ww^n>bGm?m8>lApf*{sN6FNop#G*EK~j3SYKeRb=srA0ER6*r1?@m+1qY)TXNC@~ zQZmtq8pfTjX07Quv?yHJ0jDu4IPjf>Zv-17*@NxakPD?X(hLJlaB@`W8@WzAz-Y!- zR^Hs|+t$q?k*v)NFn%z>gzCYyy%wwB8&-by0RL;W{Eu(6xJUdX{sr_VBi7$0SeQf! z!^mMl?8Xc8u&HuJ9h<@GBjpi?kAey^3n;{MNDx1CQdvR74!1OX32wSK)2H){VIdL+ z7=GcA(I#GamwE$Tm!5$IgXNmhO?7~h`>USJt^GP!iwnLqS?0+IZW4S`> zs2b~G*O(nts5OE^T?QP!i=mAyJ`)UaffId52haiF#PL+%b{9fqT)pnrYg^6}NaHUFgOff*)rVSS^r_ z5yMBj5;0{uMHI5hVM2Rqkt^#wbGq;8J8RLN0WU?P`qWt*jXyHu-^ zH#K6ik)WyK#`|yvl7nv(>tk1oO;7=nbtt4as1GE)8(Q)_cr!R?KcEk3{-Wp|sdd`* zPMeZDVlS}gPk!J z|4%&QZ1&w9``F@zMjZ>l1zMchiU5Mxz>}J)0I;07+>6#Q zDe56Yf$my%>CbskfB2Qdzoa7)+i*%NS-_oD85S9NpF+i$Z!gAY06}U# zXaba_abqe|59rnwV@-1lBMu^RiroC`(H6e99KC;qc9OTIwc>^Mx7g=A0=TwJ?ek&m zbEZ=&w@cOkQu-6!M5`AzoZ9e(SbgCa>evXBlOEO&V8n0%=SSmYVXc||#$q9xLi0c5NVSL>Lh*-Jw}iF?-s! ztvT70|L_K{)g|qnLT_CB;3i?1S$iK1yG~btdm`u+a}6ED&QGG)Fd=Y961IcL_bzd; zYH(^UNjEPn4+O}3Mnfz37)){LL;Z4m1>zT}@!9{18kZ$nVQ?l@_y?cT^kFAIrkPb2 z!x5y_r!i|^V|%{_C;D*XS@$KK#U5_(!hi8KPD12xx)w%pMhi&o4*@Hf)QMQzq9H1Q z!_%`&6BtIHqD>=Rb|^(y2@t?p9j|%whQQ-f8@sCun5v*8~DfD&gec@v*i} z#W~a0p12zXM-S|dStt>0gT0n*D5c`W-!+Z^37j@@O9`{1U(^uodq!A-ftP zhoF;K0i{w9C#NE{60V%!dKV&f1E@)_S>}*xIY@Dm7zZEXosx?J-b9gXQ$ProE0Igd zMzU%6&BvTl(}(M7gxtxASc6HPKOno}9b zPQl<(tw|U6T_HsX4|`rxa)~AqcR7jeOF?a3rnBND8r;a6k_HoAfl4R=Uh7!Ays5__ zef|xi(I)ErsEs#@SQbV*kxGv-j)o?xbrjOxzJPo_KRjZ9SaToK7Uy=`OSj z423jH?1Pt}<)<2xmEYum5}c^zDxv)!Dc011@xCzwN-P)(D=dRTi?!ENm|M|+adljf z?k^BDK^sUX#$ccIp7)t~=l#Zghi9Whj$lhs_ju-*&=uw-M<1*E3>#wUR>L`=SVy$# z=~LB6RNE9Ow_75yTP18?pkNd2nQGdQ+-Ki+?9m0vUXk7nbZsWO2ZJO>MV(GTa&XRz zV`3XTa(E7OGJWp#J1 z#)@5>snZcSa;+&^^5U3kO|-L2D25Ri>+Y#)pAHrXyUGy%;arMBtoIND>?ddp$+XXO zd_Hqvf8JWaPa7n7Syw<6=Y?%x)BfSldB=nITtTL94QaQ1lGzc=UPq9|khYtE|2Q0o z4KKp*!}E#E$XK(h_OL1re1KL`P;3}nwQDVXS1iM9&S_|Az?MLm4kUB2SgbVImr5sB za>Nx-c;a4XyTs40^RTc8C2<5i<4Bpmp(hy)QgWHRsnHz{7dWzyv*U&W~@%(6dC`^>FW7Y^M!Iq zsPQRQGtt~K*N50{&2rw-y-yEk;`dHKThiai8U{ApMprL>_ewQ#wS$L(OvY1o5q+~k z{2`%6&`Ll$25Ygn%ws1!rVhTMN#oaUtghRz>f);hX#w9(G~rto;Q5580saZ6u(&3IbH@W9i;e z+D9+T2=l{zPgNI&7F8k9oN<;~_C`)f936;AXKNZWUf>afdWmtfu^Y+$d+URo2*)WN~@J`7CKOlfEB!Q@Q^ z9MUE{L6Z&|r$d7~$>J60s2!3R6*LXw;qZe8tUU`07{zrriZ!3ZCc13%K3!BlC_Ml? zl4UgDwNGlogC(b&7I;uG`$p%*&9X8~I(~IGP_9V}mnC=QNEj?&n3)!h9YoxEB}z+2 zZ+9BAr&q$3{J3Dp)YZj>L%sWjsBELcE-l4IswH!;ri?Z+p&@ zK?7eOf#mDD1WK?9!u=FAk)LOqC;`XstPJ4Vt-#ogZD)$l@h95&R8uq>AjKAYXWTs~ zQb9knN%J`os}tv0kA&{VQ28G7%h~uwRzsU>-qfwO@8)HA0`&7gwSzcs9$1z@z>A&8 z`bkv3!GtKFM*5)cQb-wFSom!Js1gU=m`-pwz~s z^8q_b4#$ClOOYAouy4b5Jh-22W&-X}GpiHvMEc{?)x7-<@$wh^;p1CVZCk4|Ye-o0 zwi+)Ga`qoQSd`{7*ySEG%KuLoHcY&Cj2ZWjD|7xyXCB2%j41SP@V4&GJIK2uA^#dv z;-l&LUS8dnnEt)NM^KdQS}{o}5vj6EU3_!;gY1~mB0EAfM*8T-5!4^1_D4}wP;j>< zUj|#~R7ScL9FOoGZ$XL(v}tc7gAh9RNA?%1;9K|g|Cy}?=7zz-AX^}J^K5_h^==DW z0>f#u&g`iv76=slEE#*W6)WTfnL>{Mp|PDUOwT26fBUyRJm54fe9p8>Q_fRMeJH|l ze(#M{{>vhz#U)UK56sddcYA@SV)+6=M_--O``+uY_+!0wYr4Sb(SZv%;^q{iwCf4S zBb^L-U+ z{A9^JQLgPgIr`==HbsSVto_aTZHc}KEiRVFt!Lf3r=ULdm`yw z_jY*CF(ieww%nat!PIk{_j@^FfEEx&)1k74ev+(OiOQM=r6)+S1UHi3zJ~i+m4MhwjVITx0u<%@=XeOqlgP?BQme-D(K`I zTL2}3)jK&Y0)TI%MsPb)dTeNB2a5PK)DVJ5wb@{L_(4Y^hqRSIY6Lg312JUUcnCd$ zl=ongNE?Vmm7ul)2@~2By%;AnUUq_GusOE>4_8i^TNBU!*@eP+$Ao@K-!=M5C#kFr!jgv2Qpj~?TrH4Z;7HKLJA%p7!320 zqmoyK`GS(moMncPI~oBW=JU#9=>)ycTSa@Nwv{A&|<70K3i-l1w&ai5KbK>lg+HN7Z=Y5Pd#%o zKgBQ>o#(nW7&eou)62pnpU#wXS2vmT+j;SP)m5|E+{5E)IDAN=KIcwu5#%B2->CA2 zkjk}ZolAhB*~NVKz@91isn&4Yt(Rh})IG^H@|oU$bw@O=eiV%P5a+#kgx% znw3?)@t6Y`ca26VznVTgK2$CB{>6(){H_7- zlFqy5OtR9jR{$g1z_=CjtDC#dTfSY%)tT}{!mU!ncPZ&@3)Fo$^ZBi9!;}nRfd;^+hqUpxooVG z#!!3Bw3`D(v$1V=_pk`?Iddh6<{1( zKOC#geB+|^^7!<2c4a?Q((6`juzXyXp3Rq5?J`*{X4JQ{-14ndyu7?g9%QPc+9LgI zoaY9;7l85n*sxRA$Ms69QMx_PUlr_^!xFuUme)h zvuPiVF~Dd7pEi@tOzw15zipgXa>Li_XQfBxirp@BJagsbW`+Jg>K6^*-FqwxGY!JO z%?g<(x%~R}t%LsUyjGtX{uPY>Fw-n`CvBsnJhX=|)nkuz8*-jK)=~f8AWw^vh-cq<>PL@OYg)V_r`um%ZYA+C9m~$^07O_WJOK=k>gj>!JS-7YL4BDdw>(%x3K(ng@lUvKi|Ohd^Hhal_IspZx5+A8-mt*TK_o+o&Xn!KJqyw;wSx_$Th z`q0g-8_U$exR}$f9;U;L*-jY`=Ig~xZd$0^W>(6&wCb14$#QgiHAU=ug6CX&t(8xv z7tOStEMK;iOugQ`xmNPy)9Up!^MF`oa@xLq*4~tE>*b|8wAZQRcZ`J_E>4a$#?Pl|f8 zYAdCoe$fXQqc`(xq|VFMMQ-$VaN0ho%nJR3^KwT`cTV1BR~L=dTW&sjJ!saij+;;B zVs@&VZ>@%1Jj-S8N);@Fl$4RK-scsxi1pOuyp%T1M~&*Et=^VXV{OnMTxVzX*ZgdK zX_+_A>tb}NQm*+~Yc2OGvjGO$V+c4gaU&r=iF_dw7q3=Hw1(M8$I52(T)tdU#zZcSD%rcc%4_~jX%e|MY-f%BsFxm1yOVwr z^aFsA&nY$Xz1Pm9Zj7g5YT2DMIC*G=%0n!Jo?%`qxLu@yO@%ePaI@^5z*>B_M&&0+ z9-w-iVdLR0siL)6eQ2KHvE}s+^l$Y|IjuY^sajj1ddDMumtWy`&zS?zJDARa`?90n z!E_G1zC_VGTEo@Nkm(&*#xYqq1Q66*DDn@CN*N@GY)u{1y zQO(a&Cy%e$(;PShDDy7}3!^hR-Jekb44{CKSvpTtZ zxSklTmTBg?=fnJoc3|XAmIp}C-H(((`|i=Q%qiCCPBW$RdD76*wUc?{te8tbEY{lT zV>jJCe|;{TSbFCmUtHdf$|-X^&e`+XbM^7H+dDXZF1PJfI2 zu68%gkE*SQTcWo=y%^-cL+}Rh&ZmMusK6{&tatGt*R(JKd z$Tu&WS{v)9tCO4a)9bQ%Q$09tPR+u_WvO>}wa7hduhmvNYrdRb3@!?b!R+|0Zx_4z z>PgFJ2PgLzou%1oO-wvr*7{_6k}`)i^%e=zfvq3pQz@?S@E2nMME)5?}rf0RQ z8+EnJtHbWibL+IKBG$Lb-cCjQt|hTPHXL40kp_tLa?nE>nc;Kq4*d&zE~S!5Vx1s2 zY}{ugdKBnT0E6gJ$`hJb&R(*hl=8XE>8(Y&RGI!mgVUi3gG#PC zs63a5K36y`f-Z-7%+cpct4=Oc^XPNgFntbmIe>xnxt5^IMZp8@nTwci0OPu)2?78YQ3Bw_PmP&mNnn_qEofb9+DN z-<;)ca+#;Q%SAbNak@GwH@lDZgXQzFm9?#lWm213$JJ>%T{|v4-y23Mh4C2OWUln& zQ{%2btc;PuR~*~D%eU98o+>x&dTMt1h9rYN>7G3&yVHIvb^V}qYFc^vR59}PhtWA+ zZ;vbOfvPt8rCRl>Vo#Lus}$8&#GI(}>FOYJzfY%JRk%dUREI8!gpi+-+uxjJ7?TKdBzpRCmz%XPM7-d|r< z*2P+R_1Zc?BKI7_Xtl?;uftjP^(DPH>z1F=ulJ=+=kBqVyLr8NogUkRhIvpuwQG82 zIw{{g>Gz{W_gp*aSE@>;q2m3m(z2|&RXWZmQ`EVT*u!XktX>{JuhGUD&)b`W>+1Ar(6}&C&ke2G&77^T>%*s$%sgMT zA3B3V`E2yqeOR4T9=nFHW?)IHA{{>amahQ}*xw3eo1Im8CBVy9TBSVFzz!CT zn~7ncn`fuX+h(`-y10Kh#`3h>xKS&&_1BBMu8!Bqvhj%4nT7|471$t>RtAJ`rb=bn zS}9&)9z$|%sT3cT{%yWD%uMmx)O!nF3raarUnTMsbk-JXOS#Oa)Z^!;S@O1dwyaOG z@^F^`yGKzD|~3YKv*(Y}rb; zlW6s>+v>|}-q2r{N>eM`t}iN$dgZqH*q&rB(AH(v7#8ee(#{R=yuG(F>f~xN>kMCQ zq-YMZFXhoRy?hw;TW#%WkZE2W6!JF@>A~dWsb9>`jnk{^YV+c}o_*8OYdl|`Ur%!{ znr$Rs^^|?^T3pPs%jEFkwzIO&?(c^B@MM1Sa&zC)*U!p$ywqFS${kVwrpccETsyhM zHUmRx_KO#T!oh5CpP!B{nnU%pP`~ZHRhRSr$=TIPUG(p)rSvj2>qb=B7|MDuSHLh<@(u@1qFnj%!8Mg-gwDnkeDCe@-!g|P$cMj<) zuftLA5%XB7^ic5I=pQm|RBr_~`bvO}KATnU#>5`9cGk3;ypqqO`iPUzSa;CeAEIGL zbKkYuH=nY@N(Siy&b-0=LFZ1Uq2x>X$JM;t8%~VW==DBVoYV)Wmz`DN^>o<0ULBmj zoj!J|uP3%)!Z!73d}5Ta{J0)A9`m4IJXcn=TxRWk- zD(hM&|9aC_o*g+Tw%tKGkx{;@CLixpn5IZ38a?xA`k1~S4o8Ixus7ViWwV*a0kb!> zD=Q=iyElu5Qa$dzOgiJCl0k1WHrlshSt#sX!S;~3+$~8=&duIPO36&-c@V0XXUh-D`8n!&EFKNdMa0W zHZqk~XH{A;+P;R-wvBi?jlLUH25q!)F#E>(<;JLtQWpnzIo&Rw7S#s>uX9)G`Rq79 ztrzE4cDLKpMh8#1^XXVQ8Fot-%iiU~pqxC-986B;nPauOzDqrxJ~ggS2bJPQ_Wte} z%b?@_@%8Za`K@+vnmxT9*!Ks|x9MK8{8)ME-_P$my|cU3Q)8LD)zo|?xyp49v~{a8 zI)2pkQa5R~0ERW!m#^vb%YI5RlZ*1>!7QDt6H7CRPK#tZBPan>vXPh(p>jSC*9oW@}*@?rpD{MIlR+vR`Z+Xv6Wkld$*~< ztfZFC@fApcwCBwyFq?%Vk{eW|1@2^IT&cQgJ-pVaXiXAJhUn; zqkq>uFO`$U*IMd&c2c~mRomv>L^-w#*P|h}1vk~1J$bvmE1e&YuZ;>)q5Fm7hqqDl zx^iEr-z-;WhBAF#sMh*={DfnO4b8 zGG~)nHuE|(*W-$LQ9drTU-XNLS??6DE{tmJ7A-@$WhVQYxtLzhnv-@ad6hiDyq;^U zW)tn^x^|WsXHSNY&nMP>u~ximKD{=_r?;)+OQZL8d8%F$@p4(OUe;2B z+l%rgUMp|f<7fS$z0SSd-dqiC$Ls7!Z#7>}PnBFjK*i7{v+OZ1TZ-N5u4{mmmZjO@>uu`{$>q-I1y8F(& zbJ84j9~8h9WV}J;I@l*xx4HbZJgKhxIi*5qRLLlV%e?ZepcjvLOl}(3-&Cn6mV+mz z>8etqGQ6K7KB+ufBd>=!uWYlaY|ASrc`bd>d#H@2b8MHY&efNPn{EeZ$wA*Km!na3A0w_m-+w1X89{m8`L;FC*PDu4XMlSarS~!vUuDW2-U`X z@*1dB2qZG{7itwCQ#7HVp>pr;#xYkZ?h66$B|RD0 z@L-q4OQA_C#>oa7nY!*Um?M$p@=TDPe4yAySl2w-tGiJ_v3L9UT665>h9ohPD%q^I zFAS=UY?Ek*905V1fqDY*cvyMjW885H<#LJBj@4wfTkWZl?}Jd+3WF#$M3L<(=Rh zuAxKBe?T_m?Q~wbaPye#U6lernaHqbQe0lI@@x@N@Ocy0bKSmY2#Mc0T+(c^6KDfv zL`Lo9uO-3r9L#Bpy*wWm+3gju&r0-ty#-L^(DN<`3^u^Pz~Jug?#|%u?(WXT-DPlx z0R|fecXuxC?rs;ii?jUpz1{zR-+Q%5B`1}W@1!b~r2BM#-R;P5yndl$aUvzVw!RX= z(DTnBXG%O%>_Do&y(v~NtWjF?=Y0uy=z9!H6Nyi2w|9%SC3ZQa!U25R^H6gvZ?#0g z*@A#dTndm{iMxZ^o9#}w?5EF3A=?e2M#!3cL_wRn^n^N=59g(@e|In84N}{E>BM#Ycd0zLkyA264NQCnyqUmg=2yn`7h6;W4bLoM@kROmP6 zxpvT;KEfH}k{j6vihrg6^9B@%yRNb#Rq=}^GJa{JopNW35j9AAJ62NM=@LW_OV0-5O5NfDDia3 zeT}^*v{M#RFo}JqiSIs8ahcPy*j*F5rZhLh#{HbL^XB}31f|t-785V++aB}1Snxo_&XPv6>#DZdG8_w&7R+=Cnh)A7$^7Hwt7;C9 z-7EIqkxA1XIoQ2;0yIq-$Ho5#)@hDbSzp`s18QhBQTWRU~kux{HklH z|4V>oD4afSJZaUoG6 zLJTPqy|Hfg-ATYM<49v^7dl-ikf+?1JHPuCg7SU=ki+uyH4dmSjih(i@)|lmqhrFt8JhlI(%tk7GKU&um=@ zNk`T`?6ljVc57KT9v!0iV9T(-*6QcRS0$AgKXiX~Y1pCimu2)hOD6Q;|Ip7z>++R- zRVJemdiIO)84?Zu>J>zw&o!)0(*~YD5l%%*P%d! zvzswc^x>tI+&lgZX_q;6GV!Bd`&M&Hh5BPt><-aV|BOcX&N`v?mQeFqfH2pYzVjTP z#=yc~&`*^^Y>F-WV*ud#zJT@Sj6&}rL}~6iR6qefH9Dw$EmcMHmN>(ldrmPm?|5fOj+ z_|=XTyNZccSBV<_;JGuOq05fm{pw&%ygM1Dk#ykhK#VZlnQohGxtJ!(MHKWd518BF zy~aYpNSH(hmUY`WKwiD+P4YZM7=X5H9XuWe*A3gsuh(y<+v+`S-&UxKg$>ds`sog~ z(C{xgItdC;>^g%$>6br_O^umsb7{*};;`uGOWckS^pj)bav?(TUUG4e+&cTAo23`l zgT&1u`TC9&P5vnw1lV=%kvlPW1+#OwXn~dltG{GXS{a|NGRkS^$k!6MzF2!V>D-O< zX797s=$9y89jF#wq|dgmmc_KBN;XI%8dO{0+ZTu|%o}Y*2nhM+g_SC~akSbAGJG4y zsypXP$2?e>OZHUff^Oj$l^cK8ZTY%5M$QAXH1OMA`k8INb~Li;)oHEWrsKeDlSj;l zu^RoSNL>}eYZ7WmlwnCJxr=5+B^bGX7y8Sox?$57B=o$Af-PQcGeHP-&f|Ix1%?p+gP_D}*oE!cM%0 z)uw`+jvvl44P6#s-?vyU92-aS`X})vju_+Urh>PROQn(}KRhj;U$>uEoOaE-RUyG* z3DXHW5UiYpUFk@LuIWtY``L`D@TsHIuZ8wLRloVtYFnz5i@_(>E6vun`OSl3#jaoH zPafBr+^f=wfR;l`*LuY7yj8w7`9h#5pue|<=S6Y%UHaRlhhSnGo-Y1Nmp$9y6;qzh z&Nv37;*s%R$t3!*-)f{e<*w2a-j<3DcX(^5*$fKt=OcXZ#FOZ^yf=4 z<9D^VJ^`iS2&xOtSC?*=Lbz>VH(^pXl z7mnF4)q~&eW{#7SLokub-)cLD^G=&5vbm?A*CG@tLYIHOCLN{KE|K&5bo|(@k!yVW zE9pB?`$6Zpoqr$6M)@I~{QJYe^Qmen7xd6>QF?Jbb#B4(p`W~Y1a`#Dn@kcqd}SG` z&EI*X>Yp9BGOpQ)uPkA^+WhH^(XnAnM!^nH((8^$tc{wd3{IZOju>vg-3QC^U-ooTb^;s)nE3gEZ+6U!_4`C=5>d%xZ459TVCr zM0Gx^r;H=4>4|iqb9u9j#~=30ra$eU(G+;b0kZi=xZJ$xCZL(_mQP8q3zi8#l2pU6 zdbjKC>WY7NWU)?Vy4Dsi={H-(Q=S48b4v?4?VxZpAxRz}lGB+cB>aFLy$g7y9|wRGWMX2%&j0UObAcEHoz_`f}f z!o>ac2$`*keF-g<^H}njOxNDt*R7tl-W;~Ls)+07m3mx4EQf)`J65W%3JT>FJYQ_c z)nH7skLNY}CC{UcX~f&bMv@8oj&H2!jjdAnBw#eOOSldxs{1-gBpcH<6GnnDBbH&3SO(QM)hz)#D~eU@mnQ0{7QA71#6=crI?A@$5~OgqHn9pMq~VMQ|2Tv! zm~3y>7LWR#06*F3UG0nV1xj`9}|E9EVrOrn@u~?zFmENYv3Y21HpFN3} zst9|YKrom@34hU(Pr5o9ik0zZ@kV=$Ts2nYyxi1j7{ zO*tpcd=63wh!I{0i0_|g#T=agYK}^(O2%$hj83jB3qIOYd!vmT?T{Z4@zq3j@SIdp zg=p&$yZov-5$pU;CDaON6bjPsK2rW0er+!~f*!s>5Kj<|SrRVwT8-dUTa;(lB|3YT zZ-#@V0Uviq4LI+h1wFV;^|rXTjkCXNAf|w4$AD*0K*R@-=)-AD@a>@cbx`JIY3o5( z@cr#p6DQyeRQmA*6!O*in0I^4zLEhM>fcxsH61d(iErguzuM&AmVVqz`*gpTbXA-t z1Uzm9y!I1))EMN~G}G!+QOxVV=;bfPpUlzE{w?g+Y{`H5{s#Vl81q=Zb-nAL2r#@9 z*MO8>t=>&G+%(6yFEuQ=ev|*WKI--b>~0BNIL%rH*k*UX1M~f#7rVXtrncUflAlU7 zf^6EKba?`vD?Q)lO1o!3^A7TlI#jQCQ_rRQ^B=J}0WW3<>!krN;w4X&PxD(h_p4yG zH*|G--z^2Y;Ay!YtYXgZ(Igr{gsSJf4|UWs{A}pcnNbFTGKcC0>#nTR7_j?Dh*me^ zhv%-zB8Ny{d?9s#nQ0*4G}M*HMfSB?fiFVrXO+4ofC>ML9fc}VeAM4@dsgzxj^#FC zsH^@6*kmZ9co&*UXgipne!0otq@wq)OTD4T{(11LI_;j&_2Xh1KQ z*Zw^k-$j@3dCxc^?C4^PldjnJ_3IYZUX-3$oTKE#v7Ta?DF_IDQ(Snk%to0+Cyiai zNy4@NeFcot36whgD+aX%m1;^8&dS=R=*Wt%|5@(n)>qM93_MT1eo%>R^v5;dVCs52 zBO}PRgY?c#Gj?w{#81zJQu5mp*Rq*-1}}769_ZLSzIE)(=O0nB--%D>)z=Ris!P@n|v7j-u0!Vu1)9+mS-n?o0pY!%_i2ooGVTkn)*qs#qqv(M?_E=Ghj07ky zq6+t{4i5>0X8=u^*AV1MI3YUUQhviIvD!}~py0+cXY z0F8vPWQF~bhnRF z>@D+KTiKCS@9hFl>0nWq7l|9*LluiWhewm}JTtdBP*3|jo$fYAU&Dv22*xaX^QL6NiQTDtyT6Nx z?xz+p)d>IAkd{hYP{qUT3^d(Y82on6T`RhDvB-8o;1$!L{@%8X3G?PDua5zgLnzo%bFnkvH*2@-C^|JMcJWp_) z>33mTHFumE-dgTZLnxh{u&QT2>XBiAiKN)lyrn3>r1)Co!MJn(V7d;VC#WR1F&8sZ zj^JbgN*=s8dMk(BKUiK&1{(` zyAZ&tLm&Yb6Um645&Ryh*7*qN((W08rwTw@o&e~-WidcaC>!Zs{BAenIk!JT7WI^% zu&ImJ@m|_piW$!LSB-?PqBE~VDt!pWC?54*bsM{E12Hvu^Zc#RFoX zP0SS^CuX}SYxrKBGMtb-BSmcI4ckT}(9HS#mFo9ysOI&;G)oK58s;TmR zoP`<8x{y=35;ahn(gJb_uId0&okAiOQ(ukhY6yiB2kBcw!fmYtsR@SD@b`shF0bWx zM#2khH3yGx4@Xr<|6V37>vz8!XES*m-amT}hTIGCEeXIOYi{9t4_R-mIRb#sm5keE zDG)RCSDBuV`M?ZkBD#_OA-*oB_&5D`iOuUU*R%J7{2c-d!RRNf&05oSEc$US9JUn1c6uc4~=*vc7%QC<;ly899a;{7sBsxK$yq_xI@VV zxIt#-S3+{P;+9N7WQE-=^av@9kQNsYnQpojW|$u6xK^^pvyq5?g{44ES4S2x6z$fe5$DI8z{4KDtS;ha!h93l0FD|p+sy*FmaM0$|0cRst87! zxq`(v$SG%GGuz$9{)+{TYpfA0GqVo|bEcJ{q%fq+qF~xr!6Iy>jk`_6o^>A{7qJ&;D)cj>Dj%ZSp|of*7Ch_-*!- zvSU#QVS*Q`x`vYIzhh_d%LJ+m7bbJ{PzyH)zV>27rM}XkU%e#~3IR=E?I3d_q>QTN zoDYb{s=e0fbs37G$=^8L7QJs1;v=cN?jvaBFZiDj6V|v>`tV)o$Pac6{0^M)E}s*D zemhQh0c+POIy`EAtyERdVPcu6-UXTp5|nxG-y%%d!Zg^5(FGszefBvSn?cK(f>g1b z@-{+OJg4Bt^`Qe!9KL+E?md@}asI`O%(W%^e0_z{BPolDl!`xTD3{@tP&}|M0kzeJ#m}Vp*}73D~U2JG#^1Kv}3C9 zp)U{@xK$vCJOI#10j<437v!xjhF^(1FHKD{%kW4+Zx{f=bPOB^cQ@LdGFiD$u!^qi z0izP_;VH)Bg(Jz}XrGcIw0tME-?xi*Q#;+axNL&*shJgq>tB7jX*ML~{!b+pW+}Rz z8yAOpp&*BsA_#^ddnpp{X}B@G!t58pFmYFf<52AD0!~MRiJnz;A`2NSy*wogg=FB! zfX48kCr*ibddaJ_Jj$J4^gcwcUT+hDVbP#;4sY4i-QjOSpYxv{jr6cw&0dmT(G<}L zQUdFHx<*asjTpqRKW(CaW76G5qmk`exiJ3B_)Ue!AABX_6YoXmO`**(PG_JbC4A5U zyV$-F4QFs3EGMKXRbFZ%o@eo%1&94)(z034rXh&ozaN*eEBVKF@{W6v{5%Jia$ZxZ zk>?;fejYlbNGf97pDo6bI1Btoy+$J(OyMM2LC8IG{ z*C6=TS$Hc0FzUd4h~EmnQBqupGKGZ)(3%hX-2d=KYZhZV(pj?R7N^D?*XrZxXSQtC z{TR^OhH$QYfgD|VT=Z@&Sl4<*VpDMxIf`K2>dc^X*d2?>6=uV6EdJ%5qSl$hHh2Lh zsh%8y2S{9~>V2_^dEoV{<&H+w24f(Ow)a%d#aQl zO51xT>6T!LsXIC|SPV_*V%e?$ZG3F+5xPE$5<_@OC|o6?kh;@O6>$i^F%ovpMGIEB zZPS%hHdQ-b5=$2;Ixx!X^YAw^uTq-EICi%$)<^RBkrP;-k_bcS6afyD-g(fr&n-@J2 z%4kbJ$av6YPw-Wbn_fbq%dt9^tY%nr{l}Ln#5#wr`@EP!XvW@tcMI%;;CT*zfA#r5 z&j%2_x(JM%bFwiABcVnPSThjRb_bi)i3Kj%2YdyE;C)p$ZU71k7=A;e*!1}4$(hF4 zkyA+4$=WCo-!^WZ!h2<>&Er;pv>TsYvUvX)PeK$X!d|1Tv3|u}E{R%Cpo}xgc;xZ` zO5-yNR61@U+H(rEn+B+?U7;{fFS*+euwXs*>w^qSmi+kyr4I5sxct@au{w z$TWF=CvVN=v^bw~4^3VqB#u0U>qs=GppfDWJ(<1q9!9Z*COY@l5u9z%I+}u2+YQPf z_ByL}y(6@)1jp&d8$3zJ=M@IJehkA+82V)mLxgKz8gf`~*!ncS`EEQcJOqra;6bL+ z?T^BAtxi-C<=aQhLz2P&zWt2@NtGLqKwU{Vqg}AdYNAI;%HZ9FyU0G_+aC@!9K!dr zV?{pvG(oWbIz|PDLx;Qa6>5b$LXUQ?4VR1t0>R88kE+=xZ`m{te#>}9Fv0QW`~v~= z{N+Zz>&;S&TzC74B7mCpv#YAq`TXu3*Ajl*T<>X4lCf6VC8ol_7D=y?#i~+?h)2Rk z1ucRuI?@$0h=bmT5`15?L*_7Ti{u+({6@%JcV0thCRYeETFw3VR)3!QL%pu3uPf#( zqr=1mgG=P7$RQ8w3^2wOi71iyyd&Gyt1^TESH#(_P=V`xLGdL}PjVQH+kBz*sDIXW zKq$4lru9lRxRV_lfFAQv#QoaOWmnrG6m4h=G3@EH|IZdLBQn+LjLu+7DI!ykruWY@ zvALud@b|sfLIndSmc`)TK6^dwjQfx0B^C)SvcUX~tt!(G(W;#_@XK^U{sHc`^F76y ztGNYdmygigkBUgsEl3FiPn?`vZ6d{(9y$Ge4X5qXWUb&Atc`tw&uSUv(U!AKs1#iI z>T?&*7KVJDN;rvZ)S(=9iE45_=tE4ld~chpIu!~8C!4BtgGZq&cJ%lqwOjs=?$DkH2|YgoR@MLy=`G z@@cX-Qo~P{(Ukd@&q1Bkjngs~&uND09(Lv+s%0{jKt42)qgQD{$B(Vkx_*FP||{`L5SJ{Z6TIj6e0lIu5c4evnae39kg3{po9Iggcb+@r|sao6>QF9cS(&RJD`mfSC5m8fY>(p2#oLo5E zxwYJXmgzJx4aWJkrZn<9z-(3G;aR52;a^s957r%+n4*Xh29gFZQ#cvFf0^dqzE_IxKl}<`-|u%-ze!oHWSOM1w&Wl76^oBLM6TC=_Qi1O9XhJU2ByNa7g*E6(_GG|b`Kk&% zn;fO8_+N^N%VKj8cKTgv$s8n`^u+R7pR)|ds) z0qj}*bJlpP7c6mNUI~EBmSOs}lZ}R)7U+p^O|1^thJHi$3_>h2>~kZHyj1K;f{Ril zB0rgbLxTdlFQdvX?&>XDPwbfPtoWwkDPyve6Omn(8bv z4?`ZyWio5RvTHOs4#DsGw|_Pz(#PkKvi0OWBx79SFZU?o;RfMnO#Nu9VFX=CvYRey zOuwJr?Wd?iE$aPr4W-BQ$lJZDyZD}_iGf)f?NbH?J7FAujV7Y)#+wbCopMqzeH^PQ zO&^yo(HSt0;6ZC3Ca*w@hD$u1xFwSd=Qe+VBCyz0%4gb2KKljus&My*^dKlfsrhKx zi7WO?t?tE@n^PW2M0*(^SmGA6AiFOSjUT^IR@jwSsH{#{_M2(GJRy62DoRp|vAsI< zQsO&N(%s4+%BaXofzF?neAZ$3x+4N17{A?(FA@PH>A&DRw9ZcjyRh#hB3Rq|!CnrL z+zXfyasdGJCk=;mQ9|$WAZZ1|Cxp;VJgl7Cwc?xfg^)FS+X$|MGhxCfjX|Sz9)kIf z8SCEK?ehm!DFi1Ox>ciAn}Ect==M?PXcG0#6eJ6nmJA9Yb)Wa$w=tAzE#!72h8Uz* zXAtSTlN>4IG(@$}z5Tv|j4v~ zu)eeXXLiB|`-YjYdUcAZm{W1t602_*&R|({z$3=B>^?53&CM*$dL7HzH^8`ax#cYR z$s*r_qO{+OEUv#EG8X^?-NdlZ0{bkEvvIC++8d#xTCDBc%>pjd`}>69#69FT~RES(#|SDI)+_g!OVhW zxA{L~YrNjJvEKkl18`!e%h-5?*~$CJkII#*i!C&xV-b}wF-Ok&9RwlVH)tAY_QTft zn;}#@+GG0?Qpz)QKJ}r?nMi{&u7Bw_&7%Q#6xH^2{7-F>inFfOUk2R;u6EkHQ+7l+ zLikn>jxds^5aOY*`Z2K*ZhaJV=STh7 zoU@@Z&mKQbqE(kqXl-{ZFK6azCBl-iAA0D|jwGRqms&r3iXwS)1|KMU`;tx`vrA{i3jKa=Uq zJp<`?wZ0Y}3if@4O)waOpPa@a!Qu=JUandW1>7&ZIL~W?g2V5gT56rnEcc%XMkR=CvVf^F=ZD*AmAQTl;gWM)KP_=Vg+^L6YrU)}2)2TbgXgWpAt||FFu%#=SNe1BCPL z6qP4EPutc@@3M?NtC>G{eiIWyzL{fHra~i)@BR}L!-Cvk$qlv6N`EVZR?ni34n-O9 z9C|#Wsg#pX*>CDi#tU1@!I&-dEQq2%KKkC;0XnCROqD~99lKwfEhEmWtV@Vrj z#pqpv^)A>n&7;zq+IQ4^+rIiFS>u+L`uqLmq_jM%$c4)jaPY+m_H3HdK0}2&HE$Ao z^;>^sVv#0tW`}&?&&;3ilKHcPVX~5J@thW0xvt6Vze@D?tiCSDx&yE;Oz%;ub$24M zoQUjbiAr$I5qhuaTXjCdnh!r56Ty}`&+SBGkq2=B(wk} zlSQ&bJxZ9=&hp173C5PKCB;vC z799#bg~+dB)RIc;$DD)(!g$BbCiEUJ8ib$rd@YurPdU>wjil%J2riE5eSb&1*t!&? zyYRbV+M?ee1?9bLm&#vWhts7I`f=w9=#vtWx|1v2tEsQ&Gn<> zeAo}*L@4GL+&tR_IEJEI6pLu4s?TaqnZnU-3wTjvS#W7fe_WrJH!>(VlZJYmS@)ND zI}B=;u00?7?JxHQ2S24UwAE=0=&?6<36mg71o16DPd0CEEDU&c|L{6$zH!fv{g88< z*7Scy@d@!4GHhO3Kg!wY&Z=H>e{-F@Fq~LA_juv4T-rpp))jNP)3)ZH{cUBfK{bP^ zFqxMQRiJIKA%K#HVKmY7ClaX9T@!IvmqI@4%?z7qxaPTpSbDu za`fajZi$IDw_j%A`EJQOv~CCr;or>jSsHoC^p)iKzN>zT(Iwi~3~2)mLr9(I`I9D% zRi{g9?S!DNQ+ow#;v*860U}^n%jMV-C1m~hF{ne1T1^HfoehWbt~NF!$C2jjyx&f(WZPLI%>VAC|$?I(`7z?WCETl+oaRLGVTh6w^yO&UcW!w_u z+=_Upfy$B06vY{FT|(;wdm5|RnfsuvJX1%f2U5YSnTOoFwmj6U|HgrAr-NYv69=F5pinzO z>nkwp?(de+{1tlip zr#DLcukQ9JtxS$npE|979GksrkUtnF=xH^aNy3$Hel-hh$>_s=KT{9*geVIy(>MR4)b zC2s2uEwD4)XbGif=T#IMD_8>7aYN2;Yf5?eUa!3RYjp6=I5Ykx8|J&r;$s*-BeH7E zC*?A%9Y_cVMP+-;^|G0nIu#UXR1T{3onT=(x;rtE|9v*YIq9b6ZtI?Kl%XW{D(Zw7 z-bJ}x3>!AHWpz0qb#KbE8zL@ou+~=WR!j?2iLHKTrM@ZdYJ3=t5AMv1YcRigFnRvo zs#(;wNZYq#Rf_BN-Qe#kRU<`hXL5N(3~h&%p31>lp{FMKeSTi_LHjwL<&Jw=Bn8hP z*CHGito<*gws;3;^4al@=vYMaQFHEr!iAxI2D?AA;^>-xer@kBwV!t<%X(z+S5=}s zt~fFaRT+K8jPC@uf4a3Bih8}K6S&V(JOij2dg8LaBo%784;JXGnr)Y3p+z49=j1Bw zm}ayz$OueL2!|>SmvE+fEq%=m~3XL4ZB(sxv>U}mz0u9jWTUuSGpmHc~ zX5mh5fx{87W3&i4`>0fkcF^vL zeK1m=QK2m)CR1PO^`m}9ibNe%$TQy$ep{V8h&ANJTDPuojj$kfHMm;FJYjGl|9e}e zci07*|6)zotIqeA7AfXeDzP#J{tq^uUq2+oPer{W$ApO*8^zNQ&E={v^1F;P>-yKD zU95YmyW|m|m(&R%nq0#$%Yc*`lr!R9Y_OPhPNA{soycxI%GU}c^+ptu!nG0CA}#-* z^MBeLRt)(qYP@8X7dF#fugCz2eS9K|&~AE#LCqe^dw!GuTvL4st-_wb=Z||w5pv0| z&%lTeI3-y~D0GPbBAJ*|ldE^rKtK?yKtP~ z*(c}3jOBmD{|bmmtl5Qth|GZgU+|ZoqyDdW`~MC9zmi=3>;6+nkpCOyMM)M0_CHsA z`CPj`TUI8>&;5VVW=2vCG}GdDtpz@>G9rS2K>h3$b9Atw=<7kmYE8SfBHuBW@vF9yMDj8OaIVSB2 zKO7-)R6rXS;U%E#)pyYjB0leB&5PAtvdaI@Ohf@6L_YA=DG^>Vj6WQJ&642?326v0 zM#}fXj<|;Uv)iZ3eC3-@Rcph^TG>zM>BN;a`7`-iqF04Qk!(rB42o)&Np#dj zB^DeZZ+noe6Rz|;!o+>Fv=2geCdx=EphqC_Nf5<@N ziSvK0+Ko`U@(NqDtvjFuKU43r;K6X<;E0p_bP9gvA>6kFIkt~0LSIax6TLZ|OK@PW z?c2wV*8dQaAIKVOi@hs%?MjuKCz4uhs}h1^!Sz;-C??G+r#c|R5~+7qVBx?EL324_ zyrb(IvDdY%)GQ}q)V+!9-%vF{HspBGNXmA@dC^=qQ1R?TOj+nu+( zz$d}2mhu=GTsU9fb5D?rYqEtq$;ClIL+^XO(6KyX>Gv_gqqu$+#!x?kZ7b-34V zBqsQp12TL*!im+eWkfHd2*E%>>!>O(E~z*qJ45DW$>brj$vE{>PiU4i6@yO+41I6lT>2cmeoieD zLXK@bp_#Yp3gqffKhuX}xeFl{!=U!W=t}Pl<8{PS*-rmpeV+SrE_b-Wh3{>t2(>NV z2I9^X&{%%?4RSEqY`rGqgA{H~OG^Z7EB0LW%Fs|P?;jom*sa;cSEzO_b$&1pi7GTHoxkRg#T2I5O50^o+q46X*1 zRgzp%V}zL&Q!qXvN@LuiY4{4l4JpG|s(YeyitYUp$cinhNWOwzzzjShDti#}r>M;Q z>TmTS$pQ-=5(A&1dcc&?(4Wyi62XJ~C}C=WPoYl8Bnqsl@L8p>Z%H-+u<4oADIA;V zwnHudR*MTb`az}0gbCy-1b-uu2aRRa2{)1#(qo7dwKB0HWP9-u)?y@R;=qyYFp?{h28WN}D2`Ufu)8pW3mXLa0{DJSA2 zntARn$iJ$wrs6T`5IGhlN{PF}^jLQ6Mr^vQ#<_it4H(-TS89_QUm0EsO<7k+9b6}8 z8b}Ps@^02Gu?7xLfn`&IJ=l`F}|Uyxf1Soy_`F-kw`fevE_Eo`ydh%E^m(veX(ye=0^F4>jo z0D9epGz-_30~`WxzAmw`moE9Kt64+V55-f@NMfpHet7fNcW<98qjsTras<~vqhuCZ zClv~DRzfWi)HB@a%Bml(jq2`QOm?_93XRoYAP zD%$&|+eBrDo3a<;PbkOptzKH7G_pgAnQ1vkL+)u9?A6piKkiJtX{sx~*NUplu2%9v zoAhNt##E6y?c_rrZ_A_3@p6yJAf@zbGNQSc{6cn*(cO9-*tDC;`kKo6()3wgxuPdio9e~d-ZB;CUxlWlYs zqw_`{sKwB<@bJ}mY&*dP?Dwy;&sNd6A&uvV;0O4zuOi^T$r?axp=2x4uQBwr7EzOtCE} zM`av`_xSf6onxxkopZ=)Z%9eUr)rOyHk2XTbht5AWutIJ=HFlH308-J6-JDTwr;CJ z)8d3gGmh(+CiyVi3B0J$Is@;94y!~akPiA^I8W~tEe7j^ZoN-OWWKFc*ug;o6R+Z8?fyWKu&TzAGAgTnSb?kmrl@x{H%bHU4m$BV5` zi!qz`<(!KSgY<+9ovfhfRo`FOsK<$*?c@@pQv{JwyA|8@qBi)Vh-~fw7M`Zez=W5p z^$kkt4LGMCL$b3+&+m>12K|5CC)i|&I0zP&&`)Y+2U8zY*;%#^^qLvs9E|hbQ&4dn z-ktct_)$T9i@Ii6%cewv(>Yv2O1Nt(O02rij?^{3(_Nf{2#03MBEfn*g zU$`_bKmOZm!jx^S+4%T$JOvK{;Ya`hf&clMsG7Q1JGn84JK7stJIFX%JE*!jx)@uU z|G(PFFzWjm#1qOFowEH!vt8n^$Reu3srzc0YiM#5CyhM#i~BOGh>c@sNgDg?A8!^O z>8vzt9(s>~m~X$t$vyJ{E18xSoB^8wuU1Ua0le9Ad(N@l;BcG4&`=_bcML3{dYC!rkc*uZtg2>=NBx_fb4dol z{BS+?qjMt`hdO_F>A!&V6}jIu<-PrmO3banDv9{19hNLA(v==4`kVi&WJk1xJ`pdi*1)h^JgRzf$k3Zu3*PkQv zJ!7Q_M1B-sIUws*WYK;fx_U90{au7T6uspbtAqbednn;G6l3~E2j146yy&- zcLR0b7tq*3?$h^K1`~(YL(WY~1vrZy8Q7&DsM2DeD~bBe@&M03*o*d$R%(T(9v(l3 z7v|gd&d59gf#9pMKz=I6vyg-0_4-`^^R;mTWGjnz{wbt3$A z>E5m<-H+DG&@}aAyXZC_sbZUVn7eSC3}ADuKTfd~hhObo3nUQe=u(1<_Jm$l_o--& zQwTHAk6WE;(6xCP9}#?i%9*DBIFczabjG5jhyJ!L^iwl9$=dOb2PlX9f{Pa|i_D-> zXewuB>&Cqg`(>@mK6QV+MslWkp|-ZfB4Vz;uft*A^$QzznJ=5_Tt=5Vpc4$&617{u zZ$MRpG8e0gLaE+s2$?uZL1Z#Zp0;vhANcGFVO(=C%Gtx1IZUlu_63AuUmC8xx5oNI z`z#Y`XA(o)8UDyQ0G58x7fUKMR-6Q{Y`h1dg0eQ)FiyCu+Q$%Pi6>XfjQ?3_%<;uT1j_zicD(m%u*)2^zcFC2XKEnb>_~ZTk2w!ap-+<1nv; zSx=!9XLqN^BcHFO)AhZ4zzB)zn#B@E;|II|YMX~+kBbKhYb+%EQFP^#O-RK%IQW2q0dWN_{^%sN5r|7^cWqBqf~UN zpBUQnVM(~XPQ;|jhfUK+EmlR}YWJBa_Y5NCU}_~fy$_uP3%Xh`X0b4u3_%;H%9*9) zB1@0w`3zG%Q@o^6=b?vkLw4=5E`a<;XRYyp#+~GKJr+}Y^D@GV@wkS(I^NVo2eM)- z3%aq09_8{_1`p;-?p-6tjt?oSDs}BOOmg$DHIs{f-}Dy0084HHC}-b6A)pVEJQYDp za}8gz-&K5q-D`^d@hgXvs)*Ms$-0)2Y{){rP=QFVxNSo2=kJae2APfyZxL%cMdzxs zneaYXHcN8<2r-dPGd#-9mAcKU&27&8!2J=7ujTf{z-IlA%C=FF*nw0aPSa0p-~E;) zVH9>G4URMfEess{9gCUTgBck9fOiwm8*yf-s>BQdGv4xb#~M{fy!|Ykmh#_?e&OHd z6iC*+8*sJh6q{h8JAcTpy?SqmJd`zO4NbmOS=#2Hb%bwAM@?1Raa|Wk)EbpW6>g-GRR2b{(A0nrIC85n!Pun0c)s)NaDgkpZ}5nR zzg!M&8&B|cMPK%>b>-ry5BxuF)p!BZgQ*`Sw7g7$k{B z_hKC^+?tZ5O(ey#f8jwtTrzWGO0TzZA*hZer0EoX2^C5rU zizf7n$AfxGP~s}E2`gv;x4HX+;`WMj1nfwIGe@CoG8j)u!4(#=m5Yxve^r`$AG-*% zx9V4%k$9HqjL!tnW@emyMN@ljMEcP1TRq8cqJCu{6&kVbRNpax*bQmsg&sj`*CTem z4+Q}N({%O@$u-k*vth7pnCX3H42itn$=4!|fdNCwA)6R_5~^ zfr;X!y5lNP?3V%9JoXj=pVgD=x-i%5s<{67UKR)TnfU7GyYKw416h-aXf4;_8` z+iCmVS4ht;t>xJ|DgYe(TeYL*#FJo^WWkBC$0Uz;H8|9|4oPg@3{Yy h8uwqgNp8shU#0H Date: Fri, 3 Nov 2023 15:39:59 -0500 Subject: [PATCH 026/117] updates --- workload/bicep/deploy-baseline.bicep | 4 ++-- workload/scripts/DSCStorageScripts.zip | Bin 82684 -> 82688 bytes .../DSCStorageScripts/Configuration.ps1 | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index c3e154508..8a7d8ad95 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -753,7 +753,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 11cc622ac72b8a693430158538db9520d8d4843e..b69ddf0d4d3cca3cef000a146cbe00ec950ebc9a 100644 GIT binary patch delta 1684 zcmV;F25b5Jg$00y1%R{xMKBHGd}CKGOjuk>1^@u>mr^hRCw~VhJ?u4Ih8lJfcxY`S za$5{tF(?vktCK~Sq>_4B|NHJlNv32)Tq+VrKFg6^e*-@~ z!F(2}zzyY~-8%aPfw!)3H|J${e%=~Q<=zsR6DVVh@Sc7hilMQPSU=&08 zZD#S@RqKWzCP|j5ox{X^;IX;j_W>khLukXlV!=iskNvCYJ`gflqT+$_Fm|cIzBHYqv&){-tZtuh3ksp_3(*uibjoI@7*^ ze;U2xREtlsx-LeA&G@fCjh@mV-$l2xD~yrIlzNH zRR>k*RZqn_(zEJtzt6=||7s4XqL(!XXzy#y;eXZjxMxQ_-tSQCT>sKP&&Xu61d}`#9vkR4^?P(Iz1wtw(6@;K3@w?6o2w;%6&#c?zth}()HZqK6T&VN+C&fh=eJG zlSi&t7I8z>!y9fRO~GpmL6 z*`SK)K`+~TMixw}R9eJvo|b`-iaDQk6T0>X1-F?c$2Rg$amUaj`wtbIq#jFVCFf!PQJ&#Gbgr2=CeYb=f@FN#wy0~`8mWfTEKVwR! z@GEDQ>}f7rGWOfyl;Q-~i zJqju_y>?l(7W@IIiEcDkUpAz6kdqC$VEfgpQp1iwv{#GV^7x z+EQ%lOP*1o_v0B#-t!hc!%A<>yg#wtK?gaxKwCf8|L{ zw&JL8#WMZBE93i0_WgDI#f#z;Tsz@H8b?EE+@&s!``BJQRR+HjX5ZES#025jY2bnX z<3&T_RDb{8>(aiUOma3X0|FK>Hnd*S4fWaT~Ypih(w%lnF-;x(}O!02G2P(ag zdUu|BXZfZLM9RD*jYnPOk}L>TR(l$sJh0$8(=zAva;DuNJ0JpF<0f7q*;(TLQE=*WlN(KM` e@0UJ80Z;+7mybdLHv!w1$3g)w2IN5j0001MN_4B|NHJlNv334cGhSw<3kdWr~B@X$GeZp&u7gBfzfw^7vSBp>3}Z;Y z^)#NjYE=`&ILR`#b(nYvJT?>jA%JA832pFKEZ8vQv40gk1cFCvK(7hQiSPAMgkv`L zYXTXD0eEnN`UM>1XX|e}%!>u=&I}&CVB>~0CfoFVjmpy#Ka0hN%ep`YSUKNIChB)2 zEnU}N{C^05UcDevvgOR#^J(Tv`N)OeZ1m8xW@A|BU%D3k3eDvjI$2WrnvEx|GwmDr zr_no3wfGdPt725xjQbY1)dR7(g_qkZ=U-bbU=w0kQi85yrPTqvSe zjI6mI!_`f#T!mLU1yxce3)lyVV3NneV}1Rmevgi%cbhH{`Yus`p(QgpVlsf6m!rVy zLW9kse%6-E)7EAdg6kmqz=WD}YPw_bhR}hWg<#{HeN}{Bb1*?G*0MtY2YnOvNT>Io znSZB2&aFA;aHk)uejlylKC_Q5L@ls1=1Es^TWst6K<_Xq58}uzb zd}Vvj$ec-)N{bkBd=Ut#2*i^F3lhL2Q?bB#tlqEj2t>qT<|{>wH~E?|F3Pw#w0~xD z`P6|^6NjpU8PP#MOsUeNbF%tk62uZR^SnA0%%Pz6Sd`-U2yKW_c%8KHgU^19cQ%eH zzxt5&du`Pov2EFre;}!-i5^;}RwkFdWnZKw&CUHb=cwis*;@LP#Xcnf zrO0Qqr5(a9YTqMVF)M;Oj0|>S&tp<9ppR}#-x8q){Ky5F%?VPYNVPm7W%{PLJ3 zdz#CZjQzGh<+;jR9XeOoCf>;<7R;G5hPqGwCeX>CC(*Zo%-R}EPGd!NtA9D>9tD+| zUc0PX3H}IlK{uMKuO3Ts7g|lk9=k1v!_F{lUxa&*lh{WgLPyU1d4}0~o%ym;Z7DX@ zCC{kPyYT`g?`4agVWqcX-k(_Spo5%T@<GEPEF*_cr2R)<7bOrpyk!U6 z#(^=ew6ikgILspToFsBX!CZfPS~6uL+vE8jQ!__}zsI&3$8$YGZ+|dN|CJ{d*^1+U zE0*d1T^Zk1vhT0suU-|W;3^20#5fvA>AqaT>KhZo-b15ir?1eb0?0UEc`HUVP`4QPR4S1ays j&qf9S0E3r8LIF?#u$PlU0XG5Hm&-x{F9zU20RR91sl_tB diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 6d55845c2..bd2736f8a 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -138,8 +138,9 @@ Configuration DomainJoinFileShare # Import the module that contains the File resource. Import-DscResource -ModuleName PsDesiredStateConfiguration - #$secStringPassword = ConvertTo-SecureString $AdminUserPassword -AsPlainText -Force - $AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $AdminUserPassword) # $secStringPassword) + $secStringPassword = ConvertTo-SecureString $AdminUserPassword -AsPlainText -Force + #$AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $AdminUserPassword) # $secStringPassword) + $AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $secStringPassword) $ErrorActionPreference = 'Stop' From 438e81a67eb0cf490a9df23b83c9343d69a03a3a Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 6 Nov 2023 09:30:59 -0600 Subject: [PATCH 027/117] updates --- .../.bicep/azureFilesDomainJoin.bicep | 8 +------- workload/scripts/DSCStorageScripts.zip | Bin 82688 -> 82675 bytes .../DSCStorageScripts/Configuration.ps1 | 5 ++--- .../scripts/Manual-DSC-Storage-Scripts.ps1 | 2 +- 4 files changed, 4 insertions(+), 11 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep index 57db208d0..873065f21 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep @@ -20,12 +20,6 @@ param scriptArguments string @sys.description('Domain join user password.') param adminUserPassword string -// =========== // -// Variable declaration // -// =========== // - -var varscriptArgumentsWithPassword = '${scriptArguments} -AdminUserPassword ${adminUserPassword} -verbose' - // =========== // // Deployments // // =========== // @@ -42,7 +36,7 @@ resource dscStorageScript 'Microsoft.Compute/virtualMachines/extensions@2022-08- settings: {} protectedSettings: { fileUris: array(baseScriptUri) - commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File ${file} ${varscriptArgumentsWithPassword}' + commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File ${file} ${scriptArguments} -AdminUserPassword ${adminUserPassword} -verbose' } } } diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index b69ddf0d4d3cca3cef000a146cbe00ec950ebc9a..c4774c109eb435e5bb72c7c08e4ee6d00d1d3bde 100644 GIT binary patch delta 1807 zcmV+q2k`iSh6VG51q@J20|XQR000003@d>QwG06{Fn`NSW>=Pu;%Pkw003Yg000pH z002X8Zf0p`b#h^JX>V>WaC0%`S#59IHW2z(Zpjk=tVE zib0WRTb(SrB$d?5`rmgaN-`zWFIlU789yWudAc_q?|G>FeAa9Lj-LD5crtZIu70G^ zhoL(FpMS^maFGa4g*=9N7%`Z00RdlmVGN&m7>Dr!q~gL`Fz|ezC$VZaGOfcacW^hF z&PJ2*R`F~ZN|3$?*9soPD1v(iB8dU@d!}L*fMimV-6fX_k~m<6WiMFaPhYTr#VYh7 z*=sh=ej&qaPk5_lqf4f=(GOFaVv33GtrrI#I)A%?OK2;Ru=9_Z%sVd%afyw&8YfXS z5m&3V+H{L`sRTy)5!$YfwXZ`RqvDr&ymcD7yQ#~}(i5!4Fox-d)o5UlVEL^k$<$NJ znoNw+DpMPmiHFc(_uHuJK@OXvRYqI4g_xdQ}F&hOn85u+& zMt^XE`Z*rtXX|gf%ufXF&J-X0aP37k7Te@)jmonVKTX7%%esv8sdK)SOw=Dp*1E1g z2QeCYQHP}>nyDw{BNsulaZWKc8-o&Z=`Qpu!pb#bSlaWNjVG-wLk#-UK#fy~`De6<@8eBS&m^ZXi+991HVG7Z>WA_{j54DZvV}{uZ@**wE zm35JElxy|Z>u58HqfM(UJ!JRELQCa?q@$>1@T#xoA=NP(3@tlfRe#T5#($*Bq(y?o zJP(Cbfcb=Q4k1o5l?a-r2K|z1JqDMVuaq_36l=z~tlFiaHN)$t4jzvrQXQ&@4#iUW4BC$~HZWq-N;dV88+yFb(<3Uh#9lQAlAQYAz(9#}yU>>ALmt`l>$Rdv2E zY#JF(wXX>Q?P8Wvr@`=rLz**!m_^{Fz6XbWr_mnCa{jivk@5}7N`IJ9ItQ64vS#S$ z=Rt(*3>@|uTF9H$2`;rdc&6Sjk(K2%@Cn*~^mJ1~!TnpdCx2`jl;eYb9!xn6vq?Rt zh`dNJFW8(`O!>(7c(%jT%yA&zV_Qw*xe-w`RHpwbk^|LBV^1iS>Hl3D-*&QZ@8d6C zl&A2{hqu8b?n~n?b!ptkw&IyG{FO5Mw*Idn3ct=0kNlr58j_~E+xK2q_Jw59vtb!X zxQk0q=T*g37k^zv8~m}jLmHP*%bg~TEqy`fl@6aWAK2mpDHj8?`0o43U_0U-hblegzM0SXBLE0^*? z0YeSTOJ-M=j^b%O1^@tHmqJ1TGdYipR>lFF>i+=%0EzV>WaC0%`Sy6A>HV}TU0sjZWF=huSJ?u4Ih8lJfcxY`Sa$5{t zF(?vktCK~Sq>_4B|NHJlNv32;tOH4;CxWda4?!4`J4Qqt5zz0NikVL&lM->)Tq+VrKFg6^e*-@~!F(2} zzzyY~-8%aPfw!)3H| zhv7_IZMJIH&)20A;OQsQb+oTT?dlX1zs&q?66p4(DVVh@Sc7hilMQPSU=&08ZD#S@ zRqKWzCP|j5ox{X^;IX;j_W>khLukXlV!=iskNvCYJ`gflqT+$_Fm|cIzBHYqv&){-tZtuh3ksp_3(*uibjoI@7*^e;U2x zREtlsx-LeA&G@fCjh@mVsKP&&Xu61d}`#9vkR4^?P(Iz1wtw(6@;K3@w?J;*9%6&#c?zth}()HZqK6T&VN+C&fh=eJGlSi&t7I8z>!y9fRO~Gk>dv_Sv9{ z=|L~sdqx&as#IFUaGsWdkcvP&Nw6dVOfnS^!)OeGx8RN2yi$iNB zuOEAGLgP^NFe7^ChbdKhbWT=ZOoCWKW?s~%f;kk_Ig3&pAE4zi3a^t6eq1_?@!rO9 z?H4A}eW$HDAkiH=@(-kQ;D5;P`cHabM&cQvhsvvA%hI$amUaj`wtbIq#jFVCFf!PQJ&#Gbgr2=CeYb=f@FN#wy0~`8mVb#&pg&_urtm9g zmh5RRTQc_B;gshpZ(Vh+uuZ&`D=e6EX99Jf{7s;3LieF>0-5ztn4HCm>Q-~iJqju_ zy>?l(7W@IIiEcDkUpAz6kdqC$VEfgpQp1iwv{#GV^7x+EQ%l zOP*1o_v0B#-t!hc!+%O|&AdOc-a!XBx#W>R7V~dVQ3SigvF33Q186oWsUtK|f+XXf zKwCf8|L{w&JL8 z#WMZBE93i0_WgDI#f#z;Tsz@H8b?EE+@&s!``BJQRR+HjX5ZES#025jY2bnX<3&T_ zRDb{8>(aiUOn-7VECUF4e(CAGDw*nlser*B@@uSd54PNC65o;+bWHJXxCbh|ka~BX zdT05j4MfVkB#m9=k}L>TR(l$sJh0$8(=zAva;DuNJ08mQ<1PBxW000O8d6&1dHUTCA0h_nl zH~|U?0W+87K>+{&0JpwcBme*a diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index bd2736f8a..cd600392c 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -66,7 +66,7 @@ param [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [SecureString] $AdminUserPassword + [string] $AdminUserPassword ) @@ -132,14 +132,13 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [SecureString] $AdminUserPassword + [string] $AdminUserPassword ) # Import the module that contains the File resource. Import-DscResource -ModuleName PsDesiredStateConfiguration $secStringPassword = ConvertTo-SecureString $AdminUserPassword -AsPlainText -Force - #$AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $AdminUserPassword) # $secStringPassword) $AdminCred = New-Object System.Management.Automation.PSCredential ($AdminUserName, $secStringPassword) $ErrorActionPreference = 'Stop' diff --git a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 index ca99291ba..699b64d5a 100644 --- a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 +++ b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 @@ -53,7 +53,7 @@ param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [SecureString] $AdminUserPassword, + [string] $AdminUserPassword, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] From 8cbc2d31a23fda6bc5c5f941b31d97497747ac57 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 6 Nov 2023 10:37:00 -0600 Subject: [PATCH 028/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82675 -> 82675 bytes .../scripts/DSCStorageScripts.zip.working | Bin 82675 -> 0 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 workload/scripts/DSCStorageScripts.zip.working diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index c4774c109eb435e5bb72c7c08e4ee6d00d1d3bde..d5631e4665d503bd4da74d1cbdbce623994ae598 100644 GIT binary patch delta 82 zcmey|%KEvLl_$WPnMH&F1bB=adA9N}S{g8)oEo>?!+R>h z{{oIhL47$OOACS#80deA`QJ>)Q{2+V)Jf9A$kEb7pOK!Ko|E3w(n0b6EI|Qnx8kXr zQj)6nQ2_xF{sjU;`G1$_9h^*hgB zz3LnczDhkNapr!T&#velg(=zrX&xSr6zhgpL!KS#nlY!n>)(BS;R(vm!JZHznU((oC~D2QJHro z&_y3|TlR=jR!XdM9$%+ZdHwzUvCks!_NF-nex9secrRzFE-FV1?{rN)7bSOj!W7U7 z35b9?x&oCWoEP}tP;Zoyoyo>>@neKP*W&OtIs&^1Vrp7)CS|*?9E!691n=KobOhI$psit@wu(4Hd|ThP0Yz1N zspG4^wwDG|d#n7B?mt#dn}k&gkwMz17d2gmN89lq!yXxyK!A> zo*kbd)8;f2lihu~4jbx9NbC$QplyE5eG{C1#Gfrh$zSHD3=BmrK5dfEH9DgubVKC*k%5^{su% zVa9^$wR<#DPzM3oCu&01#l){aAC9AIem=k%U3$J17l?uVUR(m2r4{P%Vj7Hpw)3yo z9qcwxHH&Zy4>&sr>1?c@ve_#my+MK-BS$kZ=T?>Qzhn`gD^4ysf8QVU{eGq-&;@n9 zGIGT8S|nkuhXecUv)u-LnU`5EViszA-&x=k&-C$)wN^}E90n0-8WxwUepG((P=8(k z(OL|-+IK8`PrXmO)_}RizUaihxlY)guQe8Y(=Si7(sJgick?k1$@gbTd$p%d&Ul{g zqj<7@}*NP`(fBHG|v+)4x+)3Rdr` z2|am7`V_A%5-+NrDFX6rZu`n@?h{dFq+szM#kIz&cHc(FHB69?Gf=XJLi$we@LBpbqkc@s|Xb<(Mz8mzvj5_1qABKVrF7o`u+arKi#)!boihG4L4yN zb3`4uf1_D*G{!9!1QPn)SE2L>c6qye?p?t^+e`Gj@k%Nk7@}mYsV$xavR3DYrptr^ zp|nh&v#vg=vb!yW@@E7P*lH*1c9X;q4pDK-#(j&N%KY&s*78O@S{I@iv?cXkw?wik zPYHEDk7dp@<`=VkZJv6tMGp+&kWhX6fYF*C0qXijoB@~=P6aJ%d8tTnTA=5~`@myV z258{PHe-ylU-hf@@UME{QhrL82}$lT5EaMQMHAkBif)EPp)bXehKb|FmJZ|anOWtG6{oSm3yp=v->&p=~KSFvjvl&hmy^Fmg6iRn$Pez zb8TPTwQNnwTz3!7GGOZXD_I}KFfR5j zj4wK(geMY6|0M_((D=9f>?X<|et!#t3;#(22&4WJu?8CqW}WR04LUf*V*c@&e#0_0 zy+5mA34h%@p2Y;B%>WtmrzA`bkG)8V53OZe!qKvaen#emZMAqzWi-(8;5GWGBSpcM z0^q>>`;Cu|?|<+8^>AbEc(a!4F_TgRo^SoN<#`W3(z-YQOz?AP9QSHbCXy6%b)(C5 zi#X2lg!2IZuI(8!GgL}->6bT0Q}v0_pRs4d*=MDboA5g1?aOcZmSr};ugBL`YQMDm zqb87Nx;nmmVyE|e(ieMgaV9^oug&XNsQ_asrQ)kEjDNBB0958xF2G^k68Va0n>c z3_#L6nmA(JG=Hl9XTW?SYn?jZR zUFa?y%Bw$#Diuh26R1aqM<$4Tk4C)B>a~BFefQgZiDTfgK-am!bbxQqqkij|SpPR> zg>wA9N{1&ymP@cxMu!b+$H=-emkvbt;H2{QLM$>AbpAzR)IngneE~S=sHnW#0%g(n z<&nMZ_4$+P4fpK+9_0G__%jvm?dQF~iSa^i;F{dGtQ4=%@h>U|L!LQj&Oyf)lDvL&U@Qa>kQ6(kLPMWzBP3r0;YPXGRITaxZaB}dy>$BMvdWx2Y236w9DLcs0 zQ?C!-Sbj;zzBc5R8NHMudub^y zNeZTosys6@1*1j8K4mScOXpTdEa|8b1p+Ji1u!wf_5~}S@~HXvR#Up5XvvK@b}{q$ z=pvpUD})v%bS8MYP*QNafYG!;!})ciqBc({Ix=mU+pz97_6Adf!qyh$q42;rMW;lc zBJV{Rt83%6fiY%qQOW8=#OegrFn7%5Q!D=RUOm2p!1>uDe#{GSDz1==fp;GyxI{Fw zzi`J9e_}hE1Y?=@6i!ATe+RQ)kBN@?Dvc|syOrsBY`vY8qc|$$WG%*Jq9N>ZZH$t5 zht`qRT)M{%nvp+?*YJoj(RDoQ-3^+mZQ%HQgHR}_&bMo>wJ^tBw6jJ|Jow1;f)a$5 zj$-vB@M{tEZ=SkQGt zDYt?G_WIoB5^m1M1NpAzYZHBfTL6jtc<2D4s0}BcQ{QXvwc$prMre6GE7C@rICj&H zhh0T;<3jC;sfO)kQ}}b{Rh!w|$h&G1K-37@T0`l&zkzd>ghd$U7zd-wdeW`7D0*GR z%9%qTJah1R?TMUE*}R4qkr1iiw-JEE2>Qe^i0?13c`eUkkqT0#?w$SuZWN3F5(pJ| zk1axp01mM)f1N@$0~VPOHG7gcXFri!9&wiJTzj;(Sm}I#AIH4BAg?M)R&MIHPGg+_ zbJK;ziKt)UGWvEz1KS&vH*dPM;HrR%figMdt9pMxfwprC3Hrl+^Y^Q=kMo=WiQ3%U z)5^aIUni=Gl@k?$jiUO@DM;33FnzO%v*t3Ga8WbA7MfhPcyOm82lt?+%K=mPMXyek zcY`~$8DT5=B@hct_QKYY=VRb(uhYd59lXG+eCwN6)^{g78B|~ZezHO=HTN!=)EeUh zSj3rCh*8`eF8IUFheuHd%esshLA4oVdFWbw=FD0_AnR*&xHYDpkoqhwXUYC>Dnnxb zwoet)L`#|Ry+=lb?*yq!3<#j;L11qYpa_HxMzU&b(M9JLvX7FP%uG02ij}gHcG~3) z9QNVfmuFk4uH~FspWMcm2Aptd;W>MYlS_>aP;kya!b)zBJV+UDMelC)8{DfNJH~ zsD~N1TJ_kFn0xjNZ^99|52fEjia|Lz>2=);+q3F3&cN2c$wTTO*={R|a~@UATLl}5 zgbdkK%ne5Z%&iCN8I74#wqh3HRZw@$FARCq8QyEO#NYF&*t!bGNhsv8z~<4CGO^p3o@n{2w+UPI<<18D7!9Fhl?GHQy4zH*nz zqokbllHM~M*<{qp?8%Ms72@6OTz9zIkAN{vqgi^uHYG>QCws z^T-83reuWicB&0?qHd`+XazS6XCHf^kxowF!g;jbs7d-W_8V7Inbp|=OQBpo$x>iV zGJ;LEZ`Ve%jpRXxy+bF(J?0Q3MrHXzy|iv-!+IC!%YK|-i1}p%QJL)_b;n*!3Cn6^ zq^Sm|mDuGOUX`|YI(DfTeFfg3&Q&wZ=(v)oU1k{PlI-5dH*^{ECngp5=%9` zf7D|T8@ufmApN@jcR+csLFa{d5Zikys?kZ^>){yht4s!$7$eqg!}_t*L}JBIki}q$ zCGp$QB9HDVch7;#5p`glnO#I6VP$xn5)ufanJr+(<6dLs^SwO{7glGJ-P|?4P!K8L zA|?7DmfGV3QV5LLhuU6@qDRK?TjvPz`+ddpv*W_SjhkH5)R%U9Px0>BSp7?|Kvh-; zlHAhg%$+&-q9QiNdGxr(SkwIC-MSrPsd~TYxhc=yGc4MhQmGD z5|#jPLR5d!>k)4lCPw1;zIy%QNkB8efDuMtQOO~_-f|$;xLRC=_o3E8EcNS1 zwLZ$Q?QitXBu#7P2_ssXwKg2Q1X8x8r^xcFAA{@L_AE_MfwFU^rESv>Cr_POd)NjOIxdZd+P zrk*DEAe@D8$W(~&1PQvq1k@4C6pl|tEYU&R?GRRkO+<-nHlVroKJP9zGx_+$Wr!hT zvt-)77Wkh?39rbZ%be`EnmuaFU&?RCGFy4=kpnnIq~V~#io9vh6&Gidy|u{rsq35= ztu^FIKRa3>WMnoA9}x^+9@E!cYoN$!ohORs5|P>C<%yCgl-XfyG@f3MI-T2F)b;FM z9l}%(a%Z<6nPcA$g-@eB&6fXo;@(k-2XKKuZgh&Zh+Hv_4=~b4dE)z*?5ySQ`@lht zc?PXhI-#kFVEk<&UA>y^UZAe^{1{f~0`Jqi3C>P4b84B+fS=_WyN-$M=_)=q@zu5a zf_HkXdf#8I#&f}pyEBVg8ntken|heg|DdG7w7?%<#RsX-mtgrL#&=3|*J2*f8#v?h>RaGM0mt*95(bcv=4<&C>mZxyU6r~OcsL*D^%*H&H-hEJ8 zTU0Z6Y-mlUwfJ}@X=}>w@fsf<3p7v{hJf;T9~VI*4$mR^;yck1B#n_8lw| zM_`+DzoT>r@O@5|VfHVgGU|YghSCWM2ciQJgB%Q^`4|5cMano6dy(6b9(g9XF#~NN zSPI28eg_(N3Eo3E0xPtm60%_5WgWre1~w`ZK}??eHF+qGK(^Q<*ak%;yU2mh@lZR* zdy_I0^JP1zjN({slhsafo+4t&-daLfM!enh5G%seD=F2B<%GyTM!S(PCCC0UdfGml z5A}|kN8&efDo)Qanf{jj5-{~m=h>f~k+W)>+^__Mr;|A&Z785}B)0Pv#N&5sr@9w>X>mrVG}%LGE7&*PvJj$6-K z4}1`W2jnWT>@VlPflSlC-+vBe;(ZH3oMTcyzJ3bf3WJm%op=1nm_`bm9EGWtIT3tN zF#^94I$pB3g<4xD>*A5vGQFPXou;qEE2b0sCYR4XWk*!r>XF`Z-%WUFv_!0@IbDJ> zbi{?3w}>W2!6%%%EqjU739XINo`=iVg!S5k$ zU&hQ`(>`?ciN`^(T>gBbQq}y?(NeTzYkKfLTB6gf-Ijro!}2EqQF<#$$9MCPT}P>pZHe&sQxy3Sc#j?0bB5)ccg?PfBgUMK&eBOFKi`y=rN5 z5Q9dFWIJvXq=^(6n6U(#k<7+*{>2@I-EO!YtFh`>p9ETqa><{S;D@nZ2*Geg$m$50 zJH#hnP1<{C%2CntHccvQ_$S5QaN!oV-$?i;vt}-I4ytOtd2UCT)mC`@E%I>O%i~bD z*&}DRhKfDgV+$-1y%ODXKwVGz54^-9_PQjQBn*#e-= zj>C#UVcXGbgI4>hbzaT4Sr0eu%C=p)%6Vk*8nRs zBc@LSm!gkN{RyKZpMo!A26Qwc(kVX@xoMa1sdx1>t7@IXJPe+smy2gCs(Qg(l89wX z?$SpvOnEymkEO3^VU%B$SGL^cLWeqNHnAG~n{yf@d;u`P80vu~3NulU{8A%1%OW-I4b_hTX zcs2Ak-!+&h*9f`!8#ji-vPADk|58Gel>_ahIQQ_peQ~gzvaha}T(BOVDq4;(g*Mb+3zt*G5FW$)6eWq4Y0pMwR1q7JJ2NdW7FZUeP61OO9i9=YL2Zii>c4)H z#1{YiH(y2$$dthBN~)D169VDsnd}YDuOjeVJEF_27FdFX+ifT@goO(gb)!Gf!J9gq=n`qlyE(xP%;1qQIW?^iogL4bpf8;#+u?f4)ez(|2q(_ z$UAm=md99(r|KL2@K16E<3=H+?F?=lc};aEQna5EJ634 zJ&a?D7ZUf0i7~F5nQ!$%9yH#|<>;TDH?f#p(g7xq<)DwY^wA~%QbRurDTg}vvrph{ z*R#((>z9iVI8hMC0FJ(ltHX1iU=WMgS}5&4ZL^h*G9-bVf64_adYu~L#ejButl!NE zorBsbN5nvxM#&Cn0atpXMUuYo5&6<~^dn5lX%;0Sc1R{V?m$q|yB0!+B2tGKdWQ}~ z4c7Df+TEWxg9XY%pPp|TS`=r+o>fGT4^WKzq&d^E&0r4*345OLJp7hn9XMxpTLXmb zL0neU2?@D`?x>ptc#$kV1l*zvaRu2IL&B*BwTN)!K+1>!=+N~k2%l3Iq`rgwu?G0@ zh`$GvL?_TWt7t|>7e{G}!}3B%%vlY){fMMeluc`%LG-RjkhVXiK$dp;EF{oCzQhcNadCOl?oHg5!;*gLM28|aXdRl=+QE>qeM5o#OLBU z$f(Gq7?(&pW3<6?W;r=^Xz$qKPorU3V`^JmQ3r>O6t z0;@13o)nkJ9rB7CY##rfW|mxpLE9D!7jm8*aw}X2TL1(7rPU1e z@W2*Ds=&VbBhV359%@7ukG2PK269z3afDa=Yec$zFjtX&QA|1koNJd9nFrz!(hAB^ z&U$i}^o%pw265EHDpg4pbKKqp4KWdB05(G;DovBbv!i;_v0m0;1B_g_{mrK6$dL$gh^i!q-Ef(_d4}{L#N!ho9~?hQ7k%d^q^G|43rzKoprGVFBb& zn$ocG$r54BI>CJ2KFLV2C3;OVxT_giLV@Jd%^(evz zukGJp3TC`d*HKm=X4wda=Rc<2tMC`##;M#;1f0DKQESP8$W2ol1CNmXX@J z-fkbku{?9D-q)anV;b`xqz{CZeL@6L@!3_atHumPLbm^_zPE89S!~uYMC)xQN$8@y zpK@fgLF1}7bagvStK#nC^^O&74!NY|-MxMBXc1PPAaE5Nvu81bG_&N<=UL0$WnHxF z(ftJTB#gq_?cc`Tz}R#~0E?Z9?A?_XAHHqrDqS6XxR{^GZnjvt^ql+?8>~;k#Il8t zp^hcBro-Tr)7UUmx;vhF? zdMvRh>S!p{_R0vFxo6BFR(wSPO zGSsFOfmIu<)FMh0cFMi~RAO4t#NL+Sm3~6gxmEZ_was%mwtL5pb}`<#yAEVmBf1#^ z9cDXOw`5jeMeHnGXG%XvpJSS2lay(z8<-dvduL&Ha}-@ar&sUslccZ{Pv$KNZc3x#X`g+c%nxybf%sqR%ns*m87+0C~uNAI6 zsZ8;U#0%Hc!})2mdxN4lCN-LdSEXN*sogcRb*TTNR6!{s=|x~VSr_(u(-AL3Sy3TYn%_Q)(#z-P6n`R!^P3@$xmxCSi7;MEzSPL@EXtQ;@kx!V%VnP*p5Yo z<#V((os{EYgavZx4UQJtDbFa?V90go*SvPBzc%5Nc+y+1iN$e~(lEaU5k4yE8dsSH z0BCkA0{}bCT-wYQNm+|#T$7U0n_K5mbQE@wdj@oD0y1t85*Qb`656!Ku4gs~n945Z z>8LaR#o3^3C$7)NU8#wNomKT?tKc~|k*zG{MpJO6fwTsS&ZMzC`(P^^;l_5fedDt` zI%#&-9T*VH@L@qj6FKzqr)}JAq}rJb!SS7;a6|MsuGS$1rqt8(=6cR{*@N)GlHFl^ zovt7{XsgbOIdX8AUf;}yj={TujYva}$hSJVY=5b=u){>d<-3GnWRs7V@mjBKhQ~aU zv9PRt0ny2T^HO>HwHoG)kB;hF>TB+{3|1Z(=W$4*Nqo1WmS`DdgJQx2!0^t1Vr^TtEIiBmCFYGbV|Ddlx=##)HCvjFzF@ zC*obwH(xFo$*i@b;#}Jm9rNdH3f^~+z8sV8WB1vR1Yl1}6wV0&&GFtVBj`ckM}*u$ z;b=cO<}PuaWT?L%2n&$8A>}n4NZR2Ic*7|u{}zIcb0IuPqnw>NcCw_Q=Uq(hVozNL zis(ODAz+}l+)V_}49sQOBv=S31()#N;{pD~(4)wy=)gZevxp>t5qU0M5?$$pfw5Hm z&UpyW3}wDt43SUxnkYST9)sfdEhCZAZg8b9{6dF2?qQW!w~BOoJKCN++MoYurM6;m zTU}hey*BWS-6&d(WwDKi+}#Yj>lkxgU^E#mB3iS|fOb<(Xm0WE>ydvQ@DPeS{Ad(ckrY4*R z)>aJhw5~#N_U;&j_ry#8RLM!2ibrrHpmC-jF+9qU|%n(}F$AnsIcuuPER={`&$nDPe)LUUR z-qFk|R}6inMrV(6(Yh6BTU0%=o}$wYAUBDQvG(nx-?r*(>nL@^illtz(F++++b z1a3thoe53`T$&0pt{f)Y_-2tdJ=kQ}aSX*VZz6e&XgAK%Wb3D(( zW9C->8M`Tbfa3|WSVL8+S^DejZnE)cm3f&xh-5r-ro6n=OotJvG+v9c348Sp805CU zkM2uv>K1*laJS~?rFet#DH`Bzh0^qqY!eSoSF*zpfl^t4_R=GYosUJMW+9}FK{ofK z;{`*TK8B8@-0`H6{qDEk-CeM{Hs-0@H*ZazJCuic9XL;;3VyG4^L3XlNppPGuD=#N zc8$;GGdBb^YjVDy)f?yu?F4J_XR>B{bW}(fXhreNISecCb1W=-w4BvxKFvHN!IM*K z_uIMI|77ab&42d*+X@}f(T2*=AOXOu-e`7|NDV*)mwoX|kR)}tq&po$Da;jZk5GVV za7D}f24z`VQ5cWx9NsxoVe$=B|6W+oX!LwS=n(40@7mm(=Kfp309PEn7sB-!v3=e? znxww&me&#quSpYu$>Y+dx!2Q(L#O#`qFeB|N6dA^ha}yCgoC%M_Z+A?f$a*@QVqjJ z!g}6?UBH^7hP?MQ`K0KY&ZxdkN+@G&aE}dOS=}l}2ZmEl86mO^G&600SFH->)l%OC z2%vqkO~(2!Qj8GooB2&cEOV~g=ico8er!9zZG&$)TW^;PP-z!fk`GX88>-;@dZ(-h zf?!_g=Y)$+KG-*(YyFU2#%87ly&_MS<0a4al$-LJY=4_sS5~_U_&S-unBVBB#rUaU zRVqZd4Cdhnc8mVh&_q|G2w-b*8I3BRhZ3ZE{3o&x= zuN;zqL~**>Np)M4#-Sm45}vV5Md9=i?Un1ov5otky0|y?Sg`DzOifDbCXMVNpBJf+%sd#8UR)IoUv<- z?~@hf6;0kgzOlP#)z&SVLAMG~Q~Z3yAg{a;6$%9-7Z>T!%R%XyYZGxHT^cNXQhdX? zuET_EuFMXa1Ft@{Zu=DFt4_VKSzYS22p)*@>6J3y>948{q@{e&L!2gEple(Av*Gl1 z1!(UOltT7vU6Q!hT&K zet4wfCGEaLpf+Vq?74uV>FR{k79}C~AxU!z8d21gRY$buQU$1HFhMMt*b-MI@z9E!@fj_YK8`FaUowy8*Wu+zIeEQlw!n&kqQUIT zv5Vi=Qu`-h>RJ zNtKw26QR-3r1=L23|5@XhE_?*t_*LQ{+uYOJ{rmNz=kuS3O={TcZt}U$0xI=Wc?QIUI%l6!f)V(y7_EwcCXc-`8w`FY`ZEqs*H5@+$miFv4wT!QNz z+puNLj46{+73WBDW(~-*D~cl3N}k}9ZnDVM(<2v4R8``VZfuu)bVPz*g6sS%muS&T zdE${Fx-RSsEl?r8ubd+BNZbd}Y(la^T3e`;kVdvbAon=p&NKJ%NSsk(`d1wD9mG>_ z+fJ^U{>vgUdRNq6Q72VONeDL0gDDC*j1oe)-cAB; zjI>KWiZ^RO!^SWti#S(;V(82<0eQ7QcExr%t5mRH?^PjGA*o#pZK9MPh6(Q524ddc zzjodO!Z%w`mvCNAOU?nRsp{`O!d;8&6!7KE?i>)OXQsSi_e(w?e_2Qi=-yu+9Ue>o znBNi|I4hZ|p1P1_*1X?$Vb3sIV^6vqTb~R!&z%*7ygb}5(u9A+163l8Dv^=O{|7Yb z0uHZAcfmA?cbF!4QBJQrA;%0UvKY)ne4Z*4vR;xJhldk?Q*IurzLHU!Bqyq&*&^fP zfMh7#j7r6P#t`of-7^p9*f!buY<<%OMg>?axk2#myxwoy{~w|y`>g$>g`~-mD(jU| zdN=rAu3R}}XhLG*p*xZ7(f4lVP<L}hd?JMm`C$JGf5zmDWch$o~n$g z9Oj6HVs$`@`BoV!^VFaMGZOtUe1aej>qoYzi`DG?=I%~ zD&Iv9NLr98qeH=)vA%}HZ+$lnevm_bczM|faiLc<%Z9?CR)+75fg2jk*ctw`eNvGJ zq#5$SN+6v34hRTgpXL%}rxFxnSD1-ga5Vd><^91B5yV(cNW5r$!gnM6Ooy78C8nzR z@*9!08un#v$X^ro_3;o!$#DQ`ahvJum&HnLadi*yKq7q|xoF^m4mm6U69{h#*+hCD zHdar70=9ogNZjEO^9)M1@In)-cK1&1ND->M%x*!Va`@8u-S0J@fRF2VFR)rqu3I)c z$B5*C6T_dArr_r~$)5&E*sBg)Qnfq0FQCSa8Vm&?CUd3;9x$Q5oUzQ=;rZSNu$1qK z4H&@x%5%Fp1$+SfN9j(W`(3t}bDIri-P1VNz5GObM-&)d zBjWdn!mlbRra{bo7V$5!`P8v4FSyQYl&`&l(0^ zi8F-UGspKKxcj^hRpsQ+cARJQ-&It2vxbK5!!LvDylM{h%*eqOHE)ZUL5SiWK}Z}c zxk3c%)*jqqoHrYx7hLoCR7z4umPra$n4!QvKji2&is)P^Hf5r{!y6202*Qm3^x!cc zJ@opq2zv3zoQ}lg`)3qEDTaPu@dt*yqX(=s-9WzxtfVK`_!@muF&aKeQ`^5Dr!f}Y z;0`zsACrnP(Iz`nsN}3lZa~ogwEkNI>qh%iR?QYCYG6N6Nw1R)jOUf;)D1_4NsNXG zy8sJ@ApFN7J`orAJn}E+g~xc)M6tTrK?SDR0c}(rrMDvUZ*7dl4{)j3q5!FhFLOuj zZ#K!=f<(xKJ#*-Cy4RD{7_dal71Ifh+Buvtp6tr~%d9zv2!Z*&-RO$KsSZjSRAOajU1M9;l+2r33wq_`IS+ll;)|Gvd+leAu=3M2l>M*qnC2&_pYZi^(T{z#uR63a2K9 zEGn-m^1cHv{8q@v?0wLz7`eM2;=M;1zZG6ip~quGmlS*Imeio_61%P_VuqpFlftFC zp6`=hfZ^#2^c~C#6y1QJpJ)Q+Miy<~1lS=29V64VdQ&$&O7<<`1S{3*ER6Qx&m!xC zCmcg;xw`LW@PSd7rj|}y`~Vp(U7VB)q~>wt4J~xIom~clVWQV{PSJzEj+5W46non~ zsGWFn5pj+>IcD)NRFOA3q>E0yqXn5F?026ss!aMpbVfms5z#mPq&x}?+Mk#i@}vLy zOz||j+)M_`7b~Sw2wQ3WDP%YvURb4lE*coT1X4D~#zUL^P3v?ox%3^ao%X z!pjchUwQsFnre5fRQc;i<{D?w28m=-G{xiSVyP1Sf|a4jH3tqIAk$Tb3Q(X-{0_ao4*8e`QBri{9kXr=hYVQ{nfphHJTd-8hOJ@~nK+1EaP zZ=UvkzegkY@0W)?r(rqeexn?zy<>RtHE$aSNIx3_-rwIF6H&@)nQYV_>+9~#2exlV zT>=C*c??4Z31$+XZKDeq^KPRDO_c1i;V@lzY0P*FFu?SdGapt%1>>poaM~@ucl6g? z$HGwQNrOUT-ZiLWo=g5#W3_i{?wyjk81GlCITZEN(i&0X_PJ$eY2yr4z}KztFOM5= zNVJgtY_7JWV>&&|nPR1p6fGheJI&fxkc80B4 z5x3p;=tGqUS@}7KHaC?$MtoH|m46PvCKO@)HCS(}!Mn(^%op0oKvl4UgYJ7Bs4 zXF)3Hs4%vi02HL)f4D>Rqp%g!wp<%KXPV)Np$K9eU09<;-HJqkIwab+K*NFoH-s0W zuY6EpKza{Ir~y^mz~C)wJ3MELljT?x#N1-qlV_pZrMvmKpZ=*{2@@89_fidZITWdI zmGBp&-Qk!kM?KcVoLwtwlJ)V^T1BG`cU5yh3;dzXwqcXzE1iEo^HeX*SFF@vE7iWj zzI}c#R7td2)8(z%Y?sGEs#arW0l8$)n;SJt#dBl=`vSkdTHkh7J~S8q(w(J94%}N+ z9ur@6{A{37^mpTee}jvWvXBTJY<%<8s9qF@VSO;uCfpH|d+e8DfuvxX5dW!qjR);} zL#G=rlDWpGo_XmOACqDyQCe9h#ym&btf8GKPPT`?2#go_CWXUW9ei7w0=NPQ@Z*vp zgQRrCclO*oM0|@XOD}z1%VvM>?YxD%P>u9#1ioAb<70~TJyI$Y}ec;xBp$lnZ; z=eTt^i&BDqd*eLz*@$qbePl1u{#-pue&Q?IHVM^ALvBXNBAg?LM`A)pfdOMJSb*qa zC5-VOKFrxQp{m%6GOABzhtu7s3eoeLfdp?~fwZAwb!Ee8U!UB!UnQ=c6Dz1=sdKgL z+a>hN?T)fU=lH!D+!@^6RgLNM8l7VA`P?xfZB4GP=-8ic_e)xE9*FzR;tEPSMSN}A{2gGX6`d3 z6Nzm^`7udGhy~fwGr(-8w(B65XT!DK$w&tpN*YF(>_lqXb!`7xs*n%GusxpO<&$vJR;+>w*T&UE6+sjOo8#n7wP) z=wJKBEnkM^Z!*rzAsY{_sJJbVCk9ZNA_ZfZVqyAuE{vA5rk@4DHI{RfN6Lyz5hOV< zb&f)I+P|aY@AKdEo>5PYP9>BrsC~8`hJvNGiE!0aZQJ3__!DjbI~#_6T!EuG=)1QM zKd)j6J3}IP**t!#__L}xmOHvadhvD6FqeD##mVd8`7^Y;aS*pC`m2=h%AwkdsVF3whv><^!CH>4GM*E?z) z6P0KN7P9!SL)7)B9?W(?!``!NBsfn{CAq(pu~1d3hq0o*LK5HT3w9ZalyyC*k7Jh+ zx`klwFv?ll+$JZ@<{d-9^jR=WGr#$&k^^h2xz#<-KsQ91lFnTG_1v2lxCFI~tO#;R z$oWhTQ$LVbTZxyPjGQ>Z7MTHN(NYs1Q^7@pg2cvp*32?9c?-)fc_@(2lc`29M=fF) z?q@EjM)L~bm}7zlo%>(bj!q}((Cu0OBl_978I4~RG`PMg=PhHSNb1xNi@D_AyGlTe zXU*uLjXnYA;NOvLw%&>tIIBT$N8T$THX17C7`7knwV=nUIc;F;rP)sz2TWe0)j>3{ zMNq$_lj=fbIbPIz{#FN>K40W$IKCPP65!Nm!pYE2n*S1VC`s%v`#BrO0Ltu?sm3{4 z99oDxz5TZ?co7Owbm%R-^{$39R{U?_Ha@^S+BKH7#wI$B)0aX7<(>S&sKsFEN|2)j zYfEN%7YLpUk_fUeJkT#b5);cFl#dQGA|^z`vGT;vVQ9(ZwB#gZfsujX!87ij0XhmfSb`|x(fa}DzKfR<`r4vuWEy!dORE3e@A(a?kEBYR#sZKQmV7R2AGzq_A=hdCjFMOWh>Uacr>6YT7fjs zt*(UM{)_djDnk=UBWELpi@UlH+Vo9PhZ-l|_i9(S6 zz-?oe6Z{qQPw92>G+^Ak@>@+{)>CJboC=i9F_uiLPqu$2N(vhoJI3$|QUKGMk12Nu zx$v*EfI9W14eIY;6m0Lt&!EcZN5<*GDqVyI7)RZ5g~Gz-6$~e3QlX&NHy=T zfGTm-x#Svc11jOCW>A9^Q$WMQ);6J9DA zt8v?cRS8}0e55w->y^|TF5DTeAqE&$r4&<-7`G#jkd0(UK^f6q1vlGdO`i<=9Kf#W z8b+3pk^N1=ZxB))$CK3dEjiDl$(zEXG$L5=kV@b!SVUBBll?~Xv!kpIV`Y+fa0Dn* zJF~$jgIw9npUCo1sl}gw&+H6CqZc??Gb#pU|979Lj`Qn3QR0q)QWL@@kQzW`0+a;3 zo@Ss4dR?1XSvxby8B3@T9Jnx{9Z%1mOCIjAIqIlyHBdcLCM-Z|&%`(1-Z~>C<$Bq`_@sb$_)fUK7>}FFdr8VOHtsTq|KY$ksgP= zRJBjKlo1>4*8-#oBG(j67LDHmkD9M-a+-O7=_+r@P0c#^q`~6qa?BJjdpx5=lq5t#@u$1-0O+ivtAPGl zb-$Uw%SoKQ90lj{F}z5l8XZNOJ~pZaaeIQMB+qpixZ?{{bn+C(1JEMx5IcG`VV+9c;*&$Rrjk_wa8Kzq1e2ir|V2O9zagTV5=1j z2YHJSjiIhb70S}aVM5e|Z0ed&VSQ)vM5zy`7#y25Wp6zzb+~$FI>yYv97BDZXKvI) z`MzP>UcuAzC4uUv#ffvzR*_`qvupw^a446F5iHsIYl!1hfo+=!UEfBw>vtZ!4Ya#X zJl-kEEmM*yqqA+9cQvXkNMH&zlOwKCd9Yth_jB%;FT75X_ZY;oB7Wrw(X_hN>b6z1 zy-3byF&CkH)Ik=OdYb-I@~2_ulQh&w@~jTq*M^_wAywIP@m`5);cD|FKMWUOZbaPK zmJz_svruJWJbr99Vx7pCuNb$YfM?lKH)ZM`l=IQQB_b8P%Vw`}~+ z5#Y~dC3QG?Dc?J9tnc0T0Nk!M8cx^yjq(HeJ!8Ptt#i$aNe-kzxfs~B6Y*o4Zf>jX z0xRz(t#vit-e^jg`^)HI*Bi|}m!`_Mv4_LZYqL{ymBV10`8W|m*hTt>bqXN?862sn?(efm+V0uyVTBKK$+4!{$8*fmW?+FB| zg`OHJ*Sf|wa&rxcY`-kS+*LT-mDy}xON%Chl0hTG+5`l1WHft*8o<;G2#W#yh1Rt^ z$LF7eLyTono2HuLeU0I7geL5=WtPkMtYNGJOCS9S9mS%|i8bdTHeLtMTiH+R<)-;# zV6BPIolcM7<8RQn0>$V3G*>e?>uON@_|9IKp0RaY>xC&VZ#t>0g_`t`30E77?2Y+a zben~=wpzBPfv{tDJuO1TjYBdQ>M9=*B+BDy@okcoiz1QBSwd6`>;!>NKbL966}{@= zg@^*7OG+x?w&PgyB+Trl8;uB@UR(MehN#M8B~%LSEig1P+V@Wo=L>WS$+3bAE0upb$kGpsj@og-01He^p$giAEaOFs-CihdQJi3;ylpD770ySL$$bO zJ)k|zAsq|0KihIZu$9JBRpwhEWjDa?f9iY5Uf(IKZe{;LlkdRl&i!4j|FyPA$WsNP zHN+NVP=*V-#(HRZ!ZWjchp0;yDCP0;za+Q4P5_6_rkn3uf80Stl7u?cXstO^g4JqX zLDzd0;eTx~FOg=OOK-0)O(<&&7`5t_;w|W9kL#yHG|x}&kLy|)z0a9ut!4bM0%+9@ zpb2+5EZ070{?!5hsL9aJn^EkeY{4~-wU6fLh$@zM&EXMt)YJZX@GQx$s!7zps-g$x zK8Praw@Z!5Xa15MF6KYDy|Akc_9(o#M+ZSKb8%CfoI@kp80Y7#s8c%;%*S6nD`rr< zy^VDD!8g%H8ufwhp`KuY`}ZBi%Fe=iy4i^PRtP109PtwZYYZ; zb2c))&89Q4_Gx8j(O7%nK;gBr9rxMrq&M%~@LVP*f&}^5^89RhwkOnQ%hUPsv*p=p z;NJhBc}J(gi@wCg5OOEc=T8^M5>*I|N(|BQM02ghN^XPoDn{~M;J&8|IM|1^+q;xc za0z2qFTVy$SAz_8uJ+C8*{@C{r8Qlfja@J9OIo@<7#pu!*tGuE2Z6@@7O(+g1@l)p zgH@nc{ieyG+Gw!+zzs*YRp5YruV$g|IAA%E1FY?q3N)wfr?{?d5fK>Up-FbTq{!k? z6JU3wT@8bN`&s%klWZ89j3;GNc2ks(465%c%$e`8EK1RD7g3oXh!VDlq$>Ydz@SHQ zbddtyF|4IQh2nh10C0A#5YG}L!n+fBQF(4hl5e(0V_=gRo5E8rJgE;31Ro&p)`H|F z_H(0C-#W$}%>ERQpEK&RWd{GkGG5u^(0`Ve)t(pvM^@tTdI8SL=%~_Y%4C&~kO+dD zR;J3wgJ_S^y74WJHH*(WH99OweoY zQS1o*PjrJ%?i#B_?2>g?uq#{SwZXnQNE8v1`6M$ghgGAfMAE~r9(=vUYKfi7{3e^` z@tB|LnpD-i+}Yl~xw#q4Wa8veKHC-rx5o)A52ocHF6VFmJ00&n`QnR5HK9>8p$3MM z_@sC1-mNq<+t0PsVENTvQkQjQYB+G7MFF?B@9f1v&F^1&;a z)5kY?x4yJvZ8t_SOG&8?x``w8dYUPtds<#}OdEuE<8exgiM`9GwmqLsDm@&0Ie2hi z=p!~al}(X>{mk=eQH%z+EMm%w9gk;e1~e|v#|1K)#T6v%gb{w!W$9Lw60b4MsL-Or z2A42M2o&3)Y<;6C-t~uc$oVl#y4;V>tuA#i*tF-T@m7HL zTXINU*_>Xsyy#s#{&=f%b;iQz>XsrRBe+3r@4)F?BD9>ef3A`&Dag1}`SP^dDB`cv zX>x_3DrJsJ8R>!i;V+Pd%=dsHopW&5%dDc&?BXr@s+~RT82o*>@59!X5S$>_= z2njrrKpj>&`J+B8dhi}i0|n?JF0j!@1&d?Pfk3g5!r`5=R8a+Q^msuMi9xm(A7Nk| z@frt*Pw>?hKTGDAzMYm6!|!Q9;N(g*DlnAmN;tP%)D<4SN$01Sa=Zj%jWSnRBMbb2 zPUY6~!0h@>T=EcWVnde7MT#>P6h(1joSA9BO$HrA!z7XR$T%OBmO(Pd7E5fA2Z(`4 z+rDC?6uFk*r~bUWO4wp3Rrg=xssWRzP)a;BI5GGP)>a^t%1O?X`I&vvrD%((VbIKc zXMPLatEysbr+5~=3QJW^u#OLI^EidZ2*{J5>oTMae7T=l>K!5;=vaXb?!w^9~b zvWS!qDh4zVI1B^PdV1TQqDFDkMyPm!xI(HPkl$8&KK#Cj=actsrHLR$)(+co>ZsdL z2!{dQ3|^uq$bLaL7aUSE2)rRmPWDd5bVJ6u! zY;+1(zU44JmgQ(c3@qLLglD#a0Mr-GtvjMAYrffCMo&2_80J($%B(lo&lkv8uD{Y_ zo${)YHAL<*vTSdsa%YIK?ret7=D5Ho&k||H#)~RPq03xTjW#V_vFje^FaK#x#X2qQ zvmz^vj5gUhtu@<{-O{8+Eo@lw0wU3Edwa6})KilhY}R~ijvYybEql*<3-isMBN1J` z9N`64o7OCBHra%@Fd_O1wl&iFd+7h)pXL{sV$D||XubUlX|=td6*li#wcXP$8OkDd z;DvHFbKj$MgTcsB@(-|9hS8UUN3fp46d;rG_RZ>5P6Z*??%rX)iE)~os=(UL#ccnh`paWdq4lw5ou?mM}w~h z5AM@~N*jbHgU9RfCjC2UU3usyG>ksI%LlB{p|gS`=dOy^C8vksy_EFJh+j?Z;a0PB zuM$#TMQUnIueZm0FmaXjG9bam!CoXcktsa?#bavJMi-GbN!RG^X>^OZzXV)$_`Jx{ zMk`8xmgyOlZ|ohFTCRsR9xHrW3I}}j!?e;Pk?E2mc?;7OMW)tgKF`@vHN18*mJB#W zNy5yKM+4kxZOkLkVj4J{i%+xlE1qS>thFI5D>NCzvS1@8^q+%loGoU;H0Y3OtCx(f zbF=+S3Oe%CugWl2zkfQ$c?ghhqP6y{2LSO4Xv@1pI!-FOI;R~V2Ffu17``^Rlil-sw_3kHY)DG7+*LFNWQf96#`>ZY^$}EO z!o0!NTa}I$)3}HR$A{;U1f*1S!Gi?lHNT*TDdRbsOlrR{611w1m%>|a@FJlI#8#Pd z5$-n72D8+qVOp^=w5R3@d}N&TP^HJ-*AX8@Wi*(3bNl$-6ltp^%o_)sIsKm zz7+MgXXzEY)vSNDNXN_`M-fnl1dr;2~v(6A@fAN<|Wvxm1?vEWW~|C^4wyQmn~iP#s_1=Ww@$wxm_t z4MwYBz?_d`G%F5?H;^2lj+6V@Q?LcP(@2HbptNyNjl-ZKW55hg3Y`fkh7)g-hoObf#WdL!26Hk0@%Z4hQ>)HEfx#*r+hAt`FvjiriM)r$TIyUsG1fOrT>2>CGUCU6vWNSb*@sk zk@1H7Pwi=2N_-I_qaG zl6W~)Ow{1lXS2(hQ%~BuVKQ122|H^>TWrP=K}1blMH)_km|T<*`?f!ci%kMa2e)96_A~kxm~F%})Az10d^e8Rq63%FnTfy_!8ed(g|uHb zF&Y@Rt@NGm92Vw9qHc3usO0h-g_Q2h;n!C4BicGxK?2S*lXN_WhF|JMUTx^#ta8Rt z%MIhJS(0CxT$-?0nS0TGk>HIpaaM~Y-OG*r9494h@HzeEXN78j^u*1@rAb|F((p@y zjRH73)6yjbJ~Zz=b)1RM3Rz%HTDzxbz3HYoB!fE5CtrOI?|Yn)6@T)HDlZc^DEsm{ zPsgwL(NDRIX17rq{cTMY9z@vN7*Y732b6eR@(t7^g!(lZINK6Y9)}fZ1kS|re*_8X zNW?@YlH_v_W^4Bv&r;%D_8^EEaRnh+p;u5obsp`HXWmZzg#EHSV6%QPF~G3GNd|Q09vQ?pum~tGC!-HL&dy%q(ss&@xAT)eYAW&;6Cb3#>3kAr zi&;{nqmyi^WfkT1c{B}OUYlm4=>j#JR!KwM2Y(;*_b>r?y1*^DQonpD zD$%E+kpg<6Zel|JvF7wwO&l?-hUpCSf3YvCvx5As4wf9Zup*vRbWQA(E`yx`R&0q4 z^rw*I98fCozUMjHoI!U#VtJWo)#gt0a4VW_MMu6)AHJnFZB!0O?Fu4Rbla4M7C*RZ zu#$Q1SQ|Ev9yw#P5MglXK|9YS6%@k>d@vCk(0JtHiX7{*G2W1Iz}cCWeVzUAOljZd zBKXCtrOivVd7?DE58@}Ri(%z%FW;AQ9CVd1K3KL=izO2l0lm=yBZGKkpjKQ{oUy6KMV#BA3gGA&UlF>Uv0cLoVNzG ztuQ|W@Rwf<246pD1NU73wFdyeSAXNRp4P&!wb+WyX0JLlA3q)po_yH`O&{?d0*b3v ze)#AylD<`SYe^bnRI{TF-(jmA+~w&^@y`+dd4PXToWt7&AL-wI4QD9wG^hZ^qY-js z&ANeG(-wns!|2jUa;OU)b#$83fkSU{&Q_a^SBv zEwTwq53701PM<{wvmejsvrJ-YnHVtYpfo=;HjkOwmle5PgDc_8Fd}F#hC{231(+l7 z@($1)y=Zr?@6?Ps`^UTS#VEPlI(e~skk6nX#uMxV1IX`l6g+m9bg&<&eH64I(`d$ z{6Oc+3L3eh2%IpOY8(2mTwLpB)~a!-r?|1>bkKIxmh6^Z;wh3PK=` zlN-6+glRr#Xu90o*hi8Q$CiV=qKI!XOsM+}qN#wXlWK??TWCrowbjipc7!D>4}xin zF59MW_oL2k2M77^EetRYp%sj3fnWr3DLy#L#>v~0ONP`YUeKK4Wv6LTR_wN9Jfp97 z10T|J2okr{`VT>@&_uw%s<7jd@W|L^t03%PZ#*VQp)6nV)htW~@qlY2f?8)mT@NjX#_`N5Z+0=mufoQ>E1-vWVy#qFx zh3pi)Sy%4=;H7b57z8@|*}Z{$9<0wxTv)IshP zU+hVWPY@w3Po5(DGAO88goOIK6dGZ=uyI_9Dm=d?qQjGFwnc@{SA8Nz->L@83J!$# ze4CNg*!#T6$o%0W-(ti@V?UpPy^|F0K`@4{I(?c>;j8|;KgNrdYay*d4T+iC+|-?f zuv(JyV45^3wP?Ln0S07ks|#F%QngW{)=LdGBz~#kkr=EvNeuSUmKaMmUoXs8735wd zGy$$gwQaMi1~sg{wrYAcp}mU0cA7T?wGa({QEk+1b)UqNV$5uy`BsU$fNyoT#PSXB ze@wZ1mf#Kp(3e@^Kcv-!pUGtV6ZK1VRvR~51pv0Yn!K$F+5=aB(o3;%PkS1;!LA(p z2KebciOjw->rlR?;zsT#!5Q@M7}}) zfLoR$p?ef&>X7zN*$=ceh7lFh^i9G}4$P+*?13y~f@54N`-MR+Nj&~<9X7iykNn!T zt10Z_V1JUs689kC`L6N|w0^JipMOgzPtSiI=X$pBjUp*gr~ttySb32SKofu@f0`Ez zP;UeD(G(A1&*X7zj?b2{_T~{v1PJrx9sjvh@@h>}B)E|F&YjjX$2GEO>*)Z5_XGy$kv(%bp>~1n{Nt}$_o?4~ z)Q<%&d;1IwgSM%qy**=$+3Wn&LH_uC$NTanzWXo#yI1(`kN$VR;Jg3zzk7%8{zGsh z`zyRA!u#{iH@HanyAQ9lV7o^>u|LYdG!hy`ZYh`)Wuoz9{P*vs`Ne8D zZIzINR+Ew6!Ea&%&?*GR=c6ya@c;b81N6RvdJgu)fS8Y&zb~?sPQ-ydiVc=M(M2C} z_oXk}`H}yOu{=E9inVuiGJthS0xhvPwjT9=(&68od0Yag&5+W6#bLSOO$!f7rlCr$77+}DO zt^qnvW^+statC7X&FXIg!)V{z&WCo`5)B`kn z*bDofq<0!Q^fA*1l>3=D0NTo9jX0wm_GxKa#xvF<;e*-@`KvvnjZdFD96M}53u~sX z-c&byT>^KN@vi6{!N>9q3jDk-xjT)YumE(dqj(B-%J`P$zbR?-wAXb*=;!Da5u`Jn zGmap6dE~)PO3uZvT}p6->yT_>EWH|Xmre?Y#hPx?leR<0<+Hn8BD)+O%=-AqNRZvK zb{v++Ls&nb04kR4w04Y^!^X9~J~Bcc`|TrRq}hL;1SVuZt{s!*vEkO|CxD4*yRIFf z<&e>=-;a!mvY*$Ai2AaY;2ZAz3V0^O?)w=zPXmv&8RpV+BUZl0$0bIRfLCFUkHR-gZ|8M zH{RTz$C(Fxf|cw!e~(Z?{foBC_&T{nC=y-(RSf`9eThJJYM@b&>iWXt=` zSa3gs{=$F6LKbuajM{jsf}X0{Eo80DK+wEa0@**wu6J&b(uG;}oz2NBODlZLz%cn? zL;g}fiX!^l0S{%N#t4Pcs&;wc(H0WCr` zR+i^Fl%Pa!kl6UJ0Y1`_&kNCW5LdAhKgP|kQv9IU*#lX5f!E-srMeagljMvhadwrI z;v(<)e41kBVHby5v8)&Li&K1Bh*W%BvC4#}OwWg%T1k=;^u}wJJRdc|@%dy*$g*{` z&~b9pKjXQEiEloD3Oc1D+{m9Tv{3l`L+l)W2qu45EuzGaiz_^_&fk$8Abx!)O`VM* zxgvu2GoI@pm&{|nAz~S@IQy$bn6TX2)U+XIaGR9<+69Nnk-)kaL z#AwyXS&mv6+BEve2)a9IWj+O!d61RZz`9OEn>aWdYUXQ|EW&;h*m!F!_T8p=iTI$8nZqI=KxN?vjm#J49Is7{VOtmXqyeN0@zh)@u}rk zFcxBXPXvC`@pH<-g5Uz?N>8Afm7{yAhV9b z{gu%VtXn5O`B<@TsYSe=3yTumrlY~1;&K8iQ^;pEr4=;fgWol|q!oG|m$b{328%la zL+?qPrI$%5ENQRg2x)klVtV5P_VK$I$ESn$&8t_W4hHjb{4jVK^6z@*cmq0{Hq3<3 z(Q9(WFEuytapwo07^2m>8G;kUz|NsEKH5BX&mGA6=-*&h4XPXB(8oZoDGw#Iru^p) z?n)SHc!rSCi;CUFB!3cJev8}1qEZ(!j~KVwBpfu;$v>}Hel(+|f3w1_(_14C%k~Gj z-OJu=HZI5TF*#d1Yak&W!=Gf#V7fU;E=6AUOe;p2^I8JHXLZ_$rwxsC41L5APvGQC z!@LQR?t5e>|*Lmh9k)qvog0P z;aWhz=fjXrpmiv9UFT;pWpV;JzI$zblVt`s->2mjam!lY>}1o7?VAo z4u{Mwj`^la&n=3YDh`_nmR(~Ta0ZQquf+V-Jfdd}$+y2m+%-q%xjNrOnmd12bECYA z-r1`PtuEgZb*uX}OkWRh>A<{b@6=fH?F6xfU?JM)G>il>Bd3HoW`*fab>dP7wv1o+ z6+PM>#g<8Fr*+Cp^4&Bay{Va7hL`ift6({CLy+ze4HOjv&k8yvUvM6y^g^F9IlxsUR z+B3bINgmJAO|X!jq5lIQ#zh)uRlVz5>zgsOj+=$|N4eG_o}JmKwQCW=lK1AfHc_Nn z^5;O@l8e|Xd875g(25RTl)j-02Z|VQmKhU^++y6>%>h!1N8dW#4Gd?iXo)5A9K6WD z2FkB8x*U=t!IT?ff!9}4dIM|rSSb#)fB5X2=J}h&oRqhw^1aHO<7TQCMQ|Y*M1n;{ z!4-66CM`T-QpY?QoENvSP$HA3r*~p2dRZiwuWT$#-X)k;iNUbKtK87l&^eidnKSl; zz`A&_*d_!B7>;spR#Sp;tFG5q2 zY_2b+QGNMX+Rb4mzk*{Qmi3P<>mKu(+3(8_7O?5V?l8U?C+31ao$0gHJs*4z&~OBE zXHnul8|PT9B`YFW4v%nC%gG6E?j_l{NUrEB{_h_967BtrcUUsl9y05-?i6CTdzG5U z0PKPk)>BCzIJ$tjwl^Aqkt^A?&buAy>{+|A^oEG2RXFYyEQ(R`eUUHbd?~&h;D>&| zW}lRCY;X3nFS-^gbd+RXVajIqvw^N)7pD*QmcJpS9pKvBbasssnMYeR5?xW#naBvY z6Lnn#y8heU??)YRS^Q{{z*M`LB>bY&L|n{1W_!RspeTf|k!K>1C?WVd$il>#B|(cW zZlhw6p&1ec(hXDlzZ|^&=+6y@aC(!fnwLA<+v9vx4rb}7$jkh)8jSMUc9QiM<#voy zhW+gebo(7w|xbu#y|6KysQ6xohCQC@z226PXEL0 z3?&PAB$>jf>623(-!`w0jajL8_I~eSR-!og3t;${YNeNlCUF_P z0eJA|wv0xUyn1Y2TkYK8u^LRemK^A+-r)5di;^ElVz+v-vy`}tDhIR$HG~u>W+XvW7IPUsc!o&9)m zHNjcKm#90@#_LXNf$t*(k=);XK4#vT<|BiL06`AY+Al61LMym9BwTz^-SD0@0d`P_ zYIJO`JOO&NG@wTYpmu{IdD}A@J!nKa5C(kQboFfvh-KjkS~&iid)8M}Esi3gZb6Iv{017YT8U0(b_}_h#U}9fK^XwmX{UDrxObBLB&uiSmLwE9Yol~K`4CTXP$G35PkCqFg0*jAJVMSN{a zARqPvp0!QzWl4vg%;*K(5xE~{^5j?jw6>An4bM zymjgCxW3FX>(s>Jxr0U)AdF?IJyx*Ru^y|7E|$AC0)v3vB4K#&b%D5r0$r#N#Ryp0TfzHn{}36%9Xu(HfYDJ_ZV@P6#>NNsuB0ZJ%LSSn9v)dSOFfe8Wf2-Dsf zD8O%?rq*J5p)FTR%ZtAC`R3ehKOXnTWk1OF4%1@>V}Q-c+fI`(er?~b~T{jJ}QT7$C_qX#*Q*m9!QjmT1% zBFp~1V=5QZZ+r{dp%3ib>#?r%K~Aaw(;~io1@F;hXYYA-XsZ2Sv)#hkoHwmhNtF86 zx2;qOkNHVxBi9ON7*XIQ{67A$V)q_JMF3j^Emesk!8lL+0xv+I*bC!6D41L5AA$n= zbP-Rdx9b<+NF1L49x~SeESj@XI*;jq{4&B<_(|ph0E@K>2v1l~3c56gh%^Z5_t7vu zO;IWMG)1O3&f1lIw067aMVytGCp<8HrM8oIb5pBp0^^(Yhi4VtalwOuU z3e@6S)C6YrYS7DEYgK{x5ZWdHKho>fn*S#L;Y;1a@7ICmCO|7?xK0Q0M(Ja-T?=)T z!_ycj(iM}iyVXV3+3q%g@%=tHFVY#n?sd1jo4Vo+d#XK9!m9NJDHL2xTxnagL7`XV zGkot=cTM7{YtX5?HqB#gAbu}*CwfZz-=U6moupT%13T!9>O`V2@ zQpe9T49;F8A`~@CZdAK0XTDc!AwvZ;SCigq;GMNwfHZF0?D@v8Y&M{`G#Rs3 zXY48(5T;K-Z@_}uZy2b^M@7e-NF%C@nkMs#do6|mD~qAw$yA^XQa{D;D`#k(ofvjS znsyF+?|^}i#NqMi8QxzbAgSsiq6%hxgl%oKc)uvE7rJXg~c?rwI^ zx6R}fH~e{hY_T!Xj4L)f%<;E;MUS9f&#W3Tjur(a$IBo3VoL!-4G**Ho&A&Nr!USA z&yM$=A8y)=rOyC~mhydCtu^Kx(BiPol+YuAUe|{e1^C!Zv_jN&i*eutJB?YtXb_QV zZb7^Ap=nO2EGMxzWRym70O^Y}crS)`8aM>H`k>J|rE6pINe>owxOSjI!l6ksw!qeM zN8}4RwtV+N8{HP*>PFle?R?=3a;pK3vnXe%(H<}P5xQ+~BObsNrO=v;AKHjwfXYZE6)`N`2xv8*=eEtuU4kv zzPyge!;gn==U@|uOIR%_f85fyGxDnZs>5fP zD{b?9;nM-EkmXmc_gC#OuO0Rxj`j}ZxB#D_+@SX4Y~2x)7e-X>TKa}{$A74U;U|}b z@*X44O!O!~#6`g1p4odS7mctC3M>V)8>C(pr7YSeDw7dz0`q+^%dIGnE`9tXaSjW# zJ0ygM;=VEVW4MLJn>oE14~YV73PAVv8G+98zVV{Z|5XRpSi0l>UU@o&aYyL}$|r|@ z%7LH}7@l&^^+q|*SRF<~?*^Z>2eAU7s9LL0uq%c3i0-ko-CDW;=#z{UW5<_x7loxi zoM+EzwdSl)>_&yU_EDqc`dbjr4WJ7samoql;6O(92WelABEiIHHd$oEh$^CE9NgMk zMwR;2k;?PHhp)QHQMNIoq2%Fy5vN8Z$q^C9&^D9cVzm(1kiH{BuX^>SO^RCIh8KcP zsikXojw%_tDMTzXHl6I8r}j}?$)vl)-hzGcfz-_ZD|(=XwLGWP{gMsHSSem zn_W+HUCbp!rjnJlPzQi3))qY0RV`U=mu{m!%A^!6WWo;SmL%F+sSiucR#RM4P277t z5XYucJUGt|PDK~VC`Q8*tyGj1MS?aevx9IK(J@q!ugeJ(Ey?CCWz?|9RBBh*Ler1O zA9Eo>W-u-;SW-zg=j@jFZQ4*0fJ0}2NHpI{%$+-k4#ez(9w~D608~MFUa37$UYo>z zA~h?<+>tjE6JYXV3H{)JGA10w(xP_+gUgRiE#;Qn*|n z(99Cz#QwaFh9_xv&dvK5$wQhiHQiL!iqMJ{^!Epa%Vr`jCTyr1VT1l8Mkt{m0R%;=$DDJ}vfs)D$kBO{Suz>l~pkpl5j5QY? z4>}w^`r=EB2av@1mXk!p{_uDzBPz-pn~bGdol3-gX#|mH5Y=!x0?ljqhIdt5di}Iv zx*QZy!hRtAX{*ol$EB+?2VU4Ed~M@X8=2{}6TWE+pBkQ`{U*6*OzSZgEN6hARAdCtZD05JZA}N8@bQ- z1L#%C5zkG8NbLYx;E$6V!rr6m^e23y4?b+8fcjB04f>Ymv-NFVRem2M{;ezKcBQts z@N#qBZ{q>41=lzu*?es1sb?Y*Z`W4S=iho}U;R*e{lUswYpSc9!nH-k>~8MAJ0I%= zcO9gFc<8hc^zJT^4@lNmgszcy%H8`02ltM=G+KY!Q*A|M zIkW@sq;_-mz}Bzf+$Pqj?Vz54yNriDuMN!Ahlb2@KbOnYrBc_xF zU|=+-zK|5x^Gbi8koTdt$!q?o1bMkd4WEtR)$O6#sOkH-c~x)GCi zBq6#aD7wMZef~T<1|uv3B8!ra&c-+H@pp-yo%TfxP;dxFv;} zJdh&}#OjsWq}Y)vm=Ay87_5lA@`n&u10s^*I7eO2l>5epYda0e*l8g; z;t+Vh0Rn46z~E<~BkRD3xJ*q?!$IYUErC518YB&FVtHE%&v3)fg2d9sH&<*u^7@UY zpk6m4>d44alLNlO7@Y2%?L9v{KRlE7)L6&v&qc&1Kkr(Y#~epYOo|@3B)TMFCbmmx zJH;4#j))3qyrtV*_GZf_4r@-MkjJ)ZA`yGN=U}OGAYyD#<}v}@pN#pT zYTump(8v%H>!Xnyf`>|-HRjU8p<$SO1BY_%GJra%m{$sv26Ovb(rSv?do8kZto z6bZn+$&&0K3bw>NXHC(3W)A(Hciz)nXQjk^AJ_=u7s^JPPC*VOG57DJS%udU+e|4)<%-9-X{6KYek|6;aEhfaLT5Bw7|1OBpWX#|ehl;S|X;Lp#Wc>CPI| z6sFLM#cfk&dV$knAj7RZ@Zrv?&g|CsvE$D?FuOH>?S$H2{cfSVVba`p3j=S))pqo3 zhyAbh_{iBqu>;B5ct#gXg8)mIc#g%n(NVn|Ri{f~b}^_mq8n#X>F*VZxp@lwh->*< zr&R_!&3qPv)q6yxuJ&U@urc;QVZNc&F{jpr%cz;D*2l=xDw554fM6$3wd| zNzt*cGh-|UE>qf-3KEnl6b^fsj;-oyvW6kBGOTN6^-##wGgz~v{JKu-r1J3S08c%o zWAADI_DO2(%m>hhJd7nRSaaJ!p2uSNASV0_7GUEI1NBUG?dbN!-~F>#ovAW1@mhq4 zTaY5SiQ&l~=qD3GwoK3V7tf29xN9D0$-Gywf8B*vw&tnm3y;wRnz@?rD#^U8Z42;~ z#t;A+QG$P3D(}?RTWjv%MK$TO`Oud)x`?f0uHByXIr=Sq*b#ZjdVfK z=3cl~b1_31(=`k@e+~{u>NuOkO=mI1)9Os5Fz)=fs1q1-YCHHDVOn)(G$p_ff|q`F zlai^_pWVbFdQSqTSzCFdMmh_P^k+HnY0Clgd#l5jW)%tUxKJ4a@OYRVs<=8aXryrpN9g0;A%g}wRs2jg8Xyy&4 zk`!$(9aU_Yzc=l~POz9}H~R%0=2rB_RfI)eb1X$O&sj|2M6V$O`Dsi$0j(tbzZ-3l zG7WSMT(5*ri-QE(j8uEIzO_zT;uKtD>i8lr+&C*&B#hUw;O@Y~qWv$)?Ri{WC6Wer za;!F_o@ebv6>E^JFUorn7o*8mlnky0TXN4hklo+snPMGKOV4G!Q<5!CU8jo`i=i8n zqnI{7M@2#tE1uG?8a9U6xREa^nCdW9N3$_zu}e@ z&L}NMy`na1#;_s}tv*x~WY%h+Zs)-=s|}M4>SGU*E|cyuL<&$~$Y@5dJY-~2wHh*P z=U;lr3{Bw<89o=FE#3r2(uomeIS(YDA`0`Cm1Vzstvk7gAdK$wbo3^vV4hTqrh5#( z$D1zVEQ;|GHZ)!ZjHn_YWjM5+XK^T5GkT^02Aa3m9Fd9FKeJfD(KH1MONB3D+Y%uW z1SJpyi_(u5Z{G^n)H?}nl_JQf1cMZHAykn>YGdG^1bDuiR z@9nvnq)@*~rc-ul$b^;Qfkh16fx?GH#%pOxFoi~zi+-^boViGU!QZo%78!$mtBnqn z_C_r+`SJ1<;&D3MUjUV6T&8GIoNv%D<-2_OZw0S$UvWV)Oi#*R|ii5cAM{uSyulVvZ_te-`r##~=hy zGB~1^NB%J>xJ3bs$fPGntiN46WrvmP|) zfR9{5Mg19VQ*<7@9X){O;a3-Sj$M!C=09e7zIXm&`1<(d_4(P0;rZ*~-t*Uc`}-#^ zj?aC?F&Z3-L@>4E3kv#Vl;#sG;+`)%afTg6&rgGZ`hwNvo056yqpASeis7X6wVb5$ zfwvd#kNSqj;n~^A*$!dK_bNvE7Kg$mFPPoR_0?K7PX~9~@u)?>*$w%;<5BO(!$+=( ztaLti%Jb%M|MlVPzZ~qpesTPl!jqhlfhNk=@8H3lnC5r}N~1#5lX#;m6ut0tnh-JHPf+D-(upFd4BQ7gFv-SE zGbxW2^Rc{%(VChin7I^Qi?Q##%Mt}`ATPw-c!8Vl^%h@Hb8e6l41~&(;4uw+kr!Ue zqfNvMJ|AvwJ$QV#xplsG_Wj|xm|nhe%;e^o>WD#A+uQv|51)Mb)z^<7eDRnm11*S~ zt!RN^7TKE&PtKw$$Vhpk*lIcLEHjMHJmCfLOw&rbF>#45EUdwBK20mSee~tSS2Y#6 zF=}i<^p$H=hwp=8#Uio79{-7Fl<@IiX)3KMziYp%;ZzeTfDg`+lOhER9_q4@Ws*dV zDI2lmEes@G)Z_KY8 zz=*Det?;oT3WBVKPk?Cn_*qQLVI9~%vWZa7X!vNMDKmagyJ#n^LRqlGAn(j__&8gw z;t7Rmogs?OF+#8Fiu;#Ztyfv^o7bp8KILwrW~^3RLF>=Tt7#jMHR)Svy8pfR|U3B-|233yPMHB zky}!^-5+^o@CIMt?V3y5mtysQ|KY1|^g`^DYMy-;&ASE5`qq(+Si6TjElvQ9N3Xu| z6}Em-c&QhWmQ;lt(}Zg)Xbs3?(Wle+stlw37|?c#(HDg(N0WZ#xCN>-;6vL#=P6ku zA%va)LV7v%MH^H6DZ<|btpYU~@Hx!JqK+S#F8~>>5dWwUfgcPsJY^LMPkbnxC0TM) zkHnXNgi%a>QHan_1}cFXO(T?0J`Q%#O#q)i;0PJz)Hi+JvCJM=MCa;YO%pR0x8N=t zXU~RRwhogv9l6QIzOTO>CRbED?ECuL2@4R_wk0ptkAyB7RI^ebtiM4u^)(8M`M&<< z!~|E3@p--erqmQxjmdet{^soYsWYsYlWwc-FJz=}t;)?5xzKFC*7K~&>F4MNaj{)2 zcDnG^uFSuEIEcheO?1%=^LeuDRF*r; zhkeWjX2(K^r)~lBLtNlij4;t@9V0dx`_T(6oG~mf963?5@VG161vg|B|CwE?>ASs^ zbN~J~{?eZHH9r0|Ha;~JfByvN@C~e*QLy&7mg%^^piuR^Gxw$P_mp=RF6IxSrV|uG zFNGCxU;S=CuzVRhxd2B%xWA-JlsCZ1$EN&nF`LE3?T)cXWK-1I5WMel&L(-N9yA3{ zvh{XnqaDcQqaWBsp5vrq?k0u8*@A6)UFMjUQQLamvBt;z#`a~cJy}%*1rz3|z!fI* ze2wxkc|Z!hs)AhPo+eq-+c4h%uEN#3w2D0;`JLgJAWD{o2*qV@Tbl=OIywqeJ)dLU;Sm za7zCgoh&MTCFigI5&dFq=D!X__i;~|HO`zdM1-0hqZW@}P$*zA1Vic<0q%WA2&H3x zOin4zhs#x>NK3KLuG4v5eqY4%Nz@;XK=qa^bPpD$@fcG+OQLVYtY6$4{rrl)$TOBF z*=do?(lRM2XKq^Eva>mtDZEuDvIR72uY<$p+@W!y!F|VKayuC$45v`AtYG2-)74^k&MY67~ zr1*h^_z{g)1OsNYqrOn?Y*^^e^E8<4?5SR)-KKyYm)CMLqSmn5NEDhT+WmsL;-any zzUgj7-EN?2;#L#oZQ|?csc=_;WgGn*+TeUNM{vW%XvFTDCF%SW zk5kn|wR?93nZe`>-$1fQ0w@1gAa4Ji- zj>*h?s=~U1O)-f&6Oxt;8j4ZmQFB`u8I6Sw()cRNOAxQ+U|v4-Ck;S|J;6j*@pPIL zw*#;{Coq?+V6Jl$-#+5o2YmbS*O&3b%jAo|Rw*G3-J0hm<(rSne7c~RJew@R>URn; zTk4L!d$cm@KkTCl>I3)n)3VRQh`fggR@kR~C-so6a1M}%f=T#3s~w~9wWuBDVBqO* zxk4X6KJuP)JUG|4y29>B(!Y1LETRO)UaD)f6)Xa8O-#89@NSEp=0;jK=j)pRt(bQ6%Haef^na^RN>BWr( z!HS5+v12Xb&;^AktR%V)?kdK(2>GFyf}F=`p)*a2DU|(z!Pr=r-60d|2AdK*sfCsq zp|;nxcN6{8ar*XC=bat2xGtG(No+G9MY-TVOKhX@RVB8Yqxi45@q;n2W`A1Bi1%Ww z1M*cq%BR5iXdYqoM91aFuS^vVbcps$kHYh$n&jisT#T4r2VMk~fjxqQ zJzq&n)N6hrU+M5lP z_Gx(+%yVW@nT{!QjbsOH@U*de6Hq-W6i>*5z-@5Guvx67n7g5wzMG}zL7R%e4-0?w z?lBBaw-pQ)_W}a)vU8c!&teDgst1j}&09N`aFc{w2Nkl#oG`t3bfg$_wd7sBo@mYg@z-KMT zQt{cKl4rsL6{zRdYMNKyx`|jez@Dw1u}nK1%kt#Aa=i`o72D}YJPK)WP%A?9^btpceZOt~Fvm?^%Wp?9aZqqU(=AQZr5uLk&iX*>-=%}@)1qqUT0gLdnefNyJm5@%U5 z)kV)|r`8>uTH3@}vsVv1c|2K$bfw1oi`Xglc+3n)~6SuloD@&xIn#uivY$px5cEAtD-K zvn$hF3iQ`egJ#uLwIF^lUxhWHRD{6}tV<7iMsZ2~CqA-I0X@i)*y3vJw0@CnZSO+y7aBs>S>r>T)4ueiIjVcM%2Lh^@%);xZYdm)O2V zl&eDfz9P}8E_R+G0+GZ(q({aIJ7M%R8MZ-})JvCEHmwqXyFD(il4?BK3HMMBEw-ks z7)R$;Hm$8yJoQDw;yNQb?4Do342HQQVxUA$Ef7~lj=@LY0QY4hem^kfWn|%=kqFg7 zuN~Hu)-Q9+HqPl~Jr z>XPjOaj;XN+$BUqeJPwvC>p0eX_4~N5&%r=mY;$gs72+oIB>)PBNtsfvXo%p^@M1U z`*Osd>;Nhzv%I6YV6D^&jPLah{QF4`Mj=ynu=`^6HS0@A3o#Lt)u$WAP}2JGs4Uf{ zqXtlyEG|rAyf!eO)IeCSmXS;Eq=ncSzDehEBZPpJAT+ey%D~#kmuXO-63AfA4iKON z1D13DSfEiy_h4aH>F6UH=F3~YNRz?xJUOIxddLdOND=39AeL*q_0Rdt$qfD%$Y&mA zIaa3KCG^cY`d@U}-J)&V8hB(i&dy2t+hgxmXymcg$O*Y>;wc-hM9jlWc1E*HGI5xW z{}h+}kZPBFLF@&7$C&~&2YB5GL6eTFmZF9C3`NcnpWe*nD6{fq&mj{URRAB@t>r>f?lJPUt(T5jYt#RucVsqr#Q;8)rj7$t;rh!>wFsP$rh|8O|8V7!Y) zG|u7iYKh@fNLK%t)b;P_-qEwegCL0*0K0*AZKf8JN_{4ln8U*; zx$?9!#oY&-PkO`JL=sh8Ak;DPEFP759fa&~}#EfDz4FN0tv7JltZ zWAc0_SBv9>0UH<$TosxkJPpdN0%aIFp`-nJgP8ZxZj<$Ci+esWz*uH{;kk7VbZ-%S z?6`Lec zk)MBq`3lRmvPx#wA$J%?k&1z@774wK;Ux|@(11i;1L*yPvAuEGu+Ou91XEDN6K zhWn~zj}n;;yNxUBd47W-Ov!Y*JPLJminmso^+>nW zl|CTLDM?>vKc;r{?7n?K?dY`L!m#wz`DEsb&;6v+w$(goO{lxskoDNLoDe=B%S{Mh z&pzgasM#?7fD zUKHtgdy?Put6bzP@53sxil@_lk;mg%JpZseixwL{rC4$~+&IddZ3g(qNG-S7r8Pcs zLu-~cB&I1(R#p&>aJZXN2xHY!5!e8h6aIE@KBmC8BHccqz&Bd175KI1!$i2TdqT|L zxN^We$8a+c4uuxzR1zB`~E*m2JR#c+50-N!WJ0PS@o5QGaH$RAn zKz=sf7%@Q*Pj*)#&3_?Xvxp5 z2Aans+UJ9L=S+Fwmj#HDk^>)409Y!bZjvrT#bp#oOTE3cOWv`R>fG_>kF8DOFuE;G zVjIA6Cb8Yc4`dSe{7#UXBN}V5kVDfIwuD0^}pMgD9}!Q4o9bTzj0XRhFi zQ8qk>ClBlS8UX1OPm3fT---xlZBF;X|DZKpq~q(GTvAGUJT{MrSB+iI;qSngKdEuKq+B`;CGdqqu|j&XXhW2c@~r*3bp z!$%uL;3c&*0L{*_f4@TJqMr`Z65}ftX*o%#thXaZ9v4rZAq`*A&`S97cIXc2!+135 z^T6L<^scK#)9HG`qSh(nNkk$Qom16 z0pDMUYmMnNNi`{wgaEU|r{m-j=j2v&v8bT^8@#TijArpIWrQ1#nc%%#RA8BH`QT3| z?+BnznKl60TXojlS6&EzJS-C(#8ph^zUee!gnX-~E^k*0W2%Z2@Xwd7Dq_UyVQiGM zi!-1Yj^Qcm;;zzS9=JX^%V8WKz3Je5aQ-oMZx#mT`vFskXsq{|BAy1rDlV!Lv!nK0 zJU2m+1ndDXH#;~YUmuMbL;E~bo{l1K?P)x_t93{hey!}0CSxXSpokK9sY~=+E{1tg zanOiY30h4q*i5!By?Oh`G_EWyPBO4pvtnaPq};jB)|RPmGE+i_r`lM1RU}Kn@jKQ3}|l*>(N~ ztvh1etAuKo9^t_nq%1;vr$@BPi=#JLe#0{m4WeUM=3=5|>8lW_et0e*n7J|cwqQn1 z`Buw|LwTMjNm_`2JTwwRxCjplETD_b>q5CgHM||q(`|_pYqSp?y|_)sC5xk@a{U5T z_`|`2|E%JRau=cB+xfqpDtTM&Vz>X}(F5o>{DrQ=-x&U*?!&)~0Pq1wfUl-g_$!-) z&%CSfNst1I6$$)>?!sRrh*3@vMFJ$kz`rd>Q|8ePlk=LR6~ju|SDLc^y5v<+{K#*n zq&89d=f%J1D|Mj5k8K^jz6L$h5TB-=5D}K{3e}4G^v`?hOt?G3 z-<2gAYMXUls6GyQua6$6I^QjW)a1QwY)4vHrj%{lK2U z_Z4=fXE}h+on7lSfg>ypdcXA(bj2`0tr!kWo{Zg~AqFGNapjKJH=*p;!kVnoiq+>0 z$fvL=tK+{X<^ip!$7)%HeR3qU-S#VXJ9c*`wD;c(p#_Qu(t5o}$Z!=n)4uTgLEIxS z9T;q-IE$z())nSGPR-u^Q@ao3gYS}C-7hF-Nlj!m*O zl%K*bIXPvR(}gi-u|W52@^(H=M=82?rLKTZ#}pJWNf4!Rbiwj5V~1)73E`d**j-8S z0W_<<>CweSTM_@~<&X|P4upw3kS4*vV>JhCdKzjAgI4A+KKh`aYxkgNRFXyso}2Uy zKj=*u@j~7Z4i+mnHFa9I3d;}&Yl(S!_$_%G&*oF06^rU=v^DwR%YI4GD%a_<(whw*qTO-t`DvLKp=jGhm2`Qr=N-t zD56l)LSMNPL?0|KLQPxEZUlTJ;Fq<)8eItZ)VdMyY26sQ5LAgU(0WZN9yPXX@r=VN z7;wOLHCxfD?eJ17{BGwqaPfKnBQ2iRgV18c#iLECb`@G9VRC{Ern#}ebZ_zcUFgM< zb_Q{cHmJ*M;Z}YE$1!C%q6{_NO7ALFZu*K0|4<>oLMdNBDb=i{utc>?tBq0p?~11AH{W0iVKd z<7UD&(Ox}aGp6lYZ|OK!cisFR0$pnmUcy^qKv>>WV)XK3dPzbVxD~+Fy(OUznS<`f zpgzLY+%AxNprH%7n<76}3LEhRiY#+l-y>Z;9Ssm?*H41l8&LhA+&0}`?nOtJQ2-Ov z!4xe4;`lhvlCE1lz3c%;`s;7<*vb$S;7&M!-P{a0hJqyOV8n+=fRw1SPuG~;w^`k; zVYBAHDO7_1^)Z)IJSFR4mZN(iyChFI5%H2I)bja-JjR+ejrms8gF@L9 zlY!P7HAHJk-lBn)5C+Y9_|*?!WjNV8+sL0k(8;t8T)xZ8U*3t$IsqcS{SjK~1p5xY7h*ful$*a+}(K z-H1)j#4HT#;8~JgRgac9&My~Ja)Mtj3Of0gX4gqsrB`gtHO35BSGcf1HONyU7WquOZHkm}R3-6j zP=^CoP4gm|8$pQZQ^wueX?~?3^Gtt;*AI9I9mLHWu*>2RjaNZal&-cyt;`o32~G@L z^weR2J&pi{A|EeCA_9WOnHnqS&_!{NnL!EGH$TvtR}%Xjsg7@MZU#5v=RsavZAUc# z!b7dk1C1XApNQA*_zjxc9hyVTpXfPoq8*FkQzvkjCO#C1TGEA-6X!0~ShVr2vVtO6B2CIcfDsY|7^K7n&fwx!sPzx|>%T_T3Kgn$$@IJ-doI}jb8L`}) zz*%-L^y~{mdz(N8fNKvvYt9qt+x+`T82m}IwKp-Lz08xU6+t&EO zw9F885ieMUr{0QXzy8-hqR1uLo-}R?@8YsuZ+ynTLPc11GV+zhGQwYR$JrJq0}#h+ zd{6r;p`X)jP{0t|Q;{6)655S-(9S(~(0<2+}y&=QB+A zi27RMc3>xmDGX<+P7LtSy;d-V6aUL~}0spc(0>CK||Hur{o68ZvpgTBeT=cZHO2T_>F!BvG~ ziS|sN2lT7umTEzvaL_*e%p*`Y)%WUHqD; zj}gd^M}$J;Kk%kwhU?5r*h5Jn+eaf=sj=H_{xj*)*y$2or3IB~4?JxNzi>o4oDV^7 zEs4nd=CzT@>T#n46~_Fac}qID{rmNYt&Oj~t#Gq+g1h4KoR>C=+HV$jkniEt}SNdS@pXjKS)ksI}IgOxi zGbjf~Hra60m8Me3xAV=IMAVVti7ZORY;+uGnXF^5y--3$YQz?Tp?e_+9=Uq!AKOkM znZs?e7GB2XuDi*a;zm(RrBC8PNO`1+-L}Z|jN}Q3#b-mvT9>;Ki?P$nVGaDYEj?%t zYMpky({A~ff3D4Iij3xiOQPSb7}963Iv)2AN}TtDMfF)m!yvU2 z28yAp_Wo!1@>!0XAH)vGA@X25NMUA8>iSeO&;U7wHel_+*vMI>TQwz1rBcFGr}>E*cC zf5$wJq{~vBP6XuF`!6J&~FT4zww^IP_LCx&R6>-8+ zxEDSk7~BbV*sp3U7PRdUpE}DB>DimS2}i!-@k5u0hont%);m$R!GW2O%5Qi)))tao z0q;Tf_C?&;R>#?Az(y;;R;=V?hh_Z318cmb95+e_o?)V5NWKC{R3(XQ#wGoD2Nvb1 z5LgB};+1`Yi2(iy`$rUH10VlRU)*2_M>aF$9CDygup3Bh=FU?#a6C>eI$UNX=vtt4Q!$_ z#rn~volo##o~V~ZQQV@Op<57~Sbx2z*CpaiRDMGQ&<^nhy+b%`|L&}GIfUz9*Z zUvfnN$??d{e4Js=N%F-yK+YuL^B|-RoKe#j&4&6M(P%)1X{HS|Q=1X1q2?0LXP|s}`Zq)UzH6J-(iMf;53;Se%*scY-h6#$fgy#u? z%K#;jeRP`{bZrY;D$#&A19<4Ly~XUkD;1$DV0!4#iuQ<9>8iaktCx!H&$$6}2g#;u z!x|EQf_h17BmVdzF^7sn#b)Z}#RU(}mNG*(*&L!I#QfFO@V0JCW38#W22_vXmdn;J z!6E@C*|8MBJWKM~c{VO=^093v5fNBTfYVsma!+gfP)x*p-S8_0@_xu@{Milt?P{9o zl~j&YO8DjLK-CS>kS>Q$E~}hN0Q-m}cHz)V5l0}(%SWOM`Kf zIj0Zs!9;WdMQT6&p7tdIGXMeiB|JWK#Lqlmv!ArF9U{6l}ZdnlrJ$Z-xq!ezuu zO{OF2kn_ha_bDR0PoanAe!6doZws3N0$objL@MP$`H?JtI#@`U9H5tgImr+Do6H*I z%^c#9n*qzC#PYI}zXDezWhINdtnjwSNvinzF0>)o;27|l@i;rSXRX=kpiJmNJ6S*7 zc@ae{H+9PiM_oV(&ZP!g_hu^4>+1)WF!SJb;Cxsg;tm!689qNpeP z5TPmrU%C74K&KUY@8LU=ReTGsCNX0RyhZggU_vQih=0p@Ma%!PHs-bgiv zo^Uc2Pv=_G#148pf-~XxIS}FNLomH&rtdw! zCToF-8EU8@Mm$@ae+f4VF@!{WkgNg0Mud?x^s%Yk6?C|R6%Rrmk;(~ z023TKj2v_Z+P~oDG+Uo(Tr8i%C_Mt(pC~U9;Qe^h?YEaxV927)4UdnC_@X3gR-$cX zEX&xJC#vS-6TlJck55e!4-(*Ew*wW10 z(?|K&DVhLOF0W%iH_tK?<_e7#2=X(iEg|eXXurvG#Xqt&1|CKpE>PQ+4~aho9UFVB zy?Mv~_gw~-91x`_ij_Z!5Uf;mrfTZNSZ5`oz zA2f0j6xag)D|YZmvFip>KHA#rTu8FRo;_1rZ2^3|39c7;yb9p&;i4>1+$!_AHkr<; z&xZ-v0Bt2MTfe>0Uhv=(VL4ja>3`51agI1sMKffUYr&aAGHaAACP+xeb`WXpz9iHo$dZMncbbJY`#sjpY6L@Iy22ak7O# z{cYRs6Ig$`H|Ag7kpGF^5CZ+L;dR%=KmCxCkKAz@k4*L~(8+j9HxL5GI!n)mcy0+0 z53Fo?81@$z0SUyIaHd~+i@~k?S?>5^_4%X%TY0}C^M}{;5acF<=XXg%q&}>mu8B(O z65~p{=CY6Q$-TR)GEBGXs*F}aU6ptW#TUdi{MYNKiFRWj+0T!XBF^q{3jyMK87ZxZ z%?G-`vNp)5AhiH-V1pcjet#g{4vYRkY<7y&Dh>XOxc^SXxn;%u^>f@^5pj(D!gDt_ zZrd1!;#Esx5}_vyME4nG4WE%F2;IeeRIp}BzLh>Z546ls;u07Tg-BrVyKZ)&1%;%U zz1bR5E}Gee_>v)m13Bu1uM7$>6sZ0yDOi*SK2Swbpcrjs1K~{+9(zc5C_0V>UIC|J zw=AGZ#vKP4dvqb4J7wXVKmlrSiUa0aVjf~eKhD~+JF*@$Npl>sZ~`DIzT|UYl=v1% z;w=F%j(>+EL7%i6jn+ORO{94g#X_@HTsFfa<|6Xfh{zVZ?cHIBC+6fj`|NnT_%yzVWI+XV&XAzY2jg}b<|3eITd+e^CfYreb$czHn>spMA_U5c9TF)68_IJYD z8HaAWL}>y*S)eA5$RCzlB@%JpK~1L%ZnSK)BrI;#Ie)F2XATkL&Av-W@{c^9H$1`l zx8Vue<3Lobf-fMOF%=N5gbyCRFQ2heh=5T216<dHaL%VvX|G!X=pI??w+?c}Xz(uL;LcoS>9XWQjG( z-jA0|doe&;R~=D+B?y`6!_i#GLV{zDrZkj2{>5WYmW;YI%MQEPc%qKAn7yD^8{?Z( zE$5O@HzEr*&%>DtK__6$fsdaH-~<5dXO{7qySO$GSrX`lWCemthnAWSNj~I0&Q45& z!MtWcr9aV4#0WF2YR9sOM%pZ~arit#C*Cj)Ph^7a{klzK!t88q%wz9UG{uX21kHLU zopeWq-&>95^b44GEN0n#8`ZQfcESwk#I9I-T@%JL8sbB9Qr`sC0E{VMm87A9Wfp2ck}cBsY+*V~Nu>(7dPDQ#h+`MjIZ93U zt{3R%9279bQ9@!dHhnkAjtG)MOc_Q(wyD^nEG7f(??P=hR89R2%M8`%n7U_XSi<+% z0u^wM%zFE#_Q@GnD!5!$0Vy^m5DsJA1?0Rm;YQh|KC?_P@7gTm8;&GL`>8011{`I^ zbm2b1meLbNiV)0t%+r2d#+r(jQALg>(K$uy!MSf1=U;dDu@p@1Vsr)m&PrH&? zvk^Y@5*$21us-4;?~_L8wjOsEjR;9BDw$HgURbnMo500OH(iQmT^;G8XyFE^w4!52 zPzM97Ia@0-*@!+LZFPa3u0RXTzmmaXWN=5(O<2bkZb*rTrw)2&F#tp%pim;*l;Yfy zhq^+Njj#jGF}pX@rxXK{DiRKfqK(Y}VF3ET7R~s2Ebh+yqQZ?rh^fZVLR}k8gqwiK zEhBnwtcjh7e{N<^KOcT3+r7_mnsJhb6xby3ATEPD%F1yKvTKF>?oPR87|Gum&1LK; z+;Mx+we`M^m@Uz>X43?ne2~)BDaFa!7~4=gNXccH*X?50I)4>EbpUZae|vHI^9knm zV0Y^L7S#Jct#|)}eeP0H|I5k#FDLuEoa_<0gO^wSSdx@dWHRpn?j$(p9d(11LH%U} zIdt#jmC{JWhZip2{55w#_f*C}yqID_O3qMnfwlu4XHoF*sn=1F@>P5{hO8}_ro032 zb7``=K!tRN7A}MqT5Ef*P0)-pAd>@Dw~BBcR_`UQReOZkmG$t)p2vj$E%wWP9BFRx zLuSnXvI9Doa{1)BXaqifbi@oiJDhDJcXUp%?Krkl*Tj}VmS^22fwQW3a)oTaU^x_C zyVnYmBu8$VB?R@0%DxChy|@ zcmklI9QCjl=+rT10 zZtM;|bs`^hYW_3<1=mbRJ&{6S41fBD_vA>>j&it0l5LN7#gJ_ZUI+Z%7v`&Q3y`Wp zUXLKj@JF4P`4r2Wj?>tSFg63(39-iZ5{oVsQg#vw#)9t@3=*@uxJ;eO61f?{3F%ai z>_Ub|{L9fLIwnrIH$+3wug!Kn7aTf@IH|vLesip?Jp)Rr9#NMnRtuwE*%y_98-w6J z#j?bzk2^qZ`m6(yERgIWS%+pUBY=PCgyjYwQI?6Aze_4gxLPg%WtDxzi+q+nPOt+- z8Q1Y`+oZUPs~E;pq6o9c7lK4*dFV<>5Rt5q@NnZmk4@9!ZWkocINKu;q?txU%3mEL z7@#WtF$hc4-<`4d!;*K$uik!0--0%m(R&mK0rw;5>qhMNrfP4j_0fC-ZvxE+%Ce>v zteHpN{^BCGLCgngrF?_mMWOS<1AP9eGQV+F9&TbzG1&=2hN=iFfwMeUxtYX9kN>-JQ3L70+5nq%PJb#HuDU9A$(Ngfx zS@b&%oca_~`u&&+hBLhSO6}_q{JWTs{`PNpO5w89B@|XX9y=n@{PI$9A#RJ_LTlPh z%bJ6Y*e|`PaFJa2PCj63NhE{4)Ye*8=cuT;AOFAm+3L6b@9NRpkKev0kFL;vV~HPM z4!-Q~AJ#h3FaH7Ga#`uOgD-mlwpqE?-^s}&%aqjbAvAGD5MS*?3odQjj~^mE+?RmW zpE5+)E~dW_r9PL9%hI=^0nMwuQ9%8ZL-?C*jbkTYMA5uwcM-nKbO`BE6J!gVS?ESz zo6#f;LgsA5iTisxs+RnF4E=kAp+Z3kW-9LV?WI^Lfr<*Sk1O(;{i(r`bXz=WzT z=0|YsVbkK`R-~AG-_w8a*&6v8>^@3Vscn(ovMY0Xk7X@RlF1PR_nCuoi@Ac z)Nk@{fo&8?%{Nq~HbYYwjs)UwDm%^==!%WtT@~pXH4|TQ$4q>_Vi|U74<|{IEEvSg z6mRuVDR9J<`r+XR#W#6ws;V%$ot>Daqi&5MFs3_ z7K5gS#Bmp5%W?b{2p-r{5Rr~V0%W`ei!4M~6Js?AzoI8TaKI;${K^{>-;q|3Ia(TM zDC=U5mHm4lq?h6+$^vYcU8T@MwN#KTcqdS|?1#(Z;5%$MvR2&Yf96>%Md@b?x( zznA*XTGpJ#>~M^J)Wy!UX1Qj->D$AGYEuH=w>FjaF-6Q_YZW6(Cq#w_#J$MgwK-Njd)Sp9`T99}s1 zxNfbqS!<*jMr^6g@PR#*U14PFLlcI=MFAflpor;2=DN}kifdTHAps6?`BDiZC((y9 zy+mR9{^Q3U)~Tr8>M)=@T!SH6X<-a2m~gDh9)wuJ#T-mVX35{eh#pmjgy=`4*%)m; zcGSisL_&hWNsu=QEH_++6uFDGLqz1o<`9fE9?1zO0+_L}tGGbWP7=my=AgrU=kOkR2d4t7oh-I-Mc9r?md z=ON~YZ-J~rtA5bx^CjAJ*c;4rB$JJG*%}fPHRF1^cqZ6tB9?5iorv(3?OJ|u??MX@ zyKLG~8#r3d)qX-T49AE~53aIZdu7NU!J;2Q;eY~8+21x?GX#Ah5U{bx-=puTAF(6d z6dDkgGPdFfRmo@nMr6;KS>NQXC4a!u_bXod>+298GMi0pZl>t@A8^-7;LwhxLGCqsQj<%G`?1 z`aqLH*WI)C;R^$lccb;)Bm1^{PYIU8v7x@yOkqj)EeI_%N}voNtr+QNj9a>>a z7j|+vYYMX+CM0`P6)j3OUbP$uP8tLo>suO*pJ0c|==yl*TsQ+)0=Z{QM>KTFJwm|~ zjd|Wc_Qm%3rS8yk{NXT$drMw@kuED>+tUO^kE~4i{G5kCxR2hzk+HV6|34~F#T`?S zsWj4llI{b0wuOQAdhD!_w~^l@v*O5^X#|QJ?@v)V7J=Bu&^74EF$vm|p7C)=aZu!{4$tU^^s?=7+R~l%j}-X&4=B_Y4htRVRChnFCh9 zH3FV^6_(T0;kMnt&=U|%ZGZ&l2(Q%SbC~h{6WUTu7Y2(>>k-``rt-=GS}`41@Q^s; zKvm-i)ex|d8@&So$gSXEnhlJ-SS7?NE(Mgx8k#!W_vn9uu?1IlXGqpHp?;&gXC$Qp zt$YpyulGs@QRd2W0Dxwo*kI9^X#9;`P2qiTP$hD$`7S%`w80A55HH} zu@yiH2$N$1KMA}I5x%#k33q*`yJ-1Mr945HWmCSOGV?WY~4qkIdF-IOFgdG1>pub*P$p$1toSloQHw)iHP)$kDe=SWg5!cj47mBIT%*29&B z_?{m(DoX^$;@HeH)45_t*iIV%58TFo$PR?zvW^YTttuGcgeoD(Fk2K-`=*B4)Ap&! z38}#GFYe1<;e`NLm;<;I0lEcCoao2GKM|wzD?C1){Vwq9j{xn+tJg4_lNVY*U!&?E zRN0`~5x<=h_`pNNP}R|6it_7i0-_EvMT9Y7J$>-Eg}zsX$g2wN3bm1*a1K88#r%E zcAq%c%rSGOzYrM*G!062PMxbH5?Bfj9tQz>=natYb|OJw$aN<6VBX~?AC+SiaA;k4 z_`dn4toOmOiNQsFmw)n+pFJ3Pia;o)4!KNgu7psm%07pKgC~%1P7@nJz$4*}O;t7! z5uN}-hJ2E|4&IHz<9ah3Zk5y2<>nnZvA=mbu;-tT8*>||SLKVmj{r?TvcD@Mh!y_% zD|4o72%;zzn~Go~5bd|vLeTDT4{4xlnNpDx-bYm`7+809iD0nLP;BwNy4cTIoJ6Gm zwKO?Tz|!QQ*S{7f{?$$klZT>FrRu+yB`G&XB_BNhT9n?mD1p7=-=i!`?5F!He2e_M zHy}RMtpWMrSIQ(NL% zb%5Jm=mazI4w@hw#drgnDv=~QSm1*=EM61`5s0Uu#0avFcR9-6JWGgg`S1+khu|jSwLMNBbz}RK zjSRl@Yl~~!T?tZg6aoK2@QX_qt}fOWu#mv&gAbJVGz5~Nem^id9}jLkn!cMu)f+JB zw&yp~;?;?s--rbt=m@OioQZCGBgqW4Hzq6az%mSL<%t3O8Vfl@?LQ32bt3#oAUyh} z!`$%5yKxwX7CdtGN(PI^8IBLaVU=ypjZ5(hJ9;j?&`1R19(0ME=|O(rJXdYG$IP)4 zE0#0uf;C&IGgvvBa2SPB-jh?-6+_>#*KrSveKa-AMPh$4NdkhdMI_xbT|b3Xe=Vj74oi1yIvZ{zJ|=jd zEz-}oX!u(q4lW(%>2O3$;2Avn5BcE}8-Ma-#(W_(=xrdJy|(SoPE5A-eEg^A)t@&+ z-;uJ84>J%Q>&IS?`%A=t%Z2qVCY19BMd8Co+N6urp$Lg}NJ*UY8pmhB(R8+RjC&N& zk!p(qghMMrQ@9pM+~YtIVg@-K5_C+VIiEn-pmU3b;fd!oq$1KxATfc4e&Yz&Puj_K z0`xS#nkTS?{S*o2lcc-SOaQcjY(m+eOgXW`QHduK&8LOzN;Cn`2BHaNe=^a;4sTC1 z+#9~6XH7oRZD{YibKvWv`zJQ1(`%~Cm^z!OTl9kywPK56=W?7B4lAdK0y?Z{B}{gI z*UkA45UilsWUaooFVK$}nmsC3La5*ciC3st{$+tSZ2NRze(a%trJ&J!5gcJ#+@ic0 z+)}_M34-w1J_)NUz7lAW_r0?Nmom8cL#A!|An?keq)lP#AG~rxbK(--_qFt)=(vy^ zwRHx2P3#^DZ#t}b8li=L?x?k5Li|%`5v(eQ4J_}n5!qST`=M>pE;bL{JH_HAEyLgc zkC6Qmuz&ahAZhcRtHAElmBH~()(vFZZstmGpr!ykr8muK+-2AM*oQMn!R9Qvi-`O; z#8D)6XG3;agiN$amLT-@9eyFK4&=@L)I#ey|5@}A z-Er4hi9PouTxX!-UJAuqF9taG;S@k{p<8Wz2Ob5dgw*vWAkFPzcO?QUf>e&+-uvyQ zTQoYL7a(olDm@A*YHYg?^``c=xf)7P4I|*>Kj<04QBDH!_@U=ZMVk%%Z*#h>!ffL1 z29XXQT)1KAy?I81GddRdS-7@Hg)f2-kvJ{~{>51~B_#sVw?J(;78Wu!eKMIpbC?ZF z6(bUw)e=uq#gZV$|1fb|2HyCQxMjm4!p0i6!f zH_QA(lpQyHl08@F3)?jhkeq?23oH|%iPZw~2i`@CzJP$KCM6y`&bAn#$}>0KA$uqn zZWQMqk)o1m?rCi^|NQQMEoTTvCl12zy`#o1>f;9ji)Ph8r0lQhy>vi8*!tT@&4po- z7^J>P*31xrCJpxAeO?LVW2R-9Mo&ulj1>4n6~B>!Hz&XEx|6N8PCs!ozQyt<>fyWX z7ujyOHP)v!vp&-%x~+k^awllpAWvFDEnQnS-k$B&B-@2jaJ(sD2VfjEP!)|`>_mz< z=6T6=$K(Sx$F*?YA-SDN&{!PlsPf~8WurK=-yKOOi-XaT05axj(>sNo=}V5J z`M5*C2+9O1_1KuvLi70jAG-0|=i<31FK>v7IHy5uy2%`SSny*^()?x}t?L$p^Vgt3-!ygDf;Ech0 z8=(J)<5pkTqa%kMvh>nlaz;_E&C%9u;p%5*gU^y1o=cOd+M9oiU+cqBd|UM|*m2|F zDe7fgLGerg5t39f*wq0Q=my!YBY|K-dlJpr;MISrx54|`*;?)3WQahhora3(gPuZv zRCC*?&%Er{W~HgHS~!|2J)P)W5kXoNzSUY(iH#izh1lCT68x~mY_^p45&C^ZF?V!c z?v{BrwKaTz!e#|=v1P!u^8Q=pAz8MD-4r--0YP$ioG}}TWY`W1R}4ra9Kc-^%V}`1 z1S(oIzqFHl+Q(8;Hd^#*1)6zVg=^rjQCVMdxd{^v1w^mYA8}hfZo$JkejN@Q1cE$g zyXYW3IMMQDBK=1+gKf4m`~=j6Wy<|y;EUYAxcI62W|=IDmNN!V@Gc@rpseGC#EtN0 zBm|t`i8SQ!ctYgA#ll4cdqR@n`T)*+b~X-# zp7D~5miIZL)AB1leHf)m!4l4^@Q;r^?Ac&ohG!2O{16lSB9-3)nU8tLD(v|=*vpQL$e!P0;uFNX@HoPg zF)0C$#i*2Tw;V}gZx(@Xw&uh0d+?|K0b*mL8v>s9x+37g=bk+p7$%bFj*z+_a7fLT zJqtPc&YlnHR>ySGCo^XfQuU}F=v$7Ud%kzUUEA==^QZV1n05G_GP@7P5j$bLNG)?- z-6E*8$7&8xq^wwjjbRLcc=*akClh&{(p4Bg@VTy^CT4 z@!7(BOtxh>X=uZ$3fsFOSPjY)z{5^65-M z6h$Y~N&L=3@V%wKOHO1D*2{2|2s6UqtJA!dd=yLs-tU5u2~Mg4k58@p6uTqLVsl){ z9;wiQjje|@cCh{sSdpz&u308%WkI{55E}>7TuN$w%(zp+NLvUPbno2U+xPSgclpbE z2b=rJiIIS%)Gti3>J(d;b#s7kqJ?$_Gi!qFwB-0$D96wxK-RU;dVaCt2jVLe#M;M; zDY!sX#{Y{%l&t2i0}jtWuZRj%qoo>;%blhQ0V9r# zD&;)vBI|#t?`IhDh1{CH`Bpf&)RVXMJubet<3B>7No8RW=ow#l6J&1mLqL*Qhha%5 zAEawW6R!VKH1V_bZ2pr)I7TM&#D*tSqDNttKT)tF84xI(;bUl5f4YDVoZ>xjdSiy@ zLPkuqhyJJm79@9g)KW-R)DapYLy{6TAxW*|w8-}2eJ=JgG}x85c8DH);S*xCeOd75 z7Zzkk@$h+%=CifWFC7IiA5|*gC^kqM?cqZqp>bi+t?u!x!x#e{Cl1%xSrY*h>_OoF z4jmR)ly$Q=!%-rLhspar9gNXn#71=B@F!;7Jy^UCV|z1dJUZl$R|uI`_R#QxEPx6g zYld^-TY{@hFM|_HwyiQ;=U6hA>P%P7`M$S+18Q&I!71Ud_2r0wcPn#<>IluFl=}iR zC)l*Uer?azNVBoEedrB4+@<@YuUW{Y&a;5bYe@_8%>~Vuo;8^+U>LBz#J&L!z-{p{ z=dyUUhu4`dhzqz7vd8=#c5Ht*(^LR~3Y)R3tE(?auz)cPat>>KO3S^0ZlFS05NC*9 z!2WVW;Xy2Z^dF3fdmQVuG_B86gPhjEi&|WEaV%PFz~@Zjt^S*1`2^w_YmA2bSD4c*y7@3BrN^O14B)*3-;5_@ zd4u1dn~6fTil)MVJM}8+t3Fvwwt-EnkmBUOo<+|yn4;A6k2K?7hiOSRWluRs%A86j zlcCTK4k#$!eA%$Ry6b8i^nn=M!a1?X%rJ4gyw4S!b5vwLV`DSi_=*G6Xk<2;br#&^ zi6$5V7n2RRd@&AKgdNgw8K<;a74Ln%`KXXc_{etP;&eGwS|70j!>5vLUePT@HE zFGSb7X`UTisd)N@H)xC6O5CsC{XMWSQEenu$OpcnuxvpE{)JFbAPU{=%}E~gxP-Dn zb@52x3cm4i2Jm;mDGHc)JfZ=v&}{;*D_UP)OdQwKHr~_i6Z`DwP)++Tluz$)&P)ql!Cly3}zhU84}xn5Pwa zIa|x9w%!A+7ZgQaHeiOQ4JTUo5Ip3t#L=l~&ngd3g#EF*hI6q*^n85}V6R3R7)217 zG<$+~efSFIPCq_hb}?%U`(w(wE^sg@Y50IA`h}+O9ESDi#)eypa%k^10(Ij{ zG(MxA>YvPL-lUU0#^20yc=&zw5})_*VFL9t=7acXKA+lOkB`aA#6&gG@ZyWu@L5^7 zH=Ta7kJHK2*-$n{^B&g8eL#JIdGKXfaLou}s{cp3 z;3RXz5dq8<58;_H*t8hy*hDqJ%LZ4)&sefV9;)v^4o1L7wD8=Ju2$}+c8_o(Wunk2 zC+Nq}wQwS+F$z1jB*2lj8+F3$F@TJ@zs0`OpWbV{@xfr{BfrDm)LFLu_O#_+GJ}aA z^xe~4Oba%=TlC#YChUzwp(RCO5Gjf!l5B9MDzg^|om=u)NQOtg`0=msioxT_K8QMp zT)Oew!eBN@RMck}Be=Uq){>`~W1^D7(#=S)pcoZ)yKXjJG7li>3l?24g*-|mJyON8 z$4o6-2eA!|hQx-2Z&PB-hxe>b>4I)(_Vv0u)B9*k+lMnXWOZa0{!wuRjL}1Q*u)xy zR93tTUeF2M*Or=LO(#5;TZ7PMK=9dEm5o`b3i{&Be9JLH4){{F zVqP|m&RvV?aHjS(+E@=k>Vi!hsSw?DY^crW*i4CFK__e<|5AY1iOf`vp*|lix>&=& z2pqLkL_*Cz#+t{`0Ps1o>ARU`XsWH*!ID16AazH!aNKYSVyJP@uZ}6-+D!N7oyc8=O}A`rv2lOI}RRfHes>&yGESv7+@?K&vuN2 z-mz_BstXKm-n!+HYLDjR765l=?^KPFz9?*Xd=}4L;7Q_{MLXjM0TnE|yTGK5#Fo}u zAd#^qKeQGL@W)!2HB&*wwrwc4tX%Yyh zFOf_E9vUec6R!k{h03Q5K**tt&=VV*Isv24gi1^%X`~Pwv#nJ0ORG@vBFYduTO zF2EBIs}ZD`BQc`kmlOI9OB1whF@YZpoa|yoq7wR`%c`-NWf)x*?a-N4r5YftH<=jd zKN4f2`~-C*tHIVw%parr1UrU2E7YE;_Z*+8x2zrJ1OMf}op69^DI5R0*Xh5%_bc{> z!bfo3Z{@5FBLX z6F++rVvzqjVK6R9ybRpIf&RXTQim2nY`o2u!pUU?aCYST=nC@3E9dgr5tN;XSCR;I ziSKeL2B3bnxpYGI_WIHy0%*Kzw|}PI6dJpk$c=i_8m@&e1qw=^5Um=bidYSvup|>@ z-44mJE*Oyq&h5I6G}q0TeE4@npWePJ$+z*l`_uj9kKt`?K0t$(FkfB?-xB6cO8g;F z6dy6=Kir0}{bBEaoo^2ZB{>xrr30?w{*G>JZ2KoK8Ie!6?~3I+EkB{B(1UeJR{CAw z{oAT{A9CN?*0NJ8I|gX&b|!x(z*}Th`l#&Ww8@GaOQ0;~7CGyR_%u7ya9qA>{Md7U z@6=Mn)a639MjT>IJuuSPv@MjZ!2))WJs|<)z*&7_n%O^^TWC+*KZMAAV}aj>Ifn>Z zcNH7^UKn5o~gDZMxhgx0C>$iT4`mlinG4hdZQ zR$K3T&NBHoK9NZo9$x-|2uoCtcOou>=rxA14}VZcM9pD~{zyb+C}dy1#P89%2P+KD zO^jwEEEn0(TxP%cQ4cZ8dUwU&#MTnx=fHaIN!gIv-YM-pqbSyu^K-bDzy~9wZ~#nV zd<+AGOYr0KDMnSMnRwP2X&(}A+##^54tH?d=I1%fn8-uxYML4AVUT?YC-DKsnw4{h zw~g?LIsPdX2YJSph|=82!iX~@U=t&oAbn|R$6hSHjdNH1aN~j}kI4FP=GMe>#u^AJ z_z3Ng_>-RSct&T(8)&2!EZJ@C5!udjIUis~a!&4aLrX|PY){uDm(F~XbXbZ*!FxK6 z?J28-6iBB*BLjf*=6ptPQQf6G47Z@QsW0<;ev=+8lX)?PC1B%u9U-uTP)s7cWfikR zHc_wg@b8;sqr@5_6N)moF_DN(L{n=*j4MIY|A>4pYvvFRV4MY(%c?eFdDGVM)dNAL z6q~o`2;;|oy1zDs#f1+B=c<;+#{^Ull1p34&LfW!<5g-lR|!jG5yH0~wwF(aO?2^3@R9t#YGR1|QOE`}SfEOmNIyw13v z5ww^n>bGm?m8>lApf*{sN6FNop#G*EK~j3SYKeRb=srA0ER6*r1?@m+1qY)TXNC@~ zQZmtq8pfTjX07Quv?yHJ0jDu4IPjf>Zv-17*@NxakPD?X(hLJlaB@`W8@WzAz-Y!- zR^Hs|+t$q?k*v)NFn%z>gzCYyy%wwB8&-by0RL;W{Eu(6xJUdX{sr_VBi7$0SeQf! z!^mMl?8Xc8u&HuJ9h<@GBjpi?kAey^3n;{MNDx1CQdvR74!1OX32wSK)2H){VIdL+ z7=GcA(I#GamwE$Tm!5$IgXNmhO?7~h`>USJt^GP!iwnLqS?0+IZW4S`> zs2b~G*O(nts5OE^T?QP!i=mAyJ`)UaffId52haiF#PL+%b{9fqT)pnrYg^6}NaHUFgOff*)rVSS^r_ z5yMBj5;0{uMHI5hVM2Rqkt^#wbGq;8J8RLN0WU?P`qWt*jXyHu-^ zH#K6ik)WyK#`|yvl7nv(>tk1oO;7=nbtt4as1GE)8(Q)_cr!R?KcEk3{-Wp|sdd`* zPMeZDVlS}gPk!J z|4%&QZ1&w9``F@zMjZ>l1zMchiU5Mxz>}J)0I;07+>6#Q zDe56Yf$my%>CbskfB2Qdzoa7)+i*%NS-_oD85S9NpF+i$Z!gAY06}U# zXaba_abqe|59rnwV@-1lBMu^RiroC`(H6e99KC;qc9OTIwc>^Mx7g=A0=TwJ?ek&m zbEZ=&w@cOkQu-6!M5`AzoZ9e(SbgCa>evXBlOEO&V8n0%=SSmYVXc||#$q9xLi0c5NVSL>Lh*-Jw}iF?-s! ztvT70|L_K{)g|qnLT_CB;3i?1S$iK1yG~btdm`u+a}6ED&QGG)Fd=Y961IcL_bzd; zYH(^UNjEPn4+O}3Mnfz37)){LL;Z4m1>zT}@!9{18kZ$nVQ?l@_y?cT^kFAIrkPb2 z!x5y_r!i|^V|%{_C;D*XS@$KK#U5_(!hi8KPD12xx)w%pMhi&o4*@Hf)QMQzq9H1Q z!_%`&6BtIHqD>=Rb|^(y2@t?p9j|%whQQ-f8@sCun5v*8~DfD&gec@v*i} z#W~a0p12zXM-S|dStt>0gT0n*D5c`W-!+Z^37j@@O9`{1U(^uodq!A-ftP zhoF;K0i{w9C#NE{60V%!dKV&f1E@)_S>}*xIY@Dm7zZEXosx?J-b9gXQ$ProE0Igd zMzU%6&BvTl(}(M7gxtxASc6HPKOno}9b zPQl<(tw|U6T_HsX4|`rxa)~AqcR7jeOF?a3rnBND8r;a6k_HoAfl4R=Uh7!Ays5__ zef|xi(I)ErsEs#@SQbV*kxGv-j)o?xbrjOxzJPo_KRjZ9SaToK7Uy=`OSj z423jH?1Pt}<)<2xmEYum5}c^zDxv)!Dc011@xCzwN-P)(D=dRTi?!ENm|M|+adljf z?k^BDK^sUX#$ccIp7)t~=l#Zghi9Whj$lhs_ju-*&=uw-M<1*E3>#wUR>L`=SVy$# z=~LB6RNE9Ow_75yTP18?pkNd2nQGdQ+-Ki+?9m0vUXk7nbZsWO2ZJO>MV(GTa&XRz zV`3XTa(E7OGJWp#J1 z#)@5>snZcSa;+&^^5U3kO|-L2D25Ri>+Y#)pAHrXyUGy%;arMBtoIND>?ddp$+XXO zd_Hqvf8JWaPa7n7Syw<6=Y?%x)BfSldB=nITtTL94QaQ1lGzc=UPq9|khYtE|2Q0o z4KKp*!}E#E$XK(h_OL1re1KL`P;3}nwQDVXS1iM9&S_|Az?MLm4kUB2SgbVImr5sB za>Nx-c;a4XyTs40^RTc8C2<5i<4Bpmp(hy)QgWHRsnHz{7dWzyv*U&W~@%(6dC`^>FW7Y^M!Iq zsPQRQGtt~K*N50{&2rw-y-yEk;`dHKThiai8U{ApMprL>_ewQ#wS$L(OvY1o5q+~k z{2`%6&`Ll$25Ygn%ws1!rVhTMN#oaUtghRz>f);hX#w9(G~rto;Q5580saZ6u(&3IbH@W9i;e z+D9+T2=l{zPgNI&7F8k9oN<;~_C`)f936;AXKNZWUf>afdWmtfu^Y+$d+URo2*)WN~@J`7CKOlfEB!Q@Q^ z9MUE{L6Z&|r$d7~$>J60s2!3R6*LXw;qZe8tUU`07{zrriZ!3ZCc13%K3!BlC_Ml? zl4UgDwNGlogC(b&7I;uG`$p%*&9X8~I(~IGP_9V}mnC=QNEj?&n3)!h9YoxEB}z+2 zZ+9BAr&q$3{J3Dp)YZj>L%sWjsBELcE-l4IswH!;ri?Z+p&@ zK?7eOf#mDD1WK?9!u=FAk)LOqC;`XstPJ4Vt-#ogZD)$l@h95&R8uq>AjKAYXWTs~ zQb9knN%J`os}tv0kA&{VQ28G7%h~uwRzsU>-qfwO@8)HA0`&7gwSzcs9$1z@z>A&8 z`bkv3!GtKFM*5)cQb-wFSom!Js1gU=m`-pwz~s z^8q_b4#$ClOOYAouy4b5Jh-22W&-X}GpiHvMEc{?)x7-<@$wh^;p1CVZCk4|Ye-o0 zwi+)Ga`qoQSd`{7*ySEG%KuLoHcY&Cj2ZWjD|7xyXCB2%j41SP@V4&GJIK2uA^#dv z;-l&LUS8dnnEt)NM^KdQS}{o}5vj6EU3_!;gY1~mB0EAfM*8T-5!4^1_D4}wP;j>< zUj|#~R7ScL9FOoGZ$XL(v}tc7gAh9RNA?%1;9K|g|Cy}?=7zz-AX^}J^K5_h^==DW z0>f#u&g`iv76=slEE#*W6)WTfnL>{Mp|PDUOwT26fBUyRJm54fe9p8>Q_fRMeJH|l ze(#M{{>vhz#U)UK56sddcYA@SV)+6=M_--O``+uY_+!0wYr4Sb(SZv%;^q{iwCf4S zBb^L-U+ z{A9^JQLgPgIr`==HbsSVto_aTZHc}KEiRVFt!Lf3r=ULdm`yw z_jY*CF(ieww%nat!PIk{_j@^FfEEx&)1k74ev+(OiOQM=r6)+S1UHi3zJ~i+m4MhwjVITx0u<%@=XeOqlgP?BQme-D(K`I zTL2}3)jK&Y0)TI%MsPb)dTeNB2a5PK)DVJ5wb@{L_(4Y^hqRSIY6Lg312JUUcnCd$ zl=ongNE?Vmm7ul)2@~2By%;AnUUq_GusOE>4_8i^TNBU!*@eP+$Ao@K-!=M5C#kFr!jgv2Qpj~?TrH4Z;7HKLJA%p7!320 zqmoyK`GS(moMncPI~oBW=JU#9=>)ycTSa@Nwv{A&|<70K3i-l1w&ai5KbK>lg+HN7Z=Y5Pd#%o zKgBQ>o#(nW7&eou)62pnpU#wXS2vmT+j;SP)m5|E+{5E)IDAN=KIcwu5#%B2->CA2 zkjk}ZolAhB*~NVKz@91isn&4Yt(Rh})IG^H@|oU$bw@O=eiV%P5a+#kgx% znw3?)@t6Y`ca26VznVTgK2$CB{>6(){H_7- zlFqy5OtR9jR{$g1z_=CjtDC#dTfSY%)tT}{!mU!ncPZ&@3)Fo$^ZBi9!;}nRfd;^+hqUpxooVG z#!!3Bw3`D(v$1V=_pk`?Iddh6<{1( zKOC#geB+|^^7!<2c4a?Q((6`juzXyXp3Rq5?J`*{X4JQ{-14ndyu7?g9%QPc+9LgI zoaY9;7l85n*sxRA$Ms69QMx_PUlr_^!xFuUme)h zvuPiVF~Dd7pEi@tOzw15zipgXa>Li_XQfBxirp@BJagsbW`+Jg>K6^*-FqwxGY!JO z%?g<(x%~R}t%LsUyjGtX{uPY>Fw-n`CvBsnJhX=|)nkuz8*-jK)=~f8AWw^vh-cq<>PL@OYg)V_r`um%ZYA+C9m~$^07O_WJOK=k>gj>!JS-7YL4BDdw>(%x3K(ng@lUvKi|Ohd^Hhal_IspZx5+A8-mt*TK_o+o&Xn!KJqyw;wSx_$Th z`q0g-8_U$exR}$f9;U;L*-jY`=Ig~xZd$0^W>(6&wCb14$#QgiHAU=ug6CX&t(8xv z7tOStEMK;iOugQ`xmNPy)9Up!^MF`oa@xLq*4~tE>*b|8wAZQRcZ`J_E>4a$#?Pl|f8 zYAdCoe$fXQqc`(xq|VFMMQ-$VaN0ho%nJR3^KwT`cTV1BR~L=dTW&sjJ!saij+;;B zVs@&VZ>@%1Jj-S8N);@Fl$4RK-scsxi1pOuyp%T1M~&*Et=^VXV{OnMTxVzX*ZgdK zX_+_A>tb}NQm*+~Yc2OGvjGO$V+c4gaU&r=iF_dw7q3=Hw1(M8$I52(T)tdU#zZcSD%rcc%4_~jX%e|MY-f%BsFxm1yOVwr z^aFsA&nY$Xz1Pm9Zj7g5YT2DMIC*G=%0n!Jo?%`qxLu@yO@%ePaI@^5z*>B_M&&0+ z9-w-iVdLR0siL)6eQ2KHvE}s+^l$Y|IjuY^sajj1ddDMumtWy`&zS?zJDARa`?90n z!E_G1zC_VGTEo@Nkm(&*#xYqq1Q66*DDn@CN*N@GY)u{1y zQO(a&Cy%e$(;PShDDy7}3!^hR-Jekb44{CKSvpTtZ zxSklTmTBg?=fnJoc3|XAmIp}C-H(((`|i=Q%qiCCPBW$RdD76*wUc?{te8tbEY{lT zV>jJCe|;{TSbFCmUtHdf$|-X^&e`+XbM^7H+dDXZF1PJfI2 zu68%gkE*SQTcWo=y%^-cL+}Rh&ZmMusK6{&tatGt*R(JKd z$Tu&WS{v)9tCO4a)9bQ%Q$09tPR+u_WvO>}wa7hduhmvNYrdRb3@!?b!R+|0Zx_4z z>PgFJ2PgLzou%1oO-wvr*7{_6k}`)i^%e=zfvq3pQz@?S@E2nMME)5?}rf0RQ z8+EnJtHbWibL+IKBG$Lb-cCjQt|hTPHXL40kp_tLa?nE>nc;Kq4*d&zE~S!5Vx1s2 zY}{ugdKBnT0E6gJ$`hJb&R(*hl=8XE>8(Y&RGI!mgVUi3gG#PC zs63a5K36y`f-Z-7%+cpct4=Oc^XPNgFntbmIe>xnxt5^IMZp8@nTwci0OPu)2?78YQ3Bw_PmP&mNnn_qEofb9+DN z-<;)ca+#;Q%SAbNak@GwH@lDZgXQzFm9?#lWm213$JJ>%T{|v4-y23Mh4C2OWUln& zQ{%2btc;PuR~*~D%eU98o+>x&dTMt1h9rYN>7G3&yVHIvb^V}qYFc^vR59}PhtWA+ zZ;vbOfvPt8rCRl>Vo#Lus}$8&#GI(}>FOYJzfY%JRk%dUREI8!gpi+-+uxjJ7?TKdBzpRCmz%XPM7-d|r< z*2P+R_1Zc?BKI7_Xtl?;uftjP^(DPH>z1F=ulJ=+=kBqVyLr8NogUkRhIvpuwQG82 zIw{{g>Gz{W_gp*aSE@>;q2m3m(z2|&RXWZmQ`EVT*u!XktX>{JuhGUD&)b`W>+1Ar(6}&C&ke2G&77^T>%*s$%sgMT zA3B3V`E2yqeOR4T9=nFHW?)IHA{{>amahQ}*xw3eo1Im8CBVy9TBSVFzz!CT zn~7ncn`fuX+h(`-y10Kh#`3h>xKS&&_1BBMu8!Bqvhj%4nT7|471$t>RtAJ`rb=bn zS}9&)9z$|%sT3cT{%yWD%uMmx)O!nF3raarUnTMsbk-JXOS#Oa)Z^!;S@O1dwyaOG z@^F^`yGKzD|~3YKv*(Y}rb; zlW6s>+v>|}-q2r{N>eM`t}iN$dgZqH*q&rB(AH(v7#8ee(#{R=yuG(F>f~xN>kMCQ zq-YMZFXhoRy?hw;TW#%WkZE2W6!JF@>A~dWsb9>`jnk{^YV+c}o_*8OYdl|`Ur%!{ znr$Rs^^|?^T3pPs%jEFkwzIO&?(c^B@MM1Sa&zC)*U!p$ywqFS${kVwrpccETsyhM zHUmRx_KO#T!oh5CpP!B{nnU%pP`~ZHRhRSr$=TIPUG(p)rSvj2>qb=B7|MDuSHLh<@(u@1qFnj%!8Mg-gwDnkeDCe@-!g|P$cMj<) zuftLA5%XB7^ic5I=pQm|RBr_~`bvO}KATnU#>5`9cGk3;ypqqO`iPUzSa;CeAEIGL zbKkYuH=nY@N(Siy&b-0=LFZ1Uq2x>X$JM;t8%~VW==DBVoYV)Wmz`DN^>o<0ULBmj zoj!J|uP3%)!Z!73d}5Ta{J0)A9`m4IJXcn=TxRWk- zD(hM&|9aC_o*g+Tw%tKGkx{;@CLixpn5IZ38a?xA`k1~S4o8Ixus7ViWwV*a0kb!> zD=Q=iyElu5Qa$dzOgiJCl0k1WHrlshSt#sX!S;~3+$~8=&duIPO36&-c@V0XXUh-D`8n!&EFKNdMa0W zHZqk~XH{A;+P;R-wvBi?jlLUH25q!)F#E>(<;JLtQWpnzIo&Rw7S#s>uX9)G`Rq79 ztrzE4cDLKpMh8#1^XXVQ8Fot-%iiU~pqxC-986B;nPauOzDqrxJ~ggS2bJPQ_Wte} z%b?@_@%8Za`K@+vnmxT9*!Ks|x9MK8{8)ME-_P$my|cU3Q)8LD)zo|?xyp49v~{a8 zI)2pkQa5R~0ERW!m#^vb%YI5RlZ*1>!7QDt6H7CRPK#tZBPan>vXPh(p>jSC*9oW@}*@?rpD{MIlR+vR`Z+Xv6Wkld$*~< ztfZFC@fApcwCBwyFq?%Vk{eW|1@2^IT&cQgJ-pVaXiXAJhUn; zqkq>uFO`$U*IMd&c2c~mRomv>L^-w#*P|h}1vk~1J$bvmE1e&YuZ;>)q5Fm7hqqDl zx^iEr-z-;WhBAF#sMh*={DfnO4b8 zGG~)nHuE|(*W-$LQ9drTU-XNLS??6DE{tmJ7A-@$WhVQYxtLzhnv-@ad6hiDyq;^U zW)tn^x^|WsXHSNY&nMP>u~ximKD{=_r?;)+OQZL8d8%F$@p4(OUe;2B z+l%rgUMp|f<7fS$z0SSd-dqiC$Ls7!Z#7>}PnBFjK*i7{v+OZ1TZ-N5u4{mmmZjO@>uu`{$>q-I1y8F(& zbJ84j9~8h9WV}J;I@l*xx4HbZJgKhxIi*5qRLLlV%e?ZepcjvLOl}(3-&Cn6mV+mz z>8etqGQ6K7KB+ufBd>=!uWYlaY|ASrc`bd>d#H@2b8MHY&efNPn{EeZ$wA*Km!na3A0w_m-+w1X89{m8`L;FC*PDu4XMlSarS~!vUuDW2-U`X z@*1dB2qZG{7itwCQ#7HVp>pr;#xYkZ?h66$B|RD0 z@L-q4OQA_C#>oa7nY!*Um?M$p@=TDPe4yAySl2w-tGiJ_v3L9UT665>h9ohPD%q^I zFAS=UY?Ek*905V1fqDY*cvyMjW885H<#LJBj@4wfTkWZl?}Jd+3WF#$M3L<(=Rh zuAxKBe?T_m?Q~wbaPye#U6lernaHqbQe0lI@@x@N@Ocy0bKSmY2#Mc0T+(c^6KDfv zL`Lo9uO-3r9L#Bpy*wWm+3gju&r0-ty#-L^(DN<`3^u^Pz~Jug?#|%u?(WXT-DPlx z0R|fecXuxC?rs;ii?jUpz1{zR-+Q%5B`1}W@1!b~r2BM#-R;P5yndl$aUvzVw!RX= z(DTnBXG%O%>_Do&y(v~NtWjF?=Y0uy=z9!H6Nyi2w|9%SC3ZQa!U25R^H6gvZ?#0g z*@A#dTndm{iMxZ^o9#}w?5EF3A=?e2M#!3cL_wRn^n^N=59g(@e|In84N}{E>BM#Ycd0zLkyA264NQCnyqUmg=2yn`7h6;W4bLoM@kROmP6 zxpvT;KEfH}k{j6vihrg6^9B@%yRNb#Rq=}^GJa{JopNW35j9AAJ62NM=@LW_OV0-5O5NfDDia3 zeT}^*v{M#RFo}JqiSIs8ahcPy*j*F5rZhLh#{HbL^XB}31f|t-785V++aB}1Snxo_&XPv6>#DZdG8_w&7R+=Cnh)A7$^7Hwt7;C9 z-7EIqkxA1XIoQ2;0yIq-$Ho5#)@hDbSzp`s18QhBQTWRU~kux{HklH z|4V>oD4afSJZaUoG6 zLJTPqy|Hfg-ATYM<49v^7dl-ikf+?1JHPuCg7SU=ki+uyH4dmSjih(i@)|lmqhrFt8JhlI(%tk7GKU&um=@ zNk`T`?6ljVc57KT9v!0iV9T(-*6QcRS0$AgKXiX~Y1pCimu2)hOD6Q;|Ip7z>++R- zRVJemdiIO)84?Zu>J>zw&o!)0(*~YD5l%%*P%d! zvzswc^x>tI+&lgZX_q;6GV!Bd`&M&Hh5BPt><-aV|BOcX&N`v?mQeFqfH2pYzVjTP z#=yc~&`*^^Y>F-WV*ud#zJT@Sj6&}rL}~6iR6qefH9Dw$EmcMHmN>(ldrmPm?|5fOj+ z_|=XTyNZccSBV<_;JGuOq05fm{pw&%ygM1Dk#ykhK#VZlnQohGxtJ!(MHKWd518BF zy~aYpNSH(hmUY`WKwiD+P4YZM7=X5H9XuWe*A3gsuh(y<+v+`S-&UxKg$>ds`sog~ z(C{xgItdC;>^g%$>6br_O^umsb7{*};;`uGOWckS^pj)bav?(TUUG4e+&cTAo23`l zgT&1u`TC9&P5vnw1lV=%kvlPW1+#OwXn~dltG{GXS{a|NGRkS^$k!6MzF2!V>D-O< zX797s=$9y89jF#wq|dgmmc_KBN;XI%8dO{0+ZTu|%o}Y*2nhM+g_SC~akSbAGJG4y zsypXP$2?e>OZHUff^Oj$l^cK8ZTY%5M$QAXH1OMA`k8INb~Li;)oHEWrsKeDlSj;l zu^RoSNL>}eYZ7WmlwnCJxr=5+B^bGX7y8Sox?$57B=o$Af-PQcGeHP-&f|Ix1%?p+gP_D}*oE!cM%0 z)uw`+jvvl44P6#s-?vyU92-aS`X})vju_+Urh>PROQn(}KRhj;U$>uEoOaE-RUyG* z3DXHW5UiYpUFk@LuIWtY``L`D@TsHIuZ8wLRloVtYFnz5i@_(>E6vun`OSl3#jaoH zPafBr+^f=wfR;l`*LuY7yj8w7`9h#5pue|<=S6Y%UHaRlhhSnGo-Y1Nmp$9y6;qzh z&Nv37;*s%R$t3!*-)f{e<*w2a-j<3DcX(^5*$fKt=OcXZ#FOZ^yf=4 z<9D^VJ^`iS2&xOtSC?*=Lbz>VH(^pXl z7mnF4)q~&eW{#7SLokub-)cLD^G=&5vbm?A*CG@tLYIHOCLN{KE|K&5bo|(@k!yVW zE9pB?`$6Zpoqr$6M)@I~{QJYe^Qmen7xd6>QF?Jbb#B4(p`W~Y1a`#Dn@kcqd}SG` z&EI*X>Yp9BGOpQ)uPkA^+WhH^(XnAnM!^nH((8^$tc{wd3{IZOju>vg-3QC^U-ooTb^;s)nE3gEZ+6U!_4`C=5>d%xZ459TVCr zM0Gx^r;H=4>4|iqb9u9j#~=30ra$eU(G+;b0kZi=xZJ$xCZL(_mQP8q3zi8#l2pU6 zdbjKC>WY7NWU)?Vy4Dsi={H-(Q=S48b4v?4?VxZpAxRz}lGB+cB>aFLy$g7y9|wRGWMX2%&j0UObAcEHoz_`f}f z!o>ac2$`*keF-g<^H}njOxNDt*R7tl-W;~Ls)+07m3mx4EQf)`J65W%3JT>FJYQ_c z)nH7skLNY}CC{UcX~f&bMv@8oj&H2!jjdAnBw#eOOSldxs{1-gBpcH<6GnnDBbH&3SO(QM)hz)#D~eU@mnQ0{7QA71#6=crI?A@$5~OgqHn9pMq~VMQ|2Tv! zm~3y>7LWR#06*F3UG0nV1xj`9}|E9EVrOrn@u~?zFmENYv3Y21HpFN3} zst9|YKrom@34hU(Pr5o9ik0zZ@kV=$Ts2nYyxi1j7{ zO*tpcd=63wh!I{0i0_|g#T=agYK}^(O2%$hj83jB3qIOYd!vmT?T{Z4@zq3j@SIdp zg=p&$yZov-5$pU;CDaON6bjPsK2rW0er+!~f*!s>5Kj<|SrRVwT8-dUTa;(lB|3YT zZ-#@V0Uviq4LI+h1wFV;^|rXTjkCXNAf|w4$AD*0K*R@-=)-AD@a>@cbx`JIY3o5( z@cr#p6DQyeRQmA*6!O*in0I^4zLEhM>fcxsH61d(iErguzuM&AmVVqz`*gpTbXA-t z1Uzm9y!I1))EMN~G}G!+QOxVV=;bfPpUlzE{w?g+Y{`H5{s#Vl81q=Zb-nAL2r#@9 z*MO8>t=>&G+%(6yFEuQ=ev|*WKI--b>~0BNIL%rH*k*UX1M~f#7rVXtrncUflAlU7 zf^6EKba?`vD?Q)lO1o!3^A7TlI#jQCQ_rRQ^B=J}0WW3<>!krN;w4X&PxD(h_p4yG zH*|G--z^2Y;Ay!YtYXgZ(Igr{gsSJf4|UWs{A}pcnNbFTGKcC0>#nTR7_j?Dh*me^ zhv%-zB8Ny{d?9s#nQ0*4G}M*HMfSB?fiFVrXO+4ofC>ML9fc}VeAM4@dsgzxj^#FC zsH^@6*kmZ9co&*UXgipne!0otq@wq)OTD4T{(11LI_;j&_2Xh1KQ z*Zw^k-$j@3dCxc^?C4^PldjnJ_3IYZUX-3$oTKE#v7Ta?DF_IDQ(Snk%to0+Cyiai zNy4@NeFcot36whgD+aX%m1;^8&dS=R=*Wt%|5@(n)>qM93_MT1eo%>R^v5;dVCs52 zBO}PRgY?c#Gj?w{#81zJQu5mp*Rq*-1}}769_ZLSzIE)(=O0nB--%D>)z=Ris!P@n|v7j-u0!Vu1)9+mS-n?o0pY!%_i2ooGVTkn)*qs#qqv(M?_E=Ghj07ky zq6+t{4i5>0X8=u^*AV1MI3YUUQhviIvD!}~py0+cXY z0F8vPWQF~bhnRF z>@D+KTiKCS@9hFl>0nWq7l|9*LluiWhewm}JTtdBP*3|jo$fYAU&Dv22*xaX^QL6NiQTDtyT6Nx z?xz+p)d>IAkd{hYP{qUT3^d(Y82on6T`RhDvB-8o;1$!L{@%8X3G?PDua5zgLnzo%bFnkvH*2@-C^|JMcJWp_) z>33mTHFumE-dgTZLnxh{u&QT2>XBiAiKN)lyrn3>r1)Co!MJn(V7d;VC#WR1F&8sZ zj^JbgN*=s8dMk(BKUiK&1{(` zyAZ&tLm&Yb6Um645&Ryh*7*qN((W08rwTw@o&e~-WidcaC>!Zs{BAenIk!JT7WI^% zu&ImJ@m|_piW$!LSB-?PqBE~VDt!pWC?54*bsM{E12Hvu^Zc#RFoX zP0SS^CuX}SYxrKBGMtb-BSmcI4ckT}(9HS#mFo9ysOI&;G)oK58s;TmR zoP`<8x{y=35;ahn(gJb_uId0&okAiOQ(ukhY6yiB2kBcw!fmYtsR@SD@b`shF0bWx zM#2khH3yGx4@Xr<|6V37>vz8!XES*m-amT}hTIGCEeXIOYi{9t4_R-mIRb#sm5keE zDG)RCSDBuV`M?ZkBD#_OA-*oB_&5D`iOuUU*R%J7{2c-d!RRNf&05oSEc$US9JUn1c6uc4~=*vc7%QC<;ly899a;{7sBsxK$yq_xI@VV zxIt#-S3+{P;+9N7WQE-=^av@9kQNsYnQpojW|$u6xK^^pvyq5?g{44ES4S2x6z$fe5$DI8z{4KDtS;ha!h93l0FD|p+sy*FmaM0$|0cRst87! zxq`(v$SG%GGuz$9{)+{TYpfA0GqVo|bEcJ{q%fq+qF~xr!6Iy>jk`_6o^>A{7qJ&;D)cj>Dj%ZSp|of*7Ch_-*!- zvSU#QVS*Q`x`vYIzhh_d%LJ+m7bbJ{PzyH)zV>27rM}XkU%e#~3IR=E?I3d_q>QTN zoDYb{s=e0fbs37G$=^8L7QJs1;v=cN?jvaBFZiDj6V|v>`tV)o$Pac6{0^M)E}s*D zemhQh0c+POIy`EAtyERdVPcu6-UXTp5|nxG-y%%d!Zg^5(FGszefBvSn?cK(f>g1b z@-{+OJg4Bt^`Qe!9KL+E?md@}asI`O%(W%^e0_z{BPolDl!`xTD3{@tP&}|M0kzeJ#m}Vp*}73D~U2JG#^1Kv}3C9 zp)U{@xK$vCJOI#10j<437v!xjhF^(1FHKD{%kW4+Zx{f=bPOB^cQ@LdGFiD$u!^qi z0izP_;VH)Bg(Jz}XrGcIw0tME-?xi*Q#;+axNL&*shJgq>tB7jX*ML~{!b+pW+}Rz z8yAOpp&*BsA_#^ddnpp{X}B@G!t58pFmYFf<52AD0!~MRiJnz;A`2NSy*wogg=FB! zfX48kCr*ibddaJ_Jj$J4^gcwcUT+hDVbP#;4sY4i-QjOSpYxv{jr6cw&0dmT(G<}L zQUdFHx<*asjTpqRKW(CaW76G5qmk`exiJ3B_)Ue!AABX_6YoXmO`**(PG_JbC4A5U zyV$-F4QFs3EGMKXRbFZ%o@eo%1&94)(z034rXh&ozaN*eEBVKF@{W6v{5%Jia$ZxZ zk>?;fejYlbNGf97pDo6bI1Btoy+$J(OyMM2LC8IG{ z*C6=TS$Hc0FzUd4h~EmnQBqupGKGZ)(3%hX-2d=KYZhZV(pj?R7N^D?*XrZxXSQtC z{TR^OhH$QYfgD|VT=Z@&Sl4<*VpDMxIf`K2>dc^X*d2?>6=uV6EdJ%5qSl$hHh2Lh zsh%8y2S{9~>V2_^dEoV{<&H+w24f(Ow)a%d#aQl zO51xT>6T!LsXIC|SPV_*V%e?$ZG3F+5xPE$5<_@OC|o6?kh;@O6>$i^F%ovpMGIEB zZPS%hHdQ-b5=$2;Ixx!X^YAw^uTq-EICi%$)<^RBkrP;-k_bcS6afyD-g(fr&n-@J2 z%4kbJ$av6YPw-Wbn_fbq%dt9^tY%nr{l}Ln#5#wr`@EP!XvW@tcMI%;;CT*zfA#r5 z&j%2_x(JM%bFwiABcVnPSThjRb_bi)i3Kj%2YdyE;C)p$ZU71k7=A;e*!1}4$(hF4 zkyA+4$=WCo-!^WZ!h2<>&Er;pv>TsYvUvX)PeK$X!d|1Tv3|u}E{R%Cpo}xgc;xZ` zO5-yNR61@U+H(rEn+B+?U7;{fFS*+euwXs*>w^qSmi+kyr4I5sxct@au{w z$TWF=CvVN=v^bw~4^3VqB#u0U>qs=GppfDWJ(<1q9!9Z*COY@l5u9z%I+}u2+YQPf z_ByL}y(6@)1jp&d8$3zJ=M@IJehkA+82V)mLxgKz8gf`~*!ncS`EEQcJOqra;6bL+ z?T^BAtxi-C<=aQhLz2P&zWt2@NtGLqKwU{Vqg}AdYNAI;%HZ9FyU0G_+aC@!9K!dr zV?{pvG(oWbIz|PDLx;Qa6>5b$LXUQ?4VR1t0>R88kE+=xZ`m{te#>}9Fv0QW`~v~= z{N+Zz>&;S&TzC74B7mCpv#YAq`TXu3*Ajl*T<>X4lCf6VC8ol_7D=y?#i~+?h)2Rk z1ucRuI?@$0h=bmT5`15?L*_7Ti{u+({6@%JcV0thCRYeETFw3VR)3!QL%pu3uPf#( zqr=1mgG=P7$RQ8w3^2wOi71iyyd&Gyt1^TESH#(_P=V`xLGdL}PjVQH+kBz*sDIXW zKq$4lru9lRxRV_lfFAQv#QoaOWmnrG6m4h=G3@EH|IZdLBQn+LjLu+7DI!ykruWY@ zvALud@b|sfLIndSmc`)TK6^dwjQfx0B^C)SvcUX~tt!(G(W;#_@XK^U{sHc`^F76y ztGNYdmygigkBUgsEl3FiPn?`vZ6d{(9y$Ge4X5qXWUb&Atc`tw&uSUv(U!AKs1#iI z>T?&*7KVJDN;rvZ)S(=9iE45_=tE4ld~chpIu!~8C!4BtgGZq&cJ%lqwOjs=?$DkH2|YgoR@MLy=`G z@@cX-Qo~P{(Ukd@&q1Bkjngs~&uND09(Lv+s%0{jKt42)qgQD{$B(Vkx_*FP||{`L5SJ{Z6TIj6e0lIu5c4evnae39kg3{po9Iggcb+@r|sao6>QF9cS(&RJD`mfSC5m8fY>(p2#oLo5E zxwYJXmgzJx4aWJkrZn<9z-(3G;aR52;a^s957r%+n4*Xh29gFZQ#cvFf0^dqzE_IxKl}<`-|u%-ze!oHWSOM1w&Wl76^oBLM6TC=_Qi1O9XhJU2ByNa7g*E6(_GG|b`Kk&% zn;fO8_+N^N%VKj8cKTgv$s8n`^u+R7pR)|ds) z0qj}*bJlpP7c6mNUI~EBmSOs}lZ}R)7U+p^O|1^thJHi$3_>h2>~kZHyj1K;f{Ril zB0rgbLxTdlFQdvX?&>XDPwbfPtoWwkDPyve6Omn(8bv z4?`ZyWio5RvTHOs4#DsGw|_Pz(#PkKvi0OWBx79SFZU?o;RfMnO#Nu9VFX=CvYRey zOuwJr?Wd?iE$aPr4W-BQ$lJZDyZD}_iGf)f?NbH?J7FAujV7Y)#+wbCopMqzeH^PQ zO&^yo(HSt0;6ZC3Ca*w@hD$u1xFwSd=Qe+VBCyz0%4gb2KKljus&My*^dKlfsrhKx zi7WO?t?tE@n^PW2M0*(^SmGA6AiFOSjUT^IR@jwSsH{#{_M2(GJRy62DoRp|vAsI< zQsO&N(%s4+%BaXofzF?neAZ$3x+4N17{A?(FA@PH>A&DRw9ZcjyRh#hB3Rq|!CnrL z+zXfyasdGJCk=;mQ9|$WAZZ1|Cxp;VJgl7Cwc?xfg^)FS+X$|MGhxCfjX|Sz9)kIf z8SCEK?ehm!DFi1Ox>ciAn}Ect==M?PXcG0#6eJ6nmJA9Yb)Wa$w=tAzE#!72h8Uz* zXAtSTlN>4IG(@$}z5Tv|j4v~ zu)eeXXLiB|`-YjYdUcAZm{W1t602_*&R|({z$3=B>^?53&CM*$dL7HzH^8`ax#cYR z$s*r_qO{+OEUv#EG8X^?-NdlZ0{bkEvvIC++8d#xTCDBc%>pjd`}>69#69FT~RES(#|SDI)+_g!OVhW zxA{L~YrNjJvEKkl18`!e%h-5?*~$CJkII#*i!C&xV-b}wF-Ok&9RwlVH)tAY_QTft zn;}#@+GG0?Qpz)QKJ}r?nMi{&u7Bw_&7%Q#6xH^2{7-F>inFfOUk2R;u6EkHQ+7l+ zLikn>jxds^5aOY*`Z2K*ZhaJV=STh7 zoU@@Z&mKQbqE(kqXl-{ZFK6azCBl-iAA0D|jwGRqms&r3iXwS)1|KMU`;tx`vrA{i3jKa=Uq zJp<`?wZ0Y}3if@4O)waOpPa@a!Qu=JUandW1>7&ZIL~W?g2V5gT56rnEcc%XMkR=CvVf^F=ZD*AmAQTl;gWM)KP_=Vg+^L6YrU)}2)2TbgXgWpAt||FFu%#=SNe1BCPL z6qP4EPutc@@3M?NtC>G{eiIWyzL{fHra~i)@BR}L!-Cvk$qlv6N`EVZR?ni34n-O9 z9C|#Wsg#pX*>CDi#tU1@!I&-dEQq2%KKkC;0XnCROqD~99lKwfEhEmWtV@Vrj z#pqpv^)A>n&7;zq+IQ4^+rIiFS>u+L`uqLmq_jM%$c4)jaPY+m_H3HdK0}2&HE$Ao z^;>^sVv#0tW`}&?&&;3ilKHcPVX~5J@thW0xvt6Vze@D?tiCSDx&yE;Oz%;ub$24M zoQUjbiAr$I5qhuaTXjCdnh!r56Ty}`&+SBGkq2=B(wk} zlSQ&bJxZ9=&hp173C5PKCB;vC z799#bg~+dB)RIc;$DD)(!g$BbCiEUJ8ib$rd@YurPdU>wjil%J2riE5eSb&1*t!&? zyYRbV+M?ee1?9bLm&#vWhts7I`f=w9=#vtWx|1v2tEsQ&Gn<> zeAo}*L@4GL+&tR_IEJEI6pLu4s?TaqnZnU-3wTjvS#W7fe_WrJH!>(VlZJYmS@)ND zI}B=;u00?7?JxHQ2S24UwAE=0=&?6<36mg71o16DPd0CEEDU&c|L{6$zH!fv{g88< z*7Scy@d@!4GHhO3Kg!wY&Z=H>e{-F@Fq~LA_juv4T-rpp))jNP)3)ZH{cUBfK{bP^ zFqxMQRiJIKA%K#HVKmY7ClaX9T@!IvmqI@4%?z7qxaPTpSbDu za`fajZi$IDw_j%A`EJQOv~CCr;or>jSsHoC^p)iKzN>zT(Iwi~3~2)mLr9(I`I9D% zRi{g9?S!DNQ+ow#;v*860U}^n%jMV-C1m~hF{ne1T1^HfoehWbt~NF!$C2jjyx&f(WZPLI%>VAC|$?I(`7z?WCETl+oaRLGVTh6w^yO&UcW!w_u z+=_Upfy$B06vY{FT|(;wdm5|RnfsuvJX1%f2U5YSnTOoFwmj6U|HgrAr-NYv69=F5pinzO z>nkwp?(de+{1tlip zr#DLcukQ9JtxS$npE|979GksrkUtnF=xH^aNy3$Hel-hh$>_s=KT{9*geVIy(>MR4)b zC2s2uEwD4)XbGif=T#IMD_8>7aYN2;Yf5?eUa!3RYjp6=I5Ykx8|J&r;$s*-BeH7E zC*?A%9Y_cVMP+-;^|G0nIu#UXR1T{3onT=(x;rtE|9v*YIq9b6ZtI?Kl%XW{D(Zw7 z-bJ}x3>!AHWpz0qb#KbE8zL@ou+~=WR!j?2iLHKTrM@ZdYJ3=t5AMv1YcRigFnRvo zs#(;wNZYq#Rf_BN-Qe#kRU<`hXL5N(3~h&%p31>lp{FMKeSTi_LHjwL<&Jw=Bn8hP z*CHGito<*gws;3;^4al@=vYMaQFHEr!iAxI2D?AA;^>-xer@kBwV!t<%X(z+S5=}s zt~fFaRT+K8jPC@uf4a3Bih8}K6S&V(JOij2dg8LaBo%784;JXGnr)Y3p+z49=j1Bw zm}ayz$OueL2!|>SmvE+fEq%=m~3XL4ZB(sxv>U}mz0u9jWTUuSGpmHc~ zX5mh5fx{87W3&i4`>0fkcF^vL zeK1m=QK2m)CR1PO^`m}9ibNe%$TQy$ep{V8h&ANJTDPuojj$kfHMm;FJYjGl|9e}e zci07*|6)zotIqeA7AfXeDzP#J{tq^uUq2+oPer{W$ApO*8^zNQ&E={v^1F;P>-yKD zU95YmyW|m|m(&R%nq0#$%Yc*`lr!R9Y_OPhPNA{soycxI%GU}c^+ptu!nG0CA}#-* z^MBeLRt)(qYP@8X7dF#fugCz2eS9K|&~AE#LCqe^dw!GuTvL4st-_wb=Z||w5pv0| z&%lTeI3-y~D0GPbBAJ*|ldE^rKtK?yKtP~ z*(c}3jOBmD{|bmmtl5Qth|GZgU+|ZoqyDdW`~MC9zmi=3>;6+nkpCOyMM)M0_CHsA z`CPj`TUI8>&;5VVW=2vCG}GdDtpz@>G9rS2K>h3$b9Atw=<7kmYE8SfBHuBW@vF9yMDj8OaIVSB2 zKO7-)R6rXS;U%E#)pyYjB0leB&5PAtvdaI@Ohf@6L_YA=DG^>Vj6WQJ&642?326v0 zM#}fXj<|;Uv)iZ3eC3-@Rcph^TG>zM>BN;a`7`-iqF04Qk!(rB42o)&Np#dj zB^DeZZ+noe6Rz|;!o+>Fv=2geCdx=EphqC_Nf5<@N ziSvK0+Ko`U@(NqDtvjFuKU43r;K6X<;E0p_bP9gvA>6kFIkt~0LSIax6TLZ|OK@PW z?c2wV*8dQaAIKVOi@hs%?MjuKCz4uhs}h1^!Sz;-C??G+r#c|R5~+7qVBx?EL324_ zyrb(IvDdY%)GQ}q)V+!9-%vF{HspBGNXmA@dC^=qQ1R?TOj+nu+( zz$d}2mhu=GTsU9fb5D?rYqEtq$;ClIL+^XO(6KyX>Gv_gqqu$+#!x?kZ7b-34V zBqsQp12TL*!im+eWkfHd2*E%>>!>O(E~z*qJ45DW$>brj$vE{>PiU4i6@yO+41I6lT>2cmeoieD zLXK@bp_#Yp3gqffKhuX}xeFl{!=U!W=t}Pl<8{PS*-rmpeV+SrE_b-Wh3{>t2(>NV z2I9^X&{%%?4RSEqY`rGqgA{H~OG^Z7EB0LW%Fs|P?;jom*sa;cSEzO_b$&1pi7GTHoxkRg#T2I5O50^o+q46X*1 zRgzp%V}zL&Q!qXvN@LuiY4{4l4JpG|s(YeyitYUp$cinhNWOwzzzjShDti#}r>M;Q z>TmTS$pQ-=5(A&1dcc&?(4Wyi62XJ~C}C=WPoYl8Bnqsl@L8p>Z%H-+u<4oADIA;V zwnHudR*MTb`az}0gbCy-1b-uu2aRRa2{)1#(qo7dwKB0HWP9-u)?y@R;=qyYFp?{h28WN}D2`Ufu)8pW3mXLa0{DJSA2 zntARn$iJ$wrs6T`5IGhlN{PF}^jLQ6Mr^vQ#<_it4H(-TS89_QUm0EsO<7k+9b6}8 z8b}Ps@^02Gu?7xLfn`&IJ=l`F}|Uyxf1Soy_`F-kw`fevE_Eo`ydh%E^m(veX(ye=0^F4>jo z0D9epGz-_30~`WxzAmw`moE9Kt64+V55-f@NMfpHet7fNcW<98qjsTras<~vqhuCZ zClv~DRzfWi)HB@a%Bml(jq2`QOm?_93XRoYAP zD%$&|+eBrDo3a<;PbkOptzKH7G_pgAnQ1vkL+)u9?A6piKkiJtX{sx~*NUplu2%9v zoAhNt##E6y?c_rrZ_A_3@p6yJAf@zbGNQSc{6cn*(cO9-*tDC;`kKo6()3wgxuPdio9e~d-ZB;CUxlWlYs zqw_`{sKwB<@bJ}mY&*dP?Dwy;&sNd6A&uvV;0O4zuOi^T$r?axp=2x4uQBwr7EzOtCE} zM`av`_xSf6onxxkopZ=)Z%9eUr)rOyHk2XTbht5AWutIJ=HFlH308-J6-JDTwr;CJ z)8d3gGmh(+CiyVi3B0J$Is@;94y!~akPiA^I8W~tEe7j^ZoN-OWWKFc*ug;o6R+Z8?fyWKu&TzAGAgTnSb?kmrl@x{H%bHU4m$BV5` zi!qz`<(!KSgY<+9ovfhfRo`FOsK<$*?c@@pQv{JwyA|8@qBi)Vh-~fw7M`Zez=W5p z^$kkt4LGMCL$b3+&+m>12K|5CC)i|&I0zP&&`)Y+2U8zY*;%#^^qLvs9E|hbQ&4dn z-ktct_)$T9i@Ii6%cewv(>Yv2O1Nt(O02rij?^{3(_Nf{2#03MBEfn*g zU$`_bKmOZm!jx^S+4%T$JOvK{;Ya`hf&clMsG7Q1JGn84JK7stJIFX%JE*!jx)@uU z|G(PFFzWjm#1qOFowEH!vt8n^$Reu3srzc0YiM#5CyhM#i~BOGh>c@sNgDg?A8!^O z>8vzt9(s>~m~X$t$vyJ{E18xSoB^8wuU1Ua0le9Ad(N@l;BcG4&`=_bcML3{dYC!rkc*uZtg2>=NBx_fb4dol z{BS+?qjMt`hdO_F>A!&V6}jIu<-PrmO3banDv9{19hNLA(v==4`kVi&WJk1xJ`pdi*1)h^JgRzf$k3Zu3*PkQv zJ!7Q_M1B-sIUws*WYK;fx_U90{au7T6uspbtAqbednn;G6l3~E2j146yy&- zcLR0b7tq*3?$h^K1`~(YL(WY~1vrZy8Q7&DsM2DeD~bBe@&M03*o*d$R%(T(9v(l3 z7v|gd&d59gf#9pMKz=I6vyg-0_4-`^^R;mTWGjnz{wbt3$A z>E5m<-H+DG&@}aAyXZC_sbZUVn7eSC3}ADuKTfd~hhObo3nUQe=u(1<_Jm$l_o--& zQwTHAk6WE;(6xCP9}#?i%9*DBIFczabjG5jhyJ!L^iwl9$=dOb2PlX9f{Pa|i_D-> zXewuB>&Cqg`(>@mK6QV+MslWkp|-ZfB4Vz;uft*A^$QzznJ=5_Tt=5Vpc4$&617{u zZ$MRpG8e0gLaE+s2$?uZL1Z#Zp0;vhANcGFVO(=C%Gtx1IZUlu_63AuUmC8xx5oNI z`z#Y`XA(o)8UDyQ0G58x7fUKMR-6Q{Y`h1dg0eQ)FiyCu+Q$%Pi6>XfjQ?3_%<;uT1j_zicD(m%u*)2^zcFC2XKEnb>_~ZTk2w!ap-+<1nv; zSx=!9XLqN^BcHFO)AhZ4zzB)zn#B@E;|II|YMX~+kBbKhYb+%EQFP^#O-RK%IQW2q0dWN_{^%sN5r|7^cWqBqf~UN zpBUQnVM(~XPQ;|jhfUK+EmlR}YWJBa_Y5NCU}_~fy$_uP3%Xh`X0b4u3_%;H%9*9) zB1@0w`3zG%Q@o^6=b?vkLw4=5E`a<;XRYyp#+~GKJr+}Y^D@GV@wkS(I^NVo2eM)- z3%aq09_8{_1`p;-?p-6tjt?oSDs}BOOmg$DHIs{f-}Dy0084HHC}-b6A)pVEJQYDp za}8gz-&K5q-D`^d@hgXvs)*Ms$-0)2Y{){rP=QFVxNSo2=kJae2APfyZxL%cMdzxs zneaYXHcN8<2r-dPGd#-9mAcKU&27&8!2J=7ujTf{z-IlA%C=FF*nw0aPSa0p-~E;) zVH9>G4URMfEess{9gCUTgBck9fOiwm8*yf-s>BQdGv4xb#~M{fy!|Ykmh#_?e&OHd z6iC*+8*sJh6q{h8JAcTpy?SqmJd`zO4NbmOS=#2Hb%bwAM@?1Raa|Wk)EbpW6>g-GRR2b{(A0nrIC85n!Pun0c)s)NaDgkpZ}5nR zzg!M&8&B|cMPK%>b>-ry5BxuF)p!BZgQ*`Sw7g7$k{B z_hKC^+?tZ5O(ey#f8jwtTrzWGO0TzZA*hZer0EoX2^C5rU zizf7n$AfxGP~s}E2`gv;x4HX+;`WMj1nfwIGe@CoG8j)u!4(#=m5Yxve^r`$AG-*% zx9V4%k$9HqjL!tnW@emyMN@ljMEcP1TRq8cqJCu{6&kVbRNpax*bQmsg&sj`*CTem z4+Q}N({%O@$u-k*vth7pnCX3H42itn$=4!|fdNCwA)6R_5~^ zfr;X!y5lNP?3V%9JoXj=pVgD=x-i%5s<{67UKR)TnfU7GyYKw416h-aXf4;_8` z+iCmVS4ht;t>xJ|DgYe(TeYL*#FJo^WWkBC$0Uz;H8|9|4oPg@3{Yy h8uwqgNp8shU#0H Date: Mon, 6 Nov 2023 11:26:11 -0600 Subject: [PATCH 029/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82675 -> 82676 bytes .../script-domainjoinstorage.ps1 | 2 ++ 2 files changed, 2 insertions(+) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index d5631e4665d503bd4da74d1cbdbce623994ae598..76c0bce424c9d1ed0e23cca2a18881bfacf7dacd 100644 GIT binary patch delta 366 zcmV-!0g?Xmg$4A51%R{x*fx%_KxfeF{rSaT26Ut_fJyh7ou_TYox|KdE zw%dnxE`}#5j<^Ni73mO5=@}rnNAiDv3jPO4{~MRrK>^4OBwJ=zIwi5v&+{&02aNW>Hq)$ delta 365 zcmV-z0h0dog$4741%R{x*fMax*DGP{JrdE;aeP9R!16)D5*)dABl3xmm<*y|GU2cEE$cL2Dbzps z>)Y|kY<%{ie?8DEZElmW&`i>W2D%oP!elLxI(n1wL2rP6#*>5I>A`LLcO_H8n5OT7 z{@}y_I)h&C_umbx8_cacjHkr*|9`)5l}{?ku_YiHzkPz)UY#~nsDu*f=59j@2v!<8 zp;M7)Wz@WYkwmA#czbzbxI3_=GKDz=YYH7+1JK*n4CcE$Mm;6jfjNS5wtm~|SOTRB z?CXpFT3v1P&~4)U0e8Mw*srhrdA2&oi>{v+*|ZP!Y9Y6IWRu1oD(vI5M Date: Mon, 6 Nov 2023 14:04:46 -0600 Subject: [PATCH 030/117] updates --- workload/arm/deploy-baseline.json | 20 +++++++------------- workload/bicep/deploy-baseline.bicep | 4 ++-- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 3593b2b5f..b5dd75c8f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "4374850285059951273" + "templateHash": "12645194561011046179" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -32140,7 +32140,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "12836745950301434989" + "templateHash": "18138942451660271553" } }, "parameters": { @@ -36177,7 +36177,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "2307914902179659195" + "templateHash": "17031945091476279498" } }, "parameters": { @@ -36215,9 +36215,6 @@ } } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -AdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('adminUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -36232,7 +36229,7 @@ "settings": {}, "protectedSettings": { "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1} -AdminUserPassword {2} -verbose', parameters('file'), parameters('scriptArguments'), parameters('adminUserPassword'))]" } } } @@ -36351,7 +36348,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "12836745950301434989" + "templateHash": "18138942451660271553" } }, "parameters": { @@ -40388,7 +40385,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "2307914902179659195" + "templateHash": "17031945091476279498" } }, "parameters": { @@ -40426,9 +40423,6 @@ } } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -AdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('adminUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -40443,7 +40437,7 @@ "settings": {}, "protectedSettings": { "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1} -AdminUserPassword {2} -verbose', parameters('file'), parameters('scriptArguments'), parameters('adminUserPassword'))]" } } } diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 8a7d8ad95..c3e154508 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-fslogix/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -753,7 +753,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/aad-fslogix/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' From 08fb3dc05640e89e66e9ba1a115501c0340acf3e Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Tue, 7 Nov 2023 12:10:51 -0600 Subject: [PATCH 031/117] Update deploy.bicep --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 3a7434b1d..1c5244d4a 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -113,7 +113,7 @@ var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var varDirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' var varSecurityPrincipalName = !empty(securityPrincipalName)? securityPrincipalName : 'none' var varAdminUserName = (identityServiceProvider == 'AAD') ? vmLocalUserName : domainJoinUserName -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -AdminUserName ${varAdminUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${varSecurityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} ' +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -AdminUserName ${varAdminUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName "${varSecurityPrincipalName}" -StorageAccountFqdn ${storageAccountFqdn} ' // =========== // // Deployments // // =========== // From 4403b8e56f723fe1d8b58e7713f1b49a49e49574 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Tue, 7 Nov 2023 12:13:35 -0600 Subject: [PATCH 032/117] Update .gitignore --- .gitignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2d42a350b..574f6b4cd 100644 --- a/.gitignore +++ b/.gitignore @@ -57,6 +57,3 @@ workload/bicep/parameters/deploy-baseline-parameters-MSA.json # local test files localTest -# Ignore files that might be used for local testing -/workload/bicep/*.json -/workload/bicep/*.bicepparam From 6c7e1fe13138cbf563a74474e39b8bb54d7ca402 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Tue, 7 Nov 2023 12:22:41 -0600 Subject: [PATCH 033/117] Update deploy-baseline.json --- workload/arm/deploy-baseline.json | 1700 ++++++++++++++--------------- 1 file changed, 849 insertions(+), 851 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index b5dd75c8f..a6d0e665e 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12645194561011046179" + "version": "0.23.1.45101", + "templateHash": "433843590241952190" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - }, - "maxLength": 4, - "minLength": 2 + } }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - }, "allowedValues": [ "Dev", "Test", "Prod" - ] + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, + "minValue": 30, + "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - }, - "minValue": 30, - "maxValue": 730 + } }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ] + ], + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } }, "createIntuneEnrollment": { "type": "bool", @@ -152,13 +152,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + } }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -174,24 +174,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + } }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + } }, "hostPoolMaxSessions": { "type": "int", @@ -392,11 +392,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, + "minValue": 1, + "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - }, - "maxValue": 100, - "minValue": 1 + } }, "avdSessionHostCountIndex": { "type": "int", @@ -436,24 +436,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + } }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + } }, "diskZeroTrust": { "type": "bool", @@ -480,20 +480,20 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "Enables accelerated Networking on the session hosts.\r\nIf using a Azure Compute Gallery Image, the Image Definition must have been configured with\r\nthe \\'isAcceleratedNetworkSupported\\' property set to \\'true\\'.\r\n" + "description": "Enables accelerated Networking on the session hosts.\nIf using a Azure Compute Gallery Image, the Image Definition must have been configured with\nthe \\'isAcceleratedNetworkSupported\\' property set to \\'true\\'.\n" } }, "securityType": { "type": "string", "defaultValue": "TrustedLaunch", - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ] + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } }, "secureBootEnabled": { "type": "bool", @@ -512,9 +512,6 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -524,7 +521,10 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ] + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } }, "managementVmOsImage": { "type": "string", @@ -564,194 +564,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", + "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - }, - "maxLength": 90 + } }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - }, - "maxLength": 90 + } }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - }, - "maxLength": 90 + } }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - }, - "maxLength": 90 + } }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", + "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - }, - "maxLength": 90 + } }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", + "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - }, - "maxLength": 64 + } }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", + "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - }, - "maxLength": 11 + } }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", + "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - }, - "maxLength": 9 + } }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", + "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - }, - "maxLength": 2 + } }, "fslogixFileShareCustomName": { "type": "string", @@ -770,34 +770,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv-sec", + "maxLength": 6, "metadata": { "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv-sec)" - }, - "maxLength": 6 + } }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", + "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - }, - "maxLength": 6 + } }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", + "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - }, - "maxLength": 5 + } }, "ztKvPrefixCustomName": { "type": "string", "defaultValue": "kv-key", + "maxLength": 6, "metadata": { "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" - }, - "maxLength": 6 + } }, "createResourceTags": { "type": "bool", @@ -816,29 +816,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - }, "allowedValues": [ "Light", "Medium", "High", "Power" - ] + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ] + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } }, "departmentTag": { "type": "string", @@ -850,16 +850,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ] + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1548,8 +1548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -1569,14 +1569,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -1657,8 +1657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -1671,13 +1671,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -1787,8 +1787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2148,8 +2148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2169,14 +2169,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2257,8 +2257,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -2271,13 +2271,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2387,8 +2387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2743,8 +2743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2764,14 +2764,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2852,8 +2852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -2866,13 +2866,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2982,8 +2982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -3356,8 +3356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16933483947927654925" + "version": "0.23.1.45101", + "templateHash": "7674820370747296859" } }, "parameters": { @@ -3480,8 +3480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -3501,14 +3501,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -3589,8 +3589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -3603,13 +3603,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -3719,8 +3719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -4080,8 +4080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9723296804992458231" + "version": "0.23.1.45101", + "templateHash": "15031312632057308059" } }, "parameters": { @@ -4170,8 +4170,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "maxValue": 730, "minValue": 0, + "maxValue": 730, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4230,8 +4230,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4274,14 +4274,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -4474,8 +4474,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1015616738226483875" + "version": "0.23.1.45101", + "templateHash": "15258493604851481315" } }, "parameters": { @@ -4618,8 +4618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9976669288431551452" + "version": "0.23.1.45101", + "templateHash": "8116463202302820849" } }, "parameters": { @@ -4752,8 +4752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3402933947779868845" + "version": "0.23.1.45101", + "templateHash": "4881003164746404595" } }, "parameters": { @@ -4887,8 +4887,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12988075953101096314" + "version": "0.23.1.45101", + "templateHash": "14365252475725366454" } }, "parameters": { @@ -5059,15 +5059,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3289166297924789550" + "version": "0.23.1.45101", + "templateHash": "17250399248258895412" } }, "parameters": { "name": { "type": "string", - "maxLength": 63, "minLength": 4, + "maxLength": 63, "metadata": { "description": "Required. The data export rule name." } @@ -5206,8 +5206,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -5433,8 +5433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1145398762062008037" + "version": "0.23.1.45101", + "templateHash": "219986384503122327" } }, "parameters": { @@ -5478,8 +5478,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 730, "minValue": -1, + "maxValue": 730, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5501,8 +5501,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 2555, "minValue": -1, + "maxValue": 2555, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5602,8 +5602,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15503229472224280826" + "version": "0.23.1.45101", + "templateHash": "10708379588686916495" } }, "parameters": { @@ -5753,8 +5753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7352784420507326330" + "version": "0.23.1.45101", + "templateHash": "6190525379812728386" } }, "parameters": { @@ -5965,8 +5965,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16579532157576436548" + "version": "0.23.1.45101", + "templateHash": "17144756852640621015" } }, "parameters": { @@ -6140,16 +6140,16 @@ } } }, - "$fxv#1": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#10": "{\r\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\r\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"metadata\": {\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"NetworkNICLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualNetworkLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualMachinesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDScalingPlansLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDAppGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDWorkspaceLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDHostPoolsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AzureFilesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n }\r\n ],\r\n \"policyDefinitionGroups\": null\r\n }\r\n }", - "$fxv#2": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Connection\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"HostRegistration\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AgentHealthStatus\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"ConnectionGraphicsData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SessionHostManagement\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#3": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Autoscale\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#4": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Feed\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#5": "{\r\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [],\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#6": "{\r\n \"name\": \"policy-deploy-diagnostics-nic\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"timeGrain\": null,\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#7": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": []\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#8": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"VMProtectionAlerts\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", - "$fxv#9": "{\r\n \"name\": \"policy-deploy-diagnostics-azure-files\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2021-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"Transaction\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"StorageRead\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageWrite\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageDelete\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n }\r\n }\r\n }\r\n}", + "$fxv#1": "{\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#10": "{\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"metadata\": {\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"displayName\": \"Log Analytics workspace\",\n \"strongType\": \"omsWorkspace\"\n },\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkNICLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualNetworkLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualMachinesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDScalingPlansLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDAppGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDHostPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AzureFilesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n }", + "$fxv#2": "{\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Connection\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"HostRegistration\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"AgentHealthStatus\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"ConnectionGraphicsData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"SessionHostManagement\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#3": "{\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Autoscale\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#4": "{\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Feed\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#5": "{\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [],\n \"logs\": [\n {\n \"category\": \"NetworkSecurityGroupEvent\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkSecurityGroupRuleCounter\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#6": "{\n \"name\": \"policy-deploy-diagnostics-nic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkInterfaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"timeGrain\": null,\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#7": "{\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": []\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#8": "{\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": [\n {\n \"category\": \"VMProtectionAlerts\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", + "$fxv#9": "{\n \"name\": \"policy-deploy-diagnostics-azure-files\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"[parameters('logsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"[parameters('metricsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n \"logAnalytics\": {\n \"type\": \"string\"\n },\n \"metricsEnabled\": {\n \"type\": \"bool\"\n },\n \"logsEnabled\": {\n \"type\": \"bool\"\n },\n \"profileName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\n \"apiVersion\": \"2021-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"Transaction\",\n \"enabled\": \"[parameters('metricsEnabled')]\"\n }\n ],\n \"logs\": [\n {\n \"category\": \"StorageRead\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageWrite\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageDelete\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('fullName')]\"\n },\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n }\n }\n }\n }\n }\n }\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n },\n \"defaultValue\": \"setbypolicy\"\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\",\n \"assignPermissions\": true\n }\n },\n \"metricsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n },\n \"logsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n }\n }\n }\n}", "varComputeServObjRgs": [ { "rgName": "[parameters('computeObjectsRgName')]" @@ -6297,8 +6297,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -6480,8 +6480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5539435599928560626" + "version": "0.23.1.45101", + "templateHash": "6105432212734897298" } }, "parameters": { @@ -6659,8 +6659,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -6928,8 +6928,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -7008,8 +7008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7759814680098607558" + "version": "0.23.1.45101", + "templateHash": "12579875714884369933" } }, "parameters": { @@ -7480,8 +7480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -7713,8 +7713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -8023,8 +8023,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13214055304476289623" + "version": "0.23.1.45101", + "templateHash": "15620658803890882460" } }, "parameters": { @@ -8359,8 +8359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -8422,14 +8422,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -8623,8 +8623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -8868,8 +8868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9083,8 +9083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -9146,14 +9146,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9347,8 +9347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -9592,8 +9592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9798,8 +9798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4126277245845030634" + "version": "0.23.1.45101", + "templateHash": "17265889212529350267" } }, "parameters": { @@ -9819,14 +9819,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9921,8 +9921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9764104744913843180" + "version": "0.23.1.45101", + "templateHash": "1115677000975531972" } }, "parameters": { @@ -10128,8 +10128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10163,14 +10163,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10268,8 +10268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10477,8 +10477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10512,14 +10512,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10617,8 +10617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10840,8 +10840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10436531327774101026" + "version": "0.23.1.45101", + "templateHash": "17281867178107781537" } }, "parameters": { @@ -10902,21 +10902,21 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ] + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, + "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - }, - "maxValue": 30 + } }, "diagnosticStorageAccountId": { "type": "string", @@ -10949,14 +10949,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -11174,8 +11174,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12913964363513527115" + "version": "0.23.1.45101", + "templateHash": "17626849906838193825" } }, "parameters": { @@ -11367,8 +11367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1508597549221173835" + "version": "0.23.1.45101", + "templateHash": "12693477980850797625" } }, "parameters": { @@ -11590,8 +11590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -11756,8 +11756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -11917,8 +11917,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7449417204208520653" + "version": "0.23.1.45101", + "templateHash": "17072359188298457640" } }, "parameters": { @@ -12154,8 +12154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12242,8 +12242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12330,8 +12330,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12418,8 +12418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12595,8 +12595,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10975402800010178371" + "version": "0.23.1.45101", + "templateHash": "7326746777556089250" } }, "parameters": { @@ -12704,13 +12704,13 @@ }, "hostPoolType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "preferredAppGroupType": { "type": "string", @@ -12726,23 +12726,23 @@ }, "personalAssignType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "hostPoolLoadBalancerType": { "type": "string", - "metadata": { - "description": "AVD host pool load balacing type." - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type." + } }, "hostPoolMaxSessions": { "type": "int", @@ -12874,8 +12874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14753481159691076868" + "version": "0.23.1.45101", + "templateHash": "9101196936359798595" } }, "parameters": { @@ -13015,14 +13015,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13266,8 +13266,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2314964423044495570" + "version": "0.23.1.45101", + "templateHash": "11881426718765556693" } }, "parameters": { @@ -13484,8 +13484,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "782391975946165786" + "version": "0.23.1.45101", + "templateHash": "8289764189113901043" } }, "parameters": { @@ -13571,14 +13571,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13737,8 +13737,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7203259033747042619" + "version": "0.23.1.45101", + "templateHash": "6540019795245021334" } }, "parameters": { @@ -13776,14 +13776,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ] + ], + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + } }, "commandLineArguments": { "type": "string", @@ -13915,8 +13915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1752140700494840741" + "version": "0.23.1.45101", + "templateHash": "17185902162980736485" } }, "parameters": { @@ -14122,8 +14122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "324317554219687604" + "version": "0.23.1.45101", + "templateHash": "18193795661906928784" } }, "parameters": { @@ -14192,14 +14192,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14351,8 +14351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6421047844253253523" + "version": "0.23.1.45101", + "templateHash": "18390062164382385549" } }, "parameters": { @@ -14572,8 +14572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17010593045994332917" + "version": "0.23.1.45101", + "templateHash": "6877120515836824501" } }, "parameters": { @@ -14615,12 +14615,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "Optional. The type of hostpool where this scaling plan should be applied." - }, "allowedValues": [ "Pooled" - ] + ], + "metadata": { + "description": "Optional. The type of hostpool where this scaling plan should be applied." + } }, "exclusionTag": { "type": "string", @@ -14840,8 +14840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12892308842611713996" + "version": "0.23.1.45101", + "templateHash": "9763204850902124901" } }, "parameters": { @@ -15069,8 +15069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9066192464594903933" + "version": "0.23.1.45101", + "templateHash": "12068153438455870485" } }, "parameters": { @@ -15230,8 +15230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -15252,14 +15252,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -15353,8 +15353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -15547,8 +15547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -16127,8 +16127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -16705,8 +16705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -17288,8 +17288,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -17868,8 +17868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -18448,8 +18448,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -19079,8 +19079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3496664578163970555" + "version": "0.23.1.45101", + "templateHash": "4797950647402303495" } }, "parameters": { @@ -19189,7 +19189,7 @@ } }, "variables": { - "$fxv#0": "{\r\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\r\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Security\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/disks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\r\n \"value\": \"DenyAll\"\r\n },\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\r\n \"value\": \"Disabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#0": "{\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Security\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/disks\"\n },\n \"then\": {\n \"effect\": \"modify\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\n ],\n \"operations\": [\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\n \"value\": \"DenyAll\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\n \"value\": \"Disabled\"\n }\n ]\n }\n }\n }\n }\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "ZT-Disk", @@ -19246,8 +19246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -19435,8 +19435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -19705,8 +19705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -19799,8 +19799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -20069,8 +20069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -20139,8 +20139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -20723,8 +20723,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -21304,8 +21304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -21326,14 +21326,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -21427,8 +21427,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -21618,8 +21618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -22228,8 +22228,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17450213271810432516" + "version": "0.23.1.45101", + "templateHash": "9816348956723829998" } }, "parameters": { @@ -22369,8 +22369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -22498,8 +22498,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -22535,14 +22535,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -22739,8 +22739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -22871,8 +22871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -23008,8 +23008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -23203,8 +23203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -23386,8 +23386,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -23589,8 +23589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -23656,14 +23656,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -23786,8 +23786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -23799,8 +23799,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -23921,8 +23921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -24135,8 +24135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -24366,8 +24366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -24549,8 +24549,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -24752,8 +24752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9857842888967195839" + "version": "0.23.1.45101", + "templateHash": "7373774482178055452" } }, "parameters": { @@ -24780,14 +24780,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "keyVaultResourceId": { "type": "string", @@ -24963,8 +24963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2377303483140510674" + "version": "0.23.1.45101", + "templateHash": "13893883968059192139" } }, "parameters": { @@ -25039,8 +25039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1764649882380429233" + "version": "0.23.1.45101", + "templateHash": "2571756615431841166" } }, "parameters": { @@ -25111,8 +25111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -25242,8 +25242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "205693325076049461" + "version": "0.23.1.45101", + "templateHash": "14656496075889817854" } }, "parameters": { @@ -25510,8 +25510,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -25639,8 +25639,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -25676,14 +25676,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -25880,8 +25880,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -26012,8 +26012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -26149,8 +26149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -26344,8 +26344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -26527,8 +26527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -26730,8 +26730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -26797,14 +26797,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -26927,8 +26927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -26940,8 +26940,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -27062,8 +27062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -27276,8 +27276,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -27528,8 +27528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11864719595815359922" + "version": "0.23.1.45101", + "templateHash": "16306650625703107232" } }, "parameters": { @@ -27809,8 +27809,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -28263,14 +28263,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -28645,8 +28645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -28800,8 +28800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -28921,14 +28921,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -29116,8 +29116,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -29368,8 +29368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -29431,14 +29431,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -29456,14 +29456,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -29653,8 +29653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -29872,8 +29872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30078,8 +30078,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30279,8 +30279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30485,8 +30485,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30681,8 +30681,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30877,8 +30877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31077,8 +31077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31285,8 +31285,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31486,8 +31486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31690,8 +31690,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -31722,9 +31722,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -31736,7 +31733,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -31856,8 +31856,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -32139,8 +32139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18138942451660271553" + "version": "0.23.1.45101", + "templateHash": "3367822953277340213" } }, "parameters": { @@ -32334,7 +32334,6 @@ }, "variables": { "varAzureCloudName": "[environment().name]", - "varStoragePurposeLower": "[toLower(parameters('storagePurpose'))]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -32345,7 +32344,7 @@ "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" + "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName \"{13}\" -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, "resources": [ { @@ -32412,17 +32411,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -32455,23 +32454,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -32481,30 +32477,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -32626,14 +32625,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -32701,14 +32700,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -32960,8 +32959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -33155,8 +33154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -33222,14 +33221,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -33352,8 +33351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -33365,8 +33364,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -33487,8 +33486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -33694,17 +33693,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -33818,17 +33817,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -33976,17 +33975,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -34019,8 +34018,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34197,17 +34196,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -34225,14 +34224,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -34311,17 +34310,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -34439,8 +34438,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -34677,17 +34676,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -34716,8 +34715,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34901,17 +34900,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -34936,25 +34935,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -35030,8 +35029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -35269,17 +35268,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -35291,8 +35290,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35466,17 +35465,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -35563,8 +35562,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -35799,17 +35798,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -35821,8 +35820,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35990,17 +35989,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36176,8 +36175,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17031945091476279498" + "version": "0.23.1.45101", + "templateHash": "4048736729822728060" } }, "parameters": { @@ -36347,8 +36346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18138942451660271553" + "version": "0.23.1.45101", + "templateHash": "3367822953277340213" } }, "parameters": { @@ -36542,7 +36541,6 @@ }, "variables": { "varAzureCloudName": "[environment().name]", - "varStoragePurposeLower": "[toLower(parameters('storagePurpose'))]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -36553,7 +36551,7 @@ "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" + "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName \"{13}\" -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, "resources": [ { @@ -36620,17 +36618,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -36663,23 +36661,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -36689,30 +36684,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -36834,14 +36832,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -36909,14 +36907,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -37168,8 +37166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -37363,8 +37361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -37430,14 +37428,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -37560,8 +37558,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -37573,8 +37571,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -37695,8 +37693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -37902,17 +37900,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -38026,17 +38024,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38184,17 +38182,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -38227,8 +38225,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38405,17 +38403,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38433,14 +38431,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -38519,17 +38517,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -38647,8 +38645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -38885,17 +38883,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38924,8 +38922,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39109,17 +39107,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -39144,25 +39142,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -39238,8 +39236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -39477,17 +39475,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -39499,8 +39497,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39674,17 +39672,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -39771,8 +39769,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -40007,17 +40005,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -40029,8 +40027,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40198,17 +40196,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40384,8 +40382,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17031945091476279498" + "version": "0.23.1.45101", + "templateHash": "4048736729822728060" } }, "parameters": { @@ -40497,8 +40495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14889137037653853520" + "version": "0.23.1.45101", + "templateHash": "1410227888076645208" } }, "parameters": { @@ -40576,8 +40574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11940163391569342138" + "version": "0.23.1.45101", + "templateHash": "473679689414315810" } }, "parameters": { @@ -40605,7 +40603,7 @@ "type": "string", "defaultValue": "Aligned", "metadata": { - "description": "Optional. SKU of the availability set.\r\n- Use \\'Aligned\\' for virtual machines with managed disks.\r\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\r\n" + "description": "Optional. SKU of the availability set.\n- Use \\'Aligned\\' for virtual machines with managed disks.\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\n" } }, "proximityPlacementGroupId": { @@ -40625,14 +40623,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -40734,8 +40732,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10835079600690809858" + "version": "0.23.1.45101", + "templateHash": "5076096840451227372" } }, "parameters": { @@ -41045,8 +41043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10362929169289211539" + "version": "0.23.1.45101", + "templateHash": "14086253950155708433" } }, "parameters": { @@ -41436,8 +41434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -41890,14 +41888,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -42272,8 +42270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -42427,8 +42425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -42548,14 +42546,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -42743,8 +42741,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -42995,8 +42993,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -43058,14 +43056,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -43083,14 +43081,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -43280,8 +43278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -43499,8 +43497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -43705,8 +43703,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -43906,8 +43904,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44112,8 +44110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44308,8 +44306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44504,8 +44502,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44704,8 +44702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44912,8 +44910,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45113,8 +45111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45317,8 +45315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -45349,9 +45347,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -45363,7 +45358,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -45483,8 +45481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -45723,8 +45721,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45943,8 +45941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -46158,8 +46156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17926581562507911667" + "version": "0.23.1.45101", + "templateHash": "16467384531279284955" } }, "parameters": { @@ -46330,8 +46328,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "231872691044961836" + "version": "0.23.1.45101", + "templateHash": "16150104606129751032" } }, "parameters": { @@ -46362,8 +46360,8 @@ } }, "variables": { - "$fxv#0": "{\r\n \"name\": \"policy-deploy-amd-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV4as_v4\",\r\n \"Standard_NV8as_v4\",\r\n \"Standard_NV16as_v4\",\r\n \"Standard_NV32as_v4\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"AmdGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", - "$fxv#1": "{\r\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV6\",\r\n \"Standard_NV12\",\r\n \"Standard_NV24\",\r\n \"Standard_NV12s_v3\",\r\n \"Standard_NV24s_v3\",\r\n \"Standard_NV48s_v3\",\r\n \"Standard_NC4as_T4_v3\",\r\n \"Standard_NC8as_T4_v3\",\r\n \"Standard_NC16as_T4_v3\",\r\n \"Standard_NC64as_T4_v3\",\r\n \"Standard_NV6ads_A10_v5\",\r\n \"Standard_NV12ads_A10_v5\",\r\n \"Standard_NV18ads_A10_v5\",\r\n \"Standard_NV36ads_A10_v5\",\r\n \"Standard_NV36adms_A10_v5\",\r\n \"Standard_NV72ads_A10_v5\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"NvidiaGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#0": "{\n \"name\": \"policy-deploy-amd-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV4as_v4\",\n \"Standard_NV8as_v4\",\n \"Standard_NV16as_v4\",\n \"Standard_NV32as_v4\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"AmdGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", + "$fxv#1": "{\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV6\",\n \"Standard_NV12\",\n \"Standard_NV24\",\n \"Standard_NV12s_v3\",\n \"Standard_NV24s_v3\",\n \"Standard_NV48s_v3\",\n \"Standard_NC4as_T4_v3\",\n \"Standard_NC8as_T4_v3\",\n \"Standard_NC16as_T4_v3\",\n \"Standard_NC64as_T4_v3\",\n \"Standard_NV6ads_A10_v5\",\n \"Standard_NV12ads_A10_v5\",\n \"Standard_NV18ads_A10_v5\",\n \"Standard_NV36ads_A10_v5\",\n \"Standard_NV36adms_A10_v5\",\n \"Standard_NV72ads_A10_v5\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"NvidiaGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "AMD-Policy", @@ -46423,8 +46421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -46598,8 +46596,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -46867,8 +46865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { From 30b3e82e9a2261c137b66511bc53853765c5b2b3 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Tue, 7 Nov 2023 13:24:25 -0600 Subject: [PATCH 034/117] updates --- workload/scripts/DSCStorageScripts.zip | Bin 82703 -> 82676 bytes .../Script-DomainJoinStorage.ps1 | 2 -- 2 files changed, 2 deletions(-) diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 031ee38067c523f6c33853b2aac78aa7d4dc6fc8..76c0bce424c9d1ed0e23cca2a18881bfacf7dacd 100644 GIT binary patch delta 4057 zcmV;~4<_)Bh6VJ61%R{xMKFKKm0nktj^b%O1^@tH9{>Om0000(Z*FF3XLWL6bZKvH zE^u=($=!!v+Xj`2ux+Im<%lhAU zCrUCU(=S=8eHlL_5qY{d9`AXm{Cw7I0FIvf+juf{N3MRP(TAZs0H1%y^Kg*}PlY^& zc^EO6a{&Qgd0`Bnco>KA0;J-?TQKl^pC_?uHZrZlD|c`=n$AX(@mBF{8A_182-gZ8 z!zhA#1|o?8^?Rmb7Jy_@lHDbj3X(Wrg=H^T;ZI+%fW<2GBH3#;&VC`oYfpHqW}{1{ zw9yY!nqrEH?yVOG9y))!flFvBk+AcRnan#c3UP^zxf&-?G!a*;wc2!xb*ThK`Vrc$ zjh+{c!C?H5S|CZH>ya6F*JFn#;P3^r>^cl}ywhNY=WpKL;@ydQpd^BATfutFik8H`qIE)=LGgB1@FysoLGr|24|us_Olfe;V`lRObV z>*+W3d(Ke$ci93sx2Xb3Doo{&$q;W_u0nrH(39%On`*#X){ePj0MOzuB1UxB-kimiH>VcZMqOTB)AT{-os zH+2Wa)eyRs3bD9)UPN&v1Q&guv`ht?Gr?la#U*rb*Vi30*=;v%Q3L|G{y}PgLf%{B z%*Tt18>WATm@=QXpX_$q=oMeBuq5c6Y~y;+C0633YD|@_H+->RqPLbmwMv^j<^h9< z`(8xXVm!6<{{NF8w@QwUsZq4V8(x>%A`et#XJv%RDk(}a1J3(GL;CL zrw09!YCQ&*nXi;J-V|%bxUAZxp*6$nrw$&EBvKu!hz`YJN>v`+lhv1tAdy&^7l%v1 z917cuMJbK*P%sUb9QsQ^>KLclMb}sYOi*NL{44hr% z`^|q=rSER+vN-RQ=|mw{o^^5#kgpfdjuo;CHP%I^AisrNG2v{^o@FN#6o?W}JW?~iU?}m~o`mC52dsctTmWutlJLP-IU+z0s1QWM%K@D^2j00Ga_%p3o2{35EL+u{Y(qA(FPwIDwASbsx2xWh{ z{(5_wV7oumBnoqYV3RQ_a8e~iG9Fk#5$qb!t*#SuwN-V#FKikaPPMNI0qtUzQm4W2 zg+rP%f|y0%rM?G;eW%eL$#VX-yOHt@%1VEjQ91{iDY9nh=;uL%>vgppU=q#U-kw}@Bq@kxg$dh1YwWsmf<4m^7VGY)~ zhi{(5G@r{cPhyvLUYRq>(iOe(O~+U*w$=6tVawo;a`%0#y~1lxVYHSx=N%LG_`<7y z08mQ<1QY-O00;nimyA}%0h_nHHUS_44J2D;S2`uJ($EM10C<<_H~}?(;vfkQK~q4L zxUKMa`@rhGI{&( zm_BKyrOuW4eXxB(9)C*Z!{Ya^O3eqED$|j?6k5p@Czd=QA)S%dO7|0r`l;q~uDMJ& zN(oS_JfI~J^oVAELy9s~*5-))9h|7eg6k+ZM}Y+sbLf35bRa|m?e_b_?g4y3_1@9Nl08i$)l3U-@w!dehpzZjvqH>ENxPd~! z1(JE5BP*rQJA##vWx)>!HZGVh!Z_nRhY$%y$<)Bhr;i_heI*Gs0kcv|5}@XDcrRqC z)&}N6^EJz|2oNgfMR>-GWB(3Ko{Nk_Sp9H;ehAa@0`{2AygD>KISR{B3igMG7k`l!Bw zN}*qI7bYwO4d6dUSAvphZ}d6GOb+`R8;VN~EmER?V@zagbU5S&1KYlBmE_#8N71*{ zv9YFRhttEtyl&)k12Y(?d^1zin7&ncz4r&WiQ=>5UMH{*(~MIOCRM>-0g=unA7auZ zmf7-cfckR)VX)=OHoz{K$S6~&1M3fMr-oVM+cFbb?3n`L&J{#)2!nDRuohWnF)Kj&dZ)TkYcN5$svUlZ3tGl#9$03 z@iAuwRuc$45xRD7z;bpWGK>KT&J8P~9qed-7>6grIGWJ`1l!FNFkDxV0XZV<4@1jT zFE2f|e{7ny)e-TJE_|Fz`oqb^uZXhE+^%~bWXu>F z!k84R9E*kyy6|s!zr+$5`aNHu^GoEC6&JR&?(o&S^;T89mun1Fv1c`gv_WHbuuOA* zmTu}33{NBLHOd;biSt6V3XXPj@#DJ%t@<%!P?wdx4ZA&G*nY?c_Rxv3ns;ttt2daD@8FBRDu?zKoUwFy6diSF{bXCTsive7FC%G z+wZb}Bon={VdYlzNAa^4FT1zc3j1NqR!vnK&&|9JPq{G^VL@Cb*vptX7W;EC1Qa)#8R(vC%t~)-z+fT!e+2$rw z3-Q^LTW5$f4nM&HfDHT^x<7U8{%`JHnQw0Whud1C?Nid32zwW5*G#M)77Xf`cBt)8 zzhtjvYVCdZ!-p>Xscj&~w_X2#t-8uVjKr148Ma0keB`*-Ko2wwRyCFiSQQy<;bzgX z<I6}Pqqb$y%SB_ z{CeF%_Ncd-#?Je$XKS2mSi5(C7$wRg+n~=-iIN}q0@-;1Sf9G_oVin#c75emjymAMj9JF?h2=Ca0y3CJ!a}?Nqv2iy- zhhbw5G9RdD%8lT)21%Uj(L>PrQuFlJw&e|HK+O@+JC>D}WcF)skI+AOHb`2Hx_M$7yG(-A-neorHAr&g`&k)!oPyfHXeN2j(SrAw*^ z>l1RBor|aO;2HoY=tW5@PLMyL7r2-(1(ML_+0&P)(u?4*uH4aqRf5Fc7L_>pR&Aqo znpFrxfQI81H-3Ad!@~75*C_C zy4gS<<5HNcC2~lAZ!$jU4e-x+a?m?HxNZNgWXc@VbYjpSoESi7(ChvFyJ2;expjx} z+}Qpf8Lk9MB{}v6#OJqrkLv9nwW{*8o*vGMt%(|66Dz@8)b}oh|DUP@W-xcW)OX(RP zxJUATe+vEwN&g#{^FaYo4at>WSC)?AX*~u20AQC-2TvC_~8004L$000~S0000000031AOHXWΝ=?>GS+m-#{g L5C+&m0RR91LWjKc delta 4084 zcmV1%R{xMKFI1Gf!8InCf*w1^@u29{>Om0000(Z*FF3XLWL6bZKvH zE^u=(t^xlK2gjHlpz^TSbQx;cN#LQejmT{=bj6@Zw5?7SU6M-bW&PiG zCrUCUOR}?8dl?^+h&7g>ILhZC zEd7ANk_+(o#_>b=#Qo3@S0EJ^&WeHKx;zS1yOn4iU)iI($$T-HP4|iyYhQwNg}+ts z=m!DZGZ0Y-sNXRaGY=$_lI*UzR1k$8%Pc$I27kJOc`Q`E6Uafkb@mGx-a5kBv|D{L zrHy`=Qx{WA^lzQebI^a;9b7_JiHMzlOl00UfsaFM%GERqf|J$~fOyh0R(A`Z_X4Z~i4Tdp}H>^PeqX^S)GmGYqS~p~35@(s(*-Sk6E}IMf z;A1j2WNr9YB-kk6k#`k7_=1NUwBC>{JG$3L5s%r#Ysknb@G*aa6Vxy9AU|7w*Jf@c zaCheT>H1qIXfWAkZyQveocMVpwp=!4M4!hY)z7z*iRQye3fT2$FGNExny^%eY3@k* z$c5K#ol|7()+mQ!TKZRnm}|tdxc;?UPg-Y!9`vVyAg6kKiq~~(l-rE|%BX=X4VpYa zndWSjAWn0}O3{C(IdjL5s5#5^sMMU@3WRFT-~n3InaUy7b8Q_#t~$Hl7GeR#nln^^ zXw4a{L$~Iv)*)SURx44D#Lo3E{qqban=Ka#)SAJDdl6pa)Y?&Wy;G<|#sh?gAeiKl zaM?i5)bp&dbnlV@ux?`ow6rjnVxD_7& zrUfbk0&6Je0gf!#7X{WeM=uiX#*7hqfx4&c(VE?VVy*&vCl%WaaK&+Ns9Ft%5!UM1 zyTRNZWtT_jm*!20^XF+Ub+3frV(5~txnN5sScq$L2|dh(ZO>f%t{s;z0tg)cAhlOM zA8fJbZWA_}>5w%U0Q-*8irKy{j%j+WJDAyTox4~`} z2D?sPdd%*lm6l2yNe4m4;9OtLqpM>!*jsYyivE9|!GcMZNQ(%Qd+7_Q0M`@zCHUCM zR3xaMiuX&({Sa(sPRVP$$;OO!S+q+{YlhcPJv=T^pn8-MJ&MDWDty`}tIsDvBr!8D z>QljN3X4vOQfluJg_woYp+m1ehikm|aa{ZK1KqdUs{>x!DYyIsbPfXfUH@qvxDiJN z)}ep$YO_V@yPI-Z?6>k%Ba_SbS}8wB$Fpy%6wWg>rGr*Rj5E2c!`c(sbkOLrDyU#8 zS~YBy61j9%`JiR8+$?Uh&(f449ZSB_wNLQBu<~hdVTTAl%lC*z%!*((BZKY8b(xe) z1khdKK@n@fk6gfXac#qviH)z{7bR2l{Fr|xdy>l~8T<9H%XO5yt~yr)6Ss0j1#@ms zu{XW(oBEPxROo&C4khpV7CpmDcg@^Csoo)ioLqnM zz?b>_8&nj*?r^M06|Mn-O~SCiij@$_cwiYtDA#~)^{tSry{hx7u&E_D)x9PJEEg+D zb!rSJ)M-u#V-kTA`|j2IPOUqU`SsiHM$9*8Rfgk)*jdO_kxN5Qe~$uWXJE0<&_Uj` zjc};b!!z}MjjSvsgHO=?W1x!?3RZt_Sw+~?XpL+AtX*?I$HF@mI|6yZV2OIOTP+{CEqX>xQJR{(j!;!tRhvd_qbZ((df)(|dnaaM(tN z(FT9aZk5L6wB%+JM;K4gG0_ciZ>TUKiS9g!uH>;9>6Cd@8av8?bP-Cq?P;v`IG-&t zS%Z64u+EeC=5v|mNgT7BU8cOUv?h0BRio02}}Sm%%~-9hV3> z0TO>=BMFM2DZol{PItB?m`c)Xb2zNYm9!U%%j}Yt<<$SZGrLQflo`JiKA=TEB%#RN zXI^&ZnVHRBcAr1n38J4*$CGFj;q%TwE}6*SM~Qz$g;Z?LA&g^LW(9tx)q`QwKO0S^ zqwy(i7-bMM%|Xr}9Q-RI#wbtgv{jV&q0C8Hji~e7KEsO{F63LAKQU3zX8cx>vq2DCLm}ZD={e7lXAdU?B&bXE(uDFr>{F#_R?|ak(KK}~ca4?9vd+-h8 zyLO;X2Ayemb%ZCRe^{R@k-*Xj#S`7>xDWpj`LT={g*yg0dd}}JM4F5Wz62NHlgP&S znUv^P+=U4UUIX}#!Ihxo*co2tn3;a4utB)s&>|%`!o)O2`va~qtj&MhR!PZvkW@V7uDa={0f zG_hf-d=sGV96)Gnq0%+53no&^6zZtLf$6+3Yh0V91A{%4AndteYlC2vBb6As)m8@tUtO<}m4PSeN3fz3X9a64!GYl*?= zkE0{b3ak#`J0i60Tc73ZT%;HS;GJn!1Y6j_Ao7m~Q81+g@HT&&DPXv&AU$$~9}axO zR1sNCDbs2%Gx*8IQPyJckZR%9V}Ix zCF}Y`!jr&wO>uv8YGxgAy;acqGRshX6Mz!aC`04~giGT}D8jgfet6{sgI^^(`0mvx zxoP6JGDus26j3?CcsEMr)h>9JW^_Ew9A9Cn1o7)<;Y3*A}-K*(3 z=g_Uf+P&<8KUQ;=i7Qh{So$Fo#XwLAnwJ7eD6#0aTgJthx+`+!@X{`-GKoxUwd{#a zdX%;gvVWMxYHh;Gt_X+G;p;cuJ8XqrKVr+Ks*T^xy!KDH))Zl0RL0oL=ouFKt@JfD z;USTTDHMO3_=52V$W1Y~)_OMUfn!toKND&H^}+T35Kjr8u`(^b6Hum%>>~XwB{oyx zO>ZR?4nztAk;DVeQH7GJV`V4E4Z@ZLXF8R0ap`!lGr)0(A7iaRvVI5MpSwoXcXu!K zcenoCZmlu=37JRSz74hQ5iB$Y4Cp6yU;Wp00DYLh_s^XD%7scja=w_W$Gy2U|^ z*jCahc2O9oh<=JieM1mATbjUbf~%8V8-J% z$Q9FYTR~&{6nm?!nz`|4HQiR8Y>O##9h$WH^`_bEQ5!aitoLnu*Em@(#QgCH{VE8jsH{ig{c87VWMKc?)$gv$8_?iPMFOQFxnw z=+na}=pOFbYi%+S-VzTrq+j^@z%#97-3AI%Ffj+I3sf}aR`42wGF||B2s+(rzpTx(h!-nv znmLvt+$mpGuJDORjUS@5#t}R?F}*9@PX$=YkoL?7J&F1^061*VOImS^WCcCX#)K}A zgw}^I-y~Aaz5Tj!2YW^d5_?xv;*eZ*n8s;FAq)YUqg&kQ*Ho(6=O&e#QeE#(Z{>f@ zrr}>ww76E^GIO65IJq`+l`;oBlRh-rVt6d8ni2Nonki% zmpEC9?DJ+r%`IX7SOfZoUhhKqaZufWZrr0CSGND3hAoMi%s93c#P4@cLE)f#d)N#s zp~S|y-H-r+m6}fMM8ryJIV)g@g`L4@a{;5dJ-~(3h295a3ms+y&>7c^@{VRqa0+LL@`-mPscVscalQIVY~1{*#GG* z;6!3?c+Yvvh;T&#GbU0x)ZKOxh8GEr!3A$>WJQ*lOMLGUIsfp?`ww#c- Date: Tue, 7 Nov 2023 13:28:16 -0600 Subject: [PATCH 035/117] ARM push --- workload/arm/deploy-baseline.json | 1694 ++++++++++++++--------------- 1 file changed, 847 insertions(+), 847 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index a6d0e665e..d366452ff 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "433843590241952190" + "version": "0.17.1.54307", + "templateHash": "16279945587676051429" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", - "minLength": 2, - "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - } + }, + "maxLength": 4, + "minLength": 2 }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + }, "allowedValues": [ "Dev", "Test", "Prod" - ], - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - } + ] }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, - "minValue": 30, - "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - } + }, + "minValue": 30, + "maxValue": 730 }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ], - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - } + ] }, "createIntuneEnrollment": { "type": "bool", @@ -152,13 +152,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + }, "allowedValues": [ "Personal", "Pooled" - ], - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - } + ] }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -174,24 +174,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + }, "allowedValues": [ "Automatic", "Direct" - ], - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - } + ] }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ], - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - } + ] }, "hostPoolMaxSessions": { "type": "int", @@ -392,11 +392,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, - "minValue": 1, - "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - } + }, + "maxValue": 100, + "minValue": 1 }, "avdSessionHostCountIndex": { "type": "int", @@ -436,24 +436,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + }, "allowedValues": [ "Standard", "Premium" - ], - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - } + ] }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + }, "allowedValues": [ "Standard", "Premium" - ], - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - } + ] }, "diskZeroTrust": { "type": "bool", @@ -480,20 +480,20 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "Enables accelerated Networking on the session hosts.\nIf using a Azure Compute Gallery Image, the Image Definition must have been configured with\nthe \\'isAcceleratedNetworkSupported\\' property set to \\'true\\'.\n" + "description": "Enables accelerated Networking on the session hosts.\r\nIf using a Azure Compute Gallery Image, the Image Definition must have been configured with\r\nthe \\'isAcceleratedNetworkSupported\\' property set to \\'true\\'.\r\n" } }, "securityType": { "type": "string", "defaultValue": "TrustedLaunch", + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ], - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - } + ] }, "secureBootEnabled": { "type": "bool", @@ -512,6 +512,9 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -521,10 +524,7 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ], - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - } + ] }, "managementVmOsImage": { "type": "string", @@ -564,194 +564,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", - "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - } + }, + "maxLength": 90 }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - } + }, + "maxLength": 90 }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - } + }, + "maxLength": 90 }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - } + }, + "maxLength": 90 }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", - "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - } + }, + "maxLength": 90 }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", - "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - } + }, + "maxLength": 64 }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - } + }, + "maxLength": 64 }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - } + }, + "maxLength": 64 }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - } + }, + "maxLength": 64 }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", - "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - } + }, + "maxLength": 11 }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", - "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - } + }, + "maxLength": 9 }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", - "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - } + }, + "maxLength": 2 }, "fslogixFileShareCustomName": { "type": "string", @@ -770,34 +770,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv-sec", - "maxLength": 6, "metadata": { "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv-sec)" - } + }, + "maxLength": 6 }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", - "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - } + }, + "maxLength": 6 }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", - "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - } + }, + "maxLength": 5 }, "ztKvPrefixCustomName": { "type": "string", "defaultValue": "kv-key", - "maxLength": 6, "metadata": { "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" - } + }, + "maxLength": 6 }, "createResourceTags": { "type": "bool", @@ -816,29 +816,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + }, "allowedValues": [ "Light", "Medium", "High", "Power" - ], - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - } + ] }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ], - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - } + ] }, "departmentTag": { "type": "string", @@ -850,16 +850,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ], - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - } + ] }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1548,8 +1548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -1569,14 +1569,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -1657,8 +1657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -1671,13 +1671,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -1787,8 +1787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2148,8 +2148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2169,14 +2169,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -2257,8 +2257,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2271,13 +2271,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -2387,8 +2387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2743,8 +2743,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2764,14 +2764,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -2852,8 +2852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2866,13 +2866,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -2982,8 +2982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -3356,8 +3356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7674820370747296859" + "version": "0.17.1.54307", + "templateHash": "16933483947927654925" } }, "parameters": { @@ -3480,8 +3480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -3501,14 +3501,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -3589,8 +3589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -3603,13 +3603,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -3719,8 +3719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -4080,8 +4080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15031312632057308059" + "version": "0.17.1.54307", + "templateHash": "9723296804992458231" } }, "parameters": { @@ -4170,8 +4170,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 730, + "minValue": 0, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4230,8 +4230,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4274,14 +4274,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -4474,8 +4474,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15258493604851481315" + "version": "0.17.1.54307", + "templateHash": "1015616738226483875" } }, "parameters": { @@ -4618,8 +4618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8116463202302820849" + "version": "0.17.1.54307", + "templateHash": "9976669288431551452" } }, "parameters": { @@ -4752,8 +4752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4881003164746404595" + "version": "0.17.1.54307", + "templateHash": "3402933947779868845" } }, "parameters": { @@ -4887,8 +4887,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14365252475725366454" + "version": "0.17.1.54307", + "templateHash": "12988075953101096314" } }, "parameters": { @@ -5059,15 +5059,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17250399248258895412" + "version": "0.17.1.54307", + "templateHash": "3289166297924789550" } }, "parameters": { "name": { "type": "string", - "minLength": 4, "maxLength": 63, + "minLength": 4, "metadata": { "description": "Required. The data export rule name." } @@ -5206,8 +5206,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -5433,8 +5433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "219986384503122327" + "version": "0.17.1.54307", + "templateHash": "1145398762062008037" } }, "parameters": { @@ -5478,8 +5478,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "minValue": -1, "maxValue": 730, + "minValue": -1, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5501,8 +5501,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "minValue": -1, "maxValue": 2555, + "minValue": -1, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5602,8 +5602,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10708379588686916495" + "version": "0.17.1.54307", + "templateHash": "15503229472224280826" } }, "parameters": { @@ -5753,8 +5753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6190525379812728386" + "version": "0.17.1.54307", + "templateHash": "7352784420507326330" } }, "parameters": { @@ -5965,8 +5965,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17144756852640621015" + "version": "0.17.1.54307", + "templateHash": "16579532157576436548" } }, "parameters": { @@ -6140,16 +6140,16 @@ } } }, - "$fxv#1": "{\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#10": "{\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"metadata\": {\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"displayName\": \"Log Analytics workspace\",\n \"strongType\": \"omsWorkspace\"\n },\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkNICLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualNetworkLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualMachinesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDScalingPlansLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDAppGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDHostPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AzureFilesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n }", - "$fxv#2": "{\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Connection\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"HostRegistration\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"AgentHealthStatus\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"ConnectionGraphicsData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"SessionHostManagement\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#3": "{\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Autoscale\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#4": "{\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Feed\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#5": "{\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [],\n \"logs\": [\n {\n \"category\": \"NetworkSecurityGroupEvent\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkSecurityGroupRuleCounter\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#6": "{\n \"name\": \"policy-deploy-diagnostics-nic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkInterfaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"timeGrain\": null,\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#7": "{\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": []\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#8": "{\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": [\n {\n \"category\": \"VMProtectionAlerts\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#9": "{\n \"name\": \"policy-deploy-diagnostics-azure-files\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"[parameters('logsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"[parameters('metricsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n \"logAnalytics\": {\n \"type\": \"string\"\n },\n \"metricsEnabled\": {\n \"type\": \"bool\"\n },\n \"logsEnabled\": {\n \"type\": \"bool\"\n },\n \"profileName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\n \"apiVersion\": \"2021-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"Transaction\",\n \"enabled\": \"[parameters('metricsEnabled')]\"\n }\n ],\n \"logs\": [\n {\n \"category\": \"StorageRead\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageWrite\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageDelete\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('fullName')]\"\n },\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n }\n }\n }\n }\n }\n }\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n },\n \"defaultValue\": \"setbypolicy\"\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\",\n \"assignPermissions\": true\n }\n },\n \"metricsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n },\n \"logsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n }\n }\n }\n}", + "$fxv#1": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#10": "{\r\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\r\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"metadata\": {\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"NetworkNICLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualNetworkLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualMachinesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDScalingPlansLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDAppGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDWorkspaceLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDHostPoolsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AzureFilesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n }\r\n ],\r\n \"policyDefinitionGroups\": null\r\n }\r\n }", + "$fxv#2": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Connection\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"HostRegistration\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AgentHealthStatus\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"ConnectionGraphicsData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SessionHostManagement\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#3": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Autoscale\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#4": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Feed\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#5": "{\r\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [],\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#6": "{\r\n \"name\": \"policy-deploy-diagnostics-nic\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"timeGrain\": null,\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#7": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": []\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#8": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"VMProtectionAlerts\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#9": "{\r\n \"name\": \"policy-deploy-diagnostics-azure-files\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2021-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"Transaction\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"StorageRead\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageWrite\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageDelete\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n }\r\n }\r\n }\r\n}", "varComputeServObjRgs": [ { "rgName": "[parameters('computeObjectsRgName')]" @@ -6297,8 +6297,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -6480,8 +6480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6105432212734897298" + "version": "0.17.1.54307", + "templateHash": "5539435599928560626" } }, "parameters": { @@ -6659,8 +6659,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -6928,8 +6928,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -7008,8 +7008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12579875714884369933" + "version": "0.17.1.54307", + "templateHash": "7759814680098607558" } }, "parameters": { @@ -7480,8 +7480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -7713,8 +7713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -8023,8 +8023,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15620658803890882460" + "version": "0.17.1.54307", + "templateHash": "13214055304476289623" } }, "parameters": { @@ -8359,8 +8359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11199916256768589744" + "version": "0.17.1.54307", + "templateHash": "2369963613204181171" } }, "parameters": { @@ -8422,14 +8422,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -8623,8 +8623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9525169534051986947" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -8868,8 +8868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14484082002093003293" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -9083,8 +9083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11199916256768589744" + "version": "0.17.1.54307", + "templateHash": "2369963613204181171" } }, "parameters": { @@ -9146,14 +9146,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -9347,8 +9347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9525169534051986947" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -9592,8 +9592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14484082002093003293" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -9798,8 +9798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17265889212529350267" + "version": "0.17.1.54307", + "templateHash": "4126277245845030634" } }, "parameters": { @@ -9819,14 +9819,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -9921,8 +9921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1115677000975531972" + "version": "0.17.1.54307", + "templateHash": "9764104744913843180" } }, "parameters": { @@ -10128,8 +10128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10163,14 +10163,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -10268,8 +10268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -10477,8 +10477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10512,14 +10512,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -10617,8 +10617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -10840,8 +10840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17281867178107781537" + "version": "0.17.1.54307", + "templateHash": "10436531327774101026" } }, "parameters": { @@ -10902,21 +10902,21 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ], - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - } + ] }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, - "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - } + }, + "maxValue": 30 }, "diagnosticStorageAccountId": { "type": "string", @@ -10949,14 +10949,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -11174,8 +11174,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17626849906838193825" + "version": "0.17.1.54307", + "templateHash": "12913964363513527115" } }, "parameters": { @@ -11367,8 +11367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12693477980850797625" + "version": "0.17.1.54307", + "templateHash": "1508597549221173835" } }, "parameters": { @@ -11590,8 +11590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -11756,8 +11756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -11917,8 +11917,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17072359188298457640" + "version": "0.17.1.54307", + "templateHash": "7449417204208520653" } }, "parameters": { @@ -12154,8 +12154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12242,8 +12242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12330,8 +12330,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12418,8 +12418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12595,8 +12595,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7326746777556089250" + "version": "0.17.1.54307", + "templateHash": "10975402800010178371" } }, "parameters": { @@ -12704,13 +12704,13 @@ }, "hostPoolType": { "type": "string", + "metadata": { + "description": "Optional. AVD host pool type." + }, "allowedValues": [ "Personal", "Pooled" - ], - "metadata": { - "description": "Optional. AVD host pool type." - } + ] }, "preferredAppGroupType": { "type": "string", @@ -12726,23 +12726,23 @@ }, "personalAssignType": { "type": "string", + "metadata": { + "description": "Optional. AVD host pool type." + }, "allowedValues": [ "Automatic", "Direct" - ], - "metadata": { - "description": "Optional. AVD host pool type." - } + ] }, "hostPoolLoadBalancerType": { "type": "string", + "metadata": { + "description": "AVD host pool load balacing type." + }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ], - "metadata": { - "description": "AVD host pool load balacing type." - } + ] }, "hostPoolMaxSessions": { "type": "int", @@ -12874,8 +12874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9101196936359798595" + "version": "0.17.1.54307", + "templateHash": "14753481159691076868" } }, "parameters": { @@ -13015,14 +13015,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -13266,8 +13266,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11881426718765556693" + "version": "0.17.1.54307", + "templateHash": "2314964423044495570" } }, "parameters": { @@ -13484,8 +13484,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8289764189113901043" + "version": "0.17.1.54307", + "templateHash": "782391975946165786" } }, "parameters": { @@ -13571,14 +13571,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -13737,8 +13737,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6540019795245021334" + "version": "0.17.1.54307", + "templateHash": "7203259033747042619" } }, "parameters": { @@ -13776,14 +13776,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ], - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - } + ] }, "commandLineArguments": { "type": "string", @@ -13915,8 +13915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17185902162980736485" + "version": "0.17.1.54307", + "templateHash": "1752140700494840741" } }, "parameters": { @@ -14122,8 +14122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18193795661906928784" + "version": "0.17.1.54307", + "templateHash": "324317554219687604" } }, "parameters": { @@ -14192,14 +14192,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -14351,8 +14351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18390062164382385549" + "version": "0.17.1.54307", + "templateHash": "6421047844253253523" } }, "parameters": { @@ -14572,8 +14572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6877120515836824501" + "version": "0.17.1.54307", + "templateHash": "17010593045994332917" } }, "parameters": { @@ -14615,12 +14615,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "allowedValues": [ - "Pooled" - ], "metadata": { "description": "Optional. The type of hostpool where this scaling plan should be applied." - } + }, + "allowedValues": [ + "Pooled" + ] }, "exclusionTag": { "type": "string", @@ -14840,8 +14840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9763204850902124901" + "version": "0.17.1.54307", + "templateHash": "12892308842611713996" } }, "parameters": { @@ -15069,8 +15069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12068153438455870485" + "version": "0.17.1.54307", + "templateHash": "9066192464594903933" } }, "parameters": { @@ -15230,8 +15230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17115660817704860359" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -15252,14 +15252,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -15353,8 +15353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14736459587384734965" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -15547,8 +15547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -16127,8 +16127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -16705,8 +16705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17288,8 +17288,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17868,8 +17868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -18448,8 +18448,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -19079,8 +19079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4797950647402303495" + "version": "0.17.1.54307", + "templateHash": "3496664578163970555" } }, "parameters": { @@ -19189,7 +19189,7 @@ } }, "variables": { - "$fxv#0": "{\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Security\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/disks\"\n },\n \"then\": {\n \"effect\": \"modify\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\n ],\n \"operations\": [\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\n \"value\": \"DenyAll\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\n \"value\": \"Disabled\"\n }\n ]\n }\n }\n }\n }\n}", + "$fxv#0": "{\r\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\r\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Security\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/disks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\r\n \"value\": \"DenyAll\"\r\n },\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\r\n \"value\": \"Disabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "ZT-Disk", @@ -19246,8 +19246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -19435,8 +19435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -19705,8 +19705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -19799,8 +19799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -20069,8 +20069,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -20139,8 +20139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -20723,8 +20723,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -21304,8 +21304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17115660817704860359" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -21326,14 +21326,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -21427,8 +21427,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14736459587384734965" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -21618,8 +21618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -22228,8 +22228,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9816348956723829998" + "version": "0.17.1.54307", + "templateHash": "17450213271810432516" } }, "parameters": { @@ -22369,8 +22369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10047657056248810406" + "version": "0.17.1.54307", + "templateHash": "10530929595373885258" } }, "parameters": { @@ -22498,8 +22498,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -22535,14 +22535,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -22739,8 +22739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -22871,8 +22871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11763882678288104884" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -23008,8 +23008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6055979105496084751" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -23203,8 +23203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -23386,8 +23386,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -23589,8 +23589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -23656,14 +23656,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -23786,8 +23786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -23799,8 +23799,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -23921,8 +23921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -24135,8 +24135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6864497713956009622" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -24366,8 +24366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -24549,8 +24549,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -24752,8 +24752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7373774482178055452" + "version": "0.17.1.54307", + "templateHash": "9857842888967195839" } }, "parameters": { @@ -24780,14 +24780,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "keyVaultResourceId": { "type": "string", @@ -24963,8 +24963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13893883968059192139" + "version": "0.17.1.54307", + "templateHash": "2377303483140510674" } }, "parameters": { @@ -25039,8 +25039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2571756615431841166" + "version": "0.17.1.54307", + "templateHash": "1764649882380429233" } }, "parameters": { @@ -25111,8 +25111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -25242,8 +25242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14656496075889817854" + "version": "0.17.1.54307", + "templateHash": "205693325076049461" } }, "parameters": { @@ -25510,8 +25510,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10047657056248810406" + "version": "0.17.1.54307", + "templateHash": "10530929595373885258" } }, "parameters": { @@ -25639,8 +25639,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -25676,14 +25676,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -25880,8 +25880,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -26012,8 +26012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11763882678288104884" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -26149,8 +26149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6055979105496084751" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -26344,8 +26344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -26527,8 +26527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -26730,8 +26730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -26797,14 +26797,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -26927,8 +26927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -26940,8 +26940,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -27062,8 +27062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -27276,8 +27276,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6864497713956009622" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -27528,8 +27528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16306650625703107232" + "version": "0.17.1.54307", + "templateHash": "11864719595815359922" } }, "parameters": { @@ -27809,8 +27809,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3205620537307637582" + "version": "0.17.1.54307", + "templateHash": "547922033158170612" } }, "parameters": { @@ -28263,14 +28263,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -28645,8 +28645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16578501272871551398" + "version": "0.17.1.54307", + "templateHash": "10525586211840772754" } }, "parameters": { @@ -28800,8 +28800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14697279465996570029" + "version": "0.17.1.54307", + "templateHash": "3109828817825228978" } }, "parameters": { @@ -28921,14 +28921,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "location": { "type": "string", @@ -29116,8 +29116,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15781585805590730053" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -29368,8 +29368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17125191375440227612" + "version": "0.17.1.54307", + "templateHash": "4280335810449335065" } }, "parameters": { @@ -29431,14 +29431,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + }, "allowedValues": [ "Floating", "MaxConnections", "None" - ], - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - } + ] }, "disableTcpStateTracking": { "type": "bool", @@ -29456,14 +29456,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -29653,8 +29653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14837312545510225155" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -29872,8 +29872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30078,8 +30078,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30279,8 +30279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30485,8 +30485,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30681,8 +30681,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -30877,8 +30877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31077,8 +31077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31285,8 +31285,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31486,8 +31486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -31690,8 +31690,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15242592157036190831" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -31722,6 +31722,9 @@ }, "protectedItemType": { "type": "string", + "metadata": { + "description": "Required. The backup item type." + }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -31733,10 +31736,7 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ], - "metadata": { - "description": "Required. The backup item type." - } + ] }, "policyId": { "type": "string", @@ -31856,8 +31856,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9607326914801692122" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -32139,8 +32139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3367822953277340213" + "version": "0.17.1.54307", + "templateHash": "563121401085397173" } }, "parameters": { @@ -32411,17 +32411,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14398504551168498076" + "version": "0.17.1.54307", + "templateHash": "5115421894814797429" } }, "parameters": { "name": { "type": "string", - "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - } + }, + "maxLength": 24 }, "location": { "type": "string", @@ -32454,20 +32454,23 @@ "kind": { "type": "string", "defaultValue": "StorageV2", + "metadata": { + "description": "Optional. Type of Storage Account to create." + }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ], - "metadata": { - "description": "Optional. Type of Storage Account to create." - } + ] }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", + "metadata": { + "description": "Optional. Storage Account Sku Name." + }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -32477,33 +32480,30 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ], - "metadata": { - "description": "Optional. Storage Account Sku Name." - } + ] }, "accessTier": { "type": "string", "defaultValue": "Hot", + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + }, "allowedValues": [ "Premium", "Hot", "Cool" - ], - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - } + ] }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + }, "allowedValues": [ "Disabled", "Enabled" - ], - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - } + ] }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -32625,14 +32625,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ], - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - } + ] }, "enableHierarchicalNamespace": { "type": "bool", @@ -32700,14 +32700,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -32959,8 +32959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2942587223985886651" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -33154,8 +33154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -33221,14 +33221,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -33351,8 +33351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -33364,8 +33364,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -33486,8 +33486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -33693,17 +33693,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1348117273486411306" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "rules": { "type": "array", @@ -33817,17 +33817,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11852166519395262106" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -33975,17 +33975,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16250297962913546641" + "version": "0.17.1.54307", + "templateHash": "10541476086832691043" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "deleteRetentionPolicy": { "type": "bool", @@ -34018,8 +34018,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34196,17 +34196,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4382308215526481443" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -34224,14 +34224,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + }, "allowedValues": [ "Container", "Blob", "None" - ], - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - } + ] }, "immutabilityPolicyProperties": { "type": "object", @@ -34310,17 +34310,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9652540868161281860" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "containerName": { "type": "string", @@ -34438,8 +34438,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1186095586884481044" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -34676,17 +34676,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13780602292868075803" + "version": "0.17.1.54307", + "templateHash": "1150612779421396008" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -34715,8 +34715,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34900,17 +34900,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3594065565754312854" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "fileServicesName": { "type": "string", @@ -34935,25 +34935,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + }, "allowedValues": [ "NFS", "SMB" - ], - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - } + ] }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ], - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - } + ] }, "roleAssignments": { "type": "array", @@ -35029,8 +35029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8261337544383310328" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -35268,17 +35268,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12165290990779845298" + "version": "0.17.1.54307", + "templateHash": "8639862570197941224" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "queues": { "type": "array", @@ -35290,8 +35290,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35465,17 +35465,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9089725752901472518" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -35562,8 +35562,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1979270992674854961" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -35798,17 +35798,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1526593365088296650" + "version": "0.17.1.54307", + "templateHash": "2885217159765875903" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "tables": { "type": "array", @@ -35820,8 +35820,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35989,17 +35989,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "168390130983077015" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -36175,8 +36175,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4048736729822728060" + "version": "0.17.1.54307", + "templateHash": "17031945091476279498" } }, "parameters": { @@ -36346,8 +36346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3367822953277340213" + "version": "0.17.1.54307", + "templateHash": "563121401085397173" } }, "parameters": { @@ -36618,17 +36618,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14398504551168498076" + "version": "0.17.1.54307", + "templateHash": "5115421894814797429" } }, "parameters": { "name": { "type": "string", - "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - } + }, + "maxLength": 24 }, "location": { "type": "string", @@ -36661,20 +36661,23 @@ "kind": { "type": "string", "defaultValue": "StorageV2", + "metadata": { + "description": "Optional. Type of Storage Account to create." + }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ], - "metadata": { - "description": "Optional. Type of Storage Account to create." - } + ] }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", + "metadata": { + "description": "Optional. Storage Account Sku Name." + }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -36684,33 +36687,30 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ], - "metadata": { - "description": "Optional. Storage Account Sku Name." - } + ] }, "accessTier": { "type": "string", "defaultValue": "Hot", + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + }, "allowedValues": [ "Premium", "Hot", "Cool" - ], - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - } + ] }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + }, "allowedValues": [ "Disabled", "Enabled" - ], - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - } + ] }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -36832,14 +36832,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ], - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - } + ] }, "enableHierarchicalNamespace": { "type": "bool", @@ -36907,14 +36907,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -37166,8 +37166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2942587223985886651" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -37361,8 +37361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -37428,14 +37428,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -37558,8 +37558,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -37571,8 +37571,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -37693,8 +37693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -37900,17 +37900,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1348117273486411306" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "rules": { "type": "array", @@ -38024,17 +38024,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11852166519395262106" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -38182,17 +38182,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16250297962913546641" + "version": "0.17.1.54307", + "templateHash": "10541476086832691043" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "deleteRetentionPolicy": { "type": "bool", @@ -38225,8 +38225,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38403,17 +38403,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4382308215526481443" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -38431,14 +38431,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + }, "allowedValues": [ "Container", "Blob", "None" - ], - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - } + ] }, "immutabilityPolicyProperties": { "type": "object", @@ -38517,17 +38517,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9652540868161281860" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "containerName": { "type": "string", @@ -38645,8 +38645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1186095586884481044" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -38883,17 +38883,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13780602292868075803" + "version": "0.17.1.54307", + "templateHash": "1150612779421396008" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -38922,8 +38922,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39107,17 +39107,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3594065565754312854" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "fileServicesName": { "type": "string", @@ -39142,25 +39142,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + }, "allowedValues": [ "NFS", "SMB" - ], - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - } + ] }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ], - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - } + ] }, "roleAssignments": { "type": "array", @@ -39236,8 +39236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8261337544383310328" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -39475,17 +39475,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12165290990779845298" + "version": "0.17.1.54307", + "templateHash": "8639862570197941224" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "queues": { "type": "array", @@ -39497,8 +39497,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39672,17 +39672,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9089725752901472518" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -39769,8 +39769,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1979270992674854961" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -40005,17 +40005,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1526593365088296650" + "version": "0.17.1.54307", + "templateHash": "2885217159765875903" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "tables": { "type": "array", @@ -40027,8 +40027,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40196,17 +40196,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "168390130983077015" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -40382,8 +40382,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4048736729822728060" + "version": "0.17.1.54307", + "templateHash": "17031945091476279498" } }, "parameters": { @@ -40495,8 +40495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1410227888076645208" + "version": "0.17.1.54307", + "templateHash": "14889137037653853520" } }, "parameters": { @@ -40574,8 +40574,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "473679689414315810" + "version": "0.17.1.54307", + "templateHash": "11940163391569342138" } }, "parameters": { @@ -40603,7 +40603,7 @@ "type": "string", "defaultValue": "Aligned", "metadata": { - "description": "Optional. SKU of the availability set.\n- Use \\'Aligned\\' for virtual machines with managed disks.\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\n" + "description": "Optional. SKU of the availability set.\r\n- Use \\'Aligned\\' for virtual machines with managed disks.\r\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\r\n" } }, "proximityPlacementGroupId": { @@ -40623,14 +40623,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -40732,8 +40732,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5076096840451227372" + "version": "0.17.1.54307", + "templateHash": "10835079600690809858" } }, "parameters": { @@ -41043,8 +41043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14086253950155708433" + "version": "0.17.1.54307", + "templateHash": "10362929169289211539" } }, "parameters": { @@ -41434,8 +41434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3205620537307637582" + "version": "0.17.1.54307", + "templateHash": "547922033158170612" } }, "parameters": { @@ -41888,14 +41888,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -42270,8 +42270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16578501272871551398" + "version": "0.17.1.54307", + "templateHash": "10525586211840772754" } }, "parameters": { @@ -42425,8 +42425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14697279465996570029" + "version": "0.17.1.54307", + "templateHash": "3109828817825228978" } }, "parameters": { @@ -42546,14 +42546,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "location": { "type": "string", @@ -42741,8 +42741,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15781585805590730053" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -42993,8 +42993,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17125191375440227612" + "version": "0.17.1.54307", + "templateHash": "4280335810449335065" } }, "parameters": { @@ -43056,14 +43056,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + }, "allowedValues": [ "Floating", "MaxConnections", "None" - ], - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - } + ] }, "disableTcpStateTracking": { "type": "bool", @@ -43081,14 +43081,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -43278,8 +43278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14837312545510225155" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -43497,8 +43497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -43703,8 +43703,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -43904,8 +43904,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44110,8 +44110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44306,8 +44306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44502,8 +44502,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44702,8 +44702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -44910,8 +44910,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45111,8 +45111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45315,8 +45315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15242592157036190831" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -45347,6 +45347,9 @@ }, "protectedItemType": { "type": "string", + "metadata": { + "description": "Required. The backup item type." + }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -45358,10 +45361,7 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ], - "metadata": { - "description": "Required. The backup item type." - } + ] }, "policyId": { "type": "string", @@ -45481,8 +45481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9607326914801692122" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -45721,8 +45721,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -45941,8 +45941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -46156,8 +46156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16467384531279284955" + "version": "0.17.1.54307", + "templateHash": "17926581562507911667" } }, "parameters": { @@ -46328,8 +46328,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16150104606129751032" + "version": "0.17.1.54307", + "templateHash": "231872691044961836" } }, "parameters": { @@ -46360,8 +46360,8 @@ } }, "variables": { - "$fxv#0": "{\n \"name\": \"policy-deploy-amd-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV4as_v4\",\n \"Standard_NV8as_v4\",\n \"Standard_NV16as_v4\",\n \"Standard_NV32as_v4\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"AmdGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", - "$fxv#1": "{\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV6\",\n \"Standard_NV12\",\n \"Standard_NV24\",\n \"Standard_NV12s_v3\",\n \"Standard_NV24s_v3\",\n \"Standard_NV48s_v3\",\n \"Standard_NC4as_T4_v3\",\n \"Standard_NC8as_T4_v3\",\n \"Standard_NC16as_T4_v3\",\n \"Standard_NC64as_T4_v3\",\n \"Standard_NV6ads_A10_v5\",\n \"Standard_NV12ads_A10_v5\",\n \"Standard_NV18ads_A10_v5\",\n \"Standard_NV36ads_A10_v5\",\n \"Standard_NV36adms_A10_v5\",\n \"Standard_NV72ads_A10_v5\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"NvidiaGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", + "$fxv#0": "{\r\n \"name\": \"policy-deploy-amd-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV4as_v4\",\r\n \"Standard_NV8as_v4\",\r\n \"Standard_NV16as_v4\",\r\n \"Standard_NV32as_v4\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"AmdGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#1": "{\r\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV6\",\r\n \"Standard_NV12\",\r\n \"Standard_NV24\",\r\n \"Standard_NV12s_v3\",\r\n \"Standard_NV24s_v3\",\r\n \"Standard_NV48s_v3\",\r\n \"Standard_NC4as_T4_v3\",\r\n \"Standard_NC8as_T4_v3\",\r\n \"Standard_NC16as_T4_v3\",\r\n \"Standard_NC64as_T4_v3\",\r\n \"Standard_NV6ads_A10_v5\",\r\n \"Standard_NV12ads_A10_v5\",\r\n \"Standard_NV18ads_A10_v5\",\r\n \"Standard_NV36ads_A10_v5\",\r\n \"Standard_NV36adms_A10_v5\",\r\n \"Standard_NV72ads_A10_v5\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"NvidiaGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "AMD-Policy", @@ -46421,8 +46421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -46596,8 +46596,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -46865,8 +46865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { From 24d4657a32011c80cb1623f72078d9dc77cc4072 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 21:53:53 +0900 Subject: [PATCH 036/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 272 ++++++++++++--------- 1 file changed, 159 insertions(+), 113 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 712095abd..33eb3dc77 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1447,121 +1447,167 @@ "defaultValue": false, "toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments." }, - { - "name": "firewallVirtualNetworkInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('network').firewallOptions.deployFirewall]", - "options": { - "text": "vNet peering will be created to firewall vNet with access to host pool", - "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", - "style": "info" - } - }, - { - "name": "firewallVirtualNetworkSubs", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "firewallVirtualNetworkSub", - "type": "Microsoft.Common.DropDown", + { + "name": "firewallSettings", + "type": "Microsoft.Common.Section", "visible": "[steps('network').firewallOptions.deployFirewall]", - "label": "Firewall vNet Subscription", - "toolTip": "", - "multiselect": false, - "selectAll": false, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": true - } - }, - { - "name": "createFirewallVirtualNetwork", - "type": "Microsoft.Common.OptionsGroup", - "visible": "[steps('network').firewallOptions.deployFirewall]", - "label": "Firewall vNet", - "defaultValue": "New", - "toolTip": "", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "New", - "value": true - }, - { - "label": "Existing", - "value": false + "label": "", + "elements": [ + { + "name": "deployFirewallInHubVirtualNetwork", + "type": "Microsoft.Common.CheckBox", + "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", + "label": "Deploy Azure Firewall in Hub vNet", + "defaultValue": true, + "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." + }, + { + "name": "firewallSettingsInHubVirtualNetwork", + "type": "Microsoft.Common.Section", + "visible": "[steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork]", + "label": "", + "elements": [ + { + "name": "firewallSubnetInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the Hub vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, + { + "name": "firewallSubnets", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + } + }, + { + "name": "firewallSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[not(steps('network').firewallOptions.firewallSettings.firewallSettingsInHubVirtualNetwork.firewallSubnets.name))]", + "label": "AzureFirewallSubnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "placeholder": "Example: 10.0.2.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." + } + } + ] + }, + { + "name": "firewallSettingsOtherThanHubVirtualNetwork", + "type": "Microsoft.Common.Section", + "visible": "[not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork)]", + "label": "", + "elements": [ + { + "name": "firewallVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "vNet peering will be created to firewall vNet with access to host pool", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" + } + }, + { + "name": "firewallVirtualNetworkSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "firewallVirtualNetworkSub", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Firewall vNet Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "firewallVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "firewallVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Firewall virtual network", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "firewallSubnetInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, + { + "name": "firewallSubnets", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + } + }, + { + "name": "firewallSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[not(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallSubnets.name))]", + "label": "AzureFirewallSubnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "placeholder": "Example: 10.0.2.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." + } + } + ] + }, + { + "name": "firewallInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" } - ] - } - }, - { - "name": "firewallVirtualNetworkSize", - "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, steps('network').firewallOptions.createFirewallVirtualNetwork)]", - "label": "Firewall vNet address range", - "toolTip": "Virtual network CIDR for Azure Firewall", - "placeholder": "Example: 10.0.2.0/23", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." - } - }, - { - "name": "existingFirewallVirtualNetworks", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" - } - }, - { - "name": "existingFirewallVirtualNetwork", - "type": "Microsoft.Common.DropDown", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.createFirewallVirtualNetwork))]", - "label": "Firewall virtual network", - "toolTip": "", - "multiselect": false, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.existingFirewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", - "required": true - } - }, - { - "name": "firewallVirtualNetworkSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').firewallOptions.deployFirewall]", - "label": "Firewall subnet address prefix", - "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", - "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", - "placeholder": "Example: 10.0.2.0/24", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." - } - }, - { - "name": "firewallVirtualNetworkInfoBox2", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('network').firewallOptions.deployFirewall]", - "options": { - "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", - "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", - "style": "info" - } + } + ] } ] } From 79b36c3961720eb41750b5651e6325661fb48201 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 21:57:28 +0900 Subject: [PATCH 037/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 1 - 1 file changed, 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 33eb3dc77..d77c93e51 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2496,7 +2496,6 @@ "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewall, true), steps('network').firewallOptions.firewallVirtualNetworkSubnetSize, '10.0.2.0/24')]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 08cce6a503867e4d56c67389eed35f546e7c4ca6 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:15:50 +0900 Subject: [PATCH 038/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index d77c93e51..774bce4f9 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1451,14 +1451,14 @@ "name": "firewallSettings", "type": "Microsoft.Common.Section", "visible": "[steps('network').firewallOptions.deployFirewall]", - "label": "", + "label": "firewallSettings", "elements": [ { "name": "deployFirewallInHubVirtualNetwork", "type": "Microsoft.Common.CheckBox", "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", "label": "Deploy Azure Firewall in Hub vNet", - "defaultValue": true, + "defaultValue": "[if(not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), true, false)]", "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." }, { From 797126b3ee6e944db325a8d191c602b6b5d5e8b5 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:25:14 +0900 Subject: [PATCH 039/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 774bce4f9..aec10efb9 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1456,9 +1456,9 @@ { "name": "deployFirewallInHubVirtualNetwork", "type": "Microsoft.Common.CheckBox", - "visible": "[not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork))]", + "visible": true, "label": "Deploy Azure Firewall in Hub vNet", - "defaultValue": "[if(not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), true, false)]", + "defaultValue": true, "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." }, { From a2f3ef554d40eaebe255192342d281f8bf536e45 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:29:54 +0900 Subject: [PATCH 040/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 1 - 1 file changed, 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index aec10efb9..81c2a627d 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1600,7 +1600,6 @@ { "name": "firewallInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": true, "options": { "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", From 6770e5e4168685b603dd417c012633c5f322fa1a Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:31:22 +0900 Subject: [PATCH 041/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 81c2a627d..5a7f74102 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1596,16 +1596,8 @@ } } ] - }, - { - "name": "firewallInfoBox", - "type": "Microsoft.Common.InfoBox", - "options": { - "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", - "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", - "style": "info" - } } + ] } ] From 8badf4ac575aeffcbc27e0f0baf4639f63f3a05b Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:42:18 +0900 Subject: [PATCH 042/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 97 ---------------------- 1 file changed, 97 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 5a7f74102..12a26aeb2 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1499,103 +1499,6 @@ } } ] - }, - { - "name": "firewallSettingsOtherThanHubVirtualNetwork", - "type": "Microsoft.Common.Section", - "visible": "[not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork)]", - "label": "", - "elements": [ - { - "name": "firewallVirtualNetworkInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "vNet peering will be created to firewall vNet with access to host pool", - "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", - "style": "info" - } - }, - { - "name": "firewallVirtualNetworkSubs", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "subscriptions?api-version=2020-01-01" - } - }, - { - "name": "firewallVirtualNetworkSub", - "type": "Microsoft.Common.DropDown", - "visible": true, - "label": "Firewall vNet Subscription", - "toolTip": "", - "multiselect": false, - "selectAll": false, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": true - } - }, - { - "name": "firewallVirtualNetworks", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" - } - }, - { - "name": "firewallVirtualNetwork", - "type": "Microsoft.Common.DropDown", - "visible": true, - "label": "Firewall virtual network", - "toolTip": "", - "multiselect": false, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", - "required": true - } - }, - { - "name": "firewallSubnetInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", - "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", - "style": "info" - } - }, - { - "name": "firewallSubnets", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" - } - }, - { - "name": "firewallSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[not(steps('network').firewallOptions.firewallSettings.firewallSettingsOtherThanHubVirtualNetwork.firewallSubnets.name))]", - "label": "AzureFirewallSubnet address prefix", - "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", - "placeholder": "Example: 10.0.2.0/24", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." - } - } - ] } ] From 101105af660725d5a0bb23099e5b0ffffed863f8 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:50:38 +0900 Subject: [PATCH 043/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 12a26aeb2..85a00ace2 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1488,7 +1488,7 @@ { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[not(steps('network').firewallOptions.firewallSettings.firewallSettingsInHubVirtualNetwork.firewallSubnets.name))]", + "visible": "[not(empty((steps('network').firewallOptions.firewallSettings.firewallSettingsInHubVirtualNetwork.firewallSubnets.name)))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", From a417250d25a98b8ebe91c6fb27da06d997cdfa36 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 22:52:00 +0900 Subject: [PATCH 044/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 23 +--------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 85a00ace2..792944481 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1465,7 +1465,7 @@ "name": "firewallSettingsInHubVirtualNetwork", "type": "Microsoft.Common.Section", "visible": "[steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork]", - "label": "", + "label": "firewallSettingsInHubVirtualNetwork", "elements": [ { "name": "firewallSubnetInfoBox", @@ -1476,27 +1476,6 @@ "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", "style": "info" } - }, - { - "name": "firewallSubnets", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" - } - }, - { - "name": "firewallSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[not(empty((steps('network').firewallOptions.firewallSettings.firewallSettingsInHubVirtualNetwork.firewallSubnets.name)))]", - "label": "AzureFirewallSubnet address prefix", - "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", - "placeholder": "Example: 10.0.2.0/24", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." - } } ] } From 1f03997412dbc3a96646a55eb5baa3b9544b3be7 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 23:12:54 +0900 Subject: [PATCH 045/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 169 +++++++++++++++++---- 1 file changed, 136 insertions(+), 33 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 792944481..fc4b27fc1 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1447,40 +1447,143 @@ "defaultValue": false, "toolTip": "Create Azure Firewall and Azure Firewall Policy for protection of AVD deployments." }, - { - "name": "firewallSettings", - "type": "Microsoft.Common.Section", + { + "name": "deployFirewallInHubVirtualNetwork", + "type": "Microsoft.Common.CheckBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)))]", + "label": "Deploy Azure Firewall in Hub vNet", + "defaultValue": "[if(not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), true, false)]", + "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." + }, + { + "name": "firewallSubnetInHubVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)]", + "options": { + "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the Hub vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, + { + "name": "firewallSubnetsInHubVirtualNetwork", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + } + }, + { + "name": "firewallSubnetSizeInHubVirtualNetwork", + "type": "Microsoft.Common.TextBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSettings.firewallSubnetsInHubVirtualNetwork.name))))]", + "label": "AzureFirewallSubnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "placeholder": "Example: 10.0.2.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." + } + }, + { + "name": "firewallVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "options": { + "text": "vNet peering will be created to firewall vNet with access to host pool", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" + } + }, + { + "name": "firewallVirtualNetworkSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "firewallVirtualNetworkSub", + "type": "Microsoft.Common.DropDown", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "label": "Firewall vNet Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "firewallVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "firewallVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "label": "Firewall virtual network", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "firewallSubnetInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "options": { + "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, + { + "name": "firewallSubnets", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + } + }, + { + "name": "firewallSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork)), not(steps('network').firewallOptions.firewallSettings.firewallSubnets.name)))]", + "label": "AzureFirewallSubnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", + "placeholder": "Example: 10.0.2.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." + } + }, + { + "name": "firewallInfoBox", + "type": "Microsoft.Common.InfoBox", "visible": "[steps('network').firewallOptions.deployFirewall]", - "label": "firewallSettings", - "elements": [ - { - "name": "deployFirewallInHubVirtualNetwork", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "Deploy Azure Firewall in Hub vNet", - "defaultValue": true, - "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." - }, - { - "name": "firewallSettingsInHubVirtualNetwork", - "type": "Microsoft.Common.Section", - "visible": "[steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork]", - "label": "firewallSettingsInHubVirtualNetwork", - "elements": [ - { - "name": "firewallSubnetInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the Hub vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", - "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", - "style": "info" - } - } - ] - } - - ] + "options": { + "text": "Azure Firewall, Azure Firewall Policy, and Azure Firewall subnet will be created in the vNet for protection of AVD deployments.", + "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", + "style": "info" + } } ] } From 60ac9aa311006b5e1108cd8b5d22e82d672f9f6f Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 23:15:28 +0900 Subject: [PATCH 046/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index fc4b27fc1..097f572f3 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1476,7 +1476,7 @@ { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSettings.firewallSubnetsInHubVirtualNetwork.name))))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name))))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", @@ -1489,7 +1489,7 @@ { "name": "firewallVirtualNetworkInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", "options": { "text": "vNet peering will be created to firewall vNet with access to host pool", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", @@ -1507,7 +1507,7 @@ { "name": "firewallVirtualNetworkSub", "type": "Microsoft.Common.DropDown", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", "label": "Firewall vNet Subscription", "toolTip": "", "multiselect": false, @@ -1516,7 +1516,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", "required": true } }, @@ -1525,13 +1525,13 @@ "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" } }, { "name": "firewallVirtualNetwork", "type": "Microsoft.Common.DropDown", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", "label": "Firewall virtual network", "toolTip": "", "multiselect": false, @@ -1540,14 +1540,14 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallSettings.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", "required": true } }, { "name": "firewallSubnetInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", "options": { "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", @@ -1559,13 +1559,13 @@ "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallSettings.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.firewallSettings.deployFirewallInHubVirtualNetwork)), not(steps('network').firewallOptions.firewallSettings.firewallSubnets.name)))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)), not(steps('network').firewallOptions.firewallSubnets.name)))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", From e113422b48ba52f059d3fe65a9f9e7339f63963c Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 23:25:04 +0900 Subject: [PATCH 047/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 097f572f3..5275d3672 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1476,7 +1476,7 @@ { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name))))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name)))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", @@ -1565,7 +1565,7 @@ { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)), not(steps('network').firewallOptions.firewallSubnets.name)))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), not(steps('network').firewallOptions.firewallSubnets.name)))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", From ee6c82cfdd2ed1e9d1be7e79cc08723b1f7e35c2 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 08:29:51 -0600 Subject: [PATCH 048/117] updates --- readme.md | 4 ++-- workload/arm/deploy-baseline.json | 5 ++--- workload/bicep/modules/avdSessionHosts/deploy.bicep | 6 +++--- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/readme.md b/readme.md index f03749dac..8f112155b 100644 --- a/readme.md +++ b/readme.md @@ -29,7 +29,7 @@ As of today, we have a first reference implementation scenario that is one of th | Deployment Type | Link | |:--|:--| -| Azure portal UI |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json)| +| Azure portal UI |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json)| | Command line (Bicep/ARM) | [![Powershell/Azure CLI](./workload/docs/icons/powershell.png)](./workload/bicep/readme.md#avd-accelerator-baseline) | | Terraform | [![Terraform](./workload/docs/icons/terraform.png)](./workload/terraform/greenfield/readme.md) | @@ -66,7 +66,7 @@ Custom image is optimized using [Virtual Desktop Optimization Tool (VDOT)](https | Deployment Type | Link | |:--|:--| -| Azure portal UI | [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) | +| Azure portal UI | [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) | | Command line (Bicep/ARM) | [![Powershell/Azure CLI](./workload/docs/icons/powershell.png)](./workload/bicep/readme.md#optional-custom-image-build-deployment) | | Terraform | [![Terraform](./workload/docs/icons/terraform.png)](./workload/terraform/customimage) | diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index d366452ff..f742b59c7 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "16279945587676051429" + "templateHash": "14150614109193257204" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -41044,7 +41044,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "10362929169289211539" + "templateHash": "1891310422586033958" } }, "parameters": { @@ -41341,7 +41341,6 @@ "timeZone": { "value": "[parameters('timeZone')]" }, - "userAssignedIdentities": "[if(parameters('createAvdFslogixDeployment'), createObject('value', createObject(format('{0}', parameters('storageManagedIdentityResourceId')), createObject())), createObject('value', createObject()))]", "systemAssignedIdentity": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('value', true()), createObject('value', false()))]", "availabilityZone": "[if(parameters('useAvailabilityZones'), createObject('value', take(skip(variables('varAllAvailabilityZones'), mod(range(1, parameters('count'))[copyIndex()], length(variables('varAllAvailabilityZones')))), 1)), createObject('value', createArray()))]", "encryptionAtHost": { diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index 78397cf02..cdbac8a78 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -171,9 +171,9 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d name: '${namePrefix}${padLeft((i + countIndex), 4, '0')}' location: location timeZone: timeZone - userAssignedIdentities: createAvdFslogixDeployment ? { - '${storageManagedIdentityResourceId}': {} - } : {} + // userAssignedIdentities: createAvdFslogixDeployment ? { + // '${storageManagedIdentityResourceId}': {} + // } : {} systemAssignedIdentity: (identityServiceProvider == 'AAD') ? true : false availabilityZone: useAvailabilityZones ? take(skip(varAllAvailabilityZones, i % length(varAllAvailabilityZones)), 1) : [] encryptionAtHost: encryptionAtHost From c9c0b40507d5ac5925f978af69b326d188f4aa20 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 23:36:33 +0900 Subject: [PATCH 049/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 5275d3672..68c88cfb3 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1473,6 +1473,14 @@ "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, + { + "name": "firewallSubnetInHubVirtualNetworkInfoBoxTEST", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)]", + "options": { + "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name]" + } + }, { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", @@ -1481,7 +1489,7 @@ "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { - "required": true, + "required": "[if(and(steps('network').firewallOptions.deployFirewall, steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name)))), true, false]", "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } @@ -1565,7 +1573,7 @@ { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), not(steps('network').firewallOptions.firewallSubnets.name)))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), not(empty(steps('network').firewallOptions.firewallSubnets.name))))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", From 70dc11d1781e469d790676d7296c39816a8b25ea Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 8 Nov 2023 23:54:12 +0900 Subject: [PATCH 050/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 68c88cfb3..7e3b0e8f0 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1470,7 +1470,7 @@ "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork.name, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, { From a74a32131c6c7506c444d888c7e7fb470e53a24a Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 00:03:43 +0900 Subject: [PATCH 051/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 7e3b0e8f0..0210241d6 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1470,7 +1470,7 @@ "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork.name, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + "path": "[concat(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, { @@ -1567,7 +1567,7 @@ "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat('subscriptions/', steps('network').firewallOptions.firewallVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks/', steps('network').firewallOptions.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" + "path": "[concat(steps('network').firewallOptions.firewallVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, { From a946b73a49a3344bbe69db86363dfe57de1afbcf Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 00:14:32 +0900 Subject: [PATCH 052/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 0210241d6..b9084da3b 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1473,23 +1473,15 @@ "path": "[concat(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '/subnets/AzureFirewallSubnet?api-version=2021-08-01')]" } }, - { - "name": "firewallSubnetInHubVirtualNetworkInfoBoxTEST", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)]", - "options": { - "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name]" - } - }, { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name)))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { - "required": "[if(and(steps('network').firewallOptions.deployFirewall, steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, not(empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.name)))), true, false]", + "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))), true, false]", "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } @@ -1525,7 +1517,7 @@ "multiLine": true, "constraints": { "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": true + "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))), true, false]" } }, { @@ -1549,7 +1541,7 @@ "multiLine": true, "constraints": { "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", - "required": true + "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))), true, false]" } }, { @@ -1573,12 +1565,12 @@ { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), not(empty(steps('network').firewallOptions.firewallSubnets.name))))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets)))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { - "required": true, + "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets)))), true, false]", "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } From 91fd8ff10b47a92d3c262c114b4c78c8191ec9e4 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 00:21:02 +0900 Subject: [PATCH 053/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index b9084da3b..991b3e601 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1481,7 +1481,7 @@ "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { - "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))), true, false]", + "required": true, "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } @@ -1517,7 +1517,7 @@ "multiLine": true, "constraints": { "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", - "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))), true, false]" + "required": true } }, { @@ -1541,7 +1541,7 @@ "multiLine": true, "constraints": { "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", - "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))), true, false]" + "required": true } }, { @@ -1570,7 +1570,7 @@ "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { - "required": "[if(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets)))), true, false]", + "required": true, "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-6]))$", "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } From 7ea41d3a01419ba09991346b04c0c6d87804376b Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 00:26:58 +0900 Subject: [PATCH 054/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 991b3e601..743fa8a7f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1565,7 +1565,7 @@ { "name": "firewallSubnetSize", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets)))]", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets))]", "label": "AzureFirewallSubnet address prefix", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", From 1ff0ccb6446f076f220f38987db77c5005e800fa Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 09:45:53 -0600 Subject: [PATCH 055/117] updates --- workload/arm/deploy-baseline.json | 4 ++-- workload/bicep/deploy-baseline.bicep | 2 +- workload/docs/getting-started-baseline.md | 2 +- .../{ => 1.0.0}/AzFilesHybrid_0.2.8.zip | Bin .../DSCStorageScripts/{ => 1.0.0}/Configuration.ps1 | 0 .../1.0.0}/DSCStorageScripts.zip | Bin .../DSCStorageScripts/{ => 1.0.0}/Logger.ps1 | 0 7 files changed, 4 insertions(+), 4 deletions(-) rename workload/scripts/DSCStorageScripts/{ => 1.0.0}/AzFilesHybrid_0.2.8.zip (100%) rename workload/scripts/DSCStorageScripts/{ => 1.0.0}/Configuration.ps1 (100%) rename workload/scripts/{ => DSCStorageScripts/1.0.0}/DSCStorageScripts.zip (100%) rename workload/scripts/DSCStorageScripts/{ => 1.0.0}/Logger.ps1 (100%) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index f742b59c7..a903aac65 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "14150614109193257204" + "templateHash": "10646310332336668963" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1458,7 +1458,7 @@ "version": "latest" } }, - "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", + "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip", "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index c3e154508..82ce880cb 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -753,7 +753,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' diff --git a/workload/docs/getting-started-baseline.md b/workload/docs/getting-started-baseline.md index f36947f93..1326e696e 100644 --- a/workload/docs/getting-started-baseline.md +++ b/workload/docs/getting-started-baseline.md @@ -44,7 +44,7 @@ Prior to deploying the Baseline solution, you need to ensure you have met the fo - - - - - + - https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts//DSCStorageScripts.zip - - [x] If using existing Virtual Networks, disable deny private endpoint network policies. The deployment will fail if deny private endpoint network policies are enabled. See the following article on disabling them: [Disable private endpoint network policy](https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy). - [x] Set up private DNS zones for Azure Files and Key Vault private endpoints name resolution. Link the private DNS zones to the Azure Virtual Desktop vNet when NOT using custom DNS servers or to the vNet where the custom DNS servers are located if configured on the Azure Virtual Desktop vNet. diff --git a/workload/scripts/DSCStorageScripts/AzFilesHybrid_0.2.8.zip b/workload/scripts/DSCStorageScripts/1.0.0/AzFilesHybrid_0.2.8.zip similarity index 100% rename from workload/scripts/DSCStorageScripts/AzFilesHybrid_0.2.8.zip rename to workload/scripts/DSCStorageScripts/1.0.0/AzFilesHybrid_0.2.8.zip diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/1.0.0/Configuration.ps1 similarity index 100% rename from workload/scripts/DSCStorageScripts/Configuration.ps1 rename to workload/scripts/DSCStorageScripts/1.0.0/Configuration.ps1 diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip similarity index 100% rename from workload/scripts/DSCStorageScripts.zip rename to workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip diff --git a/workload/scripts/DSCStorageScripts/Logger.ps1 b/workload/scripts/DSCStorageScripts/1.0.0/Logger.ps1 similarity index 100% rename from workload/scripts/DSCStorageScripts/Logger.ps1 rename to workload/scripts/DSCStorageScripts/1.0.0/Logger.ps1 From 5e9d5003a57c7a0527e61f443b57809e5889a09c Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 11:13:48 -0600 Subject: [PATCH 056/117] updates --- workload/scripts/DSCStorageScripts-old.zip | Bin 0 -> 82676 bytes .../1.0.0/DSCStorageScripts.zip | Bin 82676 -> 82686 bytes .../{ => 1.0.0}/Script-DomainJoinStorage.ps1 | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 workload/scripts/DSCStorageScripts-old.zip rename workload/scripts/DSCStorageScripts/{ => 1.0.0}/Script-DomainJoinStorage.ps1 (98%) diff --git a/workload/scripts/DSCStorageScripts-old.zip b/workload/scripts/DSCStorageScripts-old.zip new file mode 100644 index 0000000000000000000000000000000000000000..76c0bce424c9d1ed0e23cca2a18881bfacf7dacd GIT binary patch literal 82676 zcmZsBQ;aSQu;keGoUv`&_8HseH@0otwr$%s&e*o@f0KRL%~nz`o%C~8SCyg+C>R>h z{{oIhL47$OOACS#80deA`QJ>)Q{2+V)Jf9A$kEb7pOK!Ko|E3w(n0b6EI|Qnx8kXr zQj)6nQ2_xF{sjU;`G1$_9h^*hgB zz3LnczDhkNapr!T&#velg(=zrX&xSr6zhgpL!KS#nlY!n>)(BS;R(vm!JZHznU((oC~D2QJHro z&_y3|TlR=jR!XdM9$%+ZdHwzUvCks!_NF-nex9secrRzFE-FV1?{rN)7bSOj!W7U7 z35b9?x&oCWoEP}tP;Zoyoyo>>@neKP*W&OtIs&^1Vrp7)CS|*?9E!691n=KobOhI$psit@wu(4Hd|ThP0Yz1N zspG4^wwDG|d#n7B?mt#dn}k&gkwMz17d2gmN89lq!yXxyK!A> zo*kbd)8;f2lihu~4jbx9NbC$QplyE5eG{C1#Gfrh$zSHD3=BmrK5dfEH9DgubVKC*k%5^{su% zVa9^$wR<#DPzM3oCu&01#l){aAC9AIem=k%U3$J17l?uVUR(m2r4{P%Vj7Hpw)3yo z9qcwxHH&Zy4>&sr>1?c@ve_#my+MK-BS$kZ=T?>Qzhn`gD^4ysf8QVU{eGq-&;@n9 zGIGT8S|nkuhXecUv)u-LnU`5EViszA-&x=k&-C$)wN^}E90n0-8WxwUepG((P=8(k z(OL|-+IK8`PrXmO)_}RizUaihxlY)guQe8Y(=Si7(sJgick?k1$@gbTd$p%d&Ul{g zqj<7@}*NP`(fBHG|v+)4x+)3Rdr` z2|am7`V_A%5-+NrDFX6rZu`n@?h{dFq+szM#kIz&cHc(FHB69?Gf=XJLi$we@LBpbqkc@s|Xb<(Mz8mzvj5_1qABKVrF7o`u+arKi#)!boihG4L4yN zb3`4uf1_D*G{!9!1QPn)SE2L>c6qye?p?t^+e`Gj@k%Nk7@}mYsV$xavR3DYrptr^ zp|nh&v#vg=vb!yW@@E7P*lH*1c9X;q4pDK-#(j&N%KY&s*78O@S{I@iv?cXkw?wik zPYHEDk7dp@<`=VkZJv6tMGp+&kWhX6fYF*C0qXijoB@~=P6aJ%d8tTnTA=5~`@myV z258{PHe-ylU-hf@@UME{QhrL82}$lT5EaMQMHAkBif)EPp)bXehKb|FmJZ|anOWtG6{oSm3yp=v->&p=~KSFvjvl&hmy^Fmg6iRn$Pez zb8TPTwQNnwTz3!7GGOZXD_I}KFfR5j zj4wK(geMY6|0M_((D=9f>?X<|et!#t3;#(22&4WJu?8CqW}WR04LUf*V*c@&e#0_0 zy+5mA34h%@p2Y;B%>WtmrzA`bkG)8V53OZe!qKvaen#emZMAqzWi-(8;5GWGBSpcM z0^q>>`;Cu|?|<+8^>AbEc(a!4F_TgRo^SoN<#`W3(z-YQOz?AP9QSHbCXy6%b)(C5 zi#X2lg!2IZuI(8!GgL}->6bT0Q}v0_pRs4d*=MDboA5g1?aOcZmSr};ugBL`YQMDm zqb87Nx;nmmVyE|e(ieMgaV9^oug&XNsQ_asrQ)kEjDNBB0958xF2G^k68Va0n>c z3_#L6nmA(JG=Hl9XTW?SYn?jZR zUFa?y%Bw$#Diuh26R1aqM<$4Tk4C)B>a~BFefQgZiDTfgK-am!bbxQqqkij|SpPR> zg>wA9N{1&ymP@cxMu!b+$H=-emkvbt;H2{QLM$>AbpAzR)IngneE~S=sHnW#0%g(n z<&nMZ_4$+P4fpK+9_0G__%jvm?dQF~iSa^i;F{dGtQ4=%@h>U|L!LQj&Oyf)lDvL&U@Qa>kQ6(kLPMWzBP3r0;YPXGRITaxZaB}dy>$BMvdWx2Y236w9DLcs0 zQ?C!-Sbj;zzBc5R8NHMudub^y zNeZTosys6@1*1j8K4mScOXpTdEa|8b1p+Ji1u!wf_5~}S@~HXvR#Up5XvvK@b}{q$ z=pvpUD})v%bS8MYP*QNafYG!;!})ciqBc({Ix=mU+pz97_6Adf!qyh$q42;rMW;lc zBJV{Rt83%6fiY%qQOW8=#OegrFn7%5Q!D=RUOm2p!1>uDe#{GSDz1==fp;GyxI{Fw zzi`J9e_}hE1Y?=@6i!ATe+RQ)kBN@?Dvc|syOrsBY`vY8qc|$$WG%*Jq9N>ZZH$t5 zht`qRT)M{%nvp+?*YJoj(RDoQ-3^+mZQ%HQgHR}_&bMo>wJ^tBw6jJ|Jow1;f)a$5 zj$-vB@M{tEZ=SkQGt zDYt?G_WIoB5^m1M1NpAzYZHBfTL6jtc<2D4s0}BcQ{QXvwc$prMre6GE7C@rICj&H zhh0T;<3jC;sfO)kQ}}b{Rh!w|$h&G1K-37@T0`l&zkzd>ghd$U7zd-wdeW`7D0*GR z%9%qTJah1R?TMUE*}R4qkr1iiw-JEE2>Qe^i0?13c`eUkkqT0#?w$SuZWN3F5(pJ| zk1axp01mM)f1N@$0~VPOHG7gcXFri!9&wiJTzj;(Sm}I#AIH4BAg?M)R&MIHPGg+_ zbJK;ziKt)UGWvEz1KS&vH*dPM;HrR%figMdt9pMxfwprC3Hrl+^Y^Q=kMo=WiQ3%U z)5^aIUni=Gl@k?$jiUO@DM;33FnzO%v*t3Ga8WbA7MfhPcyOm82lt?+%K=mPMXyek zcY`~$8DT5=B@hct_QKYY=VRb(uhYd59lXG+eCwN6)^{g78B|~ZezHO=HTN!=)EeUh zSj3rCh*8`eF8IUFheuHd%esshLA4oVdFWbw=FD0_AnR*&xHYDpkoqhwXUYC>Dnnxb zwoet)L`#|Ry+=lb?*yq!3<#j;L11qYpa_HxMzU&b(M9JLvX7FP%uG02ij}gHcG~3) z9QNVfmuFk4uH~FspWMcm2Aptd;W>MYlS_>aP;kya!b)zBJV+UDMelC)8{DfNJH~ zsD~N1TJ_kFn0xjNZ^99|52fEjia|Lz>2=);+q3F3&cN2c$wTTO*={R|a~@UATLl}5 zgbdkK%ne5Z%&iCN8I74#wqh3HRZw@$FARCq8QyEO#NYF&*t!bGNhsv8z~<4CGO^p3o@n{2w+UPI<<18D7!9Fhl?GHQy4zH*nz zqokbllHM~M*<{qp?8%Ms72@6OTz9zIkAN{vqgi^uHYG>QCws z^T-83reuWicB&0?qHd`+XazS6XCHf^kxowF!g;jbs7d-W_8V7Inbp|=OQBpo$x>iV zGJ;LEZ`Ve%jpRXxy+bF(J?0Q3MrHXzy|iv-!+IC!%YK|-i1}p%QJL)_b;n*!3Cn6^ zq^Sm|mDuGOUX`|YI(DfTeFfg3&Q&wZ=(v)oU1k{PlI-5dH*^{ECngp5=%9` zf7D|T8@ufmApN@jcR+csLFa{d5Zikys?kZ^>){yht4s!$7$eqg!}_t*L}JBIki}q$ zCGp$QB9HDVch7;#5p`glnO#I6VP$xn5)ufanJr+(<6dLs^SwO{7glGJ-P|?4P!K8L zA|?7DmfGV3QV5LLhuU6@qDRK?TjvPz`+ddpv*W_SjhkH5)R%U9Px0>BSp7?|Kvh-; zlHAhg%$+&-q9QiNdGxr(SkwIC-MSrPsd~TYxhc=yGc4MhQmGD z5|#jPLR5d!>k)4lCPw1;zIy%QNkB8efDuMtQOO~_-f|$;xLRC=_o3E8EcNS1 zwLZ$Q?QitXBu#7P2_ssXwKg2Q1X8x8r^xcFAA{@L_AE_MfwFU^rESv>Cr_POd)NjOIxdZd+P zrk*DEAe@D8$W(~&1PQvq1k@4C6pl|tEYU&R?GRRkO+<-nHlVroKJP9zGx_+$Wr!hT zvt-)77Wkh?39rbZ%be`EnmuaFU&?RCGFy4=kpnnIq~V~#io9vh6&Gidy|u{rsq35= ztu^FIKRa3>WMnoA9}x^+9@E!cYoN$!ohORs5|P>C<%yCgl-XfyG@f3MI-T2F)b;FM z9l}%(a%Z<6nPcA$g-@eB&6fXo;@(k-2XKKuZgh&Zh+Hv_4=~b4dE)z*?5ySQ`@lht zc?PXhI-#kFVEk<&UA>y^UZAe^{1{f~0`Jqi3C>P4b84B+fS=_WyN-$M=_)=q@zu5a zf_HkXdf#8I#&f}pyEBVg8ntken|heg|DdG7w7?%<#RsX-mtgrL#&=3|*J2*f8#v?h>RaGM0mt*95(bcv=4<&C>mZxyU6r~OcsL*D^%*H&H-hEJ8 zTU0Z6Y-mlUwfJ}@X=}>w@fsf<3p7v{hJf;T9~VI*4$mR^;yck1B#n_8lw| zM_`+DzoT>r@O@5|VfHVgGU|YghSCWM2ciQJgB%Q^`4|5cMano6dy(6b9(g9XF#~NN zSPI28eg_(N3Eo3E0xPtm60%_5WgWre1~w`ZK}??eHF+qGK(^Q<*ak%;yU2mh@lZR* zdy_I0^JP1zjN({slhsafo+4t&-daLfM!enh5G%seD=F2B<%GyTM!S(PCCC0UdfGml z5A}|kN8&efDo)Qanf{jj5-{~m=h>f~k+W)>+^__Mr;|A&Z785}B)0Pv#N&5sr@9w>X>mrVG}%LGE7&*PvJj$6-K z4}1`W2jnWT>@VlPflSlC-+vBe;(ZH3oMTcyzJ3bf3WJm%op=1nm_`bm9EGWtIT3tN zF#^94I$pB3g<4xD>*A5vGQFPXou;qEE2b0sCYR4XWk*!r>XF`Z-%WUFv_!0@IbDJ> zbi{?3w}>W2!6%%%EqjU739XINo`=iVg!S5k$ zU&hQ`(>`?ciN`^(T>gBbQq}y?(NeTzYkKfLTB6gf-Ijro!}2EqQF<#$$9MCPT}P>pZHe&sQxy3Sc#j?0bB5)ccg?PfBgUMK&eBOFKi`y=rN5 z5Q9dFWIJvXq=^(6n6U(#k<7+*{>2@I-EO!YtFh`>p9ETqa><{S;D@nZ2*Geg$m$50 zJH#hnP1<{C%2CntHccvQ_$S5QaN!oV-$?i;vt}-I4ytOtd2UCT)mC`@E%I>O%i~bD z*&}DRhKfDgV+$-1y%ODXKwVGz54^-9_PQjQBn*#e-= zj>C#UVcXGbgI4>hbzaT4Sr0eu%C=p)%6Vk*8nRs zBc@LSm!gkN{RyKZpMo!A26Qwc(kVX@xoMa1sdx1>t7@IXJPe+smy2gCs(Qg(l89wX z?$SpvOnEymkEO3^VU%B$SGL^cLWeqNHnAG~n{yf@d;u`P80vu~3NulU{8A%1%OW-I4b_hTX zcs2Ak-!+&h*9f`!8#ji-vPADk|58Gel>_ahIQQ_peQ~gzvaha}T(BOVDq4;(g*Mb+3zt*G5FW$)6eWq4Y0pMwR1q7JJ2NdW7FZUeP61OO9i9=YL2Zii>c4)H z#1{YiH(y2$$dthBN~)D169VDsnd}YDuOjeVJEF_27FdFX+ifT@goO(gb)!Gf!J9gq=n`qlyE(xP%;1qQIW?^iogL4bpf8;#+u?f4)ez(|2q(_ z$UAm=md99(r|KL2@K16E<3=H+?F?=lc};aEQna5EJ634 zJ&a?D7ZUf0i7~F5nQ!$%9yH#|<>;TDH?f#p(g7xq<)DwY^wA~%QbRurDTg}vvrph{ z*R#((>z9iVI8hMC0FJ(ltHX1iU=WMgS}5&4ZL^h*G9-bVf64_adYu~L#ejButl!NE zorBsbN5nvxM#&Cn0atpXMUuYo5&6<~^dn5lX%;0Sc1R{V?m$q|yB0!+B2tGKdWQ}~ z4c7Df+TEWxg9XY%pPp|TS`=r+o>fGT4^WKzq&d^E&0r4*345OLJp7hn9XMxpTLXmb zL0neU2?@D`?x>ptc#$kV1l*zvaRu2IL&B*BwTN)!K+1>!=+N~k2%l3Iq`rgwu?G0@ zh`$GvL?_TWt7t|>7e{G}!}3B%%vlY){fMMeluc`%LG-RjkhVXiK$dp;EF{oCzQhcNadCOl?oHg5!;*gLM28|aXdRl=+QE>qeM5o#OLBU z$f(Gq7?(&pW3<6?W;r=^Xz$qKPorU3V`^JmQ3r>O6t z0;@13o)nkJ9rB7CY##rfW|mxpLE9D!7jm8*aw}X2TL1(7rPU1e z@W2*Ds=&VbBhV359%@7ukG2PK269z3afDa=Yec$zFjtX&QA|1koNJd9nFrz!(hAB^ z&U$i}^o%pw265EHDpg4pbKKqp4KWdB05(G;DovBbv!i;_v0m0;1B_g_{mrK6$dL$gh^i!q-Ef(_d4}{L#N!ho9~?hQ7k%d^q^G|43rzKoprGVFBb& zn$ocG$r54BI>CJ2KFLV2C3;OVxT_giLV@Jd%^(evz zukGJp3TC`d*HKm=X4wda=Rc<2tMC`##;M#;1f0DKQESP8$W2ol1CNmXX@J z-fkbku{?9D-q)anV;b`xqz{CZeL@6L@!3_atHumPLbm^_zPE89S!~uYMC)xQN$8@y zpK@fgLF1}7bagvStK#nC^^O&74!NY|-MxMBXc1PPAaE5Nvu81bG_&N<=UL0$WnHxF z(ftJTB#gq_?cc`Tz}R#~0E?Z9?A?_XAHHqrDqS6XxR{^GZnjvt^ql+?8>~;k#Il8t zp^hcBro-Tr)7UUmx;vhF? zdMvRh>S!p{_R0vFxo6BFR(wSPO zGSsFOfmIu<)FMh0cFMi~RAO4t#NL+Sm3~6gxmEZ_was%mwtL5pb}`<#yAEVmBf1#^ z9cDXOw`5jeMeHnGXG%XvpJSS2lay(z8<-dvduL&Ha}-@ar&sUslccZ{Pv$KNZc3x#X`g+c%nxybf%sqR%ns*m87+0C~uNAI6 zsZ8;U#0%Hc!})2mdxN4lCN-LdSEXN*sogcRb*TTNR6!{s=|x~VSr_(u(-AL3Sy3TYn%_Q)(#z-P6n`R!^P3@$xmxCSi7;MEzSPL@EXtQ;@kx!V%VnP*p5Yo z<#V((os{EYgavZx4UQJtDbFa?V90go*SvPBzc%5Nc+y+1iN$e~(lEaU5k4yE8dsSH z0BCkA0{}bCT-wYQNm+|#T$7U0n_K5mbQE@wdj@oD0y1t85*Qb`656!Ku4gs~n945Z z>8LaR#o3^3C$7)NU8#wNomKT?tKc~|k*zG{MpJO6fwTsS&ZMzC`(P^^;l_5fedDt` zI%#&-9T*VH@L@qj6FKzqr)}JAq}rJb!SS7;a6|MsuGS$1rqt8(=6cR{*@N)GlHFl^ zovt7{XsgbOIdX8AUf;}yj={TujYva}$hSJVY=5b=u){>d<-3GnWRs7V@mjBKhQ~aU zv9PRt0ny2T^HO>HwHoG)kB;hF>TB+{3|1Z(=W$4*Nqo1WmS`DdgJQx2!0^t1Vr^TtEIiBmCFYGbV|Ddlx=##)HCvjFzF@ zC*obwH(xFo$*i@b;#}Jm9rNdH3f^~+z8sV8WB1vR1Yl1}6wV0&&GFtVBj`ckM}*u$ z;b=cO<}PuaWT?L%2n&$8A>}n4NZR2Ic*7|u{}zIcb0IuPqnw>NcCw_Q=Uq(hVozNL zis(ODAz+}l+)V_}49sQOBv=S31()#N;{pD~(4)wy=)gZevxp>t5qU0M5?$$pfw5Hm z&UpyW3}wDt43SUxnkYST9)sfdEhCZAZg8b9{6dF2?qQW!w~BOoJKCN++MoYurM6;m zTU}hey*BWS-6&d(WwDKi+}#Yj>lkxgU^E#mB3iS|fOb<(Xm0WE>ydvQ@DPeS{Ad(ckrY4*R z)>aJhw5~#N_U;&j_ry#8RLM!2ibrrHpmC-jF+9qU|%n(}F$AnsIcuuPER={`&$nDPe)LUUR z-qFk|R}6inMrV(6(Yh6BTU0%=o}$wYAUBDQvG(nx-?r*(>nL@^illtz(F++++b z1a3thoe53`T$&0pt{f)Y_-2tdJ=kQ}aSX*VZz6e&XgAK%Wb3D(( zW9C->8M`Tbfa3|WSVL8+S^DejZnE)cm3f&xh-5r-ro6n=OotJvG+v9c348Sp805CU zkM2uv>K1*laJS~?rFet#DH`Bzh0^qqY!eSoSF*zpfl^t4_R=GYosUJMW+9}FK{ofK z;{`*TK8B8@-0`H6{qDEk-CeM{Hs-0@H*ZazJCuic9XL;;3VyG4^L3XlNppPGuD=#N zc8$;GGdBb^YjVDy)f?yu?F4J_XR>B{bW}(fXhreNISecCb1W=-w4BvxKFvHN!IM*K z_uIMI|77ab&42d*+X@}f(T2*=AOXOu-e`7|NDV*)mwoX|kR)}tq&po$Da;jZk5GVV za7D}f24z`VQ5cWx9NsxoVe$=B|6W+oX!LwS=n(40@7mm(=Kfp309PEn7sB-!v3=e? znxww&me&#quSpYu$>Y+dx!2Q(L#O#`qFeB|N6dA^ha}yCgoC%M_Z+A?f$a*@QVqjJ z!g}6?UBH^7hP?MQ`K0KY&ZxdkN+@G&aE}dOS=}l}2ZmEl86mO^G&600SFH->)l%OC z2%vqkO~(2!Qj8GooB2&cEOV~g=ico8er!9zZG&$)TW^;PP-z!fk`GX88>-;@dZ(-h zf?!_g=Y)$+KG-*(YyFU2#%87ly&_MS<0a4al$-LJY=4_sS5~_U_&S-unBVBB#rUaU zRVqZd4Cdhnc8mVh&_q|G2w-b*8I3BRhZ3ZE{3o&x= zuN;zqL~**>Np)M4#-Sm45}vV5Md9=i?Un1ov5otky0|y?Sg`DzOifDbCXMVNpBJf+%sd#8UR)IoUv<- z?~@hf6;0kgzOlP#)z&SVLAMG~Q~Z3yAg{a;6$%9-7Z>T!%R%XyYZGxHT^cNXQhdX? zuET_EuFMXa1Ft@{Zu=DFt4_VKSzYS22p)*@>6J3y>948{q@{e&L!2gEple(Av*Gl1 z1!(UOltT7vU6Q!hT&K zet4wfCGEaLpf+Vq?74uV>FR{k79}C~AxU!z8d21gRY$buQU$1HFhMMt*b-MI@z9E!@fj_YK8`FaUowy8*Wu+zIeEQlw!n&kqQUIT zv5Vi=Qu`-h>RJ zNtKw26QR-3r1=L23|5@XhE_?*t_*LQ{+uYOJ{rmNz=kuS3O={TcZt}U$0xI=Wc?QIUI%l6!f)V(y7_EwcCXc-`8w`FY`ZEqs*H5@+$miFv4wT!QNz z+puNLj46{+73WBDW(~-*D~cl3N}k}9ZnDVM(<2v4R8``VZfuu)bVPz*g6sS%muS&T zdE${Fx-RSsEl?r8ubd+BNZbd}Y(la^T3e`;kVdvbAon=p&NKJ%NSsk(`d1wD9mG>_ z+fJ^U{>vgUdRNq6Q72VONeDL0gDDC*j1oe)-cAB; zjI>KWiZ^RO!^SWti#S(;V(82<0eQ7QcExr%t5mRH?^PjGA*o#pZK9MPh6(Q524ddc zzjodO!Z%w`mvCNAOU?nRsp{`O!d;8&6!7KE?i>)OXQsSi_e(w?e_2Qi=-yu+9Ue>o znBNi|I4hZ|p1P1_*1X?$Vb3sIV^6vqTb~R!&z%*7ygb}5(u9A+163l8Dv^=O{|7Yb z0uHZAcfmA?cbF!4QBJQrA;%0UvKY)ne4Z*4vR;xJhldk?Q*IurzLHU!Bqyq&*&^fP zfMh7#j7r6P#t`of-7^p9*f!buY<<%OMg>?axk2#myxwoy{~w|y`>g$>g`~-mD(jU| zdN=rAu3R}}XhLG*p*xZ7(f4lVP<L}hd?JMm`C$JGf5zmDWch$o~n$g z9Oj6HVs$`@`BoV!^VFaMGZOtUe1aej>qoYzi`DG?=I%~ zD&Iv9NLr98qeH=)vA%}HZ+$lnevm_bczM|faiLc<%Z9?CR)+75fg2jk*ctw`eNvGJ zq#5$SN+6v34hRTgpXL%}rxFxnSD1-ga5Vd><^91B5yV(cNW5r$!gnM6Ooy78C8nzR z@*9!08un#v$X^ro_3;o!$#DQ`ahvJum&HnLadi*yKq7q|xoF^m4mm6U69{h#*+hCD zHdar70=9ogNZjEO^9)M1@In)-cK1&1ND->M%x*!Va`@8u-S0J@fRF2VFR)rqu3I)c z$B5*C6T_dArr_r~$)5&E*sBg)Qnfq0FQCSa8Vm&?CUd3;9x$Q5oUzQ=;rZSNu$1qK z4H&@x%5%Fp1$+SfN9j(W`(3t}bDIri-P1VNz5GObM-&)d zBjWdn!mlbRra{bo7V$5!`P8v4FSyQYl&`&l(0^ zi8F-UGspKKxcj^hRpsQ+cARJQ-&It2vxbK5!!LvDylM{h%*eqOHE)ZUL5SiWK}Z}c zxk3c%)*jqqoHrYx7hLoCR7z4umPra$n4!QvKji2&is)P^Hf5r{!y6202*Qm3^x!cc zJ@opq2zv3zoQ}lg`)3qEDTaPu@dt*yqX(=s-9WzxtfVK`_!@muF&aKeQ`^5Dr!f}Y z;0`zsACrnP(Iz`nsN}3lZa~ogwEkNI>qh%iR?QYCYG6N6Nw1R)jOUf;)D1_4NsNXG zy8sJ@ApFN7J`orAJn}E+g~xc)M6tTrK?SDR0c}(rrMDvUZ*7dl4{)j3q5!FhFLOuj zZ#K!=f<(xKJ#*-Cy4RD{7_dal71Ifh+Buvtp6tr~%d9zv2!Z*&-RO$KsSZjSRAOajU1M9;l+2r33wq_`IS+ll;)|Gvd+leAu=3M2l>M*qnC2&_pYZi^(T{z#uR63a2K9 zEGn-m^1cHv{8q@v?0wLz7`eM2;=M;1zZG6ip~quGmlS*Imeio_61%P_VuqpFlftFC zp6`=hfZ^#2^c~C#6y1QJpJ)Q+Miy<~1lS=29V64VdQ&$&O7<<`1S{3*ER6Qx&m!xC zCmcg;xw`LW@PSd7rj|}y`~Vp(U7VB)q~>wt4J~xIom~clVWQV{PSJzEj+5W46non~ zsGWFn5pj+>IcD)NRFOA3q>E0yqXn5F?026ss!aMpbVfms5z#mPq&x}?+Mk#i@}vLy zOz||j+)M_`7b~Sw2wQ3WDP%YvURb4lE*coT1X4D~#zUL^P3v?ox%3^ao%X z!pjchUwQsFnre5fRQc;i<{D?w28m=-G{xiSVyP1Sf|a4jH3tqIAk$Tb3Q(X-{0_ao4*8e`QBri{9kXr=hYVQ{nfphHJTd-8hOJ@~nK+1EaP zZ=UvkzegkY@0W)?r(rqeexn?zy<>RtHE$aSNIx3_-rwIF6H&@)nQYV_>+9~#2exlV zT>=C*c??4Z31$+XZKDeq^KPRDO_c1i;V@lzY0P*FFu?SdGapt%1>>poaM~@ucl6g? z$HGwQNrOUT-ZiLWo=g5#W3_i{?wyjk81GlCITZEN(i&0X_PJ$eY2yr4z}KztFOM5= zNVJgtY_7JWV>&&|nPR1p6fGheJI&fxkc80B4 z5x3p;=tGqUS@}7KHaC?$MtoH|m46PvCKO@)HCS(}!Mn(^%op0oKvl4UgYJ7Bs4 zXF)3Hs4%vi02HL)f4D>Rqp%g!wp<%KXPV)Np$K9eU09<;-HJqkIwab+K*NFoH-s0W zuY6EpKza{Ir~y^mz~C)wJ3MELljT?x#N1-qlV_pZrMvmKpZ=*{2@@89_fidZITWdI zmGBp&-Qk!kM?KcVoLwtwlJ)V^T1BG`cU5yh3;dzXwqcXzE1iEo^HeX*SFF@vE7iWj zzI}c#R7td2)8(z%Y?sGEs#arW0l8$)n;SJt#dBl=`vSkdTHkh7J~S8q(w(J94%}N+ z9ur@6{A{37^mpTee}jvWvXBTJY<%<8s9qF@VSO;uCfpH|d+e8DfuvxX5dW!qjR);} zL#G=rlDWpGo_XmOACqDyQCe9h#ym&btf8GKPPT`?2#go_CWXUW9ei7w0=NPQ@Z*vp zgQRrCclO*oM0|@XOD}z1%VvM>?YxD%P>u9#1ioAb<70~TJyI$Y}ec;xBp$lnZ; z=eTt^i&BDqd*eLz*@$qbePl1u{#-pue&Q?IHVM^ALvBXNBAg?LM`A)pfdOMJSb*qa zC5-VOKFrxQp{m%6GOABzhtu7s3eoeLfdp?~fwZAwb!Ee8U!UB!UnQ=c6Dz1=sdKgL z+a>hN?T)fU=lH!D+!@^6RgLNM8l7VA`P?xfZB4GP=-8ic_e)xE9*FzR;tEPSMSN}A{2gGX6`d3 z6Nzm^`7udGhy~fwGr(-8w(B65XT!DK$w&tpN*YF(>_lqXb!`7xs*n%GusxpO<&$vJR;+>w*T&UE6+sjOo8#n7wP) z=wJKBEnkM^Z!*rzAsY{_sJJbVCk9ZNA_ZfZVqyAuE{vA5rk@4DHI{RfN6Lyz5hOV< zb&f)I+P|aY@AKdEo>5PYP9>BrsC~8`hJvNGiE!0aZQJ3__!DjbI~#_6T!EuG=)1QM zKd)j6J3}IP**t!#__L}xmOHvadhvD6FqeD##mVd8`7^Y;aS*pC`m2=h%AwkdsVF3whv><^!CH>4GM*E?z) z6P0KN7P9!SL)7)B9?W(?!``!NBsfn{CAq(pu~1d3hq0o*LK5HT3w9ZalyyC*k7Jh+ zx`klwFv?ll+$JZ@<{d-9^jR=WGr#$&k^^h2xz#<-KsQ91lFnTG_1v2lxCFI~tO#;R z$oWhTQ$LVbTZxyPjGQ>Z7MTHN(NYs1Q^7@pg2cvp*32?9c?-)fc_@(2lc`29M=fF) z?q@EjM)L~bm}7zlo%>(bj!q}((Cu0OBl_978I4~RG`PMg=PhHSNb1xNi@D_AyGlTe zXU*uLjXnYA;NOvLw%&>tIIBT$N8T$THX17C7`7knwV=nUIc;F;rP)sz2TWe0)j>3{ zMNq$_lj=fbIbPIz{#FN>K40W$IKCPP65!Nm!pYE2n*S1VC`s%v`#BrO0Ltu?sm3{4 z99oDxz5TZ?co7Owbm%R-^{$39R{U?_Ha@^S+BKH7#wI$B)0aX7<(>S&sKsFEN|2)j zYfEN%7YLpUk_fUeJkT#b5);cFl#dQGA|^z`vGT;vVQ9(ZwB#gZfsujX!87ij0XhmfSb`|x(fa}DzKfR<`r4vuWEy!dORE3e@A(a?kEBYR#sZKQmV7R2AGzq_A=hdCjFMOWh>Uacr>6YT7fjs zt*(UM{)_djDnk=UBWELpi@UlH+Vo9PhZ-l|_i9(S6 zz-?oe6Z{qQPw92>G+^Ak@>@+{)>CJboC=i9F_uiLPqu$2N(vhoJI3$|QUKGMk12Nu zx$v*EfI9W14eIY;6m0Lt&!EcZN5<*GDqVyI7)RZ5g~Gz-6$~e3QlX&NHy=T zfGTm-x#Svc11jOCW>A9^Q$WMQ);6J9DA zt8v?cRS8}0e55w->y^|TF5DTeAqE&$r4&<-7`G#jkd0(UK^f6q1vlGdO`i<=9Kf#W z8b+3pk^N1=ZxB))$CK3dEjiDl$(zEXG$L5=kV@b!SVUBBll?~Xv!kpIV`Y+fa0Dn* zJF~$jgIw9npUCo1sl}gw&+H6CqZc??Gb#pU|979Lj`Qn3QR0q)QWL@@kQzW`0+a;3 zo@Ss4dR?1XSvxby8B3@T9Jnx{9Z%1mOCIjAIqIlyHBdcLCM-Z|&%`(1-Z~>C<$Bq`_@sb$_)fUK7>}FFdr8VOHtsTq|KY$ksgP= zRJBjKlo1>4*8-#oBG(j67LDHmkD9M-a+-O7=_+r@P0c#^q`~6qa?BJjdpx5=lq5t#@u$1-0O+ivtAPGl zb-$Uw%SoKQ90lj{F}z5l8XZNOJ~pZaaeIQMB+qpixZ?{{bn+C(1JEMx5IcG`VV+9c;*&$Rrjk_wa8Kzq1e2ir|V2O9zagTV5=1j z2YHJSjiIhb70S}aVM5e|Z0ed&VSQ)vM5zy`7#y25Wp6zzb+~$FI>yYv97BDZXKvI) z`MzP>UcuAzC4uUv#ffvzR*_`qvupw^a446F5iHsIYl!1hfo+=!UEfBw>vtZ!4Ya#X zJl-kEEmM*yqqA+9cQvXkNMH&zlOwKCd9Yth_jB%;FT75X_ZY;oB7Wrw(X_hN>b6z1 zy-3byF&CkH)Ik=OdYb-I@~2_ulQh&w@~jTq*M^_wAywIP@m`5);cD|FKMWUOZbaPK zmJz_svruJWJbr99Vx7pCuNb$YfM?lKH)ZM`l=IQQB_b8P%Vw`}~+ z5#Y~dC3QG?Dc?J9tnc0T0Nk!M8cx^yjq(HeJ!8Ptt#i$aNe-kzxfs~B6Y*o4Zf>jX z0xRz(t#vit-e^jg`^)HI*Bi|}m!`_Mv4_LZYqL{ymBV10`8W|m*hTt>bqXN?862sn?(efm+V0uyVTBKK$+4!{$8*fmW?+FB| zg`OHJ*Sf|wa&rxcY`-kS+*LT-mDy}xON%Chl0hTG+5`l1WHft*8o<;G2#W#yh1Rt^ z$LF7eLyTono2HuLeU0I7geL5=WtPkMtYNGJOCS9S9mS%|i8bdTHeLtMTiH+R<)-;# zV6BPIolcM7<8RQn0>$V3G*>e?>uON@_|9IKp0RaY>xC&VZ#t>0g_`t`30E77?2Y+a zben~=wpzBPfv{tDJuO1TjYBdQ>M9=*B+BDy@okcoiz1QBSwd6`>;!>NKbL966}{@= zg@^*7OG+x?w&PgyB+Trl8;uB@UR(MehN#M8B~%LSEig1P+V@Wo=L>WS$+3bAE0upb$kGpsj@og-01He^p$giAEaOFs-CihdQJi3;ylpD770ySL$$bO zJ)k|zAsq|0KihIZu$9JBRpwhEWjDa?f9iY5Uf(IKZe{;LlkdRl&i!4j|FyPA$WsNP zHN+NVP=*V-#(HRZ!ZWjchp0;yDCP0;za+Q4P5_6_rkn3uf80Stl7u?cXstO^g4JqX zLDzd0;eTx~FOg=OOK-0)O(<&&7`5t_;w|W9kL#yHG|x}&kLy|)z0a9ut!4bM0%+9@ zpb2+5EZ070{?!5hsL9aJn^EkeY{4~-wU6fLh$@zM&EXMt)YJZX@GQx$s!7zps-g$x zK8Praw@Z!5Xa15MF6KYDy|Akc_9(o#M+ZSKb8%CfoI@kp80Y7#s8c%;%*S6nD`rr< zy^VDD!8g%H8ufwhp`KuY`}ZBi%Fe=iy4i^PRtP109PtwZYYZ; zb2c))&89Q4_Gx8j(O7%nK;gBr9rxMrq&M%~@LVP*f&}^5^89RhwkOnQ%hUPsv*p=p z;NJhBc}J(gi@wCg5OOEc=T8^M5>*I|N(|BQM02ghN^XPoDn{~M;J&8|IM|1^+q;xc za0z2qFTVy$SAz_8uJ+C8*{@C{r8Qlfja@J9OIo@<7#pu!*tGuE2Z6@@7O(+g1@l)p zgH@nc{ieyG+Gw!+zzs*YRp5YruV$g|IAA%E1FY?q3N)wfr?{?d5fK>Up-FbTq{!k? z6JU3wT@8bN`&s%klWZ89j3;GNc2ks(465%c%$e`8EK1RD7g3oXh!VDlq$>Ydz@SHQ zbddtyF|4IQh2nh10C0A#5YG}L!n+fBQF(4hl5e(0V_=gRo5E8rJgE;31Ro&p)`H|F z_H(0C-#W$}%>ERQpEK&RWd{GkGG5u^(0`Ve)t(pvM^@tTdI8SL=%~_Y%4C&~kO+dD zR;J3wgJ_S^y74WJHH*(WH99OweoY zQS1o*PjrJ%?i#B_?2>g?uq#{SwZXnQNE8v1`6M$ghgGAfMAE~r9(=vUYKfi7{3e^` z@tB|LnpD-i+}Yl~xw#q4Wa8veKHC-rx5o)A52ocHF6VFmJ00&n`QnR5HK9>8p$3MM z_@sC1-mNq<+t0PsVENTvQkQjQYB+G7MFF?B@9f1v&F^1&;a z)5kY?x4yJvZ8t_SOG&8?x``w8dYUPtds<#}OdEuE<8exgiM`9GwmqLsDm@&0Ie2hi z=p!~al}(X>{mk=eQH%z+EMm%w9gk;e1~e|v#|1K)#T6v%gb{w!W$9Lw60b4MsL-Or z2A42M2o&3)Y<;6C-t~uc$oVl#y4;V>tuA#i*tF-T@m7HL zTXINU*_>Xsyy#s#{&=f%b;iQz>XsrRBe+3r@4)F?BD9>ef3A`&Dag1}`SP^dDB`cv zX>x_3DrJsJ8R>!i;V+Pd%=dsHopW&5%dDc&?BXr@s+~RT82o*>@59!X5S$>_= z2njrrKpj>&`J+B8dhi}i0|n?JF0j!@1&d?Pfk3g5!r`5=R8a+Q^msuMi9xm(A7Nk| z@frt*Pw>?hKTGDAzMYm6!|!Q9;N(g*DlnAmN;tP%)D<4SN$01Sa=Zj%jWSnRBMbb2 zPUY6~!0h@>T=EcWVnde7MT#>P6h(1joSA9BO$HrA!z7XR$T%OBmO(Pd7E5fA2Z(`4 z+rDC?6uFk*r~bUWO4wp3Rrg=xssWRzP)a;BI5GGP)>a^t%1O?X`I&vvrD%((VbIKc zXMPLatEysbr+5~=3QJW^u#OLI^EidZ2*{J5>oTMae7T=l>K!5;=vaXb?!w^9~b zvWS!qDh4zVI1B^PdV1TQqDFDkMyPm!xI(HPkl$8&KK#Cj=actsrHLR$)(+co>ZsdL z2!{dQ3|^uq$bLaL7aUSE2)rRmPWDd5bVJ6u! zY;+1(zU44JmgQ(c3@qLLglD#a0Mr-GtvjMAYrffCMo&2_80J($%B(lo&lkv8uD{Y_ zo${)YHAL<*vTSdsa%YIK?ret7=D5Ho&k||H#)~RPq03xTjW#V_vFje^FaK#x#X2qQ zvmz^vj5gUhtu@<{-O{8+Eo@lw0wU3Edwa6})KilhY}R~ijvYybEql*<3-isMBN1J` z9N`64o7OCBHra%@Fd_O1wl&iFd+7h)pXL{sV$D||XubUlX|=td6*li#wcXP$8OkDd z;DvHFbKj$MgTcsB@(-|9hS8UUN3fp46d;rG_RZ>5P6Z*??%rX)iE)~os=(UL#ccnh`paWdq4lw5ou?mM}w~h z5AM@~N*jbHgU9RfCjC2UU3usyG>ksI%LlB{p|gS`=dOy^C8vksy_EFJh+j?Z;a0PB zuM$#TMQUnIueZm0FmaXjG9bam!CoXcktsa?#bavJMi-GbN!RG^X>^OZzXV)$_`Jx{ zMk`8xmgyOlZ|ohFTCRsR9xHrW3I}}j!?e;Pk?E2mc?;7OMW)tgKF`@vHN18*mJB#W zNy5yKM+4kxZOkLkVj4J{i%+xlE1qS>thFI5D>NCzvS1@8^q+%loGoU;H0Y3OtCx(f zbF=+S3Oe%CugWl2zkfQ$c?ghhqP6y{2LSO4Xv@1pI!-FOI;R~V2Ffu17``^Rlil-sw_3kHY)DG7+*LFNWQf96#`>ZY^$}EO z!o0!NTa}I$)3}HR$A{;U1f*1S!Gi?lHNT*TDdRbsOlrR{611w1m%>|a@FJlI#8#Pd z5$-n72D8+qVOp^=w5R3@d}N&TP^HJ-*AX8@Wi*(3bNl$-6ltp^%o_)sIsKm zz7+MgXXzEY)vSNDNXN_`M-fnl1dr;2~v(6A@fAN<|Wvxm1?vEWW~|C^4wyQmn~iP#s_1=Ww@$wxm_t z4MwYBz?_d`G%F5?H;^2lj+6V@Q?LcP(@2HbptNyNjl-ZKW55hg3Y`fkh7)g-hoObf#WdL!26Hk0@%Z4hQ>)HEfx#*r+hAt`FvjiriM)r$TIyUsG1fOrT>2>CGUCU6vWNSb*@sk zk@1H7Pwi=2N_-I_qaG zl6W~)Ow{1lXS2(hQ%~BuVKQ122|H^>TWrP=K}1blMH)_km|T<*`?f!ci%kMa2e)96_A~kxm~F%})Az10d^e8Rq63%FnTfy_!8ed(g|uHb zF&Y@Rt@NGm92Vw9qHc3usO0h-g_Q2h;n!C4BicGxK?2S*lXN_WhF|JMUTx^#ta8Rt z%MIhJS(0CxT$-?0nS0TGk>HIpaaM~Y-OG*r9494h@HzeEXN78j^u*1@rAb|F((p@y zjRH73)6yjbJ~Zz=b)1RM3Rz%HTDzxbz3HYoB!fE5CtrOI?|Yn)6@T)HDlZc^DEsm{ zPsgwL(NDRIX17rq{cTMY9z@vN7*Y732b6eR@(t7^g!(lZINK6Y9)}fZ1kS|re*_8X zNW?@YlH_v_W^4Bv&r;%D_8^EEaRnh+p;u5obsp`HXWmZzg#EHSV6%QPF~G3GNd|Q09vQ?pum~tGC!-HL&dy%q(ss&@xAT)eYAW&;6Cb3#>3kAr zi&;{nqmyi^WfkT1c{B}OUYlm4=>j#JR!KwM2Y(;*_b>r?y1*^DQonpD zD$%E+kpg<6Zel|JvF7wwO&l?-hUpCSf3YvCvx5As4wf9Zup*vRbWQA(E`yx`R&0q4 z^rw*I98fCozUMjHoI!U#VtJWo)#gt0a4VW_MMu6)AHJnFZB!0O?Fu4Rbla4M7C*RZ zu#$Q1SQ|Ev9yw#P5MglXK|9YS6%@k>d@vCk(0JtHiX7{*G2W1Iz}cCWeVzUAOljZd zBKXCtrOivVd7?DE58@}Ri(%z%FW;AQ9CVd1K3KL=izO2l0lm=yBZGKkpjKQ{oUy6KMV#BA3gGA&UlF>Uv0cLoVNzG ztuQ|W@Rwf<246pD1NU73wFdyeSAXNRp4P&!wb+WyX0JLlA3q)po_yH`O&{?d0*b3v ze)#AylD<`SYe^bnRI{TF-(jmA+~w&^@y`+dd4PXToWt7&AL-wI4QD9wG^hZ^qY-js z&ANeG(-wns!|2jUa;OU)b#$83fkSU{&Q_a^SBv zEwTwq53701PM<{wvmejsvrJ-YnHVtYpfo=;HjkOwmle5PgDc_8Fd}F#hC{231(+l7 z@($1)y=Zr?@6?Ps`^UTS#VEPlI(e~skk6nX#uMxV1IX`l6g+m9bg&<&eH64I(`d$ z{6Oc+3L3eh2%IpOY8(2mTwLpB)~a!-r?|1>bkKIxmh6^Z;wh3PK=` zlN-6+glRr#Xu90o*hi8Q$CiV=qKI!XOsM+}qN#wXlWK??TWCrowbjipc7!D>4}xin zF59MW_oL2k2M77^EetRYp%sj3fnWr3DLy#L#>v~0ONP`YUeKK4Wv6LTR_wN9Jfp97 z10T|J2okr{`VT>@&_uw%s<7jd@W|L^t03%PZ#*VQp)6nV)htW~@qlY2f?8)mT@NjX#_`N5Z+0=mufoQ>E1-vWVy#qFx zh3pi)Sy%4=;H7b57z8@|*}Z{$9<0wxTv)IshP zU+hVWPY@w3Po5(DGAO88goOIK6dGZ=uyI_9Dm=d?qQjGFwnc@{SA8Nz->L@83J!$# ze4CNg*!#T6$o%0W-(ti@V?UpPy^|F0K`@4{I(?c>;j8|;KgNrdYay*d4T+iC+|-?f zuv(JyV45^3wP?Ln0S07ks|#F%QngW{)=LdGBz~#kkr=EvNeuSUmKaMmUoXs8735wd zGy$$gwQaMi1~sg{wrYAcp}mU0cA7T?wGa({QEk+1b)UqNV$5uy`BsU$fNyoT#PSXB ze@wZ1mf#Kp(3e@^Kcv-!pUGtV6ZK1VRvR~51pv0Yn!K$F+5=aB(o3;%PkS1;!LA(p z2KebciOjw->rlR?;zsT#!5Q@M7}}) zfLoR$p?ef&>X7zN*$=ceh7lFh^i9G}4$P+*?13y~f@54N`-MR+Nj&~<9X7iykNn!T zt10Z_V1JUs689kC`L6N|w0^JipMOgzPtSiI=X$pBjUp*gr~ttySb32SKofu@f0`Ez zP;UeD(G(A1&*X7zj?b2{_T~{v1PJrx9sjvh@@h>}B)E|F&YjjX$2GEO>*)Z5_XGy$kv(%bp>~1n{Nt}$_o?4~ z)Q<%&d;1IwgSM%qy**=$+3Wn&LH_uC$NTanzWXo#yI1(`kN$VR;Jg3zzk7%8{zGsh z`zyRA!u#{iH@HanyAQ9lV7o^>u|LYdG!hy`ZYh`)Wuoz9{P*vs`Ne8D zZIzINR+Ew6!Ea&%&?*GR=c6ya@c;b81N6RvdJgu)fS8Y&zb~?sPQ-ydiVc=M(M2C} z_oXk}`H}yOu{=E9inVuiGJthS0xhvPwjT9=(&68od0Yag&5+W6#bLSOO$!f7rlCr$77+}DO zt^qnvW^+statC7X&FXIg!)V{z&WCo`5)B`kn z*bDofq<0!Q^fA*1l>3=D0NTo9jX0wm_GxKa#xvF<;e*-@`KvvnjZdFD96M}53u~sX z-c&byT>^KN@vi6{!N>9q3jDk-xjT)YumE(dqj(B-%J`P$zbR?-wAXb*=;!Da5u`Jn zGmap6dE~)PO3uZvT}p6->yT_>EWH|Xmre?Y#hPx?leR<0<+Hn8BD)+O%=-AqNRZvK zb{v++Ls&nb04kR4w04Y^!^X9~J~Bcc`|TrRq}hL;1SVuZt{s!*vEkO|CxD4*yRIFf z<&e>=-;a!mvY*$Ai2AaY;2ZAz3V0^O?)w=zPXmv&8RpV+BUZl0$0bIRfLCFUkHR-gZ|8M zH{RTz$C(Fxf|cw!e~(Z?{foBC_&T{nC=y-(RSf`9eThJJYM@b&>iWXt=` zSa3gs{=$F6LKbuajM{jsf}X0{Eo80DK+wEa0@**wu6J&b(uG;}oz2NBODlZLz%cn? zL;g}fiX!^l0S{%N#t4Pcs&;wc(H0WCr` zR+i^Fl%Pa!kl6UJ0Y1`_&kNCW5LdAhKgP|kQv9IU*#lX5f!E-srMeagljMvhadwrI z;v(<)e41kBVHby5v8)&Li&K1Bh*W%BvC4#}OwWg%T1k=;^u}wJJRdc|@%dy*$g*{` z&~b9pKjXQEiEloD3Oc1D+{m9Tv{3l`L+l)W2qu45EuzGaiz_^_&fk$8Abx!)O`VM* zxgvu2GoI@pm&{|nAz~S@IQy$bn6TX2)U+XIaGR9<+69Nnk-)kaL z#AwyXS&mv6+BEve2)a9IWj+O!d61RZz`9OEn>aWdYUXQ|EW&;h*m!F!_T8p=iTI$8nZqI=KxN?vjm#J49Is7{VOtmXqyeN0@zh)@u}rk zFcxBXPXvC`@pH<-g5Uz?N>8Afm7{yAhV9b z{gu%VtXn5O`B<@TsYSe=3yTumrlY~1;&K8iQ^;pEr4=;fgWol|q!oG|m$b{328%la zL+?qPrI$%5ENQRg2x)klVtV5P_VK$I$ESn$&8t_W4hHjb{4jVK^6z@*cmq0{Hq3<3 z(Q9(WFEuytapwo07^2m>8G;kUz|NsEKH5BX&mGA6=-*&h4XPXB(8oZoDGw#Iru^p) z?n)SHc!rSCi;CUFB!3cJev8}1qEZ(!j~KVwBpfu;$v>}Hel(+|f3w1_(_14C%k~Gj z-OJu=HZI5TF*#d1Yak&W!=Gf#V7fU;E=6AUOe;p2^I8JHXLZ_$rwxsC41L5APvGQC z!@LQR?t5e>|*Lmh9k)qvog0P z;aWhz=fjXrpmiv9UFT;pWpV;JzI$zblVt`s->2mjam!lY>}1o7?VAo z4u{Mwj`^la&n=3YDh`_nmR(~Ta0ZQquf+V-Jfdd}$+y2m+%-q%xjNrOnmd12bECYA z-r1`PtuEgZb*uX}OkWRh>A<{b@6=fH?F6xfU?JM)G>il>Bd3HoW`*fab>dP7wv1o+ z6+PM>#g<8Fr*+Cp^4&Bay{Va7hL`ift6({CLy+ze4HOjv&k8yvUvM6y^g^F9IlxsUR z+B3bINgmJAO|X!jq5lIQ#zh)uRlVz5>zgsOj+=$|N4eG_o}JmKwQCW=lK1AfHc_Nn z^5;O@l8e|Xd875g(25RTl)j-02Z|VQmKhU^++y6>%>h!1N8dW#4Gd?iXo)5A9K6WD z2FkB8x*U=t!IT?ff!9}4dIM|rSSb#)fB5X2=J}h&oRqhw^1aHO<7TQCMQ|Y*M1n;{ z!4-66CM`T-QpY?QoENvSP$HA3r*~p2dRZiwuWT$#-X)k;iNUbKtK87l&^eidnKSl; zz`A&_*d_!B7>;spR#Sp;tFG5q2 zY_2b+QGNMX+Rb4mzk*{Qmi3P<>mKu(+3(8_7O?5V?l8U?C+31ao$0gHJs*4z&~OBE zXHnul8|PT9B`YFW4v%nC%gG6E?j_l{NUrEB{_h_967BtrcUUsl9y05-?i6CTdzG5U z0PKPk)>BCzIJ$tjwl^Aqkt^A?&buAy>{+|A^oEG2RXFYyEQ(R`eUUHbd?~&h;D>&| zW}lRCY;X3nFS-^gbd+RXVajIqvw^N)7pD*QmcJpS9pKvBbasssnMYeR5?xW#naBvY z6Lnn#y8heU??)YRS^Q{{z*M`LB>bY&L|n{1W_!RspeTf|k!K>1C?WVd$il>#B|(cW zZlhw6p&1ec(hXDlzZ|^&=+6y@aC(!fnwLA<+v9vx4rb}7$jkh)8jSMUc9QiM<#voy zhW+gebo(7w|xbu#y|6KysQ6xohCQC@z226PXEL0 z3?&PAB$>jf>623(-!`w0jajL8_I~eSR-!og3t;${YNeNlCUF_P z0eJA|wv0xUyn1Y2TkYK8u^LRemK^A+-r)5di;^ElVz+v-vy`}tDhIR$HG~u>W+XvW7IPUsc!o&9)m zHNjcKm#90@#_LXNf$t*(k=);XK4#vT<|BiL06`AY+Al61LMym9BwTz^-SD0@0d`P_ zYIJO`JOO&NG@wTYpmu{IdD}A@J!nKa5C(kQboFfvh-KjkS~&iid)8M}Esi3gZb6Iv{017YT8U0(b_}_h#U}9fK^XwmX{UDrxObBLB&uiSmLwE9Yol~K`4CTXP$G35PkCqFg0*jAJVMSN{a zARqPvp0!QzWl4vg%;*K(5xE~{^5j?jw6>An4bM zymjgCxW3FX>(s>Jxr0U)AdF?IJyx*Ru^y|7E|$AC0)v3vB4K#&b%D5r0$r#N#Ryp0TfzHn{}36%9Xu(HfYDJ_ZV@P6#>NNsuB0ZJ%LSSn9v)dSOFfe8Wf2-Dsf zD8O%?rq*J5p)FTR%ZtAC`R3ehKOXnTWk1OF4%1@>V}Q-c+fI`(er?~b~T{jJ}QT7$C_qX#*Q*m9!QjmT1% zBFp~1V=5QZZ+r{dp%3ib>#?r%K~Aaw(;~io1@F;hXYYA-XsZ2Sv)#hkoHwmhNtF86 zx2;qOkNHVxBi9ON7*XIQ{67A$V)q_JMF3j^Emesk!8lL+0xv+I*bC!6D41L5AA$n= zbP-Rdx9b<+NF1L49x~SeESj@XI*;jq{4&B<_(|ph0E@K>2v1l~3c56gh%^Z5_t7vu zO;IWMG)1O3&f1lIw067aMVytGCp<8HrM8oIb5pBp0^^(Yhi4VtalwOuU z3e@6S)C6YrYS7DEYgK{x5ZWdHKho>fn*S#L;Y;1a@7ICmCO|7?xK0Q0M(Ja-T?=)T z!_ycj(iM}iyVXV3+3q%g@%=tHFVY#n?sd1jo4Vo+d#XK9!m9NJDHL2xTxnagL7`XV zGkot=cTM7{YtX5?HqB#gAbu}*CwfZz-=U6moupT%13T!9>O`V2@ zQpe9T49;F8A`~@CZdAK0XTDc!AwvZ;SCigq;GMNwfHZF0?D@v8Y&M{`G#Rs3 zXY48(5T;K-Z@_}uZy2b^M@7e-NF%C@nkMs#do6|mD~qAw$yA^XQa{D;D`#k(ofvjS znsyF+?|^}i#NqMi8QxzbAgSsiq6%hxgl%oKc)uvE7rJXg~c?rwI^ zx6R}fH~e{hY_T!Xj4L)f%<;E;MUS9f&#W3Tjur(a$IBo3VoL!-4G**Ho&A&Nr!USA z&yM$=A8y)=rOyC~mhydCtu^Kx(BiPol+YuAUe|{e1^C!Zv_jN&i*eutJB?YtXb_QV zZb7^Ap=nO2EGMxzWRym70O^Y}crS)`8aM>H`k>J|rE6pINe>owxOSjI!l6ksw!qeM zN8}4RwtV+N8{HP*>PFle?R?=3a;pK3vnXe%(H<}P5xQ+~BObsNrO=v;AKHjwfXYZE6)`N`2xv8*=eEtuU4kv zzPyge!;gn==U@|uOIR%_f85fyGxDnZs>5fP zD{b?9;nM-EkmXmc_gC#OuO0Rxj`j}ZxB#D_+@SX4Y~2x)7e-X>TKa}{$A74U;U|}b z@*X44O!O!~#6`g1p4odS7mctC3M>V)8>C(pr7YSeDw7dz0`q+^%dIGnE`9tXaSjW# zJ0ygM;=VEVW4MLJn>oE14~YV73PAVv8G+98zVV{Z|5XRpSi0l>UU@o&aYyL}$|r|@ z%7LH}7@l&^^+q|*SRF<~?*^Z>2eAU7s9LL0uq%c3i0-ko-CDW;=#z{UW5<_x7loxi zoM+EzwdSl)>_&yU_EDqc`dbjr4WJ7samoql;6O(92WelABEiIHHd$oEh$^CE9NgMk zMwR;2k;?PHhp)QHQMNIoq2%Fy5vN8Z$q^C9&^D9cVzm(1kiH{BuX^>SO^RCIh8KcP zsikXojw%_tDMTzXHl6I8r}j}?$)vl)-hzGcfz-_ZD|(=XwLGWP{gMsHSSem zn_W+HUCbp!rjnJlPzQi3))qY0RV`U=mu{m!%A^!6WWo;SmL%F+sSiucR#RM4P277t z5XYucJUGt|PDK~VC`Q8*tyGj1MS?aevx9IK(J@q!ugeJ(Ey?CCWz?|9RBBh*Ler1O zA9Eo>W-u-;SW-zg=j@jFZQ4*0fJ0}2NHpI{%$+-k4#ez(9w~D608~MFUa37$UYo>z zA~h?<+>tjE6JYXV3H{)JGA10w(xP_+gUgRiE#;Qn*|n z(99Cz#QwaFh9_xv&dvK5$wQhiHQiL!iqMJ{^!Epa%Vr`jCTyr1VT1l8Mkt{m0R%;=$DDJ}vfs)D$kBO{Suz>l~pkpl5j5QY? z4>}w^`r=EB2av@1mXk!p{_uDzBPz-pn~bGdol3-gX#|mH5Y=!x0?ljqhIdt5di}Iv zx*QZy!hRtAX{*ol$EB+?2VU4Ed~M@X8=2{}6TWE+pBkQ`{U*6*OzSZgEN6hARAdCtZD05JZA}N8@bQ- z1L#%C5zkG8NbLYx;E$6V!rr6m^e23y4?b+8fcjB04f>Ymv-NFVRem2M{;ezKcBQts z@N#qBZ{q>41=lzu*?es1sb?Y*Z`W4S=iho}U;R*e{lUswYpSc9!nH-k>~8MAJ0I%= zcO9gFc<8hc^zJT^4@lNmgszcy%H8`02ltM=G+KY!Q*A|M zIkW@sq;_-mz}Bzf+$Pqj?Vz54yNriDuMN!Ahlb2@KbOnYrBc_xF zU|=+-zK|5x^Gbi8koTdt$!q?o1bMkd4WEtR)$O6#sOkH-c~x)GCi zBq6#aD7wMZef~T<1|uv3B8!ra&c-+H@pp-yo%TfxP;dxFv;} zJdh&}#OjsWq}Y)vm=Ay87_5lA@`n&u10s^*I7eO2l>5epYda0e*l8g; z;t+Vh0Rn46z~E<~BkRD3xJ*q?!$IYUErC518YB&FVtHE%&v3)fg2d9sH&<*u^7@UY zpk6m4>d44alLNlO7@Y2%?L9v{KRlE7)L6&v&qc&1Kkr(Y#~epYOo|@3B)TMFCbmmx zJH;4#j))3qyrtV*_GZf_4r@-MkjJ)ZA`yGN=U}OGAYyD#<}v}@pN#pT zYTump(8v%H>!Xnyf`>|-HRjU8p<$SO1BY_%GJra%m{$sv26Ovb(rSv?do8kZto z6bZn+$&&0K3bw>NXHC(3W)A(Hciz)nXQjk^AJ_=u7s^JPPC*VOG57DJS%udU+e|4)<%-9-X{6KYek|6;aEhfaLT5Bw7|1OBpWX#|ehl;S|X;Lp#Wc>CPI| z6sFLM#cfk&dV$knAj7RZ@Zrv?&g|CsvE$D?FuOH>?S$H2{cfSVVba`p3j=S))pqo3 zhyAbh_{iBqu>;B5ct#gXg8)mIc#g%n(NVn|Ri{f~b}^_mq8n#X>F*VZxp@lwh->*< zr&R_!&3qPv)q6yxuJ&U@urc;QVZNc&F{jpr%cz;D*2l=xDw554fM6$3wd| zNzt*cGh-|UE>qf-3KEnl6b^fsj;-oyvW6kBGOTN6^-##wGgz~v{JKu-r1J3S08c%o zWAADI_DO2(%m>hhJd7nRSaaJ!p2uSNASV0_7GUEI1NBUG?dbN!-~F>#ovAW1@mhq4 zTaY5SiQ&l~=qD3GwoK3V7tf29xN9D0$-Gywf8B*vw&tnm3y;wRnz@?rD#^U8Z42;~ z#t;A+QG$P3D(}?RTWjv%MK$TO`Oud)x`?f0uHByXIr=Sq*b#ZjdVfK z=3cl~b1_31(=`k@e+~{u>NuOkO=mI1)9Os5Fz)=fs1q1-YCHHDVOn)(G$p_ff|q`F zlai^_pWVbFdQSqTSzCFdMmh_P^k+HnY0Clgd#l5jW)%tUxKJ4a@OYRVs<=8aXryrpN9g0;A%g}wRs2jg8Xyy&4 zk`!$(9aU_Yzc=l~POz9}H~R%0=2rB_RfI)eb1X$O&sj|2M6V$O`Dsi$0j(tbzZ-3l zG7WSMT(5*ri-QE(j8uEIzO_zT;uKtD>i8lr+&C*&B#hUw;O@Y~qWv$)?Ri{WC6Wer za;!F_o@ebv6>E^JFUorn7o*8mlnky0TXN4hklo+snPMGKOV4G!Q<5!CU8jo`i=i8n zqnI{7M@2#tE1uG?8a9U6xREa^nCdW9N3$_zu}e@ z&L}NMy`na1#;_s}tv*x~WY%h+Zs)-=s|}M4>SGU*E|cyuL<&$~$Y@5dJY-~2wHh*P z=U;lr3{Bw<89o=FE#3r2(uomeIS(YDA`0`Cm1Vzstvk7gAdK$wbo3^vV4hTqrh5#( z$D1zVEQ;|GHZ)!ZjHn_YWjM5+XK^T5GkT^02Aa3m9Fd9FKeJfD(KH1MONB3D+Y%uW z1SJpyi_(u5Z{G^n)H?}nl_JQf1cMZHAykn>YGdG^1bDuiR z@9nvnq)@*~rc-ul$b^;Qfkh16fx?GH#%pOxFoi~zi+-^boViGU!QZo%78!$mtBnqn z_C_r+`SJ1<;&D3MUjUV6T&8GIoNv%D<-2_OZw0S$UvWV)Oi#*R|ii5cAM{uSyulVvZ_te-`r##~=hy zGB~1^NB%J>xJ3bs$fPGntiN46WrvmP|) zfR9{5Mg19VQ*<7@9X){O;a3-Sj$M!C=09e7zIXm&`1<(d_4(P0;rZ*~-t*Uc`}-#^ zj?aC?F&Z3-L@>4E3kv#Vl;#sG;+`)%afTg6&rgGZ`hwNvo056yqpASeis7X6wVb5$ zfwvd#kNSqj;n~^A*$!dK_bNvE7Kg$mFPPoR_0?K7PX~9~@u)?>*$w%;<5BO(!$+=( ztaLti%Jb%M|MlVPzZ~qpesTPl!jqhlfhNk=@8H3lnC5r}N~1#5lX#;m6ut0tnh-JHPf+D-(upFd4BQ7gFv-SE zGbxW2^Rc{%(VChin7I^Qi?Q##%Mt}`ATPw-c!8Vl^%h@Hb8e6l41~&(;4uw+kr!Ue zqfNvMJ|AvwJ$QV#xplsG_Wj|xm|nhe%;e^o>WD#A+uQv|51)Mb)z^<7eDRnm11*S~ zt!RN^7TKE&PtKw$$Vhpk*lIcLEHjMHJmCfLOw&rbF>#45EUdwBK20mSee~tSS2Y#6 zF=}i<^p$H=hwp=8#Uio79{-7Fl<@IiX)3KMziYp%;ZzeTfDg`+lOhER9_q4@Ws*dV zDI2lmEes@G)Z_KY8 zz=*Det?;oT3WBVKPk?Cn_*qQLVI9~%vWZa7X!vNMDKmagyJ#n^LRqlGAn(j__&8gw z;t7Rmogs?OF+#8Fiu;#Ztyfv^o7bp8KILwrW~^3RLF>=Tt7#jMHR)Svy8pfR|U3B-|233yPMHB zky}!^-5+^o@CIMt?V3y5mtysQ|KY1|^g`^DYMy-;&ASE5`qq(+Si6TjElvQ9N3Xu| z6}Em-c&QhWmQ;lt(}Zg)Xbs3?(Wle+stlw37|?c#(HDg(N0WZ#xCN>-;6vL#=P6ku zA%va)LV7v%MH^H6DZ<|btpYU~@Hx!JqK+S#F8~>>5dWwUfgcPsJY^LMPkbnxC0TM) zkHnXNgi%a>QHan_1}cFXO(T?0J`Q%#O#q)i;0PJz)Hi+JvCJM=MCa;YO%pR0x8N=t zXU~RRwhogv9l6QIzOTO>CRbED?ECuL2@4R_wk0ptkAyB7RI^ebtiM4u^)(8M`M&<< z!~|E3@p--erqmQxjmdet{^soYsWYsYlWwc-FJz=}t;)?5xzKFC*7K~&>F4MNaj{)2 zcDnG^uFSuEIEcheO?1%=^LeuDRF*r; zhkeWjX2(K^r)~lBLtNlij4;t@9V0dx`_T(6oG~mf963?5@VG161vg|B|CwE?>ASs^ zbN~J~{?eZHH9r0|Ha;~JfByvN@C~e*QLy&7mg%^^piuR^Gxw$P_mp=RF6IxSrV|uG zFNGCxU;S=CuzVRhxd2B%xWA-JlsCZ1$EN&nF`LE3?T)cXWK-1I5WMel&L(-N9yA3{ zvh{XnqaDcQqaWBsp5vrq?k0u8*@A6)UFMjUQQLamvBt;z#`a~cJy}%*1rz3|z!fI* ze2wxkc|Z!hs)AhPo+eq-+c4h%uEN#3w2D0;`JLgJAWD{o2*qV@Tbl=OIywqeJ)dLU;Sm za7zCgoh&MTCFigI5&dFq=D!X__i;~|HO`zdM1-0hqZW@}P$*zA1Vic<0q%WA2&H3x zOin4zhs#x>NK3KLuG4v5eqY4%Nz@;XK=qa^bPpD$@fcG+OQLVYtY6$4{rrl)$TOBF z*=do?(lRM2XKq^Eva>mtDZEuDvIR72uY<$p+@W!y!F|VKayuC$45v`AtYG2-)74^k&MY67~ zr1*h^_z{g)1OsNYqrOn?Y*^^e^E8<4?5SR)-KKyYm)CMLqSmn5NEDhT+WmsL;-any zzUgj7-EN?2;#L#oZQ|?csc=_;WgGn*+TeUNM{vW%XvFTDCF%SW zk5kn|wR?93nZe`>-$1fQ0w@1gAa4Ji- zj>*h?s=~U1O)-f&6Oxt;8j4ZmQFB`u8I6Sw()cRNOAxQ+U|v4-Ck;S|J;6j*@pPIL zw*#;{Coq?+V6Jl$-#+5o2YmbS*O&3b%jAo|Rw*G3-J0hm<(rSne7c~RJew@R>URn; zTk4L!d$cm@KkTCl>I3)n)3VRQh`fggR@kR~C-so6a1M}%f=T#3s~w~9wWuBDVBqO* zxk4X6KJuP)JUG|4y29>B(!Y1LETRO)UaD)f6)Xa8O-#89@NSEp=0;jK=j)pRt(bQ6%Haef^na^RN>BWr( z!HS5+v12Xb&;^AktR%V)?kdK(2>GFyf}F=`p)*a2DU|(z!Pr=r-60d|2AdK*sfCsq zp|;nxcN6{8ar*XC=bat2xGtG(No+G9MY-TVOKhX@RVB8Yqxi45@q;n2W`A1Bi1%Ww z1M*cq%BR5iXdYqoM91aFuS^vVbcps$kHYh$n&jisT#T4r2VMk~fjxqQ zJzq&n)N6hrU+M5lP z_Gx(+%yVW@nT{!QjbsOH@U*de6Hq-W6i>*5z-@5Guvx67n7g5wzMG}zL7R%e4-0?w z?lBBaw-pQ)_W}a)vU8c!&teDgst1j}&09N`aFc{w2Nkl#oG`t3bfg$_wd7sBo@mYg@z-KMT zQt{cKl4rsL6{zRdYMNKyx`|jez@Dw1u}nK1%kt#Aa=i`o72D}YJPK)WP%A?9^btpceZOt~Fvm?^%Wp?9aZqqU(=AQZr5uLk&iX*>-=%}@)1qqUT0gLdnefNyJm5@%U5 z)kV)|r`8>uTH3@}vsVv1c|2K$bfw1oi`Xglc+3n)~6SuloD@&xIn#uivY$px5cEAtD-K zvn$hF3iQ`egJ#uLwIF^lUxhWHRD{6}tV<7iMsZ2~CqA-I0X@i)*y3vJw0@CnZSO+y7aBs>S>r>T)4ueiIjVcM%2Lh^@%);xZYdm)O2V zl&eDfz9P}8E_R+G0+GZ(q({aIJ7M%R8MZ-})JvCEHmwqXyFD(il4?BK3HMMBEw-ks z7)R$;Hm$8yJoQDw;yNQb?4Do342HQQVxUA$Ef7~lj=@LY0QY4hem^kfWn|%=kqFg7 zuN~Hu)-Q9+HqPl~Jr z>XPjOaj;XN+$BUqeJPwvC>p0eX_4~N5&%r=mY;$gs72+oIB>)PBNtsfvXo%p^@M1U z`*Osd>;Nhzv%I6YV6D^&jPLah{QF4`Mj=ynu=`^6HS0@A3o#Lt)u$WAP}2JGs4Uf{ zqXtlyEG|rAyf!eO)IeCSmXS;Eq=ncSzDehEBZPpJAT+ey%D~#kmuXO-63AfA4iKON z1D13DSfEiy_h4aH>F6UH=F3~YNRz?xJUOIxddLdOND=39AeL*q_0Rdt$qfD%$Y&mA zIaa3KCG^cY`d@U}-J)&V8hB(i&dy2t+hgxmXymcg$O*Y>;wc-hM9jlWc1E*HGI5xW z{}h+}kZPBFLF@&7$C&~&2YB5GL6eTFmZF9C3`NcnpWe*nD6{fq&mj{URRAB@t>r>f?lJPUt(T5jYt#RucVsqr#Q;8)rj7$t;rh!>wFsP$rh|8O|8V7!Y) zG|u7iYKh@fNLK%t)b;P_-qEwegCL0*0K0*AZKf8JN_{4ln8U*; zx$?9!#oY&-PkO`JL=sh8Ak;DPEFP759fa&~}#EfDz4FN0tv7JltZ zWAc0_SBv9>0UH<$TosxkJPpdN0%aIFp`-nJgP8ZxZj<$Ci+esWz*uH{;kk7VbZ-%S z?6`Lec zk)MBq`3lRmvPx#wA$J%?k&1z@774wK;Ux|@(11i;1L*yPvAuEGu+Ou91XEDN6K zhWn~zj}n;;yNxUBd47W-Ov!Y*JPLJminmso^+>nW zl|CTLDM?>vKc;r{?7n?K?dY`L!m#wz`DEsb&;6v+w$(goO{lxskoDNLoDe=B%S{Mh z&pzgasM#?7fD zUKHtgdy?Put6bzP@53sxil@_lk;mg%JpZseixwL{rC4$~+&IddZ3g(qNG-S7r8Pcs zLu-~cB&I1(R#p&>aJZXN2xHY!5!e8h6aIE@KBmC8BHccqz&Bd175KI1!$i2TdqT|L zxN^We$8a+c4uuxzR1zB`~E*m2JR#c+50-N!WJ0PS@o5QGaH$RAn zKz=sf7%@Q*Pj*)#&3_?Xvxp5 z2Aans+UJ9L=S+Fwmj#HDk^>)409Y!bZjvrT#bp#oOTE3cOWv`R>fG_>kF8DOFuE;G zVjIA6Cb8Yc4`dSe{7#UXBN}V5kVDfIwuD0^}pMgD9}!Q4o9bTzj0XRhFi zQ8qk>ClBlS8UX1OPm3fT---xlZBF;X|DZKpq~q(GTvAGUJT{MrSB+iI;qSngKdEuKq+B`;CGdqqu|j&XXhW2c@~r*3bp z!$%uL;3c&*0L{*_f4@TJqMr`Z65}ftX*o%#thXaZ9v4rZAq`*A&`S97cIXc2!+135 z^T6L<^scK#)9HG`qSh(nNkk$Qom16 z0pDMUYmMnNNi`{wgaEU|r{m-j=j2v&v8bT^8@#TijArpIWrQ1#nc%%#RA8BH`QT3| z?+BnznKl60TXojlS6&EzJS-C(#8ph^zUee!gnX-~E^k*0W2%Z2@Xwd7Dq_UyVQiGM zi!-1Yj^Qcm;;zzS9=JX^%V8WKz3Je5aQ-oMZx#mT`vFskXsq{|BAy1rDlV!Lv!nK0 zJU2m+1ndDXH#;~YUmuMbL;E~bo{l1K?P)x_t93{hey!}0CSxXSpokK9sY~=+E{1tg zanOiY30h4q*i5!By?Oh`G_EWyPBO4pvtnaPq};jB)|RPmGE+i_r`lM1RU}Kn@jKQ3}|l*>(N~ ztvh1etAuKo9^t_nq%1;vr$@BPi=#JLe#0{m4WeUM=3=5|>8lW_et0e*n7J|cwqQn1 z`Buw|LwTMjNm_`2JTwwRxCjplETD_b>q5CgHM||q(`|_pYqSp?y|_)sC5xk@a{U5T z_`|`2|E%JRau=cB+xfqpDtTM&Vz>X}(F5o>{DrQ=-x&U*?!&)~0Pq1wfUl-g_$!-) z&%CSfNst1I6$$)>?!sRrh*3@vMFJ$kz`rd>Q|8ePlk=LR6~ju|SDLc^y5v<+{K#*n zq&89d=f%J1D|Mj5k8K^jz6L$h5TB-=5D}K{3e}4G^v`?hOt?G3 z-<2gAYMXUls6GyQua6$6I^QjW)a1QwY)4vHrj%{lK2U z_Z4=fXE}h+on7lSfg>ypdcXA(bj2`0tr!kWo{Zg~AqFGNapjKJH=*p;!kVnoiq+>0 z$fvL=tK+{X<^ip!$7)%HeR3qU-S#VXJ9c*`wD;c(p#_Qu(t5o}$Z!=n)4uTgLEIxS z9T;q-IE$z())nSGPR-u^Q@ao3gYS}C-7hF-Nlj!m*O zl%K*bIXPvR(}gi-u|W52@^(H=M=82?rLKTZ#}pJWNf4!Rbiwj5V~1)73E`d**j-8S z0W_<<>CweSTM_@~<&X|P4upw3kS4*vV>JhCdKzjAgI4A+KKh`aYxkgNRFXyso}2Uy zKj=*u@j~7Z4i+mnHFa9I3d;}&Yl(S!_$_%G&*oF06^rU=v^DwR%YI4GD%a_<(whw*qTO-t`DvLKp=jGhm2`Qr=N-t zD56l)LSMNPL?0|KLQPxEZUlTJ;Fq<)8eItZ)VdMyY26sQ5LAgU(0WZN9yPXX@r=VN z7;wOLHCxfD?eJ17{BGwqaPfKnBQ2iRgV18c#iLECb`@G9VRC{Ern#}ebZ_zcUFgM< zb_Q{cHmJ*M;Z}YE$1!C%q6{_NO7ALFZu*K0|4<>oLMdNBDb=i{utc>?tBq0p?~11AH{W0iVKd z<7UD&(Ox}aGp6lYZ|OK!cisFR0$pnmUcy^qKv>>WV)XK3dPzbVxD~+Fy(OUznS<`f zpgzLY+%AxNprH%7n<76}3LEhRiY#+l-y>Z;9Ssm?*H41l8&LhA+&0}`?nOtJQ2-Ov z!4xe4;`lhvlCE1lz3c%;`s;7<*vb$S;7&M!-P{a0hJqyOV8n+=fRw1SPuG~;w^`k; zVYBAHDO7_1^)Z)IJSFR4mZN(iyChFI5%H2I)bja-JjR+ejrms8gF@L9 zlY!P7HAHJk-lBn)5C+Y9_|*?!WjNV8+sL0k(8;t8T)xZ8U*3t$IsqcS{SjK~1p5xY7h*ful$*a+}(K z-H1)j#4HT#;8~JgRgac9&My~Ja)Mtj3Of0gX4gqsrB`gtHO35BSGcf1HONyU7WquOZHkm}R3-6j zP=^CoP4gm|8$pQZQ^wueX?~?3^Gtt;*AI9I9mLHWu*>2RjaNZal&-cyt;`o32~G@L z^weR2J&pi{A|EeCA_9WOnHnqS&_!{NnL!EGH$TvtR}%Xjsg7@MZU#5v=RsavZAUc# z!b7dk1C1XApNQA*_zjxc9hyVTpXfPoq8*FkQzvkjCO#C1TGEA-6X!0~ShVr2vVtO6B2CIcfDsY|7^K7n&fwx!sPzx|>%T_T3Kgn$$@IJ-doI}jb8L`}) zz*%-L^y~{mdz(N8fNKvvYt9qt+x+`T82m}IwKp-Lz08xU6+t&EO zw9F885ieMUr{0QXzy8-hqR1uLo-}R?@8YsuZ+ynTLPc11GV+zhGQwYR$JrJq0}#h+ zd{6r;p`X)jP{0t|Q;{6)655S-(9S(~(0<2+}y&=QB+A zi27RMc3>xmDGX<+P7LtSy;d-V6aUL~}0spc(0>CK||Hur{o68ZvpgTBeT=cZHO2T_>F!BvG~ ziS|sN2lT7umTEzvaL_*e%p*`Y)%WUHqD; zj}gd^M}$J;Kk%kwhU?5r*h5Jn+eaf=sj=H_{xj*)*y$2or3IB~4?JxNzi>o4oDV^7 zEs4nd=CzT@>T#n46~_Fac}qID{rmNYt&Oj~t#Gq+g1h4KoR>C=+HV$jkniEt}SNdS@pXjKS)ksI}IgOxi zGbjf~Hra60m8Me3xAV=IMAVVti7ZORY;+uGnXF^5y--3$YQz?Tp?e_+9=Uq!AKOkM znZs?e7GB2XuDi*a;zm(RrBC8PNO`1+-L}Z|jN}Q3#b-mvT9>;Ki?P$nVGaDYEj?%t zYMpky({A~ff3D4Iij3xiOQPSb7}963Iv)2AN}TtDMfF)m!yvU2 z28yAp_Wo!1@>!0XAH)vGA@X25NMUA8>iSeO&;U7wHel_+*vMI>TQwz1rBcFGr}>E*cC zf5$wJq{~vBP6XuF`!6J&~FT4zww^IP_LCx&R6>-8+ zxEDSk7~BbV*sp3U7PRdUpE}DB>DimS2}i!-@k5u0hont%);m$R!GW2O%5Qi)))tao z0q;Tf_C?&;R>#?Az(y;;R;=V?hh_Z318cmb95+e_o?)V5NWKC{R3(XQ#wGoD2Nvb1 z5LgB};+1`Yi2(iy`$rUH10VlRU)*2_M>aF$9CDygup3Bh=FU?#a6C>eI$UNX=vtt4Q!$_ z#rn~volo##o~V~ZQQV@Op<57~Sbx2z*CpaiRDMGQ&<^nhy+b%`|L&}GIfUz9*Z zUvfnN$??d{e4Js=N%F-yK+YuL^B|-RoKe#j&4&6M(P%)1X{HS|Q=1X1q2?0LXP|s}`Zq)UzH6J-(iMf;53;Se%*scY-h6#$fgy#u? z%K#;jeRP`{bZrY;D$#&A19<4Ly~XUkD;1$DV0!4#iuQ<9>8iaktCx!H&$$6}2g#;u z!x|EQf_h17BmVdzF^7sn#b)Z}#RU(}mNG*(*&L!I#QfFO@V0JCW38#W22_vXmdn;J z!6E@C*|8MBJWKM~c{VO=^093v5fNBTfYVsma!+gfP)x*p-S8_0@_xu@{Milt?P{9o zl~j&YO8DjLK-CS>kS>Q$E~}hN0Q-m}cHz)V5l0}(%SWOM`Kf zIj0Zs!9;WdMQT6&p7tdIGXMeiB|JWK#Lqlmv!ArF9U{6l}ZdnlrJ$Z-xq!ezuu zO{OF2kn_ha_bDR0PoanAe!6doZws3N0$objL@MP$`H?JtI#@`U9H5tgImr+Do6H*I z%^c#9n*qzC#PYI}zXDezWhINdtnjwSNvinzF0>)o;27|l@i;rSXRX=kpiJmNJ6S*7 zc@ae{H+9PiM_oV(&ZP!g_hu^4>+1)WF!SJb;Cxsg;tm!689qNpeP z5TPmrU%C74K&KUY@8LU=ReTGsCNX0RyhZggU_vQih=0p@Ma%!PHs-bgiv zo^Uc2Pv=_G#148pf-~XxIS}FNLomH&rtdw! zCToF-8EU8@Mm$@ae+f4VF@!{WkgNg0Mud?x^s%Yk6?C|R6%Rrmk;(~ z023TKj2v_Z+P~oDG+Uo(Tr8i%C_Mt(pC~U9;Qe^h?YEaxV927)4UdnC_@X3gR-$cX zEX&xJC#vS-6TlJck55e!4-(*Ew*wW10 z(?|K&DVhLOF0W%iH_tK?<_e7#2=X(iEg|eXXurvG#Xqt&1|CKpE>PQ+4~aho9UFVB zy?Mv~_gw~-91x`_ij_Z!5Uf;mrfTZNSZ5`oz zA2f0j6xag)D|YZmvFip>KHA#rTu8FRo;_1rZ2^3|39c7;yb9p&;i4>1+$!_AHkr<; z&xZ-v0Bt2MTfe>0Uhv=(VL4ja>3`51agI1sMKffUYr&aAGHaAACP+xeb`WXpz9iHo$dZMncbbJY`#sjpY6L@Iy22ak7O# z{cYRs6Ig$`H|Ag7kpGF^5CZ+L;dR%=KmCxCkKAz@k4*L~(8+j9HxL5GI!n)mcy0+0 z53Fo?81@$z0SUyIaHd~+i@~k?S?>5^_4%X%TY0}C^M}{;5acF<=XXg%q&}>mu8B(O z65~p{=CY6Q$-TR)GEBGXs*F}aU6ptW#TUdi{MYNKiFRWj+0T!XBF^q{3jyMK87ZxZ z%?G-`vNp)5AhiH-V1pcjet#g{4vYRkY<7y&Dh>XOxc^SXxn;%u^>f@^5pj(D!gDt_ zZrd1!;#Esx5}_vyME4nG4WE%F2;IeeRIp}BzLh>Z546ls;u07Tg-BrVyKZ)&1%;%U zz1bR5E}Gee_>v)m13Bu1uM7$>6sZ0yDOi*SK2Swbpcrjs1K~{+9(zc5C_0V>UIC|J zw=AGZ#vKP4dvqb4J7wXVKmlrSiUa0aVjf~eKhD~+JF*@$Npl>sZ~`DIzT|UYl=v1% z;w=F%j(>+EL7%i6jn+ORO{94g#X_@HTsFfa<|6Xfh{zVZ?cHIBC+6fj`|NnT_%yzVWI+XV&XAzY2jg}b<|3eITd+e^CfYreb$czHn>spMA_U5c9TF)68_IJYD z8HaAWL}>y*S)eA5$RCzlB@%JpK~1L%ZnSK)BrI;#Ie)F2XATkL&Av-W@{c^9H$1`l zx8Vue<3Lobf-fMOF%=N5gbyCRFQ2heh=5T216<dHaL%VvX|G!X=pI??w+?c}Xz(uL;LcoS>9XWQjG( z-jA0|doe&;R~=D+B?y`6!_i#GLV{zDrZkj2{>5WYmW;YI%MQEPc%qKAn7yD^8{?Z( zE$5O@HzEr*&%>DtK__6$fsdaH-~<5dXO{7qySO$GSrX`lWCemthnAWSNj~I0&Q45& z!MtWcr9aV4#0WF2YR9sOM%pZ~arit#C*Cj)Ph^7a{klzK!t88q%wz9UG{uX21kHLU zopeWq-&>95^b44GEN0n#8`ZQfcESwk#I9I-T@%JL8sbB9Qr`sC0E{VMm87A9Wfp2ck}cBsY+*V~Nu>(7dPDQ#h+`MjIZ93U zt{3R%9279bQ9@!dHhnkAjtG)MOc_Q(wyD^nEG7f(??P=hR89R2%M8`%n7U_XSi<+% z0u^wM%zFE#_Q@GnD!5!$0Vy^m5DsJA1?0Rm;YQh|KC?_P@7gTm8;&GL`>8011{`I^ zbm2b1meLbNiV)0t%+r2d#+r(jQALg>(K$uy!MSf1=U;dDu@p@1Vsr)m&PrH&? zvk^Y@5*$21us-4;?~_L8wjOsEjR;9BDw$HgURbnMo500OH(iQmT^;G8XyFE^w4!52 zPzM97Ia@0-*@!+LZFPa3u0RXTzmmaXWN=5(O<2bkZb*rTrw)2&F#tp%pim;*l;Yfy zhq^+Njj#jGF}pX@rxXK{DiRKfqK(Y}VF3ET7R~s2Ebh+yqQZ?rh^fZVLR}k8gqwiK zEhBnwtcjh7e{N<^KOcT3+r7_mnsJhb6xby3ATEPD%F1yKvTKF>?oPR87|Gum&1LK; z+;Mx+we`M^m@Uz>X43?ne2~)BDaFa!7~4=gNXccH*X?50I)4>EbpUZae|vHI^9knm zV0Y^L7S#Jct#|)}eeP0H|I5k#FDLuEoa_<0gO^wSSdx@dWHRpn?j$(p9d(11LH%U} zIdt#jmC{JWhZip2{55w#_f*C}yqID_O3qMnfwlu4XHoF*sn=1F@>P5{hO8}_ro032 zb7``=K!tRN7A}MqT5Ef*P0)-pAd>@Dw~BBcR_`UQReOZkmG$t)p2vj$E%wWP9BFRx zLuSnXvI9Doa{1)BXaqifbi@oiJDhDJcXUp%?Krkl*Tj}VmS^22fwQW3a)oTaU^x_C zyVnYmBu8$VB?R@0%DxChy|@ zcmklI9QCjl=+rT10 zZtM;|bs`^hYW_3<1=mbRJ&{6S41fBD_vA>>j&it0l5LN7#gJ_ZUI+Z%7v`&Q3y`Wp zUXLKj@JF4P`4r2Wj?>tSFg63(39-iZ5{oVsQg#vw#)9t@3=*@uxJ;eO61f?{3F%ai z>_Ub|{L9fLIwnrIH$+3wug!Kn7aTf@IH|vLesip?Jp)Rr9#NMnRtuwE*%y_98-w6J z#j?bzk2^qZ`m6(yERgIWS%+pUBY=PCgyjYwQI?6Aze_4gxLPg%WtDxzi+q+nPOt+- z8Q1Y`+oZUPs~E;pq6o9c7lK4*dFV<>5Rt5q@NnZmk4@9!ZWkocINKu;q?txU%3mEL z7@#WtF$hc4-<`4d!;*K$uik!0--0%m(R&mK0rw;5>qhMNrfP4j_0fC-ZvxE+%Ce>v zteHpN{^BCGLCgngrF?_mMWOS<1AP9eGQV+F9&TbzG1&=2hN=iFfwMeUxtYX9kN>-JQ3L70+5nq%PJb#HuDU9A$(Ngfx zS@b&%oca_~`u&&+hBLhSO6}_q{JWTs{`PNpO5w89B@|XX9y=n@{PI$9A#RJ_LTlPh z%bJ6Y*e|`PaFJa2PCj63NhE{4)Ye*8=cuT;AOFAm+3L6b@9NRpkKev0kFL;vV~HPM z4!-Q~AJ#h3FaH7Ga#`uOgD-mlwpqE?-^s}&%aqjbAvAGD5MS*?3odQjj~^mE+?RmW zpE5+)E~dW_r9PL9%hI=^0nMwuQ9%8ZL-?C*jbkTYMA5uwcM-nKbO`BE6J!gVS?ESz zo6#f;LgsA5iTisxs+RnF4E=kAp+Z3kW-9LV?WI^Lfr<*Sk1O(;{i(r`bXz=WzT z=0|YsVbkK`R-~AG-_w8a*&6v8>^@3Vscn(ovMY0Xk7X@RlF1PR_nCuoi@Ac z)Nk@{fo&8?%{Nq~HbYYwjs)UwDm%^==!%WtT@~pXH4|TQ$4q>_Vi|U74<|{IEEvSg z6mRuVDR9J<`r+XR#W#6ws;V%$ot>Daqi&5MFs3_ z7K5gS#Bmp5%W?b{2p-r{5Rr~V0%W`ei!4M~6Js?AzoI8TaKI;${K^{>-;q|3Ia(TM zDC=U5mHm4lq?h6+$^vYcU8T@MwN#KTcqdS|?1#(Z;5%$MvR2&Yf96>%Md@b?x( zznA*XTGpJ#>~M^J)Wy!UX1Qj->D$AGYEuH=w>FjaF-6Q_YZW6(Cq#w_#J$MgwK-Njd)Sp9`T99}s1 zxNfbqS!<*jMr^6g@PR#*U14PFLlcI=MFAflpor;2=DN}kifdTHAps6?`BDiZC((y9 zy+mR9{^Q3U)~Tr8>M)=@T!SH6X<-a2m~gDh9)wuJ#T-mVX35{eh#pmjgy=`4*%)m; zcGSisL_&hWNsu=QEH_++6uFDGLqz1o<`9fE9?1zO0+_L}tGGbWP7=my=AgrU=kOkR2d4t7oh-I-Mc9r?md z=ON~YZ-J~rtA5bx^CjAJ*c;4rB$JJG*%}fPHRF1^cqZ6tB9?5iorv(3?OJ|u??MX@ zyKLG~8#r3d)qX-T49AE~53aIZdu7NU!J;2Q;eY~8+21x?GX#Ah5U{bx-=puTAF(6d z6dDkgGPdFfRmo@nMr6;KS>NQXC4a!u_bXod>+298GMi0pZl>t@A8^-7;LwhxLGCqsQj<%G`?1 z`aqLH*WI)C;R^$lccb;)Bm1^{PYIU8v7x@yOkqj)EeI_%N}voNtr+QNj9a>>a z7j|+vYYMX+CM0`P6)j3OUbP$uP8tLo>suO*pJ0c|==yl*TsQ+)0=Z{QM>KTFJwm|~ zjd|Wc_Qm%3rS8yk{NXT$drMw@kuED>+tUO^kE~4i{G5kCxR2hzk+HV6|34~F#T`?S zsWj4llI{b0wuOQAdhD!_w~^l@v*O5^X#|QJ?@v)V7J=Bu&^74EF$vm|p7C)=aZu!{4$tU^^s?=7+R~l%j}-X&4=B_Y4htRVRChnFCh9 zH3FV^6_(T0;kMnt&=U|%ZGZ&l2(Q%SbC~h{6WUTu7Y2(>>k-``rt-=GS}`41@Q^s; zKvm-i)ex|d8@&So$gSXEnhlJ-SS7?NE(Mgx8k#!W_vn9uu?1IlXGqpHp?;&gXC$Qp zt$YpyulGs@QRd2W0Dxwo*kI9^X#9;`P2qiTP$hD$`7S%`w80A55HH} zu@yiH2$N$1KMA}I5x%#k33q*`yJ-1Mr945HWmCSOGV?WY~4qkIdF-IOFgdG1>pub*P$p$1toSloQHw)iHP)$kDe=SWg5!cj47mBIT%*29&B z_?{m(DoX^$;@HeH)45_t*iIV%58TFo$PR?zvW^YTttuGcgeoD(Fk2K-`=*B4)Ap&! z38}#GFYe1<;e`NLm;<;I0lEcCoao2GKM|wzD?C1){Vwq9j{xn+tJg4_lNVY*U!&?E zRN0`~5x<=h_`pNNP}R|6it_7i0-_EvMT9Y7J$>-Eg}zsX$g2wN3bm1*a1K88#r%E zcAq%c%rSGOzYrM*G!062PMxbH5?Bfj9tQz>=natYb|OJw$aN<6VBX~?AC+SiaA;k4 z_`dn4toOmOiNQsFmw)n+pFJ3Pia;o)4!KNgu7psm%07pKgC~%1P7@nJz$4*}O;t7! z5uN}-hJ2E|4&IHz<9ah3Zk5y2<>nnZvA=mbu;-tT8*>||SLKVmj{r?TvcD@Mh!y_% zD|4o72%;zzn~Go~5bd|vLeTDT4{4xlnNpDx-bYm`7+809iD0nLP;BwNy4cTIoJ6Gm zwKO?Tz|!QQ*S{7f{?$$klZT>FrRu+yB`G&XB_BNhT9n?mD1p7=-=i!`?5F!He2e_M zHy}RMtpWMrSIQ(NL% zb%5Jm=mazI4w@hw#drgnDv=~QSm1*=EM61`5s0Uu#0avFcR9-6JWGgg`S1+khu|jSwLMNBbz}RK zjSRl@Yl~~!T?tZg6aoK2@QX_qt}fOWu#mv&gAbJVGz5~Nem^id9}jLkn!cMu)f+JB zw&yp~;?;?s--rbt=m@OioQZCGBgqW4Hzq6az%mSL<%t3O8Vfl@?LQ32bt3#oAUyh} z!`$%5yKxwX7CdtGN(PI^8IBLaVU=ypjZ5(hJ9;j?&`1R19(0ME=|O(rJXdYG$IP)4 zE0#0uf;C&IGgvvBa2SPB-jh?-6+_>#*KrSveKa-AMPh$4NdkhdMI_xbT|b3Xe=Vj74oi1yIvZ{zJ|=jd zEz-}oX!u(q4lW(%>2O3$;2Avn5BcE}8-Ma-#(W_(=xrdJy|(SoPE5A-eEg^A)t@&+ z-;uJ84>J%Q>&IS?`%A=t%Z2qVCY19BMd8Co+N6urp$Lg}NJ*UY8pmhB(R8+RjC&N& zk!p(qghMMrQ@9pM+~YtIVg@-K5_C+VIiEn-pmU3b;fd!oq$1KxATfc4e&Yz&Puj_K z0`xS#nkTS?{S*o2lcc-SOaQcjY(m+eOgXW`QHduK&8LOzN;Cn`2BHaNe=^a;4sTC1 z+#9~6XH7oRZD{YibKvWv`zJQ1(`%~Cm^z!OTl9kywPK56=W?7B4lAdK0y?Z{B}{gI z*UkA45UilsWUaooFVK$}nmsC3La5*ciC3st{$+tSZ2NRze(a%trJ&J!5gcJ#+@ic0 z+)}_M34-w1J_)NUz7lAW_r0?Nmom8cL#A!|An?keq)lP#AG~rxbK(--_qFt)=(vy^ zwRHx2P3#^DZ#t}b8li=L?x?k5Li|%`5v(eQ4J_}n5!qST`=M>pE;bL{JH_HAEyLgc zkC6Qmuz&ahAZhcRtHAElmBH~()(vFZZstmGpr!ykr8muK+-2AM*oQMn!R9Qvi-`O; z#8D)6XG3;agiN$amLT-@9eyFK4&=@L)I#ey|5@}A z-Er4hi9PouTxX!-UJAuqF9taG;S@k{p<8Wz2Ob5dgw*vWAkFPzcO?QUf>e&+-uvyQ zTQoYL7a(olDm@A*YHYg?^``c=xf)7P4I|*>Kj<04QBDH!_@U=ZMVk%%Z*#h>!ffL1 z29XXQT)1KAy?I81GddRdS-7@Hg)f2-kvJ{~{>51~B_#sVw?J(;78Wu!eKMIpbC?ZF z6(bUw)e=uq#gZV$|1fb|2HyCQxMjm4!p0i6!f zH_QA(lpQyHl08@F3)?jhkeq?23oH|%iPZw~2i`@CzJP$KCM6y`&bAn#$}>0KA$uqn zZWQMqk)o1m?rCi^|NQQMEoTTvCl12zy`#o1>f;9ji)Ph8r0lQhy>vi8*!tT@&4po- z7^J>P*31xrCJpxAeO?LVW2R-9Mo&ulj1>4n6~B>!Hz&XEx|6N8PCs!ozQyt<>fyWX z7ujyOHP)v!vp&-%x~+k^awllpAWvFDEnQnS-k$B&B-@2jaJ(sD2VfjEP!)|`>_mz< z=6T6=$K(Sx$F*?YA-SDN&{!PlsPf~8WurK=-yKOOi-XaT05axj(>sNo=}V5J z`M5*C2+9O1_1KuvLi70jAG-0|=i<31FK>v7IHy5uy2%`SSny*^()?x}t?L$p^Vgt3-!ygDf;Ech0 z8=(J)<5pkTqa%kMvh>nlaz;_E&C%9u;p%5*gU^y1o=cOd+M9oiU+cqBd|UM|*m2|F zDe7fgLGerg5t39f*wq0Q=my!YBY|K-dlJpr;MISrx54|`*;?)3WQahhora3(gPuZv zRCC*?&%Er{W~HgHS~!|2J)P)W5kXoNzSUY(iH#izh1lCT68x~mY_^p45&C^ZF?V!c z?v{BrwKaTz!e#|=v1P!u^8Q=pAz8MD-4r--0YP$ioG}}TWY`W1R}4ra9Kc-^%V}`1 z1S(oIzqFHl+Q(8;Hd^#*1)6zVg=^rjQCVMdxd{^v1w^mYA8}hfZo$JkejN@Q1cE$g zyXYW3IMMQDBK=1+gKf4m`~=j6Wy<|y;EUYAxcI62W|=IDmNN!V@Gc@rpseGC#EtN0 zBm|t`i8SQ!ctYgA#ll4cdqR@n`T)*+b~X-# zp7D~5miIZL)AB1leHf)m!4l4^@Q;r^?Ac&ohG!2O{16lSB9-3)nU8tLD(v|=*vpQL$e!P0;uFNX@HoPg zF)0C$#i*2Tw;V}gZx(@Xw&uh0d+?|K0b*mL8v>s9x+37g=bk+p7$%bFj*z+_a7fLT zJqtPc&YlnHR>ySGCo^XfQuU}F=v$7Ud%kzUUEA==^QZV1n05G_GP@7P5j$bLNG)?- z-6E*8$7&8xq^wwjjbRLcc=*akClh&{(p4Bg@VTy^CT4 z@!7(BOtxh>X=uZ$3fsFOSPjY)z{5^65-M z6h$Y~N&L=3@V%wKOHO1D*2{2|2s6UqtJA!dd=yLs-tU5u2~Mg4k58@p6uTqLVsl){ z9;wiQjje|@cCh{sSdpz&u308%WkI{55E}>7TuN$w%(zp+NLvUPbno2U+xPSgclpbE z2b=rJiIIS%)Gti3>J(d;b#s7kqJ?$_Gi!qFwB-0$D96wxK-RU;dVaCt2jVLe#M;M; zDY!sX#{Y{%l&t2i0}jtWuZRj%qoo>;%blhQ0V9r# zD&;)vBI|#t?`IhDh1{CH`Bpf&)RVXMJubet<3B>7No8RW=ow#l6J&1mLqL*Qhha%5 zAEawW6R!VKH1V_bZ2pr)I7TM&#D*tSqDNttKT)tF84xI(;bUl5f4YDVoZ>xjdSiy@ zLPkuqhyJJm79@9g)KW-R)DapYLy{6TAxW*|w8-}2eJ=JgG}x85c8DH);S*xCeOd75 z7Zzkk@$h+%=CifWFC7IiA5|*gC^kqM?cqZqp>bi+t?u!x!x#e{Cl1%xSrY*h>_OoF z4jmR)ly$Q=!%-rLhspar9gNXn#71=B@F!;7Jy^UCV|z1dJUZl$R|uI`_R#QxEPx6g zYld^-TY{@hFM|_HwyiQ;=U6hA>P%P7`M$S+18Q&I!71Ud_2r0wcPn#<>IluFl=}iR zC)l*Uer?azNVBoEedrB4+@<@YuUW{Y&a;5bYe@_8%>~Vuo;8^+U>LBz#J&L!z-{p{ z=dyUUhu4`dhzqz7vd8=#c5Ht*(^LR~3Y)R3tE(?auz)cPat>>KO3S^0ZlFS05NC*9 z!2WVW;Xy2Z^dF3fdmQVuG_B86gPhjEi&|WEaV%PFz~@Zjt^S*1`2^w_YmA2bSD4c*y7@3BrN^O14B)*3-;5_@ zd4u1dn~6fTil)MVJM}8+t3Fvwwt-EnkmBUOo<+|yn4;A6k2K?7hiOSRWluRs%A86j zlcCTK4k#$!eA%$Ry6b8i^nn=M!a1?X%rJ4gyw4S!b5vwLV`DSi_=*G6Xk<2;br#&^ zi6$5V7n2RRd@&AKgdNgw8K<;a74Ln%`KXXc_{etP;&eGwS|70j!>5vLUePT@HE zFGSb7X`UTisd)N@H)xC6O5CsC{XMWSQEenu$OpcnuxvpE{)JFbAPU{=%}E~gxP-Dn zb@52x3cm4i2Jm;mDGHc)JfZ=v&}{;*D_UP)OdQwKHr~_i6Z`DwP)++Tluz$)&P)ql!Cly3}zhU84}xn5Pwa zIa|x9w%!A+7ZgQaHeiOQ4JTUo5Ip3t#L=l~&ngd3g#EF*hI6q*^n85}V6R3R7)217 zG<$+~efSFIPCq_hb}?%U`(w(wE^sg@Y50IA`h}+O9ESDi#)eypa%k^10(Ij{ zG(MxA>YvPL-lUU0#^20yc=&zw5})_*VFL9t=7acXKA+lOkB`aA#6&gG@ZyWu@L5^7 zH=Ta7kJHK2*-$n{^B&g8eL#JIdGKXfaLou}s{cp3 z;3RXz5dq8<58;_H*t8hy*hDqJ%LZ4)&sefV9;)v^4o1L7wD8=Ju2$}+c8_o(Wunk2 zC+Nq}wQwS+F$z1jB*2lj8+F3$F@TJ@zs0`OpWbV{@xfr{BfrDm)LFLu_O#_+GJ}aA z^xe~4Oba%=TlC#YChUzwp(RCO5Gjf!l5B9MDzg^|om=u)NQOtg`0=msioxT_K8QMp zT)Oew!eBN@RMck}Be=Uq){>`~W1^D7(#=S)pcoZ)yKXjJG7li>3l?24g*-|mJyON8 z$4o6-2eA!|hQx-2Z&PB-hxe>b>4I)(_Vv0u)B9*k+lMnXWOZa0{!wuRjL}1Q*u)xy zR93tTUeF2M*Or=LO(#5;TZ7PMK=9dEm5o`b3i{&Be9JLH4){{F zVqP|m&RvV?aHjS(+E@=k>Vi!hsSw?DY^crW*i4CFK__e<|5AY1iOf`vp*|lix>&=& z2pqLkL_*Cz#+t{`0Ps1o>ARU`XsWH*!ID16AazH!aNKYSVyJP@uZ}6-+D!N7oyc8=O}A`rv2lOI}RRfHes>&yGESv7+@?K&vuN2 z-mz_BstXKm-n!+HYLDjR765l=?^KPFz9?*Xd=}4L;7Q_{MLXjM0TnE|yTGK5#Fo}u zAd#^qKeQGL@W)!2HB&*wwrwc4tX%Yyh zFOf_E9vUec6R!k{h03Q5K**tt&=VV*Isv24gi1^%X`~Pwv#nJ0ORG@vBFYduTO zF2EBIs}ZD`BQc`kmlOI9OB1whF@YZpoa|yoq7wR`%c`-NWf)x*?a-N4r5YftH<=jd zKN4f2`~-C*tHIVw%parr1UrU2E7YE;_Z*+8x2zrJ1OMf}op69^DI5R0*Xh5%_bc{> z!bfo3Z{@5FBLX z6F++rVvzqjVK6R9ybRpIf&RXTQim2nY`o2u!pUU?aCYST=nC@3E9dgr5tN;XSCR;I ziSKeL2B3bnxpYGI_WIHy0%*Kzw|}PI6dJpk$c=i_8m@&e1qw=^5Um=bidYSvup|>@ z-44mJE*Oyq&h5I6G}q0TeE4@npWePJ$+z*l`_uj9kKt`?K0t$(FkfB?-xB6cO8g;F z6dy6=Kir0}{bBEaoo^2ZB{>xrr30?w{*G>JZ2KoK8Ie!6?~3I+EkB{B(1UeJR{CAw z{oAT{A9CN?*0NJ8I|gX&b|!x(z*}Th`l#&Ww8@GaOQ0;~7CGyR_%u7ya9qA>{Md7U z@6=Mn)a639MjT>IJuuSPv@MjZ!2))WJs|<)z*&7_n%O^^TWC+*KZMAAV}aj>Ifn>Z zcNH7^UKn5o~gDZMxhgx0C>$iT4`mlinG4hdZQ zR$K3T&NBHoK9NZo9$x-|2uoCtcOou>=rxA14}VZcM9pD~{zyb+C}dy1#P89%2P+KD zO^jwEEEn0(TxP%cQ4cZ8dUwU&#MTnx=fHaIN!gIv-YM-pqbSyu^K-bDzy~9wZ~#nV zd<+AGOYr0KDMnSMnRwP2X&(}A+##^54tH?d=I1%fn8-uxYML4AVUT?YC-DKsnw4{h zw~g?LIsPdX2YJSph|=82!iX~@U=t&oAbn|R$6hSHjdNH1aN~j}kI4FP=GMe>#u^AJ z_z3Ng_>-RSct&T(8)&2!EZJ@C5!udjIUis~a!&4aLrX|PY){uDm(F~XbXbZ*!FxK6 z?J28-6iBB*BLjf*=6ptPQQf6G47Z@QsW0<;ev=+8lX)?PC1B%u9U-uTP)s7cWfikR zHc_wg@b8;sqr@5_6N)moF_DN(L{n=*j4MIY|A>4pYvvFRV4MY(%c?eFdDGVM)dNAL z6q~o`2;;|oy1zDs#f1+B=c<;+#{^Ull1p34&LfW!<5g-lR|!jG5yH0~wwF(aO?2^3@R9t#YGR1|QOE`}SfEOmNIyw13v z5ww^n>bGm?m8>lApf*{sN6FNop#G*EK~j3SYKeRb=srA0ER6*r1?@m+1qY)TXNC@~ zQZmtq8pfTjX07Quv?yHJ0jDu4IPjf>Zv-17*@NxakPD?X(hLJlaB@`W8@WzAz-Y!- zR^Hs|+t$q?k*v)NFn%z>gzCYyy%wwB8&-by0RL;W{Eu(6xJUdX{sr_VBi7$0SeQf! z!^mMl?8Xc8u&HuJ9h<@GBjpi?kAey^3n;{MNDx1CQdvR74!1OX32wSK)2H){VIdL+ z7=GcA(I#GamwE$Tm!5$IgXNmhO?7~h`>USJt^GP!iwnLqS?0+IZW4S`> zs2b~G*O(nts5OE^T?QP!i=mAyJ`)UaffId52haiF#PL+%b{9fqT)pnrYg^6}NaHUFgOff*)rVSS^r_ z5yMBj5;0{uMHI5hVM2Rqkt^#wbGq;8J8RLN0WU?P`qWt*jXyHu-^ zH#K6ik)WyK#`|yvl7nv(>tk1oO;7=nbtt4as1GE)8(Q)_cr!R?KcEk3{-Wp|sdd`* zPMeZDVlS}gPk!J z|4%&QZ1&w9``F@zMjZ>l1zMchiU5Mxz>}J)0I;07+>6#Q zDe56Yf$my%>CbskfB2Qdzoa7)+i*%NS-_oD85S9NpF+i$Z!gAY06}U# zXaba_abqe|59rnwV@-1lBMu^RiroC`(H6e99KC;qc9OTIwc>^Mx7g=A0=TwJ?ek&m zbEZ=&w@cOkQu-6!M5`AzoZ9e(SbgCa>evXBlOEO&V8n0%=SSmYVXc||#$q9xLi0c5NVSL>Lh*-Jw}iF?-s! ztvT70|L_K{)g|qnLT_CB;3i?1S$iK1yG~btdm`u+a}6ED&QGG)Fd=Y961IcL_bzd; zYH(^UNjEPn4+O}3Mnfz37)){LL;Z4m1>zT}@!9{18kZ$nVQ?l@_y?cT^kFAIrkPb2 z!x5y_r!i|^V|%{_C;D*XS@$KK#U5_(!hi8KPD12xx)w%pMhi&o4*@Hf)QMQzq9H1Q z!_%`&6BtIHqD>=Rb|^(y2@t?p9j|%whQQ-f8@sCun5v*8~DfD&gec@v*i} z#W~a0p12zXM-S|dStt>0gT0n*D5c`W-!+Z^37j@@O9`{1U(^uodq!A-ftP zhoF;K0i{w9C#NE{60V%!dKV&f1E@)_S>}*xIY@Dm7zZEXosx?J-b9gXQ$ProE0Igd zMzU%6&BvTl(}(M7gxtxASc6HPKOno}9b zPQl<(tw|U6T_HsX4|`rxa)~AqcR7jeOF?a3rnBND8r;a6k_HoAfl4R=Uh7!Ays5__ zef|xi(I)ErsEs#@SQbV*kxGv-j)o?xbrjOxzJPo_KRjZ9SaToK7Uy=`OSj z423jH?1Pt}<)<2xmEYum5}c^zDxv)!Dc011@xCzwN-P)(D=dRTi?!ENm|M|+adljf z?k^BDK^sUX#$ccIp7)t~=l#Zghi9Whj$lhs_ju-*&=uw-M<1*E3>#wUR>L`=SVy$# z=~LB6RNE9Ow_75yTP18?pkNd2nQGdQ+-Ki+?9m0vUXk7nbZsWO2ZJO>MV(GTa&XRz zV`3XTa(E7OGJWp#J1 z#)@5>snZcSa;+&^^5U3kO|-L2D25Ri>+Y#)pAHrXyUGy%;arMBtoIND>?ddp$+XXO zd_Hqvf8JWaPa7n7Syw<6=Y?%x)BfSldB=nITtTL94QaQ1lGzc=UPq9|khYtE|2Q0o z4KKp*!}E#E$XK(h_OL1re1KL`P;3}nwQDVXS1iM9&S_|Az?MLm4kUB2SgbVImr5sB za>Nx-c;a4XyTs40^RTc8C2<5i<4Bpmp(hy)QgWHRsnHz{7dWzyv*U&W~@%(6dC`^>FW7Y^M!Iq zsPQRQGtt~K*N50{&2rw-y-yEk;`dHKThiai8U{ApMprL>_ewQ#wS$L(OvY1o5q+~k z{2`%6&`Ll$25Ygn%ws1!rVhTMN#oaUtghRz>f);hX#w9(G~rto;Q5580saZ6u(&3IbH@W9i;e z+D9+T2=l{zPgNI&7F8k9oN<;~_C`)f936;AXKNZWUf>afdWmtfu^Y+$d+URo2*)WN~@J`7CKOlfEB!Q@Q^ z9MUE{L6Z&|r$d7~$>J60s2!3R6*LXw;qZe8tUU`07{zrriZ!3ZCc13%K3!BlC_Ml? zl4UgDwNGlogC(b&7I;uG`$p%*&9X8~I(~IGP_9V}mnC=QNEj?&n3)!h9YoxEB}z+2 zZ+9BAr&q$3{J3Dp)YZj>L%sWjsBELcE-l4IswH!;ri?Z+p&@ zK?7eOf#mDD1WK?9!u=FAk)LOqC;`XstPJ4Vt-#ogZD)$l@h95&R8uq>AjKAYXWTs~ zQb9knN%J`os}tv0kA&{VQ28G7%h~uwRzsU>-qfwO@8)HA0`&7gwSzcs9$1z@z>A&8 z`bkv3!GtKFM*5)cQb-wFSom!Js1gU=m`-pwz~s z^8q_b4#$ClOOYAouy4b5Jh-22W&-X}GpiHvMEc{?)x7-<@$wh^;p1CVZCk4|Ye-o0 zwi+)Ga`qoQSd`{7*ySEG%KuLoHcY&Cj2ZWjD|7xyXCB2%j41SP@V4&GJIK2uA^#dv z;-l&LUS8dnnEt)NM^KdQS}{o}5vj6EU3_!;gY1~mB0EAfM*8T-5!4^1_D4}wP;j>< zUj|#~R7ScL9FOoGZ$XL(v}tc7gAh9RNA?%1;9K|g|Cy}?=7zz-AX^}J^K5_h^==DW z0>f#u&g`iv76=slEE#*W6)WTfnL>{Mp|PDUOwT26fBUyRJm54fe9p8>Q_fRMeJH|l ze(#M{{>vhz#U)UK56sddcYA@SV)+6=M_--O``+uY_+!0wYr4Sb(SZv%;^q{iwCf4S zBb^L-U+ z{A9^JQLgPgIr`==HbsSVto_aTZHc}KEiRVFt!Lf3r=ULdm`yw z_jY*CF(ieww%nat!PIk{_j@^FfEEx&)1k74ev+(OiOQM=r6)+S1UHi3zJ~i+m4MhwjVITx0u<%@=XeOqlgP?BQme-D(K`I zTL2}3)jK&Y0)TI%MsPb)dTeNB2a5PK)DVJ5wb@{L_(4Y^hqRSIY6Lg312JUUcnCd$ zl=ongNE?Vmm7ul)2@~2By%;AnUUq_GusOE>4_8i^TNBU!*@eP+$Ao@K-!=M5C#kFr!jgv2Qpj~?TrH4Z;7HKLJA%p7!320 zqmoyK`GS(moMncPI~oBW=JU#9=>)ycTSa@Nwv{A&|<70K3i-l1w&ai5KbK>lg+HN7Z=Y5Pd#%o zKgBQ>o#(nW7&eou)62pnpU#wXS2vmT+j;SP)m5|E+{5E)IDAN=KIcwu5#%B2->CA2 zkjk}ZolAhB*~NVKz@91isn&4Yt(Rh})IG^H@|oU$bw@O=eiV%P5a+#kgx% znw3?)@t6Y`ca26VznVTgK2$CB{>6(){H_7- zlFqy5OtR9jR{$g1z_=CjtDC#dTfSY%)tT}{!mU!ncPZ&@3)Fo$^ZBi9!;}nRfd;^+hqUpxooVG z#!!3Bw3`D(v$1V=_pk`?Iddh6<{1( zKOC#geB+|^^7!<2c4a?Q((6`juzXyXp3Rq5?J`*{X4JQ{-14ndyu7?g9%QPc+9LgI zoaY9;7l85n*sxRA$Ms69QMx_PUlr_^!xFuUme)h zvuPiVF~Dd7pEi@tOzw15zipgXa>Li_XQfBxirp@BJagsbW`+Jg>K6^*-FqwxGY!JO z%?g<(x%~R}t%LsUyjGtX{uPY>Fw-n`CvBsnJhX=|)nkuz8*-jK)=~f8AWw^vh-cq<>PL@OYg)V_r`um%ZYA+C9m~$^07O_WJOK=k>gj>!JS-7YL4BDdw>(%x3K(ng@lUvKi|Ohd^Hhal_IspZx5+A8-mt*TK_o+o&Xn!KJqyw;wSx_$Th z`q0g-8_U$exR}$f9;U;L*-jY`=Ig~xZd$0^W>(6&wCb14$#QgiHAU=ug6CX&t(8xv z7tOStEMK;iOugQ`xmNPy)9Up!^MF`oa@xLq*4~tE>*b|8wAZQRcZ`J_E>4a$#?Pl|f8 zYAdCoe$fXQqc`(xq|VFMMQ-$VaN0ho%nJR3^KwT`cTV1BR~L=dTW&sjJ!saij+;;B zVs@&VZ>@%1Jj-S8N);@Fl$4RK-scsxi1pOuyp%T1M~&*Et=^VXV{OnMTxVzX*ZgdK zX_+_A>tb}NQm*+~Yc2OGvjGO$V+c4gaU&r=iF_dw7q3=Hw1(M8$I52(T)tdU#zZcSD%rcc%4_~jX%e|MY-f%BsFxm1yOVwr z^aFsA&nY$Xz1Pm9Zj7g5YT2DMIC*G=%0n!Jo?%`qxLu@yO@%ePaI@^5z*>B_M&&0+ z9-w-iVdLR0siL)6eQ2KHvE}s+^l$Y|IjuY^sajj1ddDMumtWy`&zS?zJDARa`?90n z!E_G1zC_VGTEo@Nkm(&*#xYqq1Q66*DDn@CN*N@GY)u{1y zQO(a&Cy%e$(;PShDDy7}3!^hR-Jekb44{CKSvpTtZ zxSklTmTBg?=fnJoc3|XAmIp}C-H(((`|i=Q%qiCCPBW$RdD76*wUc?{te8tbEY{lT zV>jJCe|;{TSbFCmUtHdf$|-X^&e`+XbM^7H+dDXZF1PJfI2 zu68%gkE*SQTcWo=y%^-cL+}Rh&ZmMusK6{&tatGt*R(JKd z$Tu&WS{v)9tCO4a)9bQ%Q$09tPR+u_WvO>}wa7hduhmvNYrdRb3@!?b!R+|0Zx_4z z>PgFJ2PgLzou%1oO-wvr*7{_6k}`)i^%e=zfvq3pQz@?S@E2nMME)5?}rf0RQ z8+EnJtHbWibL+IKBG$Lb-cCjQt|hTPHXL40kp_tLa?nE>nc;Kq4*d&zE~S!5Vx1s2 zY}{ugdKBnT0E6gJ$`hJb&R(*hl=8XE>8(Y&RGI!mgVUi3gG#PC zs63a5K36y`f-Z-7%+cpct4=Oc^XPNgFntbmIe>xnxt5^IMZp8@nTwci0OPu)2?78YQ3Bw_PmP&mNnn_qEofb9+DN z-<;)ca+#;Q%SAbNak@GwH@lDZgXQzFm9?#lWm213$JJ>%T{|v4-y23Mh4C2OWUln& zQ{%2btc;PuR~*~D%eU98o+>x&dTMt1h9rYN>7G3&yVHIvb^V}qYFc^vR59}PhtWA+ zZ;vbOfvPt8rCRl>Vo#Lus}$8&#GI(}>FOYJzfY%JRk%dUREI8!gpi+-+uxjJ7?TKdBzpRCmz%XPM7-d|r< z*2P+R_1Zc?BKI7_Xtl?;uftjP^(DPH>z1F=ulJ=+=kBqVyLr8NogUkRhIvpuwQG82 zIw{{g>Gz{W_gp*aSE@>;q2m3m(z2|&RXWZmQ`EVT*u!XktX>{JuhGUD&)b`W>+1Ar(6}&C&ke2G&77^T>%*s$%sgMT zA3B3V`E2yqeOR4T9=nFHW?)IHA{{>amahQ}*xw3eo1Im8CBVy9TBSVFzz!CT zn~7ncn`fuX+h(`-y10Kh#`3h>xKS&&_1BBMu8!Bqvhj%4nT7|471$t>RtAJ`rb=bn zS}9&)9z$|%sT3cT{%yWD%uMmx)O!nF3raarUnTMsbk-JXOS#Oa)Z^!;S@O1dwyaOG z@^F^`yGKzD|~3YKv*(Y}rb; zlW6s>+v>|}-q2r{N>eM`t}iN$dgZqH*q&rB(AH(v7#8ee(#{R=yuG(F>f~xN>kMCQ zq-YMZFXhoRy?hw;TW#%WkZE2W6!JF@>A~dWsb9>`jnk{^YV+c}o_*8OYdl|`Ur%!{ znr$Rs^^|?^T3pPs%jEFkwzIO&?(c^B@MM1Sa&zC)*U!p$ywqFS${kVwrpccETsyhM zHUmRx_KO#T!oh5CpP!B{nnU%pP`~ZHRhRSr$=TIPUG(p)rSvj2>qb=B7|MDuSHLh<@(u@1qFnj%!8Mg-gwDnkeDCe@-!g|P$cMj<) zuftLA5%XB7^ic5I=pQm|RBr_~`bvO}KATnU#>5`9cGk3;ypqqO`iPUzSa;CeAEIGL zbKkYuH=nY@N(Siy&b-0=LFZ1Uq2x>X$JM;t8%~VW==DBVoYV)Wmz`DN^>o<0ULBmj zoj!J|uP3%)!Z!73d}5Ta{J0)A9`m4IJXcn=TxRWk- zD(hM&|9aC_o*g+Tw%tKGkx{;@CLixpn5IZ38a?xA`k1~S4o8Ixus7ViWwV*a0kb!> zD=Q=iyElu5Qa$dzOgiJCl0k1WHrlshSt#sX!S;~3+$~8=&duIPO36&-c@V0XXUh-D`8n!&EFKNdMa0W zHZqk~XH{A;+P;R-wvBi?jlLUH25q!)F#E>(<;JLtQWpnzIo&Rw7S#s>uX9)G`Rq79 ztrzE4cDLKpMh8#1^XXVQ8Fot-%iiU~pqxC-986B;nPauOzDqrxJ~ggS2bJPQ_Wte} z%b?@_@%8Za`K@+vnmxT9*!Ks|x9MK8{8)ME-_P$my|cU3Q)8LD)zo|?xyp49v~{a8 zI)2pkQa5R~0ERW!m#^vb%YI5RlZ*1>!7QDt6H7CRPK#tZBPan>vXPh(p>jSC*9oW@}*@?rpD{MIlR+vR`Z+Xv6Wkld$*~< ztfZFC@fApcwCBwyFq?%Vk{eW|1@2^IT&cQgJ-pVaXiXAJhUn; zqkq>uFO`$U*IMd&c2c~mRomv>L^-w#*P|h}1vk~1J$bvmE1e&YuZ;>)q5Fm7hqqDl zx^iEr-z-;WhBAF#sMh*={DfnO4b8 zGG~)nHuE|(*W-$LQ9drTU-XNLS??6DE{tmJ7A-@$WhVQYxtLzhnv-@ad6hiDyq;^U zW)tn^x^|WsXHSNY&nMP>u~ximKD{=_r?;)+OQZL8d8%F$@p4(OUe;2B z+l%rgUMp|f<7fS$z0SSd-dqiC$Ls7!Z#7>}PnBFjK*i7{v+OZ1TZ-N5u4{mmmZjO@>uu`{$>q-I1y8F(& zbJ84j9~8h9WV}J;I@l*xx4HbZJgKhxIi*5qRLLlV%e?ZepcjvLOl}(3-&Cn6mV+mz z>8etqGQ6K7KB+ufBd>=!uWYlaY|ASrc`bd>d#H@2b8MHY&efNPn{EeZ$wA*Km!na3A0w_m-+w1X89{m8`L;FC*PDu4XMlSarS~!vUuDW2-U`X z@*1dB2qZG{7itwCQ#7HVp>pr;#xYkZ?h66$B|RD0 z@L-q4OQA_C#>oa7nY!*Um?M$p@=TDPe4yAySl2w-tGiJ_v3L9UT665>h9ohPD%q^I zFAS=UY?Ek*905V1fqDY*cvyMjW885H<#LJBj@4wfTkWZl?}Jd+3WF#$M3L<(=Rh zuAxKBe?T_m?Q~wbaPye#U6lernaHqbQe0lI@@x@N@Ocy0bKSmY2#Mc0T+(c^6KDfv zL`Lo9uO-3r9L#Bpy*wWm+3gju&r0-ty#-L^(DN<`3^u^P;4rwmyZhko?(WXT-DPlx z0R|h~-Q^DM?k*R%i?jUpz1{zR-+Q%5B`1}W@1!b~r2BM#-R;P5yndl$aUvzVw!RX= z&|B${GbNrWb|5v-(HyH6)+DX@^S%T;{5^)HnZ&29$GcVA5~mze;Q&7EdAKE(w?-o1 zY(YRJE(J)f#NA2l&330-_S5I2knILhBVYBSvjRQ1K#xBP9pu0#a?^c=Xe1T&g|MUYbenJ1;T+*JP-kDF7>_VdB!Y)?rv%tJ+^`AMh(j53 zX_Ku@R)2M`=1?JuSxz3Q_~7qk9x2d=2VY?`Au$a4@G~2+ zdMVFT$iyL^!sUE@=BE}YnRi7c5!aRLQslN_FEJSg~M^xxq8&OJ!eC2Y#RU2gIj4+VBd6XM>=` zhB@)r%?*U1$}+^5a{bh!mv5$4aAO&0-PWGOB^qZi$8)f-L4>Ai0{Jq?q9eRb=G8c> zRgUyf01-R&Aj;M>3U~-`wlx(5zEB_aErj=LteD16$D&n*nqY)I0z=si_6|MCueyf% zzXWK8!|Aih2deUA@xL1{a=at)4s$;_+J_{Wu<7sd@;#St@v@F8bk17CaA5=!7ZN2R z#E>G<8|!A@odoPMjx?2aW6*^HdCG0M^Lt()DDM{lIV?|K;{aPHVV8-ng^>>S{47hA zjYs;cvHXGJD``eH@r<~gqT`gI+hiWLBs)Tv-uTp@9FYHqft_HKWG@7N9Mjo+X4^_g zI<=rF|xTZa9$)&MuYDyhWyq5HE-;|`U-EThj^GNBLuhkia)&;Gv>xPhHV(j9Iu_B+D%9>ZH+SB8%lID1sXF+E1NeAvu#0bNk>GsLii)o@*dT3UfbL)m z4gZp(i=Y6-t}6(Xeu;i;YRqJtOIxlIhfPOc;&z0fpBx*P3lWO!U!r_tJOr*;Abhx|L&8Zv0)h_3PpoIS+la4b*7$jDBB#1yfD;8M>&K=yaTI40<0Y{dMt zwTlaEe>j(Y(5LZ3?uFk{$rLeGMhiFWLguIZMNom*t21qy>%vHztzvz7ERQF}X*{v^ zrq`lndx;7*Z=tvz3HN&^Wp0DwV6h*v!z+{+o?2=GIccZ~FI&ohq42~@eZ9w;EIulL zSXgHgtJc@m`Y~Fui;TattxUDs3sJV7b~ZNBGcfMz_utfeKEEEJYuLB#xqv&^H@}_> zJ=ZO7j}M2QiyYAZJkV?TJlIgxOz`7 zEge1+p`T_G3Dv( zjAKG79vT0YOya-8^S;p^vrDbX}g(-pJm;P5hevX{z6tYrr5`CrrG;KI@05sD57&UGjxPMm>^Nf=U?V!t4tSay|F;)W zn0TN8A+s&9KcTg19$OxZ>Dt@-y3MoBo5S{pD&qQil^&N6%VA*gj+N@Gfi$@6Gq8u1RXkz|7Y;~Oh_W2+QC2^bCS60Spvn*J^l$)>c;gppvZh~*eR zCDYYkOj=|hmLc^`bxXj`iefeUrHMMK1#j3Lagl|ZjU_i#n-z*%>1~RvKq*%C*^_vw zny~i?1cODC@E0Tbq`R}RSQ&2?Z?so4{WE+Fe7(SiPpykJ*O#1tNoj+}v`wsBN%8p3 z!D%MU$yHej&zsnkyaW?$PUr@7H@fBT*AUskb5cbW zqOC{l@~h@Vtn)jSP%EHOC`iBiNcnI0wZG&DdiVxGJV7*NNw_pBkdL$XDlM-t9H}N(N-8e`8J5e8~7FzLjVFYLkCk`f)Gq)AL@^U2&Qa z@VFK5IzaSMYmi^tLaR?jF|Yrkm%kK$GDkoAw{SqSHUH)N8~6ia%wzf1^{$g5!0=LB z15$dmW;fYz(;V}@)Uf3GP5$HhsK*zuyCrntG;0}Po89vc%=dp@?D6iO+In9~ek#=n zvgvrzTHS~r zp1UTC93p-3h13ORrh$OdP*)xo+1F|Xz6i0ORqB=iCj2jU6skz^QGdtnS;;Rum)nJ* zt_C7tlc9{_U1%nu?O=ZT!V5vzskWx?-^j*=7CdWvPHARzcnapA!-8)XuMG4*LAD`1pPpw!`CF{mx5R8yL8R@Qb!M^=3O&vHk%zKZr@;Cb@(gDM=OKd$)(Q`h4e z89}z4q<3zbv3vhQ{PavHCBH3kEt`pF@IuGsfsW1N+s4j(eqt8@r3*#guJwj?jsM)T zI7iON<|>gB6#S&9wZZ;f>X5DsY?~k zx6E&CWk*)Mw+lR_gGFIpB*svD(sR9=oqcUujuEJne#^Ahq+)`EGxiDXltK17_;ono0179cBh{0fo>+c zpIXFJBm7&#S}FYVI(ik23|=m$B!&x{?5p9jjYyI{ zG`Z@Y+$C#Z9eh|shL1byPe#_ilc?@1XGRTWn1ED9M)Hyo* zhCLdI`*j;QdLCBtk=3HEU&CA=zFN`%V-TUCSGVskV-Nmnv$~LD@mn0s2kd~ z@YpJtSMuRmp^Sxo{Rdk34(MG^pxsK`{7ZX3lQilEnfT--4iF-%4M-E_B4T_{MVOHv z&aHUiVt#o!aC1MM`?Y9U)%;AxJI_qB`XJJI>Z0(dl%JAu&&sv}{_;J#2qyH^LxB@_ zXf`MMilW7`T?<(f^qYTWKXA+=a&`HpGw0s9z;MWoxf=T)d=~iD%N9%ZvJG9HC%E49 zyD+VqJ8ms+9e1c9l+I3A^|K%K$UlLJq}bBDr6|Cp_*&$_xbwhJx(=W>s3f;37b{YZ z;A8Xj)eDIUukmwX%=R2UK>_=sVR~w=#Da9xXZHH8G^_>&vPK%)Y?puRk078rru+xQ17e`$ z+FY~Ba9K^uiqwkM+x*B^o#tgp1Ba;6>0|+e>KagU`kZ`+^Ed4Q5|0}XHRvk(Y|p-` z6H;e2t-cL_1WAq8y*ZcMLb?MZy?cIaazmgy_lFU#(UB&YKr!Yet|Rv9bl^GFRCzzn z!VG3z$f;b38mLTZ0XYm;eSoD-ArXtEuSRt>jKYbF^sO=BwoZc71k>r?_l0LJujO|} z!V4TV2aj(LN7YD`FO!xHyWfqonLG~fpS_1d?gjal1mKW0xA47(t+&=30l?=f#_h5c zh#C5;OwY%BV1_dh-N?W&U$;~IoBq4R=5?6s+518M4uOSW^b_`Go#{F@{Wupc-DN8r zWt;J)&z>8U>}>m2k276xI@)N0z^nO(Mm!Qb!anr!yS!k$Zp%D&;1j0Wm2CFFfdUn}9 z;LE7LydWr6Z~w5MZHeUqi{_PA{6YJdnFQYSRrlI@gZ0o6h5JV9Slc=%n9?RyrYsY0 zo_|=>aFX^`lsTX<-VLo=Cs^y;n1EIXKQqbINUR8iSCP-f*+@}Pd?n9RC0eF*YGiP(@};v_?qLqNw>5sWl* z1&eQxQ_jL>w!4k<7aRJAu|}}W%sw2&omP_WENp$CJ=p_wz}cvu zA5HeQEWF|rOjM`edg_C4=}SNLk1R=K4+4ugTV$pe`SVtm5mx7kz5 zjzuAa30|n~9!{eFj+4bN6R0j+n9S8nE!-0L+J_mH`bvj!^_EB|1T=xQgUpSPGOCet zJ|G^e@mi?z0WE6^QpIx0 z+X!9poPrJhERS#g%dSi*FM_`?h zA|Wy%2?MRjeR?;7gp#Ow(TEA9z4-DW>Q~L3t~{pju6TcG;`U%(*3^;1XtasrX*B&@ zEuZP$k%fe7z&LO9zlkfV$ZTS0(xK--Dr2pWaUD^D!Q@< zj7qeJry%kfA#04*^rd`Kb2INrRa8T zTpZ?wf*f9oAQ*=2rAWM|;l}U^vtI$v?i6cifBQ=Q*&H^O{Pn zFR+TSzQ4o6uEn8tQ#4ZE&~WNtUtu6S26keFM~Z6brS2lfV5GMaLA z4T5i-g|{*QqYm7M_-)`DCB=m(Q&@Nat@%HndvtHK7BQwHoh55-aq1uATKzl&%$6;> zAA@?^5YAOEkfSS)i{5Po>sqf!Y$}c-M-i-BT^V!^yJIoA!fd#X#lPHB)VfmGhAzM) zHIu{e0Er7#y)QN~54?VL+|h`de2k~QLl!Pgu1A(nRU19NP7MJ(JxwEzX}WK8PgU~6 zX?xEkJrXQ2^+#t0i=heKEZY^JjgRd;Lf27BiPxv?AyEJtt z`2eC<7lDy;PBsQ%Ce+FSYX^hc?_jgKu)!t!fUlqsyszrUjX+@m!*6I5n;w;(oN1h$ zIfZ0htW5&(?c?StyjOPGJZ=R@yYbm2i}#=LBt&5%?6uk&>sQ?6lBf*?%D9t^M=lSb zG(NLH-V@4!FymbVPitIQ3U|`XeTlr#N(A@5F6t^$m0Z^owE>ljyn=6xcwAXSUspsy zrpfa=d224G#rc$bX!0TR88kE+EdZ`m{te#>}9Fv0QW`~v~& z{N+Zz`^{2|TzC74B7mCpv#Yw)`TXwvhb8>Dx!%*9Bx9YjOH74vCHTH}hsGXc{=AmXOs)`Sw1)fft>HWsUA?}jzdPnE zqtnC$lS|~N$RQ8=3^2wOi71iyyd&G)r!tHQSH#(&Q1Qe2g5pb{p5#C9kCqFqNBy(* z1460YHLX{op`Gm50F0QABJS4#F1xx`p=d)}h<~0w`<1qM8Ih?@XLJTzN)efQG<|=j ziOnUwfWPm(7AhDxu`P!F_S@@eXWV~0FR@5ykp<>=ZdIFph*s~cfnTN*@(+G&JKs~R zxtd#WcKZm;p;ttjZb3>Ic;e>VY7;5O^vdb)YdCG6CTj)1U~lXbd{)aSkG7m`My24w zSD(9hwlL)LRKiVUqYmY;OH`Bd!5C(;<$K#))u~V@0zI9w!M+XP1JhrJ<9K+V3N!zr z&<{E#FN=BVTZ;ZO(aO`0KM)Wo<+tU_ypo$*>E9`0$pE)VSQCdfm7g14wsbk^r}a-l z4AIe}wRhG4jS^R`AeJPg>)0r24G07;?YwMB8}~MiI$NroGU;d&8(|I$ND1x1SJj^h z;x{;sO%2bu{3Ie9bMw6edS=0Vk$&ovND}lrMViA(L8%fUs~Sum@%WpUMc63j=!z^` zkx!Gwks5xojHb-Ld=BcRZk(2}c}_D__i!?YP%V?G1oEMYEDx|EMOkwc99Qb=og3N8 zmv39C=R~NkH4eQf(r~||K0@JWST~VI@c$x^h>RlShmsal4MNlwXb-XMrVs(xc862> zD14o?`*di+z)J(L8=#;`eX%JfA+<6>KU=J zQf|$oZ)`>`(V3{~uW6G1FXMQ`(ar@hHixMt(jsQC;ztJoH;c<~~ zpsn*_EtX;Wb(2kooE8{~aLsKFIEH@1_Y6WTGVF6BO}td>N`i}0 zBqBeVe?x-;doH8OF7GKNAkUWo7q+~#{hwaRE)AXwrSv>>}L5se?eP*&KTSE#H`SoWJ~zC0m&ekw{*i?O37 z^itwGQPSPY5Xz{?OM%Xx)_m4~@byOoLNI>28($;>NYa17cWRxV3U=e%Nkp)A41m2H zBDoi^BIE)97*84w>7s<*<3Z92hEE8gn|Rncw`;{W=?fui_O=mR2WP^BPZ~o;>pTSW zoio;bb=&6;s!|9}GIXm(Z8iakSJ54#&e0_5T`5QwFs&IBKP95Q)^zczeX1YmC z8zj}D>0t$tfnJJ66-vIf1lx3NGk=YumnOZsfGNy2yQYplO&H(=q5CIL zIk3L7{bzQ<2m6MVuzGchsF+i6*&3^F7|vi>d%z>cwd_7Fsm;wS&3YZn*+0m*bGhX# z`N<;RgQB$Gi!5%q9yS*M1LU5@8FH0&fcXy}uSH&F$=3u-io@o10jOGqit(D^ikE@vVQ$+-Td-!zW~+)>on+wniOM=H*`)_fUq7r5H#=to4DM6%sZW!g$5yD_dwvQ=Gq+0h{9v{{ zG-KD{2LkLFaUOd8b0We)TKfx+r%$aTt)6nDy2}zujItK4 z1v6f!gJ{eaQlzZEQ+vtatn}r`cz$1hi)KB7*sKAQ(G?kVG5OR4hwd_{UY|3sy7?HV zUm%-SsK%;`w4#v<^lUE+MQH2#RNN|Wg)EIBCRK8qRIFOj_`EHm#n1OfR_RSA1e>?* z#dL&9pg!|wUYut<^}+4_tQq9~MDrnJY+;Ey zWCFa$^Cokx;S6^NkAeDkCfl80Z@p~Ni~(-n8WvcOs(c^A_}9RI9mlVoCPYNkf38gZ zqTh~nO`36}U$ZW=&j=8uXDzi(XO;&}1fvqfHd#WIS2tK^e(~#E5=O1fPAi}l%3lL&VHbK~f>nGvur(Ni6yP_^_&O+hEH#k2e3i2NIl#UDX4J>Pl#0OI{J2-3JB9Qi*;;T{KJo~Zr=Y04u6&D7z2d! zo)ncQJx|-VOYgFbJ*$~NcYYHSLcW<})uuutP4E5_6aNIc!IB$lT~+>825p{2ADxOa z;yLtqL{ljzpR(W7n~WE>l!Gx_=vfd&e|+@4ubm34X3_dW(@mWgZYBM5C=I2cX~vQ^ z%8Jpu1p8gEd74M1Ew%rs<+fw>NwU^0E%o>N%SmZ@R*?&rC*a_V6YSYEr+tPBcWT}w z&g!>;s>C8qBhr(nf+2T1ZwsKvQ*?*Pj?^%6akaY*(T$tXY)adR+ zVmlGp(Gr#XFh}USqHpD4o!?9@l}7Ynwsq!D_~gD;zIUSC$pCnItl_V`_v^%6n!hi{ z(Urf+1Zn1xY?W9>6O!Pn@#WR8KKCck_HVb#^~&W)Aoo&eWFM3-ZV$BKtY-QwTu5jE zN+yeBiF%c=sGa4HQN}mH=Jn$&ewe%|H6<2bOhjWf_x{#OPb9l17#0<wYPjmTu-Qi1;;B13JJ!RttG`z zd=?!FJ%z}xV$_mK8^)Z31;Tj8%qH|6FB*lP_IxdtpHDf{GmWI@_y{hJ8hn38yx6)F zq`UCDVcBBbAO+>UY?sPkUWe1A5&CiG3h0v(k-C#B-L23>7zLJr2?UjR(ZbgmaaV?`|U6H2M0f;GPKug4C=ABbPJOpN(AvOKTo!7ZY&IX^`LtlwcNO8$9~8; zPHXxfKS}~ zdO3P>8@I$nn>!%0@O-!A9a=vOg-|*3e3nLDGJPd^zVE7EVswf2HAC7!!w^y@dj6zY zW7X->T00@A`_x{+n)rwWW{?ON)_OU%1d0Iz?;EH5m^7Dd^S2h!KNIW8&|Sh1-KXDo zr{-T(Nn@@pADPyBz5Xpt+wcpUf`DaDH&87|zHWoteAp87jI?1N7IBGnz7{lLDmaVn z2K?k*noV-Rr=;x|OE)03tV717kxKorM(1Elwcdf6Licc=r-Yu#8(` zoLdnOHBdQ{nW8u&u1{#2U{7N;J98hhm1pYg@<7XJpEL`{yjJim{o;@#M4zuoyo2BN zBOw1qPje|Fw4iw_R0{)O*j*#(d%XNnvDuryMCKv)t}PGs>c4Ry+vQ-Gz{J64JtWjY z(Dn+a3)9T=h53x-TIgjmklFz7s4gM|USC^1sh!I49lI+-=-HK^}DzP>1tkgHf-Axap@xfhragF9T4<^sw z+cb;X7is%S~ z#I*>A4Qu~PsXgAonS6G+bx6wd&v#@@KBFG+=3?n4DSt7hBf*l5wmz&W`p zJEj>e4Ke~#6T;yt!{r@@aRy9aS9-a%1SyTtw?ZQaG0E&Co(7*yl0XBrhSoOMDX1KZ zn;E%5VZ{+_!mA8>YR@l)Q1}zO4ug5P?-;@WsK$**=@?Fq4&c8C*fCm!oPAU(MLTHs z#C{m5H=5|gQ~^!iahBSoT)D&(2(hrX@O9mE>)Vy|1*x<*)#x*A+9W1TR#kpI0c z(>v@2&400`>r?0ZON$iqE0tK80w0}?=NGz!_^GIO6+?GXchJZK7ZUhijYfw zeFjE+z$wW>LSaDs7sZN@ z%jeqt*|IW0e(wK^HZziHpqUoGYc243l@SpH1nOt6n4^P*wWYg@v75D{!+&@)2io?I zYna{YeIF6}>7fieyU~XHZnLOroPM zs<7b*c{_q+t>_YKZxb@d`Ir!#qvG0rP${#cYF0F@y2ZGcL;rk6U9FC9su3e7+D!*^ zy8meJC?6Z2MXwxY4nGNBurm5(^i)MTGOs$8B^NtOtBRK%6)|n8+D9ZxKb%#0{~-g7 zC(i%1dN)Gp$}4Qqw*G(;{7k*ef(OHaiz`m@(<%6whj8B#qL?(Roa%rKTcp8RfrSGv1kL4y z@s6&4l*2@8^)@Sxs)|7j>3L2#PSsCfXiIE`#(p5cd|o*Dhx`SxtY0%dwQ4>K-R`{Q z1ZNa>&J%LDtm`4x8AcD(+r4>r_g5`9))%^-zsKdQ> z6EVTp9FXDj5pJx8Eh9!5MF=JeT4!~6aq01o(psTWx1jIep_BPh1wkiV_db(K&z>t# z+%4r$GPH6Bzec`0>Q;*e$WCV+bueUJmP{TZn~YOG^@e6SQ!)6Iz|i*v&ZW=6>*v%l zA>`P`6PkIeu0XE-^fP@pmb(yQF%0TRjIQ#|FkVMImF@Bm*5|n|=W>S|TKL|cicr_; zZ6NMU0gdgK-zW!@&DLi!K1AW>w6sLPwqnm^uM7><`YvJiz%HV2L zStZFOHAa|eH3j1%qBO-Fnuf0++>kPirMf3Nr`X;vfvnh~isUQk1CQKk#A^01KJY+1RPPmc0kRC&vsFjHwA=`(Kuofdh69Z&?vriIIHKrOgRxJ z(advqLH<>PJr$2xkI1noQA*qsrpK~lH)7LmHO}pGY{1y=xKfwY^vdv3Xv(@m>fky# z(@0`CmUpvmiDNk8E2z6d0wwc8I1~Mu{LxsgHv3U9*(F}7t=yM-knoBOn>kOvqt?O% z^Yk)2iRQU71KUSqEG_!2o$tVB)bN5&6B@n6MdX|7X?*SFz*b;J*zsQHS94?|ZXW5B zqJl#$FXX@D_p9a$Dp!(^zaY03u=9(XVwBJufDU5^t!%N|h^+}6(veZPye=0^F43?8}n++ zv`JqUWK0#Q(@sA0@wPnb9WVEo3{pz3CL>z<$S-8~7~QScfz7*_tgor8FU{{YBnUl| zXbG?Rj6ae}+SkAanh#-Svkk_$Qmrwvibv{0>e%`cc&~M>Vn5QA#&Rj+82m(zQZB-E z#Zs~Bk0%?B>GP8kr83k16qNG+OExlZD!pFWlWQI|{kjXYW zi`jJ}57c64UU>LwJhq+S0`{xy>bF%iZcO7jB0vW}_E!Y_H(3KnkJT84%s&126hYBn zARrJvWsRJprKP#ce}s&_YF~Ud^Y^Zr#t&whLkYgcJFOC#Ksp$I;XJ)pv>2=tdh|XWk@>b(VFw2VRBVOs z?ykPtN$;Gge6|+OROCrSLesEsRM1;Z1z&5Wl8C25szZQ4tL?4DM?N{^|?{@pBaXlGp3<}%#KVEs(j4$q8o(og+O62G7q!C|MPzdivhXx#1}3~* zt#43DZ@@XB56jLTJ-<657!3S%pJ0j32MAg*A+R2SU+|l0H+Cj$A+CkOL(Z$%( z{QuQX{-M5~K|G;+(J9+sG}|TqiY%fkoVu^3xrQc3ani(tzql{6ir6%EmZY)I{_$qv zk7k-Xma<I zWJE=3ovuL3rAN^F)#`&Of#^W4K^=wS)mEm*tIz#1Wh8}U8rDFpbeclwF%zrPG_x1{ zDu-!lo+f{1m5QC6_hN;>u)k}0>}A`@VhIm8rhoQ>&gl_(gcBz+3m!Ac*^KA4%xr_R zqdJr>m#E9!H6?XP1N89!-gO2TqcPlwQUlVT!NUfu6GR3FB2hc-St+U-^h8*IoL!Q_ z9@A1m>>Gbq(7L2}GWE%?)=!i$K;~dz7hEGV0hdWTm)MD+ zGlEH##!pO=o46>M!#?6nIX?490%$J^qOAUw@9w z_l}h&5cyGj<$!EZkwyD`=<3B}_IDBXQ1q5#tRDV5?V*I%aE$2(vV2}lteDoDQ;>m}72qsJWMH>~ph~NKt|aO=%L62Up(aYOJ1esT1L^ zOZRp?>3+0chNh_}+fBFmNEO?%!`zMQWB{9M{c(z;`0v%;wLk)ajxHs*Xiw->b)SmX zIE63+O)tx>xT z`vz3CD08u@D3t1bhLDMq6htPo`TM7_tsd^ zwa+r4b|x{!o#Bt117PWge6giMW5r4E%Eo&UDk$rM4daBnYkWKrK*dsNwOHB~EOf%p z-lgrzw#*`Zf+o|H%Mipt^U5@@@XIzbe+m2}kf3pDT*3yMl8N0%)~1i|BK$LBHV*Sj znDrD&ad&rmJ@WZlyIkMP2aS-Zu30Q$G|=G%P}@BmdtE$8SYsjKC%@4Z5}aA#L{JTI zXU#xDuT5Yu>uLUipk601 z`sTsmEBLm#BOf9xLWAA z*HG_Fw?$H~v*ZYG6fyOvm2*vVI7LTNBm;3w%#_dan6&)bh1-$K@uw znyQo6IoGVK=cDa?d+1+`r|^SeVa!K1N6upfl+%q)LZ6qk@R?PMkBDOnSDo>J#+~GK12$7f%QC`?@wkS(I^NVoC$eH2 z3x=_X9_8{_1`pOt?p+hdjt?oSDs|m8OmfSwHIs|VZ+eSgfF(Bpl(X-k5YPuno{FHQ zxrQ&|iPoxA`ZI?|$o& zFbX@821go#7ACI!j>Syf!3+$4z`Kd(jX1MZbz+8q8E^TzW38$q-hLKtYx(aczwmE! z3MA{^jX$*M6q{k9yU^v=UcEO&9?Dv>h9_UDEp2mbwK_ZlaVSPf*M3haMI{kELahL7 zYfWc6qo!)?xULH%>WoUG3O7%d75g>>WWV$Ye^Q%xk8*Ju;=5yPyZe0!i#Op?T+ zd$CRyZcWM3W|CsrzwjV*m(1Ll((COX5LCw!(sT;HgbJ`*GniqLrVm%<(#vOKwri`` zXM)s&2RE@&xt}!bi`=u+;l%>O_prFaIZ|yNp04-W-xqZ!@c<3yyP6mb-2t9%d`2+w zMH70(<3YV8C~*}ygcY=a+uZ#jaeKu%0(PXKnWNA(8O*1o;0g=bs>R0{wg5zXoULtB zY+p{kc#Gl<2qCJ(2N(vV#M^?e(Z&y=ZF4KGht@a<)W~2CXZYI-2IXJ?W z)1bHa4rBM!Hus3@_2qXW+-hhU3Z4hp!K0Q0)-}HQaD-GPldW}oDabw0<;(|-*D5AlDp@%#t?m3%|m2mk<-9RL6v005W4LIE9@2sr@`2sp{D z$;3et6qg=30UQavGrLQflo>ldw?jDrI0AnudJ#Q)dIaII^G}6xs?w75u$!l9jT@Fc z%i2MnMbD!(04RC9b%Zd{?~jPZ)2*VSF>-ybLkuRwxBW$A9>z$WK(lC_OMK&~xEnDYA52@D=!sn8q$A&Xq#H;x0%` zSO^-xe~7LGCDY#MbB>uD_BA#XmmFH8M8}xO*647^4F9>oi{}G%NV)+wsY4eD5cXUg{f)^G(;D#@`^Aa=if zu-V?IHh)y8gc29$ZbM4vP#QX~Q;}$8)VzR^M5n=cd#7T!JHDkdg*gOk3LRww(A(CG z@w+@mttQ!lse^L1e%tF;Dg^mD@HC-6qZ-aOaDK{rbwEXRC9(==yn)P5V$U zB66EvHka(7!afdxWY(=@QgPotv@?m3%|m2mk<-m#snpK?dSM0RR91n+hQE delta 572 zcmV-C0>l0Og$4A51%R{x*f2F zD=UmCM*OE;6FxJf|6-( z^f|{&4*MD#ic1bHQleu_WNUOd@Vn|qmv-fUjJ`obLLKI9U{FT0Co#rcrh6I0o zJ3g6>&p!08CwryMZ4wrmNxIoUALCM(tR-?tZ!$jU4e-x+a?m?HxNZNgWXc@VbYjpS zoESi7(ChvFyJ2;expjx}+}Qpf8Lk9MB{}v6#OJq&eV50mxgrkLv9nwW{*8o*vGMt%(|66Dz@8) zb}oh|DUP@W-xcW)OX(RPxJL={e}4-82TA`Mm*PPI$PFZ0W>-2TvC_~8004NGw?Y9y K2G~IX0001wc?Tr` diff --git a/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 b/workload/scripts/DSCStorageScripts/1.0.0/Script-DomainJoinStorage.ps1 similarity index 98% rename from workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 rename to workload/scripts/DSCStorageScripts/1.0.0/Script-DomainJoinStorage.ps1 index 2507c1331..894d71d9a 100644 --- a/workload/scripts/DSCStorageScripts/Script-DomainJoinStorage.ps1 +++ b/workload/scripts/DSCStorageScripts/1.0.0/Script-DomainJoinStorage.ps1 @@ -164,7 +164,7 @@ Catch { } Try { - Write-Log "setting up NTFS permission for FSLogix" + Write-Log "setting up NTFS permission for FSLogix or App attach" icacls ${DriveLetter}: /inheritance:r icacls ${DriveLetter}: /remove "BUILTIN\Administrators" icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)" @@ -186,7 +186,7 @@ Try { # Write-Log "Drive unmounted" } Catch { - Write-Log -Err "Error while setting up NTFS permission for FSLogix" + Write-Log -Err "Error while setting up NTFS permission for FSLogix or App attach" Write-Log -Err $_.Exception.Message Throw $_ } From ad5787da7454f36fd9687b4591496f734574c62c Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:16:54 -0600 Subject: [PATCH 057/117] updates --- workload/arm/deploy-baseline.json | 3 +-- workload/bicep/deploy-baseline.bicep | 1 - ...StorageScripts-old.zip => DSCStorageScripts.zip} | Bin 3 files changed, 1 insertion(+), 3 deletions(-) rename workload/scripts/{DSCStorageScripts-old.zip => DSCStorageScripts.zip} (100%) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index a903aac65..f2efe1e54 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "10646310332336668963" + "templateHash": "8712748689773639861" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1254,7 +1254,6 @@ "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", "varDiskEncryptionKeyExpirationInEpoch": "[dateTimeToEpoch(dateTimeAdd(parameters('time'), format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))))]", - "varAvdAgentPackageLocation": "[format('https://wvdportalstorageblob.blob.{0}/galleryartifacts/Configuration_09-08-2022.zip', environment().suffixes.storage)]", "varCreateStorageDeployment": "[if(or(parameters('createAvdFslogixDeployment'), equals(parameters('createMsixDeployment'), true())), true(), false())]", "varFslogixStorageSku": "[if(parameters('zoneRedundantStorage'), format('{0}_ZRS', parameters('fslogixStoragePerformance')), format('{0}_LRS', parameters('fslogixStoragePerformance')))]", "varMsixStorageSku": "[if(parameters('zoneRedundantStorage'), format('{0}_ZRS', parameters('msixStoragePerformance')), format('{0}_LRS', parameters('msixStoragePerformance')))]", diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 82ce880cb..24dad9911 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -541,7 +541,6 @@ var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/m var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) -var varAvdAgentPackageLocation = 'https://wvdportalstorageblob.blob.${environment().suffixes.storage}/galleryartifacts/Configuration_09-08-2022.zip' var varCreateStorageDeployment = (createAvdFslogixDeployment || createMsixDeployment == true) ? true : false var varFslogixStorageSku = zoneRedundantStorage ? '${fslogixStoragePerformance}_ZRS' : '${fslogixStoragePerformance}_LRS' var varMsixStorageSku = zoneRedundantStorage ? '${msixStoragePerformance}_ZRS' : '${msixStoragePerformance}_LRS' diff --git a/workload/scripts/DSCStorageScripts-old.zip b/workload/scripts/DSCStorageScripts.zip similarity index 100% rename from workload/scripts/DSCStorageScripts-old.zip rename to workload/scripts/DSCStorageScripts.zip From ef3ad40c3e044aa1ea5fd5de74cf81e8b13694b8 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:20:10 -0600 Subject: [PATCH 058/117] updates --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 8f112155b..f03749dac 100644 --- a/readme.md +++ b/readme.md @@ -29,7 +29,7 @@ As of today, we have a first reference implementation scenario that is one of th | Deployment Type | Link | |:--|:--| -| Azure portal UI |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json)| +| Azure portal UI |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json)| | Command line (Bicep/ARM) | [![Powershell/Azure CLI](./workload/docs/icons/powershell.png)](./workload/bicep/readme.md#avd-accelerator-baseline) | | Terraform | [![Terraform](./workload/docs/icons/terraform.png)](./workload/terraform/greenfield/readme.md) | @@ -66,7 +66,7 @@ Custom image is optimized using [Virtual Desktop Optimization Tool (VDOT)](https | Deployment Type | Link | |:--|:--| -| Azure portal UI | [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fids-updates%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) | +| Azure portal UI | [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fdeploy-custom-image.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-custom-image.json) | | Command line (Bicep/ARM) | [![Powershell/Azure CLI](./workload/docs/icons/powershell.png)](./workload/bicep/readme.md#optional-custom-image-build-deployment) | | Terraform | [![Terraform](./workload/docs/icons/terraform.png)](./workload/terraform/customimage) | From 66b80006821ce55b4332d720ed1dc243b560ff22 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:23:40 -0600 Subject: [PATCH 059/117] updates --- workload/bicep/modules/avdSessionHosts/deploy.bicep | 3 --- 1 file changed, 3 deletions(-) diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index cdbac8a78..c63e190ff 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -171,9 +171,6 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d name: '${namePrefix}${padLeft((i + countIndex), 4, '0')}' location: location timeZone: timeZone - // userAssignedIdentities: createAvdFslogixDeployment ? { - // '${storageManagedIdentityResourceId}': {} - // } : {} systemAssignedIdentity: (identityServiceProvider == 'AAD') ? true : false availabilityZone: useAvailabilityZones ? take(skip(varAllAvailabilityZones, i % length(varAllAvailabilityZones)), 1) : [] encryptionAtHost: encryptionAtHost From f8f3a3829b5568797b4cc3f609c8f5b7112c2f55 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 10:22:50 +0900 Subject: [PATCH 060/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 42 +++++++++++----------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 743fa8a7f..44fcfd203 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1455,16 +1455,6 @@ "defaultValue": "[if(not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), true, false)]", "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." }, - { - "name": "firewallSubnetInHubVirtualNetworkInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)]", - "options": { - "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the Hub vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", - "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", - "style": "info" - } - }, { "name": "firewallSubnetsInHubVirtualNetwork", "type": "Microsoft.Solutions.ArmApiControl", @@ -1486,12 +1476,22 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, + { + "name": "firewallSubnetInHubVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", + "options": { + "text": "A new subnet will be created in the Hub vNet and the firewall will be in this subnet. The subnet name must be 'AzureFirewallSubnet' and the subnet mask must be at least a /26.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, { "name": "firewallVirtualNetworkInfoBox", "type": "Microsoft.Common.InfoBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", "options": { - "text": "vNet peering will be created to firewall vNet with access to host pool", + "text": "When selecting existing vNet other than Hub vNet as the firewall location, vNet peering will be created to the vNet with access to host pool.", "uri": "https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop", "style": "info" } @@ -1544,16 +1544,6 @@ "required": true } }, - { - "name": "firewallSubnetInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork))]", - "options": { - "text": "If there is no existing subnet with the name 'AzureFirewallSubnet', a new subnet with this name will be created in the vNet. The firewall will be in this subnet, and the subnet name must be 'AzureFirewallSubnet'.", - "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", - "style": "info" - } - }, { "name": "firewallSubnets", "type": "Microsoft.Solutions.ArmApiControl", @@ -1575,6 +1565,16 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, + { + "name": "firewallSubnetInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets))]", + "options": { + "text": "A new subnet will be created in the vNet and the firewall will be in this subnet. The subnet name must be 'AzureFirewallSubnet' and the subnet mask must be at least a /26.", + "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", + "style": "info" + } + }, { "name": "firewallInfoBox", "type": "Microsoft.Common.InfoBox", From 4b212f249f9ae29cb3ebdf397cd7706d7c5109d4 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 9 Nov 2023 10:50:24 +0900 Subject: [PATCH 061/117] update ui --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 44fcfd203..0381adde6 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1453,7 +1453,7 @@ "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)))]", "label": "Deploy Azure Firewall in Hub vNet", "defaultValue": "[if(not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), true, false)]", - "toolTip": "Create Azure Firewall and Azure Firewall Policy in Hub vNet." + "toolTip": "Choose where to place the firewall, either in Hub vNet or another vNet." }, { "name": "firewallSubnetsInHubVirtualNetwork", @@ -1481,7 +1481,7 @@ "type": "Microsoft.Common.InfoBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "options": { - "text": "A new subnet will be created in the Hub vNet and the firewall will be in this subnet. The subnet name must be 'AzureFirewallSubnet' and the subnet mask must be at least a /26.", + "text": "A new subnet will be created in the Hub vNet and the firewall will be in this subnet. The subnet name must be 'AzureFirewallSubnet' and the address prefix must be smaller than or equal to 26.", "uri": "https://learn.microsoft.com/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet", "style": "info" } From 0cc7614011292ac3d3f5f9f28c331c263187cecc Mon Sep 17 00:00:00 2001 From: Jonathan Core <56272039+JCoreMS@users.noreply.github.com> Date: Thu, 9 Nov 2023 13:51:17 -0500 Subject: [PATCH 062/117] Update deploy.bicep Add param for display name and condition in resource deployment to use name if display name isn't providved. --- .../Microsoft.Insights/scheduledQueryRules/deploy.bicep | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep index 43b3fdf30..292baf4e3 100644 --- a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep +++ b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep @@ -4,6 +4,9 @@ param name string @description('Optional. Location for all resources.') param location string = resourceGroup().location +@description('Optional. The display name of the scheduled query rule.') +param alertDisplayName string = '' + @description('Optional. The description of the scheduled query rule.') param alertDescription string = '' @@ -91,7 +94,7 @@ resource queryRule 'Microsoft.Insights/scheduledQueryRules@2021-02-01-preview' = autoMitigate: (kind == 'LogAlert') ? autoMitigate : null criteria: criterias description: alertDescription - displayName: name + displayName: (alertDisplayName != null) ? alertDisplayName : name enabled: enabled evaluationFrequency: (kind == 'LogAlert' && !empty(evaluationFrequency)) ? evaluationFrequency : null muteActionsDuration: (kind == 'LogAlert' && !empty(suppressForMinutes)) ? suppressForMinutes : null From f1d2e167b3cb44c8a9e497fcd90af7c41b49bd65 Mon Sep 17 00:00:00 2001 From: Jonathan Core <56272039+JCoreMS@users.noreply.github.com> Date: Thu, 9 Nov 2023 13:53:48 -0500 Subject: [PATCH 063/117] Update deploy.bicep Edit condition for display name from -ne null to not empty. --- carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep index 292baf4e3..3266f2f72 100644 --- a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep +++ b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/deploy.bicep @@ -94,7 +94,7 @@ resource queryRule 'Microsoft.Insights/scheduledQueryRules@2021-02-01-preview' = autoMitigate: (kind == 'LogAlert') ? autoMitigate : null criteria: criterias description: alertDescription - displayName: (alertDisplayName != null) ? alertDisplayName : name + displayName: !empty(alertDisplayName) ? alertDisplayName : name enabled: enabled evaluationFrequency: (kind == 'LogAlert' && !empty(evaluationFrequency)) ? evaluationFrequency : null muteActionsDuration: (kind == 'LogAlert' && !empty(suppressForMinutes)) ? suppressForMinutes : null From e6a2bd514e2ca85ef5484ed14b65a1c0c1dbbc45 Mon Sep 17 00:00:00 2001 From: Jonathan Core <56272039+JCoreMS@users.noreply.github.com> Date: Thu, 9 Nov 2023 13:57:35 -0500 Subject: [PATCH 064/117] Update readme.md Added option for display name in table --- carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md index 341e81ca7..a56988ebb 100644 --- a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md +++ b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md @@ -32,6 +32,7 @@ This module deploys a scheduled query rule. | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | | `actions` | array | `[]` | | Actions to invoke when the alert fires. | +| `alertDisplayName` | string | `''` | | The display name of the scheduled query rule. | | `alertDescription` | string | `''` | | The description of the scheduled query rule. | | `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | | `enabled` | bool | `True` | | The flag which indicates whether this scheduled query rule is enabled. | From 61db8dbb66db0c2518209cb7d1e62c0cda328f44 Mon Sep 17 00:00:00 2001 From: Jonathan Core <56272039+JCoreMS@users.noreply.github.com> Date: Thu, 9 Nov 2023 14:01:41 -0500 Subject: [PATCH 065/117] Update readme.md Add display name to bicep and json examples --- carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md index a56988ebb..7642ef048 100644 --- a/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md +++ b/carml/1.3.0/Microsoft.Insights/scheduledQueryRules/readme.md @@ -214,6 +214,7 @@ module scheduledQueryRules './Microsoft.Insights/scheduledQueryRules/deploy.bice ] // Non-required parameters alertDescription: 'My sample Alert' + alertDisplayName: 'My alert friendly name' autoMitigate: false enableDefaultTelemetry: '' evaluationFrequency: 'PT5M' @@ -291,6 +292,9 @@ module scheduledQueryRules './Microsoft.Insights/scheduledQueryRules/deploy.bice "alertDescription": { "value": "My sample Alert" }, + "alertDisplayName": { + "value": "My alert friendly name" + }, "autoMitigate": { "value": false }, From ac899804809c2d2c55c79c10cad022a84d036eb2 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Fri, 10 Nov 2023 21:09:51 -0600 Subject: [PATCH 066/117] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 79a37ccaf..4e1369618 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -134,7 +134,8 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts skuName: storageSku allowBlobPublicAccess: false publicNetworkAccess: deployPrivateEndpoint ? 'Disabled' : 'Enabled' - kind: ((storageSku =~ 'Premium_LRS') || (storageSku =~ 'Premium_ZRS')) ? 'FileStorage' : 'StorageV2' + kind: ((storageSku == 'Premium_LRS') || (storageSku == 'Premium_ZRS')) ? 'FileStorage' : 'StorageV2' + largeFileSharesState: (storageSku == 'Standard_LRS') || (storageSku == 'Standard_ZRS') ? 'Enabled': 'Disabled' azureFilesIdentityBasedAuthentication: { directoryServiceOptions: varDirectoryServiceOptions activeDirectoryProperties: (identityServiceProvider == 'AAD') ? { From a88b0f225a5a83fb0ae5e1e32ea3e5f9682ae777 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Fri, 10 Nov 2023 21:17:18 -0600 Subject: [PATCH 067/117] updates --- workload/arm/deploy-baseline.json | 1670 +++++++++++++++-------------- 1 file changed, 836 insertions(+), 834 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index f2efe1e54..2770349dd 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8712748689773639861" + "version": "0.23.1.45101", + "templateHash": "9343455469510936561" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - }, - "maxLength": 4, - "minLength": 2 + } }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - }, "allowedValues": [ "Dev", "Test", "Prod" - ] + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, + "minValue": 30, + "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - }, - "minValue": 30, - "maxValue": 730 + } }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ] + ], + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } }, "createIntuneEnrollment": { "type": "bool", @@ -152,13 +152,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + } }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -174,24 +174,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + } }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + } }, "hostPoolMaxSessions": { "type": "int", @@ -392,11 +392,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, + "minValue": 1, + "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - }, - "maxValue": 100, - "minValue": 1 + } }, "avdSessionHostCountIndex": { "type": "int", @@ -436,24 +436,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + } }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + } }, "diskZeroTrust": { "type": "bool", @@ -486,14 +486,14 @@ "securityType": { "type": "string", "defaultValue": "TrustedLaunch", - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ] + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } }, "secureBootEnabled": { "type": "bool", @@ -512,9 +512,6 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -524,7 +521,10 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ] + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } }, "managementVmOsImage": { "type": "string", @@ -564,194 +564,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", + "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - }, - "maxLength": 90 + } }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - }, - "maxLength": 90 + } }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - }, - "maxLength": 90 + } }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - }, - "maxLength": 90 + } }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", + "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - }, - "maxLength": 90 + } }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", + "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - }, - "maxLength": 64 + } }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", + "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - }, - "maxLength": 11 + } }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", + "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - }, - "maxLength": 9 + } }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", + "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - }, - "maxLength": 2 + } }, "fslogixFileShareCustomName": { "type": "string", @@ -770,34 +770,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv-sec", + "maxLength": 6, "metadata": { "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv-sec)" - }, - "maxLength": 6 + } }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", + "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - }, - "maxLength": 6 + } }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", + "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - }, - "maxLength": 5 + } }, "ztKvPrefixCustomName": { "type": "string", "defaultValue": "kv-key", + "maxLength": 6, "metadata": { "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" - }, - "maxLength": 6 + } }, "createResourceTags": { "type": "bool", @@ -816,29 +816,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - }, "allowedValues": [ "Light", "Medium", "High", "Power" - ] + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ] + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } }, "departmentTag": { "type": "string", @@ -850,16 +850,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ] + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1547,8 +1547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -1568,14 +1568,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -1656,8 +1656,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -1670,13 +1670,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -1786,8 +1786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2147,8 +2147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2168,14 +2168,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2256,8 +2256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -2270,13 +2270,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2386,8 +2386,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2742,8 +2742,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2763,14 +2763,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2851,8 +2851,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -2865,13 +2865,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2981,8 +2981,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -3355,8 +3355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16933483947927654925" + "version": "0.23.1.45101", + "templateHash": "10265430126183385998" } }, "parameters": { @@ -3479,8 +3479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -3500,14 +3500,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -3588,8 +3588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -3602,13 +3602,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -3718,8 +3718,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -4079,8 +4079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9723296804992458231" + "version": "0.23.1.45101", + "templateHash": "15031312632057308059" } }, "parameters": { @@ -4169,8 +4169,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "maxValue": 730, "minValue": 0, + "maxValue": 730, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4229,8 +4229,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4273,14 +4273,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -4473,8 +4473,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1015616738226483875" + "version": "0.23.1.45101", + "templateHash": "15258493604851481315" } }, "parameters": { @@ -4617,8 +4617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9976669288431551452" + "version": "0.23.1.45101", + "templateHash": "8116463202302820849" } }, "parameters": { @@ -4751,8 +4751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3402933947779868845" + "version": "0.23.1.45101", + "templateHash": "4881003164746404595" } }, "parameters": { @@ -4886,8 +4886,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12988075953101096314" + "version": "0.23.1.45101", + "templateHash": "14365252475725366454" } }, "parameters": { @@ -5058,15 +5058,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3289166297924789550" + "version": "0.23.1.45101", + "templateHash": "17250399248258895412" } }, "parameters": { "name": { "type": "string", - "maxLength": 63, "minLength": 4, + "maxLength": 63, "metadata": { "description": "Required. The data export rule name." } @@ -5205,8 +5205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -5432,8 +5432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1145398762062008037" + "version": "0.23.1.45101", + "templateHash": "219986384503122327" } }, "parameters": { @@ -5477,8 +5477,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 730, "minValue": -1, + "maxValue": 730, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5500,8 +5500,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 2555, "minValue": -1, + "maxValue": 2555, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5601,8 +5601,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15503229472224280826" + "version": "0.23.1.45101", + "templateHash": "10708379588686916495" } }, "parameters": { @@ -5752,8 +5752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7352784420507326330" + "version": "0.23.1.45101", + "templateHash": "6190525379812728386" } }, "parameters": { @@ -5964,8 +5964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16579532157576436548" + "version": "0.23.1.45101", + "templateHash": "2155605377371361902" } }, "parameters": { @@ -6296,8 +6296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -6479,8 +6479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5539435599928560626" + "version": "0.23.1.45101", + "templateHash": "6105432212734897298" } }, "parameters": { @@ -6658,8 +6658,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -6927,8 +6927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -7007,8 +7007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7759814680098607558" + "version": "0.23.1.45101", + "templateHash": "12579875714884369933" } }, "parameters": { @@ -7479,8 +7479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -7712,8 +7712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -8022,8 +8022,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13214055304476289623" + "version": "0.23.1.45101", + "templateHash": "15620658803890882460" } }, "parameters": { @@ -8358,8 +8358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -8421,14 +8421,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -8622,8 +8622,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -8867,8 +8867,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9082,8 +9082,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -9145,14 +9145,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9346,8 +9346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -9591,8 +9591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9797,8 +9797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4126277245845030634" + "version": "0.23.1.45101", + "templateHash": "17265889212529350267" } }, "parameters": { @@ -9818,14 +9818,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9920,8 +9920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9764104744913843180" + "version": "0.23.1.45101", + "templateHash": "1115677000975531972" } }, "parameters": { @@ -10127,8 +10127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10162,14 +10162,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10267,8 +10267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10476,8 +10476,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10511,14 +10511,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10616,8 +10616,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10839,8 +10839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10436531327774101026" + "version": "0.23.1.45101", + "templateHash": "17281867178107781537" } }, "parameters": { @@ -10901,21 +10901,21 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ] + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, + "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - }, - "maxValue": 30 + } }, "diagnosticStorageAccountId": { "type": "string", @@ -10948,14 +10948,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -11173,8 +11173,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12913964363513527115" + "version": "0.23.1.45101", + "templateHash": "17626849906838193825" } }, "parameters": { @@ -11366,8 +11366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1508597549221173835" + "version": "0.23.1.45101", + "templateHash": "12693477980850797625" } }, "parameters": { @@ -11589,8 +11589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -11755,8 +11755,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -11916,8 +11916,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7449417204208520653" + "version": "0.23.1.45101", + "templateHash": "17072359188298457640" } }, "parameters": { @@ -12153,8 +12153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12241,8 +12241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12329,8 +12329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12417,8 +12417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" } }, "parameters": { @@ -12594,8 +12594,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10975402800010178371" + "version": "0.23.1.45101", + "templateHash": "7326746777556089250" } }, "parameters": { @@ -12703,13 +12703,13 @@ }, "hostPoolType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "preferredAppGroupType": { "type": "string", @@ -12725,23 +12725,23 @@ }, "personalAssignType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "hostPoolLoadBalancerType": { "type": "string", - "metadata": { - "description": "AVD host pool load balacing type." - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type." + } }, "hostPoolMaxSessions": { "type": "int", @@ -12873,8 +12873,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14753481159691076868" + "version": "0.23.1.45101", + "templateHash": "9101196936359798595" } }, "parameters": { @@ -13014,14 +13014,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13265,8 +13265,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2314964423044495570" + "version": "0.23.1.45101", + "templateHash": "11881426718765556693" } }, "parameters": { @@ -13483,8 +13483,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "782391975946165786" + "version": "0.23.1.45101", + "templateHash": "8289764189113901043" } }, "parameters": { @@ -13570,14 +13570,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13736,8 +13736,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7203259033747042619" + "version": "0.23.1.45101", + "templateHash": "6540019795245021334" } }, "parameters": { @@ -13775,14 +13775,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ] + ], + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + } }, "commandLineArguments": { "type": "string", @@ -13914,8 +13914,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1752140700494840741" + "version": "0.23.1.45101", + "templateHash": "17185902162980736485" } }, "parameters": { @@ -14121,8 +14121,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "324317554219687604" + "version": "0.23.1.45101", + "templateHash": "18193795661906928784" } }, "parameters": { @@ -14191,14 +14191,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14350,8 +14350,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6421047844253253523" + "version": "0.23.1.45101", + "templateHash": "18390062164382385549" } }, "parameters": { @@ -14571,8 +14571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17010593045994332917" + "version": "0.23.1.45101", + "templateHash": "6877120515836824501" } }, "parameters": { @@ -14614,12 +14614,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "Optional. The type of hostpool where this scaling plan should be applied." - }, "allowedValues": [ "Pooled" - ] + ], + "metadata": { + "description": "Optional. The type of hostpool where this scaling plan should be applied." + } }, "exclusionTag": { "type": "string", @@ -14839,8 +14839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12892308842611713996" + "version": "0.23.1.45101", + "templateHash": "9763204850902124901" } }, "parameters": { @@ -15068,8 +15068,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9066192464594903933" + "version": "0.23.1.45101", + "templateHash": "12068153438455870485" } }, "parameters": { @@ -15229,8 +15229,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -15251,14 +15251,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -15352,8 +15352,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -15546,8 +15546,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -16126,8 +16126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -16704,8 +16704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -17287,8 +17287,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -17867,8 +17867,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -18447,8 +18447,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -19078,8 +19078,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3496664578163970555" + "version": "0.23.1.45101", + "templateHash": "10865746163538598377" } }, "parameters": { @@ -19245,8 +19245,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -19434,8 +19434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -19704,8 +19704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -19798,8 +19798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -20068,8 +20068,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -20138,8 +20138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -20722,8 +20722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -21303,8 +21303,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -21325,14 +21325,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -21426,8 +21426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -21617,8 +21617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -22227,8 +22227,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17450213271810432516" + "version": "0.23.1.45101", + "templateHash": "9816348956723829998" } }, "parameters": { @@ -22368,8 +22368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -22497,8 +22497,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -22534,14 +22534,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -22738,8 +22738,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -22870,8 +22870,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -23007,8 +23007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -23202,8 +23202,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -23385,8 +23385,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -23588,8 +23588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -23655,14 +23655,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -23785,8 +23785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -23798,8 +23798,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -23920,8 +23920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -24134,8 +24134,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -24365,8 +24365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -24548,8 +24548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -24751,8 +24751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9857842888967195839" + "version": "0.23.1.45101", + "templateHash": "7373774482178055452" } }, "parameters": { @@ -24779,14 +24779,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "keyVaultResourceId": { "type": "string", @@ -24962,8 +24962,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2377303483140510674" + "version": "0.23.1.45101", + "templateHash": "13893883968059192139" } }, "parameters": { @@ -25038,8 +25038,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1764649882380429233" + "version": "0.23.1.45101", + "templateHash": "2571756615431841166" } }, "parameters": { @@ -25110,8 +25110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -25241,8 +25241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "205693325076049461" + "version": "0.23.1.45101", + "templateHash": "14656496075889817854" } }, "parameters": { @@ -25509,8 +25509,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -25638,8 +25638,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -25675,14 +25675,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -25879,8 +25879,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -26011,8 +26011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -26148,8 +26148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -26343,8 +26343,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -26526,8 +26526,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -26729,8 +26729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -26796,14 +26796,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -26926,8 +26926,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -26939,8 +26939,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -27061,8 +27061,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -27275,8 +27275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -27527,8 +27527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11864719595815359922" + "version": "0.23.1.45101", + "templateHash": "16306650625703107232" } }, "parameters": { @@ -27808,8 +27808,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -28262,14 +28262,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -28644,8 +28644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -28799,8 +28799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -28920,14 +28920,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -29115,8 +29115,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -29367,8 +29367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -29430,14 +29430,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -29455,14 +29455,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -29652,8 +29652,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -29871,8 +29871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30077,8 +30077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30278,8 +30278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30484,8 +30484,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30680,8 +30680,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -30876,8 +30876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31076,8 +31076,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31284,8 +31284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31485,8 +31485,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -31689,8 +31689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -31721,9 +31721,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -31735,7 +31732,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -31855,8 +31855,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -32138,8 +32138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "563121401085397173" + "version": "0.23.1.45101", + "templateHash": "13591692348976261694" } }, "parameters": { @@ -32371,7 +32371,8 @@ "value": false }, "publicNetworkAccess": "[if(parameters('deployPrivateEndpoint'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", - "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", + "kind": "[if(or(equals(parameters('storageSku'), 'Premium_LRS'), equals(parameters('storageSku'), 'Premium_ZRS')), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", + "largeFileSharesState": "[if(or(equals(parameters('storageSku'), 'Standard_LRS'), equals(parameters('storageSku'), 'Standard_ZRS')), createObject('value', 'Enabled'), createObject('value', 'Disabled'))]", "azureFilesIdentityBasedAuthentication": { "value": { "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", @@ -32410,17 +32411,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -32453,23 +32454,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -32479,30 +32477,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -32624,14 +32625,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -32699,14 +32700,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -32958,8 +32959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -33153,8 +33154,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -33220,14 +33221,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -33350,8 +33351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -33363,8 +33364,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -33485,8 +33486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -33692,17 +33693,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -33816,17 +33817,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -33974,17 +33975,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -34017,8 +34018,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34195,17 +34196,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -34223,14 +34224,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -34309,17 +34310,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -34437,8 +34438,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -34675,17 +34676,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -34714,8 +34715,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -34899,17 +34900,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -34934,25 +34935,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -35028,8 +35029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -35267,17 +35268,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -35289,8 +35290,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35464,17 +35465,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -35561,8 +35562,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -35797,17 +35798,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -35819,8 +35820,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35988,17 +35989,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36174,8 +36175,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17031945091476279498" + "version": "0.23.1.45101", + "templateHash": "4048736729822728060" } }, "parameters": { @@ -36345,8 +36346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "563121401085397173" + "version": "0.23.1.45101", + "templateHash": "13591692348976261694" } }, "parameters": { @@ -36578,7 +36579,8 @@ "value": false }, "publicNetworkAccess": "[if(parameters('deployPrivateEndpoint'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", - "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", + "kind": "[if(or(equals(parameters('storageSku'), 'Premium_LRS'), equals(parameters('storageSku'), 'Premium_ZRS')), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", + "largeFileSharesState": "[if(or(equals(parameters('storageSku'), 'Standard_LRS'), equals(parameters('storageSku'), 'Standard_ZRS')), createObject('value', 'Enabled'), createObject('value', 'Disabled'))]", "azureFilesIdentityBasedAuthentication": { "value": { "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", @@ -36617,17 +36619,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -36660,23 +36662,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -36686,30 +36685,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -36831,14 +36833,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -36906,14 +36908,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -37165,8 +37167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -37360,8 +37362,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -37427,14 +37429,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -37557,8 +37559,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -37570,8 +37572,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -37692,8 +37694,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -37899,17 +37901,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -38023,17 +38025,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38181,17 +38183,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -38224,8 +38226,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38402,17 +38404,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38430,14 +38432,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -38516,17 +38518,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -38644,8 +38646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -38882,17 +38884,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38921,8 +38923,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39106,17 +39108,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -39141,25 +39143,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -39235,8 +39237,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -39474,17 +39476,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -39496,8 +39498,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39671,17 +39673,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -39768,8 +39770,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -40004,17 +40006,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -40026,8 +40028,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40195,17 +40197,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40381,8 +40383,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17031945091476279498" + "version": "0.23.1.45101", + "templateHash": "4048736729822728060" } }, "parameters": { @@ -40494,8 +40496,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14889137037653853520" + "version": "0.23.1.45101", + "templateHash": "1483242996907610497" } }, "parameters": { @@ -40573,8 +40575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11940163391569342138" + "version": "0.23.1.45101", + "templateHash": "9592547259644072861" } }, "parameters": { @@ -40622,14 +40624,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -40731,8 +40733,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10835079600690809858" + "version": "0.23.1.45101", + "templateHash": "5076096840451227372" } }, "parameters": { @@ -41042,8 +41044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1891310422586033958" + "version": "0.23.1.45101", + "templateHash": "10741628395495815450" } }, "parameters": { @@ -41432,8 +41434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -41886,14 +41888,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -42268,8 +42270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -42423,8 +42425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -42544,14 +42546,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -42739,8 +42741,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -42991,8 +42993,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -43054,14 +43056,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -43079,14 +43081,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -43276,8 +43278,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -43495,8 +43497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -43701,8 +43703,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -43902,8 +43904,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44108,8 +44110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44304,8 +44306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44500,8 +44502,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44700,8 +44702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -44908,8 +44910,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45109,8 +45111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45313,8 +45315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -45345,9 +45347,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -45359,7 +45358,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -45479,8 +45481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -45719,8 +45721,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -45939,8 +45941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -46154,8 +46156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17926581562507911667" + "version": "0.23.1.45101", + "templateHash": "16467384531279284955" } }, "parameters": { @@ -46326,8 +46328,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "231872691044961836" + "version": "0.23.1.45101", + "templateHash": "2295716801014819460" } }, "parameters": { @@ -46419,8 +46421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -46594,8 +46596,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -46863,8 +46865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { From 6cf9759d996f11145dec8a9303663eee944f7349 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 05:48:15 -0600 Subject: [PATCH 068/117] updates --- .../brownfield/portalUiAddSessionHosts.json | 2012 +++++++++++++++++ .../scripts/Set-SessionHostConfiguration.ps1 | 6 +- 2 files changed, 2015 insertions(+), 3 deletions(-) create mode 100644 workload/portal-ui/brownfield/portalUiAddSessionHosts.json diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json new file mode 100644 index 000000000..995d0dbbd --- /dev/null +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -0,0 +1,2012 @@ +{ + "$schema": "", + "view": { + "kind": "Form", + "properties": { + "isWizard": false, + "title": "Azure Virtual Desktop - Landing Zone Accelerator (LZA) - Baseline", + "steps": [ + { + "name": "basics", + "label": "Deployment Basics", + "elements": [ + { + "name": "infoPreReq", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "PREREQUISITES REQUIRED \n\nThere are prerequisites that must be setup in your Azure environment to successfully deploy this Azure Virtual Desktop Landing Zone Accelerator. Click here to review the prerequisites in the Getting Started guide.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md", + "style": "Warning" + } + }, + { + "name": "infoPreReqCheckbox", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites", + "defaultValue": false, + "toolTip": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites.", + "constraints": { + "required": true + } + }, + { + "name": "deploymentInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "style": "Info", + "text": "The subscription selected in the 'Project details' section below will be used to deploy all resources. \n\nThe region selected in 'Instance details' section below will be used to deploy the Azure Virtual Desktop management plane resources (workspace, host pool, and application group, etc.). These resource types are not available in all regions, but they are globally replicated.\n\nThe session hosts do not have to be deployed to the same region, therefore you will have the option to select that region on the 'Session Hosts' blade.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/data-locations" + } + }, + { + "name": "resourceScope", + "type": "Microsoft.Common.ResourceScope", + "location": { + "resourceTypes": [ + "Microsoft.DesktopVirtualization/workspaces" + ] + } + }, + { + "name": "resourceGroupsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').resourceScope.subscription.id, '/resourceGroups?api-version=2021-04-01')]" + } + }, + { + "name": "ComputeResourceGroup", + "type": "Microsoft.Common.DropDown", + "label": "Pool compute resource group", + "multiselect": false, + "defaultValue": "", + "toolTip": "Select the name of the existing resource group where the host pool compute resources will be deployed.", + "constraints": { + "allowedValues": "[map(steps('basics').resourceGroupsApi.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "infoMessages": [], + "visible": true + }, + { + "name": "infoResourceGroupNaming", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Azure Virtual Desktop Landing Zones will create the resource group hierarchy under the subscriptions with the prefix provided in this step.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/management-group-and-subscription-organization" + } + } + }, + { + "name": "deploymentSpecs", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Deployment Specs", + "elements": [ + { + "name": "deploymentPrefix", + "type": "Microsoft.Common.TextBox", + "label": "Prefix", + "toolTip": "Provide a prefix (max 4 characters) for the resource groups and resources created as part of Azure Virtual Desktop landing zones.", + "placeholder": "Example: app1", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,4}$", + "validationMessage": "The prefix must be 1-4 characters." + } + }, + { + "name": "deploymentEnvironment", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Environment", + "defaultValue": "Development", + "toolTip": "Select the type of environment (Development (d), Test (t), Production (p)) that will be deployed, this information will be use as part of the resources naming.", + "constraints": { + "allowedValues": [ + { + "label": "Development", + "value": "Dev" + }, + { + "label": "Test", + "value": "Test" + }, + { + "label": "Production", + "value": "Prod" + } + ] + } + } + ] + } + ] + }, + { + "name": "identity", + "label": "Identity", + "elements": [ + { + "name": "identityInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Azure Virtual Desktop LZA deployment expects identity service to be already available in the current Azure estate.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication#identities", + "style": "Info" + } + }, + { + "name": "identityDomainInformation", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Domain to join", + "elements": [ + { + "name": "identityServiceProvider", + "type": "Microsoft.Common.OptionsGroup", + "visible": true, + "label": "Identity service provider", + "defaultValue": "Active Directory (AD DS)", + "toolTip": "Identity service provider (ADDS or AADDS) that already exist and will be used for Azure Virtual Desktop.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Microsoft Entra ID", + "value": "AAD" + }, + { + "label": "Active Directory (AD DS)", + "value": "ADDS" + }, + { + "label": "Microsoft Entra Domain Services", + "value": "AADDS" + } + ] + } + }, + { + "name": "identityServiceProviderIntuneEnrollment", + "type": "Microsoft.Common.CheckBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "label": "Intune enrollment", + "defaultValue": false, + "toolTip": "If Intune is configured in your Microsoft Entra ID tenant, you can choose to have the VM automatically enrolled during the deployment by selecting this box." + }, + { + "name": "identityServiceProviderInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "options": { + "text": "Identity service provider must already exist, as they are a prerequisite for the Azure Virtual Desktop LZA deployment.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started.md", + "style": "Info" + } + } + ] + }, + { + "name": "identityAvdAccess", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Azure Virtual Desktop access assignment", + "elements": [ + { + "name": "groupsApi", + "type": "Microsoft.Solutions.GraphApiControl", + "request": { + "method": "GET", + "path": "/v1.0/groups?$top=999" + } + }, + { + "name": "identityAvdUserAccessGroupDropDown", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox)]", + "label": "Groups", + "defaultValue": "", + "filter": true, + "toolTip": "Select the desired group to give access to Azure Virtual Desktop resources and if applicable to FSLogix file share", + "multiselect": false, + "constraints": { + "allowedValues": "[map(steps('identity').identityAvdAccess.groupsApi.value, (item) => parse(concat('{\"label\":\"', item.displayName, '\",\"value\": {\"name\":\"', item.displayName, '\",\"id\":\"', item.id, '\"}}')))]" + } + }, + { + "name": "identityAvdUserAccessGroupCheckBox", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Provide group details", + "defaultValue": false, + "toolTip": "When the desired group is not listed in the drop down, selecting this box will allow for entering the group's ObjectID and name. this information will be used to setup AVD access and FSLogix's file share NTFS permissions." + }, + { + "name": "identityAvdUserAccessGroupTextBox1", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "Name", + "toolTip": "Group name to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", + "placeholder": "Example: AVD-users" + }, + { + "name": "identityAvdUserAccessGroupTextBox2", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "Object ID", + "toolTip": "Group objectID to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", + "placeholder": "Example: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + } + ] + }, + { + "name": "identityCredentials", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Credentials", + "elements": [ + { + "name": "secretsKeyvault", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Key vault", + "toolTip": "Select the AVD LZA deployed keyvault that contains the local user and domain join credentials.", + "resourceType": "Microsoft.KeyVault/vaults", + "constraints": { + "required": true + } + }, + { + "name": "identityDomainJoinUserName", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Domain join principal name", + "placeholder": "Example: avdadmin@contoso.com", + "defaultValue": "", + "toolTip": "Provide username with permissions to join session host to the domain.", + "constraints": { + "required": true + } + }, + { + "name": "identityDomainJoinUserPassword", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Domain Join Password secret name", + "toolTip": "Provide keyvault secret name for domain join password.", + "defaultValue": "domainJoinUserPassword", + "constraints": { + "required": true + } + }, + { + "name": "identityLocalUserName", + "type": "Microsoft.Common.TextBox", + "label": "VM local admin username", + "toolTip": "Provide username for session host local admin account. Administrator can't be used as username, it is reserved by the system.", + "placeholder": "Example: avdadmin", + "defaultValue": "", + "constraints": { + "regex": "^(?!.*[aA]dministrator).*$", + "validationMessage": "This username can't be used, it is a reserved word.", + "required": true + } + }, + { + "name": "identityLocalUserPassword", + "type": "Microsoft.Common.TextBox", + "label": "VM local admin password secret name", + "toolTip": "Provide keyvault secret name for VM local admin password.", + "defaultValue": "vmLocalUserPassword", + "constraints": { + "required": true + } + } + ] + } + ] + }, + { + "name": "sessionHosts", + "label": "Session hosts", + "elements": [ + { + "name": "sessionHostsRegionSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "Region Settings", + "tooltip": "The section allows you to specify the region where the compute, storage, and key vault resources are deployed.", + "elements": [ + { + "name": "computeApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').resourceScope.subscription.id,'/providers/Microsoft.Compute/resourceTypes?api-version=2021-04-01')]" + } + }, + { + "name": "infoAvailZones", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "If you select 'Use availability zones' below, some regions may not be available for deployment of session hosts because not all regions support Availability Zones. \n\nThe 'Session hosts region' drop down will automatically update based on this selection. If the value changes to blank, select an alternate region or set 'Use availability zones' to 'No'.", + "uri": "https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support", + "style": "Info" + } + }, + { + "name": "sessionHostsAvailabilitySettings", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Availability zones", + "defaultValue": true, + "toolTip": "Distribute compute resources across availability zones. If 'No' is selected then an availability set will be created to host the VMs." + }, + { + "name": "sessionHostsRegion", + "type": "Microsoft.Common.DropDown", + "label": "Session hosts region", + "defaultValue": "[steps('basics').resourceScope.location.displayName]", + "filter": true, + "toolTip": "Select the region where the session hosts and required resources are to be deployed.", + "constraints": { + "required": true, + "allowedValues": "[if(equals(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings, false), map(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.locations)), (item) => parse(concat('{\"label\":\"', item, '\",\"value\":\"', toLower(replace(item, ' ', '')), '\"}'))), map(filter(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.zoneMappings)), (item) => equals(length(item.zones), 3)), (item) => parse(concat('{\"label\":\"', item.location, '\",\"value\":\"', toLower(replace(item.location, ' ', '')), '\"}'))))]" + } + } + ] + }, + { + "name": "sessionHostsComputeStorageSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "General settings", + "tooltip": "This settings apply to compute, storage, image management and key vault resources.", + "elements": [ + { + "name": "identityDomainOuPath", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Custom OU path (Optional)", + "toolTip": "Provide OU where to locate session hosts, if not provided session hosts will be placed on the default (computers) OU.", + "placeholder": "Example: OU=session-hosts,OU=avd,DC=contoso,DC=com", + "constraints": {} + } + ] + }, + { + "name": "sessionHostsSettingsSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "Session hosts settings", + "elements": [ + { + "name": "sessionHostSize", + "type": "Microsoft.Compute.SizeSelector", + "label": "VM Size", + "toolTip": "", + "recommendedSizes": [ + "Standard_D4ads_v5" + ], + "constraints": { + "allowedSizes": [], + "excludedSizes": [], + "required": true + }, + "options": { + "hideDiskTypeFilter": true + }, + "osPlatform": "Windows", + "imageReference": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "21h2-avd" + } + }, + { + "name": "sessionHostSizeInfobox", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "options": { + "text": "Session host virtual machine sizing guidelines.", + "uri": "https://learn.microsoft.com/windows-server/remote/remote-desktop-services/virtual-machine-recs", + "style": "Info" + } + }, + { + "name": "sessionHostsCount", + "type": "Microsoft.Common.TextBox", + "label": "VM count", + "toolTip": "Provide the number of session hosts to deploy (1-100).", + "defaultValue": 1, + "constraints": { + "required": true, + "regex": "^([1-9]|[1-9][0-9]|[1][0][0])$", + "validationMessage": "The count must be between 1-100 session hosts." + } + }, + { + "name": "sessionHostDiskType", + "type": "Microsoft.Common.DropDown", + "label": "OS Disk type", + "filter": true, + "defaultValue": "Premium", + "toolTip": "Select session host disk type to host the OS.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Standard", + "value": "Standard_LRS" + }, + { + "label": "Premium", + "value": "Premium_LRS" + } + ] + } + }, + { + "name": "sessionHostDiskZeroTrust", + "type": "Microsoft.Common.CheckBox", + "label": "Zero trust disk configuration", + "defaultValue": false, + "toolTip": "Enables disk encryption and Zero trust settings on management VM and session hosts disks" + }, + { + "name": "ssessionHostDiskZeroTrustWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust]", + "options": { + "text": "Zero trust disk encryption requires feature EncryptionAtHost of resource provider Microsoft.Compute to be registered in the subscription.", + "uri": "https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell", + "style": "Warning" + } + }, + { + "name": "acceleratedNetworking", + "type": "Microsoft.Common.CheckBox", + "label": "Enable accelerated networking", + "defaultValue": true, + "toolTip": "Enables low latency and high throughput on the network interface." + }, + { + "name": "warningAcceleratedNetworkingSupport", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource]", + "options": { + "text": "The Compute Gallery Image definition selected must have the 'isAcceleratedNetworkSupported' feature property set to 'true' if you enable accelerated networking on the session hosts.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md", + "style": "Warning" + } + } + ] + }, + { + "name": "sessionHostsOsSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "OS selection", + "elements": [ + { + "name": "sessionHostsImageSource", + "type": "Microsoft.Common.DropDown", + "label": "OS image source", + "filter": true, + "defaultValue": "Marketplace", + "toolTip": "Select marketplace or build custom image to deploy the session hosts.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Marketplace", + "value": false + }, + { + "label": "Compute Gallery", + "value": true + } + ] + } + }, + { + "name": "sessionHostsOsImage", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource)]", + "label": "OS version", + "filter": true, + "defaultValue": "Windows 11 22H2 (Gen2)", + "toolTip": "Select the operating system version of the session hosts.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Windows 10 21H2", + "value": "win10_21h2" + }, + { + "label": "Windows 10 21H2 - Office 365", + "value": "win10_21h2_office" + }, + { + "label": "Windows 10 22H2 (Gen2)", + "value": "win10_22h2_g2" + }, + { + "label": "Windows 10 22H2 - Office 365 (Gen2)", + "value": "win10_22h2_office_g2" + }, + { + "label": "Windows 11", + "value": "win11_21h2" + }, + { + "label": "Windows 11 - Office 365", + "value": "win11_21h2_office" + }, + { + "label": "Windows 11 22H2 (Gen2)", + "value": "win11_22h2" + }, + { + "label": "Windows 11 22H2 - Office 365 (Gen2)", + "value": "win11_22h2_office" + } + ] + } + }, + { + "name": "sessionHostsComputeGalleryImage", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource]", + "label": "Image", + "resourceType": "Microsoft.Compute/galleries/images", + "constraints": { + "required": true + } + } + ] + }, + { + "name": "sessionHostsSecuritySection", + "type": "Microsoft.Common.Section", + "visible": "[and(equals(steps('sessionHosts').deploySessionHosts, true), or(contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11'), contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'g2'), not(empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage))))]", + "label": "Security profile", + "elements": [ + { + "name": "sessionHostSecurityTypeWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage))]", + "options": { + "text": "Setting the Security Type to anything other than 'Standard' requires that the Azure Compute Gallery Image Definition be configured with the Security Type feature set to the appropriate value. You can determine if the image definition supports the required feature by reviewing the 'Properties' tab on the 'Overview' node of the Gallery Image Definition in the portal. If the image definition does not contain these feature options, then the deployment will fail.", + "uri": "https://learn.microsoft.com/azure/templates/microsoft.compute/galleries/images?pivots=deployment-language-bicep", + "style": "Warning" + } + }, + { + "name": "securityType", + "type": "Microsoft.Common.DropDown", + "label": "Security type", + "filter": true, + "defaultValue": "Trusted Launch Virtual Machines", + "toolTip": "Choose a type of security that matches your needs: Standard includes basic protections at no additional cost. Trusted launch virtual machines provide additional security features on Gen2 virtual machines to protect against persistent and advanced attacks.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Standard", + "value": "Standard" + }, + { + "label": "Trusted Launch Virtual Machines", + "value": "TrustedLaunch" + }, + { + "label": "Confidential Virtual Machines", + "value": "ConfidentialVM" + } + ] + } + }, + { + "name": "secureBootEnabled", + "type": "Microsoft.Common.CheckBox", + "visible": "[or(equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'TrustedLaunch'), equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'ConfidentialVM'))]", + "label": "Enable secure boot", + "defaultValue": true, + "toolTip": "Secure boot helps protect your VMs against boot kits, rootkits, and kernel-level malware." + }, + { + "name": "vTpmEnabled", + "type": "Microsoft.Common.CheckBox", + "visible": "[or(equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'TrustedLaunch'), equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'ConfidentialVM'))]", + "label": "Enable vTPM", + "defaultValue": true, + "toolTip": "Virtual Trusted Platform Module (vTPM) is TPM2.0 compliant and validates your VM boot integrity apart from securely storing keys and secrets." + } + ] + } + ] + }, + { + "name": "storage", + "label": "Storage", + "elements": [ + { + "name": "StorageDeploymentLocationAndAvailability", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Storage resources will be deployed on the same location on the Session Hosts section.", + "style": "Info" + } + }, + { + "name": "storageGeneralInfromation", + "type": "Microsoft.Common.Section", + "label": "General information:", + "visible": true, + "elements": [ + { + "name": "identityDomainName", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "label": "AD Domain name", + "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", + "placeholder": "Example: contoso.com", + "constraints": { + "required": true + } + } + ] + }, + { + "name": "storageFslogix", + "type": "Microsoft.Common.Section", + "label": "FSLogix configuration:", + "elements": [ + { + "name": "fslogixDeployment", + "type": "Microsoft.Common.CheckBox", + "label": "Configure FSLogix settings", + "defaultValue": true, + "toolTip": "Configure session host to use FSLogix." + }, + { + "name": "fslogixStorageAccountSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "FSLogix storage account", + "toolTip": "Select the FSLogix storage account.", + "resourceType": "Microsoft.Storage/storageAccounts", + "constraints": { + + + + + + + + "required": true + } + }, + { + "name": "fslogixStorageAccount", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "label": "AD Domain name", + "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", + "placeholder": "Example: contoso.com", + "constraints": { + "required": true + } + } + + ] + }, + { + "name": "StorageDeploymentDisabledAad", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "options": { + "text": "FSLogix storage for Microsoft Entra ID joined session hosts is currently only available for hybrid identities.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad", + "style": "Warning" + } + } + ] + }, + { + "name": "network", + "label": "Networking", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "virtualNetworklInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "options": { + "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, AADDS or AAD).", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication", + "style": "info" + } + }, + { + "name": "createAvdVirtualNetwork", + "type": "Microsoft.Common.OptionsGroup", + "visible": true, + "label": "Virtual network", + "defaultValue": "New", + "toolTip": "", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "virtualNetworkSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "vNet address range", + "toolTip": "Virtual network CIDR for Azure Virtual Desktop virtual machines and PaaS private endpoints", + "placeholder": "Example: 10.10.0.0/23", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } + }, + { + "name": "virtualNetworkAvdSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Azure Virtual Desktop subnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Virtual Desktop virtual machines", + "placeholder": "Example: 10.10.0.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } + }, + { + "name": "virtualNetworkDns", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Custom DNS servers", + "defaultValue": "", + "placeholder": "Example: 10.10.100.4,10.10.100.5", + "toolTip": "Enter multiple IPs separated by a comma, if not provided Azure provided DNS will be used. Azure default DNS server (168.63.129.16) will be added as a last resort.", + "constraints": { + "regex": "" + } + }, + { + "name": "existingVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "options": { + "text": "Existing network must has connectivity to identity and DNS services.", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "avdVirtualNetworkSelectorId", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "label": "Azure Virtual Desktop virtual network", + "resourceType": "Microsoft.Network/virtualNetworks", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" + } + } + }, + { + "name": "avdSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').avdVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkAvdSubnetSelectorName", + "label": "Azure Virtual Desktop subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').avdSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, + { + "name": "deployPrivateEndpointKeyvaultStorage", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Private endpoints (Key vault and Storage account)", + "defaultValue": true, + "toolTip": "Enables Private Endpoints for Key Vault and Storage Resources. It is recommended to use Azure Private Endpoints to keep all traffic to PaaS services on the Azure backbone." + }, + { + "name": "virtualNetworkPrivateEndpointSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "label": "Private endpoint subnet address prefix", + "toolTip": "Virtual network subnet CIDR for private endpoints", + "placeholder": "Example: 10.10.1.0/27", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-7]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 27." + } + }, + { + "name": "privateEndpointVirtualNetworkSelectorId", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "label": "Private endpoint virtual network", + "resourceType": "Microsoft.Network/virtualNetworks", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.displayName]" + } + } + }, + { + "name": "privateEndpointSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').privateEndpointVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkPrivateEndpointSubnetSelectorName", + "label": "Private endpoint subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').privateEndpointSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, + { + "name": "existingVirtualNetworkInfoBoxPrivateEndpointWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "options": { + "text": "Private endpoint network policy will need to be disabled on the existing subnet before deploying Azure Virtual Desktop LZA.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "virtualNetworkPrivateDnsZone", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('network').deployPrivateEndpointKeyvaultStorage]", + "label": "Azure private DNS zones", + "defaultValue": "Use existing", + "toolTip": "It is recommended to use Azure private DNS zones for private endpoint name spaces, private endpoints will be automatically created for PaaS services (Azure Files and Key Vault) if enabled, but the private DNS zones are required for name resolution of private edpoint DNS records.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Create new", + "value": true + }, + { + "label": "Use existing", + "value": false + } + ] + } + }, + { + "name": "privateDnsZoneSelectionWarning1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", + "options": { + "text": "When using private endpoints, creating a new Azure Virtual Desktop vNet, and providing custom DNS servers, existing Azure private DNS Zones MUST be linked to the vNet where the custom DNS servers are located, this is needed for the end-to-end setup of FSLogix and MSIX App Attach file shares to be successful. The DNS resolution requests will be sent to the custom DNS servers and its vNet is the one that needs to resolve private endpoint DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", + "options": { + "text": "When using private endpoints and creating a new Azure Virtual Desktop vNet and new private DNS zones, custom DNS servers may NOT be used in the new vNet as this will cause FSLogix and/or MSIX App Attach file shares deployments to fail. This happens because the private DNS zones will be linked to the newly created vNet and only this vNet will be able to resolve the private endpoints DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning3", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", + "options": { + "text": "When using private endpoints and an existing Azure Virtual Desktop vNet with custom DNS servers configured, existing private DNS zones MUST be linked to the vNet containing the custom DNS servers for FSLogix and/or MSIX App Attach file shares deployments to be successful, given DNS name resolution requests will go to custom DNS servers and their vNet will need to resolve private endpoints DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning4", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", + "options": { + "text": "When using private endpoints, an existing Azure Virtual Desktop vNet, and creating new private DNS zones, custom DNS servers may NOT be used (unless they are connected to the same vNet used for the Azure Virtual Desktop dpeloyment) in order for FSlogix/MSIX App Attach deployment to be successful, given that the private DNS zone will be linked to the existing vNet and this will be the only network able to resolve private endpoint DNS records.
***Note: selected options (existing vNet and create DNS zones) are only recommended when using Microsoft Entra ID as identity service provider.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo3", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo4", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneSelection", + "type": "Microsoft.Common.Section", + "visible": "[and(not(steps('network').virtualNetworkPrivateDnsZone), steps('network').deployPrivateEndpointKeyvaultStorage)]", + "elements": [ + { + "name": "virtualNetworkPrivateDnsZoneFilesSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "label": "Azure files", + "resourceType": "Microsoft.Network/privateDnsZones", + "constraints": { + "required": true + } + }, + { + "name": "virtualNetworkPrivateDnsZoneKeyvaultSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Key vault", + "resourceType": "Microsoft.Network/privateDnsZones", + "constraints": { + "required": true + } + }, + { + "name": "infoAzureDNSzones1", + "type": "Microsoft.Common.InfoBox", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "options": { + "text": "Private DNS zone name spaces:
Azure Files
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "infoAzureDNSzones2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "Private DNS zone name space:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + } + ] + }, + { + "name": "hubVirtualNetworkPeering", + "type": "Microsoft.Common.Section", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Existing hub vNet peering information", + "elements": [ + { + "name": "virtualNetworkPeeringInfoBox1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]", + "options": { + "text": "vNet peering will be created to existing vNet hub with access to identity and DNS services .", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "hubVirtualNetworkPeeringInfoBox2", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "options": { + "text": "vNet peering to identity services is not required when Microsoft Entra ID as identity service provider .", + "uri": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join", + "style": "info" + } + }, + { + "name": "hubVirtualNetworkSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "hubVirtualNetworkSub", + "type": "Microsoft.Common.DropDown", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Hub vNet Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "existingHubVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "existingHubVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Hub vNet", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "hubVirtualNetworkGateway", + "type": "Microsoft.Common.CheckBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Gateway on hub", + "defaultValue": false, + "toolTip": "This information will be used to set remote gateway settings on vNet peering." + } + ] + } + ] + }, + { + "name": "monitoring", + "label": "Monitoring", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "deployMonitoring", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Deploy monitoring", + "defaultValue": false, + "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace." + }, + { + "name": "deployMonitoringAlaWorkspace", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('monitoring').deployMonitoring]", + "label": "Log analytics workspace", + "defaultValue": "New", + "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "deployMonitoringNewAlaWorkspaceRetention", + "type": "Microsoft.Common.TextBox", + "visible": "[and(steps('monitoring').deployMonitoring, steps('monitoring').deployMonitoringAlaWorkspace)]", + "label": "Retention policy (Days)", + "toolTip": "Number of days data will be retained in the workspace.", + "defaultValue": 90, + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "alaWorkspaceExistingWorkspacesSelection", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[and(steps('monitoring').deployMonitoring, not(steps('monitoring').deployMonitoringAlaWorkspace))]", + "label": "Existing workspace", + "resourceType": "Microsoft.OperationalInsights/workspaces", + "constraints": { + "required": true + } + }, + { + "name": "deployMonitoringPolicies", + "type": "Microsoft.Common.CheckBox", + "visible": "[steps('monitoring').deployMonitoring]", + "label": "Deploy monitoring policies (subscription level)", + "defaultValue": false, + "toolTip": "Deploy monitoring policy and policy set definitions to set diagnostic settings on new deployed resources." + }, + { + "name": "deployMonitoringInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('monitoring').deployMonitoring]", + "options": { + "text": "Azure Virtual Desktop monitoring requires an existing Azure Log Analytics Workspace or the creation of a new one.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/azure-monitor", + "style": "Info" + } + }, + { + "name": "deployMonitoringInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('monitoring').deployMonitoring]", + "options": { + "text": "Deployment will configured all required settings to use the Azure Virtual Desktop insights workbook.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/azure-monitor?WT.mc_id=Portal-AppInsightsExtension", + "style": "Info" + } + } + ] + }, + { + "name": "resourceNaming", + "label": "Resource naming", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "resourceNamingInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Azure Virtual Desktop LZA default naming scheme is shown in this diagram.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/diagrams/avd-accelerator-resource-organization-naming.png", + "style": "Info" + } + }, + { + "name": "resourceNamingSelection", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Custom resource naming", + "defaultValue": false, + "toolTip": "When selected, the information provided will be used to name resources. When set to 'No' deployment will use the Azure Virtual Desktop LZA naming standard." + }, + { + "name": "resourceNamingWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "options": { + "text": "When using custom naming for resources, please make sure to follow naming rules and restrictions for Azure resources.", + "uri": "https://docs.microsoft.com/azure/azure-resource-manager/management/resource-name-rules", + "style": "Warning" + } + }, + { + "name": "resourceNamingAvdManagementPlane", + "type": "Microsoft.Common.Section", + "label": "Azure Virtual Desktop Management plane naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "serviceObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "toolTip": "Azure Virtual Desktop management plane resources (Workspace, Host pool, Application groups, Key vault) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-service-objects", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "workSpaceCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Workspace", + "toolTip": "Workspace custom name.", + "placeholder": "Example: vdws-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "workSpaceCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Workspace (Friendly name)", + "toolTip": "Workspace custom friendly name.", + "placeholder": "Example: App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "hostPoolCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Host pool", + "toolTip": "Host pool custom name.", + "placeholder": "Example: vdpool-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "hostPoolCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Host pool (Friendly name)", + "toolTip": "Host pool custom friendly name.", + "placeholder": "Example: App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "scalingPlanCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Scaling Plan", + "toolTip": "Host pool scaling plan.", + "placeholder": "Example: vdscaling-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "applicationGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Application group", + "toolTip": "Application group custom name.", + "placeholder": "Example: vdag-desktop-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "applicationGroupCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Application group (Friendly name)", + "toolTip": "Desktop application group custom name.", + "placeholder": "Example: Desktops - App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "workloadKvCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Key vault prefix", + "toolTip": "Key vault prefix custom name.", + "placeholder": "Example: kv-sec", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-6 characters." + } + } + ] + }, + { + "name": "resourceNamingCompute", + "type": "Microsoft.Common.Section", + "label": "Compute naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "computeObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "toolTip": "Azure Virtual Desktop compute resources (VMs, NICs, Disks, Availability sets) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-pool-compute", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "applicationSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Applications security group", + "toolTip": "Azure Virtual Desktop application security custom name.", + "placeholder": "Example: asg-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "sessionHostCustomNamePrefix", + "type": "Microsoft.Common.TextBox", + "label": "Session host prefix", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "toolTip": "Azure Virtual Desktop session host prefix custom name.", + "placeholder": "Example: vmapp1deus2", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,11}$", + "validationMessage": "Value must be 1-11 characters." + } + }, + { + "name": "availabilitySetCustomNamePrefix", + "type": "Microsoft.Common.TextBox", + "label": "Availability set prefix", + "visible": "[not(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings)]", + "toolTip": "Azure Virtual Desktop availability set custom name.", + "placeholder": "Example: avail", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,9}$", + "validationMessage": "Value must be 1-9 characters." + } + } + ] + }, + { + "name": "resourceNamingStorage", + "type": "Microsoft.Common.Section", + "label": "Storage naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingStorageInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('storage').storageFslogix.fslogixDeployment)]", + "options": { + "text": "Current deployment configuration is not creating storage resources for FSLogix.", + "style": "Info" + } + }, + { + "name": "resourceNamingStorageInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('storage').storageMsix.msixDeployment)]", + "options": { + "text": "Current deployment configuration is not creating storage resources for MSIX App Attach.", + "style": "Info" + } + }, + { + "name": "resourceNamingStorageInfo3", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('sessionHosts').deploySessionHosts)]", + "options": { + "text": "Current deployment configuration is not creating storage resources.", + "style": "Info" + } + }, + { + "name": "storageObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "toolTip": "Azure Virtual Desktop storage resources (Storage account, file shares, files private endpoints, temporary domain join VM) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-storage", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "storageAccountPrefixCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Storage account prefix", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "toolTip": "Azure Virtual Desktop storage account prefix custom name.", + "placeholder": "Example: st", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,2}$", + "validationMessage": "Value must be 1-2 characters." + } + }, + { + "name": "fslogixFileShareCustomName", + "type": "Microsoft.Common.TextBox", + "label": "FSLogix Profile container file share", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "toolTip": "Azure Virtual Desktop fslogix storage account profile container file share prefix custom name.", + "placeholder": "Example: fslogix-pc-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "msixFileShareCustomName", + "type": "Microsoft.Common.TextBox", + "label": "MSIX App Attach container file share", + "visible": "[steps('storage').storageMsix.msixDeployment]", + "toolTip": "Azure Virtual Desktop MSIX App Attach storage account container file share prefix custom name.", + "placeholder": "Example: msix-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + } + ] + }, + { + "name": "resourceNamingNetwork", + "type": "Microsoft.Common.Section", + "label": "Network naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingNetworkInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "options": { + "text": "Current deployment configuration is not creating network resources.", + "style": "Info" + } + }, + { + "name": "networkObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop network resources (vNet, NSG, Route table) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-network", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "virtualNetworkCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Virtual network", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network custom name.", + "placeholder": "Example: vnet-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "virtualNetworkAvdSubnetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Subnet", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", + "placeholder": "Example: snet-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "avdNetworkSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Network security group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop network security group custom name.", + "placeholder": "Example: nsg-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "avdRouteTableCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Route table", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop route table custom name.", + "placeholder": "Example: route-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "virtualNetworkPrivateEndpointSubnetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint subnet", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", + "placeholder": "Example: snet-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "privateEndpointNetworkSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint network security group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Private endpoint network security group custom name.", + "placeholder": "Example: nsg-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "privateEndpointRouteTableCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint route table", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Private endpoint route table custom name.", + "placeholder": "Example: route-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + } + ] + }, + { + "name": "resourceNamingMonitoring", + "type": "Microsoft.Common.Section", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "label": "Monitoring naming:", + "elements": [ + { + "name": "resourceNamingMonitoringInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('monitoring').deployMonitoring)]", + "options": { + "text": "Current deployment configuration is not creating monitoring resources.", + "style": "Info" + } + }, + { + "name": "monitoringObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true))]", + "toolTip": "Azure Virtual Desktop monitoring resources (log analytics workspace) resource group custom name.", + "placeholder": "Example: rg-avd-dev-use2-monitoring", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "monitoringLogAnalyticsWorkspaceName", + "type": "Microsoft.Common.TextBox", + "label": "Log analytics workspace name", + "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true), equals(steps('monitoring').deployMonitoringAlaWorkspace, true))]", + "toolTip": "Azure Virtual Desktop monitoring log analytics workspace custom name.", + "placeholder": "Example: log-avd-dev-use2", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + } + ] + }, + { + "name": "resourceNamingZeroTrust", + "type": "Microsoft.Common.Section", + "label": "Zero Trust naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingZeroTrustInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "options": { + "text": "Current deployment configuration is not creating zero trust resources.", + "style": "Info" + } + }, + { + "name": "zeroTrustObjectsDiskEncryptionSetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Disk encryption set", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "Disk encryption set resource for double encryption of session host disks.", + "placeholder": "Example: des-zt", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "zeroTrustObjectsKeyVaultCustomPrefix", + "type": "Microsoft.Common.TextBox", + "label": "Key vault prefix", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "Key Vault that stores the encryption key for disk encryption.", + "placeholder": "Example: kv-key", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "zeroTrustObjectsManagedIdentityCustomName", + "type": "Microsoft.Common.TextBox", + "label": "User assigned identity", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "User assigned identity that enables server-side encryption and disables network access.", + "placeholder": "Example: id-zt", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,5}$", + "validationMessage": "Value must be 1-90 characters." + } + } + ] + }, + { + "name": "resourceNamingInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "options": { + "text": "It is recommended to follow Microsoft Cloud Adoption Framework (CAF) naming convention.", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming", + "style": "Info" + } + } + ] + }, + { + "name": "resourceTagging", + "label": "Resource tagging", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "resourceTaggingSelection", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Create resource tags", + "defaultValue": false, + "toolTip": "When selected, the information provided will be used to create tags on resources and resource groups." + }, + { + "name": "resourceTaggingParentCostInfo", + "type": "Microsoft.Common.InfoBox", + "options": { + "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/AADDS/AAD).", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/tag-virtual-desktop-resources#use-the-cm-resource-parent-tag-to-automatically-group-costs-by-host-pool", + "style": "Info" + } + }, + { + "name": "resourceTags", + "type": "Microsoft.Common.Section", + "label": "Resources tags:", + "visible": "[steps('resourceTagging').resourceTaggingSelection]", + "elements": [ + { + "name": "tagsWorkloadName", + "type": "Microsoft.Common.TextBox", + "label": "Workload name:", + "toolTip": "This input will be the value of a tag named WorkloadName.", + "placeholder": "Example: Contoso-Workload", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsWorkloadType", + "type": "Microsoft.Common.DropDown", + "label": "Workload type:", + "filter": true, + "defaultValue": "Light", + "toolTip": "This input will be the value of a tag named WorkloadType, reference to the size of the VM for your workloads.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Light", + "description": "", + "value": "Light" + }, + { + "label": "Medium", + "description": "", + "value": "Medium" + }, + { + "label": "High", + "description": "", + "value": "High" + }, + { + "label": "Power", + "description": "", + "value": "POwer" + } + ] + } + }, + { + "name": "tagsDataClassificationTag", + "type": "Microsoft.Common.DropDown", + "label": "Data classification:", + "filter": true, + "defaultValue": "Non-business", + "toolTip": "This input will be the value of a tag named DataClassification, reference to the sensitivity of data hosted.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Non-business", + "description": "", + "value": "Non-business" + }, + { + "label": "Public", + "description": "", + "value": "Public" + }, + { + "label": "General", + "description": "", + "value": "General" + }, + { + "label": "Confidential", + "description": "", + "value": "Confidential" + }, + { + "label": "Highly-confidential", + "description": "", + "value": "Highly-confidential" + } + ] + } + }, + { + "name": "tagsDepartmentTag", + "type": "Microsoft.Common.TextBox", + "label": "Department:", + "toolTip": "This input will be the value of a tag named Department, reference the department that owns the deployment.", + "placeholder": "Example: Contoso-AVD", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsCriticalityTag", + "type": "Microsoft.Common.DropDown", + "label": "Workload criticality:", + "filter": true, + "defaultValue": "Low", + "toolTip": "This input will be the value of a tag named Criticality, reference to the criticality of the workload.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Low", + "description": "", + "value": "Low" + }, + { + "label": "Medium", + "description": "", + "value": "Medium" + }, + { + "label": "High", + "description": "", + "value": "High" + }, + { + "label": "Missin-critical", + "description": "", + "value": "Missin-critical" + }, + { + "label": "Custom", + "description": "", + "value": "Custom" + } + ] + } + }, + { + "name": "tagsCustomWorkloadCriticality", + "type": "Microsoft.Common.TextBox", + "label": "Custom workload criticality:", + "visible": "[equals(steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Custom')]", + "toolTip": "This input will be the value of a tag named Criticality, reference to a custom criticality for the workload.", + "placeholder": "Example: Contoso-Criticality", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsApplicationNameTag", + "type": "Microsoft.Common.TextBox", + "label": "Application name:", + "toolTip": "This input will be the value of a tag named ApplicationName, reference details about the application.", + "placeholder": "Example: Contoso-App", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsWorkloadSlaTag", + "type": "Microsoft.Common.TextBox", + "label": "Workload SLA:", + "toolTip": "This input will be the value of a tag named ServiceClass, reference to the service level agreement level of the worload.", + "placeholder": "Example: Contoso-SLA", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsOpsTeamTag", + "type": "Microsoft.Common.TextBox", + "label": "Operations team:", + "toolTip": "This input will be the value of a tag named OpsTeam, reference to the team accountable for day-to-day operations.", + "placeholder": "Example: workload-admins@Contoso.com", + "constraints": { + "required": true + } + }, + { + "name": "tagsOwnerTag", + "type": "Microsoft.Common.TextBox", + "label": "Owner:", + "toolTip": "This input will be the value of a tag named Owner, reference to the organizational owner of the Azure Virtual Desktop deployment.", + "placeholder": "Example: workload-owner@Contoso.com", + "constraints": { + "required": true + } + }, + { + "name": "tagsCostCenterTag", + "type": "Microsoft.Common.TextBox", + "label": "Cost center:", + "toolTip": "This input will be the value of a tag named CostCenter, reference to the cost center of owner team.", + "placeholder": "Example: Contoso-CC", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + } + ] + } + ] + } + ] + }, + "outputs": { + "parameters": { + }, + "kind": "Subscription", + "location": "[steps('basics').resourceScope.location.name]", + "subscriptionId": "[steps('basics').resourceScope.subscription.id]" + } + } +} diff --git a/workload/scripts/Set-SessionHostConfiguration.ps1 b/workload/scripts/Set-SessionHostConfiguration.ps1 index c362805d5..f8b0a9ef2 100644 --- a/workload/scripts/Set-SessionHostConfiguration.ps1 +++ b/workload/scripts/Set-SessionHostConfiguration.ps1 @@ -1,5 +1,5 @@ Param( -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $IdentityDomainName, @@ -15,11 +15,11 @@ $IdentityServiceProvider, [string] $Fslogix, -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $FslogixFileShare, -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $fslogixStorageFqdn, From 46229d3de9299626e7224b410a4a6f32c820d9cb Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 05:49:15 -0600 Subject: [PATCH 069/117] updates --- workload/bicep/deploy-baseline.bicep | 8 ++++---- workload/bicep/modules/avdSessionHosts/deploy.bicep | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 24dad9911..1c5aa9250 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/issue-536/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -752,7 +752,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/issue-536/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' @@ -1291,8 +1291,8 @@ module sessionHosts './modules/avdSessionHosts/deploy.bicep' = [for i in range(1 encryptionAtHost: diskZeroTrust createAvdFslogixDeployment: createAvdFslogixDeployment storageManagedIdentityResourceId: (varCreateStorageDeployment) ? identity.outputs.managedIdentityStorageResourceId : '' - fslogixSharePath: varFslogixSharePath - fslogixStorageFqdn: varFslogixStorageFqdn + fslogixSharePath: createAvdFslogixDeployment ? varFslogixSharePath : '' + fslogixStorageFqdn: createAvdFslogixDeployment ? varFslogixStorageFqdn : '' sessionHostConfigurationScriptUri: varSessionHostConfigurationScriptUri sessionHostConfigurationScript: varSessionHostConfigurationScript marketPlaceGalleryWindows: varMarketPlaceGalleryWindows[avdOsImage] diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index c63e190ff..655f5ca98 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -216,7 +216,7 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d // ADDS or AADDS domain join. extensionDomainJoinPassword: keyVault.getSecret('domainJoinUserPassword') extensionDomainJoinConfig: { - enabled: (identityServiceProvider == 'AAD') ? false : true + enabled: (identityServiceProvider == 'AADDS' || identityServiceProvider == 'ADDS') ? true : false settings: { name: identityDomainName ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null From 78c5c6b9ec57e4ea20f82d05a770d7882ffaeb51 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 05:59:25 -0600 Subject: [PATCH 070/117] updates --- workload/bicep/deploy-baseline.bicep | 8 ++++---- .../avdSessionHosts/.bicep/configureSessionHost.bicep | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 1c5aa9250..60c21a24b 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -528,7 +528,7 @@ var varStorageManagedIdentityName = 'id-storage-${varComputeStorageResourcesNami var varFslogixFileShareName = avdUseCustomNaming ? fslogixFileShareCustomName : 'fslogix-pc-${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}-001' var varMsixFileShareName = avdUseCustomNaming ? msixFileShareCustomName : 'msix-pc-${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}-001' var varFslogixStorageName = avdUseCustomNaming ? '${storageAccountPrefixCustomName}fsl${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varNamingUniqueStringThreeChar}' : 'stfsl${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varNamingUniqueStringThreeChar}' -var varFslogixStorageFqdn = '${varFslogixStorageName}.file.${environment().suffixes.storage}' +var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageName}.file.${environment().suffixes.storage}' : '' var varMsixStorageFqdn = '${varMsixStorageName}.file.${environment().suffixes.storage}' var varMsixStorageName = avdUseCustomNaming ? '${storageAccountPrefixCustomName}msx${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varNamingUniqueStringThreeChar}' : 'stmsx${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varNamingUniqueStringThreeChar}' var varManagementVmName = 'vmmgmt${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varSessionHostLocationAcronym}' @@ -536,7 +536,7 @@ var varAlaWorkspaceName = avdUseCustomNaming ? avdAlaWorkspaceCustomName : 'log- var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStorageResourcesNamingStandard}-${varNamingUniqueStringTwoChar}' : 'kv-key-${varComputeStorageResourcesNamingStandard}-${varNamingUniqueStringTwoChar}' // max length limit 24 characters var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // -var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' +var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' : '' var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/issue-536/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' @@ -1291,8 +1291,8 @@ module sessionHosts './modules/avdSessionHosts/deploy.bicep' = [for i in range(1 encryptionAtHost: diskZeroTrust createAvdFslogixDeployment: createAvdFslogixDeployment storageManagedIdentityResourceId: (varCreateStorageDeployment) ? identity.outputs.managedIdentityStorageResourceId : '' - fslogixSharePath: createAvdFslogixDeployment ? varFslogixSharePath : '' - fslogixStorageFqdn: createAvdFslogixDeployment ? varFslogixStorageFqdn : '' + fslogixSharePath: varFslogixSharePath + fslogixStorageFqdn: varFslogixStorageFqdn sessionHostConfigurationScriptUri: varSessionHostConfigurationScriptUri sessionHostConfigurationScript: varSessionHostConfigurationScript marketPlaceGalleryWindows: varMarketPlaceGalleryWindows[avdOsImage] diff --git a/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep b/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep index 035ba829b..f46692cba 100644 --- a/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep +++ b/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep @@ -40,7 +40,8 @@ param hostPoolToken string // Variable declaration // // =========== // // var ScreenCaptureProtection = true -var varScriptArguments = '-IdentityDomainName ${identityDomainName} -AmdVmSize ${varAmdVmSize} -IdentityServiceProvider ${identityServiceProvider} -Fslogix ${fslogix} -FslogixFileShare ${fslogixFileShare} -FslogixStorageFqdn ${fslogixStorageFqdn} -HostPoolRegistrationToken ${hostPoolToken} -NvidiaVmSize ${varNvidiaVmSize} -verbose' // -ScreenCaptureProtection ${ScreenCaptureProtection} -verbose' +// Additional parameter for screen capture functionallity -ScreenCaptureProtection ${ScreenCaptureProtection} -verbose' +var varScriptArguments = fslogix ? '-IdentityDomainName ${identityDomainName} -AmdVmSize ${varAmdVmSize} -IdentityServiceProvider ${identityServiceProvider} -Fslogix ${fslogix} -FslogixFileShare ${fslogixFileShare} -FslogixStorageFqdn ${fslogixStorageFqdn} -HostPoolRegistrationToken ${hostPoolToken} -NvidiaVmSize ${varNvidiaVmSize} -verbose' : '-AmdVmSize ${varAmdVmSize} -IdentityServiceProvider ${identityServiceProvider} -Fslogix ${fslogix} -HostPoolRegistrationToken ${hostPoolToken} -NvidiaVmSize ${varNvidiaVmSize} -verbose' var varAmdVmSizes = [ 'Standard_NV4as_v4' 'Standard_NV8as_v4' From 15384118cfeb83cd45ad1ae586014bbebb3e7272 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 21:44:11 +0900 Subject: [PATCH 071/117] update bicep --- workload/bicep/deploy-baseline.bicep | 21 +++- .../bicep/modules/networking/deploy.bicep | 105 ++++++++++++++++-- workload/portal-ui/portal-ui-baseline.json | 4 + 3 files changed, 118 insertions(+), 12 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 51cd329fb..366d6993c 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -123,6 +123,9 @@ param createAvdVnet bool = true @sys.description('Existing virtual network subnet for AVD. (Default: "")') param existingVnetAvdSubnetResourceId string = '' +@sys.description('Existing virtual network address prefixes for AVD. (Default: "")') +param existingVnetAvdAddressPrefixes string = '' + @sys.description('Existing virtual network subnet for private endpoints. (Default: "")') param existingVnetPrivateEndpointSubnetResourceId string = '' @@ -159,6 +162,12 @@ param vNetworkGatewayOnHub bool = false @sys.description('Create Azure Firewall and Azure Firewall Policy. (Default: false)') param deployFirewall bool = false +@sys.description('Create Azure Firewall and Azure Firewall Policy in hub virtual network. (Default: false)') +param deployFirewallInHubVirtualNetwork bool = false + +@sys.description('Azure firewall virtual network. (Default: "")') +param firewallVnetResourceId string = '' + @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -515,8 +524,11 @@ var varPrivateEndpointNetworksecurityGroupName = avdUseCustomNaming ? privateEnd var varAvdRouteTableName = avdUseCustomNaming ? avdRouteTableCustomName : 'route-avd-${varComputeStorageResourcesNamingStandard}-001' var varPrivateEndpointRouteTableName = avdUseCustomNaming ? privateEndpointRouteTableCustomName : 'route-pe-${varComputeStorageResourcesNamingStandard}-001' var varApplicationSecurityGroupName = avdUseCustomNaming ? avdApplicationSecurityGroupCustomName : 'asg-${varComputeStorageResourcesNamingStandard}-001' -var varFiwewallName = 'fw-avd-${varHubVnetName}' -var varFiwewallPolicyName = 'fwpol-avd-${varHubVnetName}' +var varFirewallVnetName = (deployFirewall) ? split(firewallVnetResourceId, '/')[8] : '' +var varFirewallVnetPeeringName = 'peer-${varFirewallVnetName}' +var varFirewallRemoteVnetPeeringName = (createAvdVnet) ? 'peer-${varVnetName}' : 'peer-${split(existingVnetAvdSubnetResourceId, '/')[8]}' +var varFiwewallName = 'fw-avd-${varFirewallVnetName}' +var varFiwewallPolicyName = 'fwpol-avd-${varFirewallVnetName}' var varFiwewallPolicyRuleCollectionGroupName = '${varFiwewallPolicyName}-rcg' var varFiwewallPolicyNetworkRuleCollectionName = '${varFiwewallPolicyName}-nw-rule-collection' var varFiwewallPolicyOptionalRuleCollectionGroupName = '${varFiwewallPolicyName}-rcg-optional' @@ -913,6 +925,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre createVnet: createAvdVnet deployAsg: (avdDeploySessionHosts || createAvdFslogixDeployment || createMsixDeployment) ? true : false existingAvdSubnetResourceId: existingVnetAvdSubnetResourceId + existingAvdVnetAddressPrefixes: existingVnetAvdAddressPrefixes createPrivateDnsZones: deployPrivateEndpointKeyvaultStorage ? createPrivateDnsZones : false applicationSecurityGroupName: varApplicationSecurityGroupName computeObjectsRgName: varComputeObjectsRgName @@ -939,6 +952,10 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' deployFirewall: deployFirewall + deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork + firewallVnetResourceId: firewallVnetResourceId + firewallVnetPeeringName: varFirewallVnetPeeringName + firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName firewallName: varFiwewallName firewallPolicyName: varFiwewallPolicyName firewallPolicyRuleCollectionGroupName: varFiwewallPolicyRuleCollectionGroupName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index bea41c9b5..bdc50977d 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -15,6 +15,9 @@ param deployAsg bool @sys.description('Existing virtual network subnet for AVD.') param existingAvdSubnetResourceId string +@sys.description('Existing virtual network subnet for AVD.') +param existingAvdVnetAddressPrefixes string + @sys.description('Resource Group Name for the AVD session hosts') param computeObjectsRgName string @@ -54,9 +57,21 @@ param remoteVnetPeeringName string @sys.description('Create virtual network peering to hub.') param createVnetPeering bool -@sys.description('Create firewall and firewall policy to hub virtual network.') +@sys.description('Create firewall and firewall policy.') param deployFirewall bool +@sys.description('Create firewall and firewall Policy to hub virtual network.') +param deployFirewallInHubVirtualNetwork bool + +@sys.description('Firewall virtual network') +param firewallVnetResourceId string + +@sys.description('VNet peering name for AVD VNet to Firewall VNet.') +param firewallVnetPeeringName string + +@sys.description('Remote VNet peering name for AVD VNet to Firewall VNet.') +param firewallRemoteVnetPeeringName string + @sys.description('Firewall name') param firewallName string @@ -141,9 +156,9 @@ var varExistingAvdVnetResourceId = !createVnet ? '/subscriptions/${varExistingAv //var varExistingPeVnetSubRgName = split(existingPeSubnetResourceId, '/')[4] //var varExistingAPeVnetName = split(existingPeSubnetResourceId, '/')[8] //var varExistingPeVnetResourceId = '/subscriptions/${varExistingPeVnetSubId}/resourceGroups/${varExistingPeVnetSubRgName}/providers/Microsoft.Network/virtualNetworks/${varExistingAPeVnetName}' -var varExistingHubSubId = split(existingHubVnetResourceId, '/')[2] -var varExistingHubSubRgName = split(existingHubVnetResourceId, '/')[4] -var varExistingHubVnetName = split(existingHubVnetResourceId, '/')[8] +var varFirewallSubId = split(firewallVnetResourceId, '/')[2] +var varFirewallSubRgName = split(firewallVnetResourceId, '/')[4] +var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] // =========== // // Deployments // // =========== // @@ -436,9 +451,55 @@ module privateDnsZoneKeyVaultGov '.bicep/privateDnsZones.bicep' = if (createPriv } } +// Firewall virtual network +module firewallVirtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (!deployFirewallInHubVirtualNetwork) { + scope: createVnet ? resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') : resourceGroup('${varExistingAvdVnetSubId}', '${varExistingAvdVnetSubRgName}') + name: 'Fw-vNet-${time}' + params: { + name: createVnet ? vnetName : varExistingAvdVnetName + location: sessionHostLocation + addressPrefixes: createVnet ? array(vnetAddressPrefixes): array(existingAvdVnetAddressPrefixes) + peerings: createVnet ? [ + { + remoteVirtualNetworkId: firewallVnetResourceId + name: vnetPeeringName + allowForwardedTraffic: true + allowGatewayTransit: false + allowVirtualNetworkAccess: true + doNotVerifyRemoteGateways: true + useRemoteGateways: vNetworkGatewayOnHub ? true : false + remotePeeringEnabled: true + remotePeeringName: remoteVnetPeeringName + remotePeeringAllowForwardedTraffic: true + remotePeeringAllowGatewayTransit: vNetworkGatewayOnHub ? true : false + remotePeeringAllowVirtualNetworkAccess: true + remotePeeringDoNotVerifyRemoteGateways: true + remotePeeringUseRemoteGateways: false + } + ] : [ + { + remoteVirtualNetworkId: firewallVnetResourceId + name: firewallVnetPeeringName + allowForwardedTraffic: true + allowGatewayTransit: false + allowVirtualNetworkAccess: true + doNotVerifyRemoteGateways: true + useRemoteGateways: true + remotePeeringEnabled: true + remotePeeringName: firewallRemoteVnetPeeringName + remotePeeringAllowForwardedTraffic: true + remotePeeringAllowGatewayTransit: true + remotePeeringAllowVirtualNetworkAccess: true + remotePeeringDoNotVerifyRemoteGateways: true + remotePeeringUseRemoteGateways: false + } + ] + } +} + // Firewall policy module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployFirewall) { - scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Policy-${time}' params: { name: firewallPolicyName @@ -448,7 +509,7 @@ module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicie // Firewall policy rule collection group module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) { - scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Policy-Rcg-${time}' params: { name: firewallPolicyRuleCollectionGroupName @@ -649,7 +710,7 @@ module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Netw // Firewall policy optional rule collection group module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) { - scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Policy-Rcg-Optional-${time}' params: { name: firewallPolicyOptionalRuleCollectionGroupName @@ -860,18 +921,18 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros // Azure Firewall subnet module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) { - scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Subnet-${time}' params: { addressPrefix: firewallSubnetAddressPrefix name: 'AzureFirewallSubnet' - virtualNetworkName: varExistingHubVnetName + virtualNetworkName: varFirewallVnetName } } // Azure Firewall module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep' = if (deployFirewall) { - scope: resourceGroup('${varExistingHubSubId}', '${varExistingHubSubRgName}') + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-${time}' params: { name: firewallName @@ -884,6 +945,30 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d ] } +// AVD route table for Firewall +module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployFirewall) { + scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') + name: 'Route-Table-AVD-Fw-${time}' + params: { + name: avdRouteTableName + location: sessionHostLocation + tags: tags + routes: varCreateAvdStaicRoute ? [ + { + name: 'default' + properties: { + addressPrefix: '0.0.0.0/0' + nextHopIpAddress: azureFirewall.outputs.privateIp + nextHopType: 'VirtualAppliance' + } + } + ] : [] + } + dependsOn: [ + azureFirewall + ] +} + // =========== // // Outputs // // =========== // diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index b418c8e85..3d1c79a34 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2470,8 +2470,12 @@ "existingHubVnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '')]", "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", + "existingVnetAvdAddressPrefixes": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').avdVirtualNetworkSelectorId.properties.addressSpace[0], 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", + "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 74f6f6fb5002a394b196621f59f7fb959f7afa85 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 06:47:27 -0600 Subject: [PATCH 072/117] updates --- .../modules/avdSessionHosts/.bicep/configureSessionHost.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep b/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep index f46692cba..74a634b55 100644 --- a/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep +++ b/workload/bicep/modules/avdSessionHosts/.bicep/configureSessionHost.bicep @@ -40,7 +40,7 @@ param hostPoolToken string // Variable declaration // // =========== // // var ScreenCaptureProtection = true -// Additional parameter for screen capture functionallity -ScreenCaptureProtection ${ScreenCaptureProtection} -verbose' +// Additional parameter for screen capture functionallity -ScreenCaptureProtection ${ScreenCaptureProtection} -verbose' powershell script will need to be updated too var varScriptArguments = fslogix ? '-IdentityDomainName ${identityDomainName} -AmdVmSize ${varAmdVmSize} -IdentityServiceProvider ${identityServiceProvider} -Fslogix ${fslogix} -FslogixFileShare ${fslogixFileShare} -FslogixStorageFqdn ${fslogixStorageFqdn} -HostPoolRegistrationToken ${hostPoolToken} -NvidiaVmSize ${varNvidiaVmSize} -verbose' : '-AmdVmSize ${varAmdVmSize} -IdentityServiceProvider ${identityServiceProvider} -Fslogix ${fslogix} -HostPoolRegistrationToken ${hostPoolToken} -NvidiaVmSize ${varNvidiaVmSize} -verbose' var varAmdVmSizes = [ 'Standard_NV4as_v4' From 49f26c0348b66f2612d043e77bac0169fcb45c8b Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 06:50:11 -0600 Subject: [PATCH 073/117] updates --- workload/bicep/deploy-baseline.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 60c21a24b..cd8fc5cf5 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -537,7 +537,7 @@ var varZtKvName = avdUseCustomNaming ? '${ztKvPrefixCustomName}-${varComputeStor var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' : '' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/issue-536/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varDiskEncryptionKeyExpirationInEpoch = dateTimeToEpoch(dateTimeAdd(time, 'P${string(diskEncryptionKeyExpirationInDays)}D')) @@ -752,7 +752,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/issue-536/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' From 313f89f82bb5ae58a33457e070870d82583d05c9 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 06:53:22 -0600 Subject: [PATCH 074/117] updates --- workload/arm/deploy-baseline.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 2770349dd..028ce2818 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "9343455469510936561" + "templateHash": "8962216308650916273" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1242,14 +1242,14 @@ "varFslogixFileShareName": "[if(parameters('avdUseCustomNaming'), parameters('fslogixFileShareCustomName'), format('fslogix-pc-{0}-{1}-{2}-001', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym')))]", "varMsixFileShareName": "[if(parameters('avdUseCustomNaming'), parameters('msixFileShareCustomName'), format('msix-pc-{0}-{1}-{2}-001', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym')))]", "varFslogixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}fsl{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stfsl{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", - "varFslogixStorageFqdn": "[format('{0}.file.{1}', variables('varFslogixStorageName'), environment().suffixes.storage)]", + "varFslogixStorageFqdn": "[if(parameters('createAvdFslogixDeployment'), format('{0}.file.{1}', variables('varFslogixStorageName'), environment().suffixes.storage), '')]", "varMsixStorageFqdn": "[format('{0}.file.{1}', variables('varMsixStorageName'), environment().suffixes.storage)]", "varMsixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}msx{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stmsx{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", "varManagementVmName": "[format('vmmgmt{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym'))]", "varAlaWorkspaceName": "[if(parameters('avdUseCustomNaming'), parameters('avdAlaWorkspaceCustomName'), format('log-avd-{0}-{1}', variables('varDeploymentEnvironmentLowercase'), variables('varManagementPlaneLocationAcronym')))]", "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", - "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", + "varFslogixSharePath": "[if(parameters('createAvdFslogixDeployment'), format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName')), '')]", "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", @@ -41045,7 +41045,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "10741628395495815450" + "templateHash": "6078602552923195855" } }, "parameters": { @@ -41406,7 +41406,7 @@ }, "extensionDomainJoinConfig": { "value": { - "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), false(), true())]", + "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'AADDS'), equals(parameters('identityServiceProvider'), 'ADDS')), true(), false())]", "settings": { "name": "[parameters('identityDomainName')]", "ouPath": "[if(not(empty(parameters('sessionHostOuPath'))), parameters('sessionHostOuPath'), null())]", @@ -46157,7 +46157,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "16467384531279284955" + "templateHash": "4753285980306081600" } }, "parameters": { @@ -46229,7 +46229,7 @@ } }, "variables": { - "varScriptArguments": "[format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize'))]", + "varScriptArguments": "[if(parameters('fslogix'), format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize')), format('-AmdVmSize {0} -IdentityServiceProvider {1} -Fslogix {2} -HostPoolRegistrationToken {3} -NvidiaVmSize {4} -verbose', variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('hostPoolToken'), variables('varNvidiaVmSize')))]", "varAmdVmSizes": [ "Standard_NV4as_v4", "Standard_NV8as_v4", From c37b973db05e4826471bd056a7589f16ce484196 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 21:58:48 +0900 Subject: [PATCH 075/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 3d1c79a34..8ea5a5784 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2470,7 +2470,7 @@ "existingHubVnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '')]", "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", - "existingVnetAvdAddressPrefixes": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').avdVirtualNetworkSelectorId.properties.addressSpace[0], 'no')]", + "existingVnetAvdAddressPrefixes": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').avdVirtualNetworkSelectorId.addressPrefix, 'no')]", "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", From 8ea98eae9053d9e24afdd06ed7e954eb1422c75f Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 22:01:25 +0900 Subject: [PATCH 076/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 8ea5a5784..82a0e47ef 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2475,7 +2475,7 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 73d8267d184ff724a8168156f3c7f77ca8709a0b Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 22:42:45 +0900 Subject: [PATCH 077/117] update bicep --- workload/arm/deploy-baseline.json | 3327 +++++++++++++---- .../bicep/modules/networking/deploy.bicep | 6 +- 2 files changed, 2529 insertions(+), 804 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 1ee9667b2..46ee9220d 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10900661510408138769" + "version": "0.23.1.45101", + "templateHash": "1728772615600776975" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -235,6 +235,13 @@ "description": "Existing virtual network subnet for AVD. (Default: \"\")" } }, + "existingVnetAvdAddressPrefixes": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Existing virtual network address prefixes for AVD. (Default: \"\")" + } + }, "existingVnetPrivateEndpointSubnetResourceId": { "type": "string", "defaultValue": "", @@ -319,6 +326,20 @@ "description": "Create Azure Firewall and Azure Firewall Policy. (Default: false)" } }, + "deployFirewallInHubVirtualNetwork": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Create Azure Firewall and Azure Firewall Policy in hub virtual network. (Default: false)" + } + }, + "firewallVnetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure firewall virtual network. (Default: \"\")" + } + }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "10.0.2.0/24", @@ -1237,8 +1258,11 @@ "varAvdRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('avdRouteTableCustomName'), format('route-avd-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varPrivateEndpointRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('privateEndpointRouteTableCustomName'), format('route-pe-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varApplicationSecurityGroupName": "[if(parameters('avdUseCustomNaming'), parameters('avdApplicationSecurityGroupCustomName'), format('asg-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", - "varFiwewallName": "[format('fw-avd-{0}', variables('varHubVnetName'))]", - "varFiwewallPolicyName": "[format('fwpol-avd-{0}', variables('varHubVnetName'))]", + "varFirewallVnetName": "[if(parameters('deployFirewall'), split(parameters('firewallVnetResourceId'), '/')[8], '')]", + "varFirewallVnetPeeringName": "[format('peer-{0}', variables('varFirewallVnetName'))]", + "varFirewallRemoteVnetPeeringName": "[if(parameters('createAvdVnet'), format('peer-{0}', variables('varVnetName')), format('peer-{0}', split(parameters('existingVnetAvdSubnetResourceId'), '/')[8]))]", + "varFiwewallName": "[format('fw-avd-{0}', variables('varFirewallVnetName'))]", + "varFiwewallPolicyName": "[format('fwpol-avd-{0}', variables('varFirewallVnetName'))]", "varFiwewallPolicyRuleCollectionGroupName": "[format('{0}-rcg', variables('varFiwewallPolicyName'))]", "varFiwewallPolicyNetworkRuleCollectionName": "[format('{0}-nw-rule-collection', variables('varFiwewallPolicyName'))]", "varFiwewallPolicyOptionalRuleCollectionGroupName": "[format('{0}-rcg-optional', variables('varFiwewallPolicyName'))]", @@ -1569,8 +1593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -1678,8 +1702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -1808,8 +1832,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2169,8 +2193,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2278,8 +2302,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -2408,8 +2432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -2764,8 +2788,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -2873,8 +2897,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -3003,8 +3027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -3377,8 +3401,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16933483947927654925" + "version": "0.23.1.45101", + "templateHash": "10265430126183385998" } }, "parameters": { @@ -3501,8 +3525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16670742080494531396" + "version": "0.23.1.45101", + "templateHash": "14479610109813008203" } }, "parameters": { @@ -3610,8 +3634,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6601448312481874939" + "version": "0.23.1.45101", + "templateHash": "727668444186100245" } }, "parameters": { @@ -3740,8 +3764,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10998474410748060366" + "version": "0.23.1.45101", + "templateHash": "13976546302901379815" } }, "parameters": { @@ -4101,8 +4125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9723296804992458231" + "version": "0.23.1.45101", + "templateHash": "15031312632057308059" } }, "parameters": { @@ -4495,8 +4519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1015616738226483875" + "version": "0.23.1.45101", + "templateHash": "15258493604851481315" } }, "parameters": { @@ -4639,8 +4663,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9976669288431551452" + "version": "0.23.1.45101", + "templateHash": "8116463202302820849" } }, "parameters": { @@ -4773,8 +4797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3402933947779868845" + "version": "0.23.1.45101", + "templateHash": "4881003164746404595" } }, "parameters": { @@ -4908,8 +4932,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12988075953101096314" + "version": "0.23.1.45101", + "templateHash": "14365252475725366454" } }, "parameters": { @@ -5080,8 +5104,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3289166297924789550" + "version": "0.23.1.45101", + "templateHash": "17250399248258895412" } }, "parameters": { @@ -5227,8 +5251,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -5454,8 +5478,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1145398762062008037" + "version": "0.23.1.45101", + "templateHash": "219986384503122327" } }, "parameters": { @@ -5623,8 +5647,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15503229472224280826" + "version": "0.23.1.45101", + "templateHash": "10708379588686916495" } }, "parameters": { @@ -5774,8 +5798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7352784420507326330" + "version": "0.23.1.45101", + "templateHash": "6190525379812728386" } }, "parameters": { @@ -5986,8 +6010,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16579532157576436548" + "version": "0.23.1.45101", + "templateHash": "2155605377371361902" } }, "parameters": { @@ -6318,8 +6342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -6501,8 +6525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5539435599928560626" + "version": "0.23.1.45101", + "templateHash": "6105432212734897298" } }, "parameters": { @@ -6680,8 +6704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -6949,8 +6973,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -7029,8 +7053,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7759814680098607558" + "version": "0.23.1.45101", + "templateHash": "12579875714884369933" } }, "parameters": { @@ -7501,8 +7525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -7734,8 +7758,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "18044483929875331860" + "version": "0.23.1.45101", + "templateHash": "1095708959185756276" } }, "parameters": { @@ -7970,6 +7994,9 @@ "existingAvdSubnetResourceId": { "value": "[parameters('existingVnetAvdSubnetResourceId')]" }, + "existingAvdVnetAddressPrefixes": { + "value": "[parameters('existingVnetAvdAddressPrefixes')]" + }, "createPrivateDnsZones": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', parameters('createPrivateDnsZones')), createObject('value', false()))]", "applicationSecurityGroupName": { "value": "[variables('varApplicationSecurityGroupName')]" @@ -8040,6 +8067,18 @@ "deployFirewall": { "value": "[parameters('deployFirewall')]" }, + "deployFirewallInHubVirtualNetwork": { + "value": "[parameters('deployFirewallInHubVirtualNetwork')]" + }, + "firewallVnetResourceId": { + "value": "[parameters('firewallVnetResourceId')]" + }, + "firewallVnetPeeringName": { + "value": "[variables('varFirewallVnetPeeringName')]" + }, + "firewallRemoteVnetPeeringName": { + "value": "[variables('varFirewallRemoteVnetPeeringName')]" + }, "firewallName": { "value": "[variables('varFiwewallName')]" }, @@ -8071,8 +8110,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13214055304476289623" + "version": "0.23.1.45101", + "templateHash": "15613686645614990169" } }, "parameters": { @@ -8101,6 +8140,12 @@ "description": "Existing virtual network subnet for AVD." } }, + "existingAvdVnetAddressPrefixes": { + "type": "string", + "metadata": { + "description": "Existing virtual network subnet for AVD." + } + }, "computeObjectsRgName": { "type": "string", "metadata": { @@ -8182,7 +8227,31 @@ "deployFirewall": { "type": "bool", "metadata": { - "description": "Create firewall and firewall policy to hub virtual network." + "description": "Create firewall and firewall policy." + } + }, + "deployFirewallInHubVirtualNetwork": { + "type": "bool", + "metadata": { + "description": "Create firewall and firewall Policy to hub virtual network." + } + }, + "firewallVnetResourceId": { + "type": "string", + "metadata": { + "description": "Firewall virtual network" + } + }, + "firewallVnetPeeringName": { + "type": "string", + "metadata": { + "description": "VNet peering name for AVD VNet to Firewall VNet." + } + }, + "firewallRemoteVnetPeeringName": { + "type": "string", + "metadata": { + "description": "Remote VNet peering name for AVD VNet to Firewall VNet." } }, "firewallName": { @@ -8322,9 +8391,9 @@ "varExistingAvdVnetSubRgName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[4], '')]", "varExistingAvdVnetName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[8], '')]", "varExistingAvdVnetResourceId": "[if(not(parameters('createVnet')), format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/virtualNetworks/{2}', variables('varExistingAvdVnetSubId'), variables('varExistingAvdVnetSubRgName'), variables('varExistingAvdVnetName')), '')]", - "varExistingHubSubId": "[split(parameters('existingHubVnetResourceId'), '/')[2]]", - "varExistingHubSubRgName": "[split(parameters('existingHubVnetResourceId'), '/')[4]]", - "varExistingHubVnetName": "[split(parameters('existingHubVnetResourceId'), '/')[8]]" + "varFirewallSubId": "[split(parameters('firewallVnetResourceId'), '/')[2]]", + "varFirewallSubRgName": "[split(parameters('firewallVnetResourceId'), '/')[4]]", + "varFirewallVnetName": "[split(parameters('firewallVnetResourceId'), '/')[8]]" }, "resources": [ { @@ -8464,8 +8533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -8728,8 +8797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -8973,8 +9042,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9188,8 +9257,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2369963613204181171" + "version": "0.23.1.45101", + "templateHash": "11199916256768589744" } }, "parameters": { @@ -9452,8 +9521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2452007385443009245" + "version": "0.23.1.45101", + "templateHash": "9525169534051986947" } }, "parameters": { @@ -9697,8 +9766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "175852501961116138" + "version": "0.23.1.45101", + "templateHash": "14484082002093003293" } }, "parameters": { @@ -9903,8 +9972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4126277245845030634" + "version": "0.23.1.45101", + "templateHash": "17265889212529350267" } }, "parameters": { @@ -10026,8 +10095,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9764104744913843180" + "version": "0.23.1.45101", + "templateHash": "1115677000975531972" } }, "parameters": { @@ -10233,8 +10302,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10373,8 +10442,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10582,8 +10651,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3459157471784143501" + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" } }, "parameters": { @@ -10722,8 +10791,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17826830289819287737" + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" } }, "parameters": { @@ -10945,8 +11014,1672 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10436531327774101026" + "version": "0.23.1.45101", + "templateHash": "17281867178107781537" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The Virtual Network (vNet) Name." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "addressPrefixes": { + "type": "array", + "metadata": { + "description": "Required. An Array of 1 or more IP Address Prefixes for the Virtual Network." + } + }, + "subnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of subnets to deploy to the Virtual Network." + } + }, + "dnsServers": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. DNS Servers associated to the Virtual Network." + } + }, + "ddosProtectionPlanId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription." + } + }, + "peerings": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Virtual Network Peerings configurations." + } + }, + "vnetEncryption": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property." + } + }, + "vnetEncryptionEnforcement": { + "type": "string", + "defaultValue": "AllowUnencrypted", + "allowedValues": [ + "AllowUnencrypted", + "DropUnencrypted" + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } + }, + "flowTimeoutInMinutes": { + "type": "int", + "defaultValue": 0, + "maxValue": 30, + "metadata": { + "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "", + "allLogs", + "VMProtectionAlerts" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), ''))))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), '')))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ], + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", + "dnsServersVar": { + "dnsServers": "[array(parameters('dnsServers'))]" + }, + "ddosProtectionPlan": { + "id": "[parameters('ddosProtectionPlanId')]" + }, + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "subnets", + "count": "[length(parameters('subnets'))]", + "input": { + "name": "[parameters('subnets')[copyIndex('subnets')].name]", + "properties": { + "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]", + "addressPrefixes": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'addressPrefixes'), parameters('subnets')[copyIndex('subnets')].addressPrefixes, createArray())]", + "applicationGatewayIpConfigurations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'applicationGatewayIpConfigurations'), parameters('subnets')[copyIndex('subnets')].applicationGatewayIpConfigurations, createArray())]", + "delegations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'delegations'), parameters('subnets')[copyIndex('subnets')].delegations, createArray())]", + "ipAllocations": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'ipAllocations'), parameters('subnets')[copyIndex('subnets')].ipAllocations, createArray())]", + "natGateway": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'natGatewayId'), createObject('id', parameters('subnets')[copyIndex('subnets')].natGatewayId), null())]", + "networkSecurityGroup": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'networkSecurityGroupId'), createObject('id', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupId), null())]", + "privateEndpointNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'privateEndpointNetworkPolicies'), parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies, null())]", + "privateLinkServiceNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'privateLinkServiceNetworkPolicies'), parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies, null())]", + "routeTable": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'routeTableId'), createObject('id', parameters('subnets')[copyIndex('subnets')].routeTableId), null())]", + "serviceEndpoints": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'serviceEndpoints'), parameters('subnets')[copyIndex('subnets')].serviceEndpoints, createArray())]", + "serviceEndpointPolicies": "[if(contains(parameters('subnets')[copyIndex('subnets')], 'serviceEndpointPolicies'), parameters('subnets')[copyIndex('subnets')].serviceEndpointPolicies, createArray())]" + } + } + } + ], + "addressSpace": { + "addressPrefixes": "[parameters('addressPrefixes')]" + }, + "ddosProtectionPlan": "[if(not(empty(parameters('ddosProtectionPlanId'))), variables('ddosProtectionPlan'), null())]", + "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), variables('dnsServersVar'), null())]", + "enableDdosProtection": "[not(empty(parameters('ddosProtectionPlanId')))]", + "encryption": "[if(equals(parameters('vnetEncryption'), true()), createObject('enabled', parameters('vnetEncryption'), 'enforcement', parameters('vnetEncryptionEnforcement')), null())]", + "flowTimeoutInMinutes": "[if(not(equals(parameters('flowTimeoutInMinutes'), 0)), parameters('flowTimeoutInMinutes'), null())]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + }, + { + "copy": { + "name": "virtualNetwork_subnets", + "count": "[length(parameters('subnets'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-subnet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualNetworkName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('subnets')[copyIndex()].name]" + }, + "addressPrefix": { + "value": "[parameters('subnets')[copyIndex()].addressPrefix]" + }, + "addressPrefixes": "[if(contains(parameters('subnets')[copyIndex()], 'addressPrefixes'), createObject('value', parameters('subnets')[copyIndex()].addressPrefixes), createObject('value', createArray()))]", + "applicationGatewayIpConfigurations": "[if(contains(parameters('subnets')[copyIndex()], 'applicationGatewayIpConfigurations'), createObject('value', parameters('subnets')[copyIndex()].applicationGatewayIpConfigurations), createObject('value', createArray()))]", + "delegations": "[if(contains(parameters('subnets')[copyIndex()], 'delegations'), createObject('value', parameters('subnets')[copyIndex()].delegations), createObject('value', createArray()))]", + "ipAllocations": "[if(contains(parameters('subnets')[copyIndex()], 'ipAllocations'), createObject('value', parameters('subnets')[copyIndex()].ipAllocations), createObject('value', createArray()))]", + "natGatewayId": "[if(contains(parameters('subnets')[copyIndex()], 'natGatewayId'), createObject('value', parameters('subnets')[copyIndex()].natGatewayId), createObject('value', ''))]", + "networkSecurityGroupId": "[if(contains(parameters('subnets')[copyIndex()], 'networkSecurityGroupId'), createObject('value', parameters('subnets')[copyIndex()].networkSecurityGroupId), createObject('value', ''))]", + "privateEndpointNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex()], 'privateEndpointNetworkPolicies'), createObject('value', parameters('subnets')[copyIndex()].privateEndpointNetworkPolicies), createObject('value', ''))]", + "privateLinkServiceNetworkPolicies": "[if(contains(parameters('subnets')[copyIndex()], 'privateLinkServiceNetworkPolicies'), createObject('value', parameters('subnets')[copyIndex()].privateLinkServiceNetworkPolicies), createObject('value', ''))]", + "roleAssignments": "[if(contains(parameters('subnets')[copyIndex()], 'roleAssignments'), createObject('value', parameters('subnets')[copyIndex()].roleAssignments), createObject('value', createArray()))]", + "routeTableId": "[if(contains(parameters('subnets')[copyIndex()], 'routeTableId'), createObject('value', parameters('subnets')[copyIndex()].routeTableId), createObject('value', ''))]", + "serviceEndpointPolicies": "[if(contains(parameters('subnets')[copyIndex()], 'serviceEndpointPolicies'), createObject('value', parameters('subnets')[copyIndex()].serviceEndpointPolicies), createObject('value', createArray()))]", + "serviceEndpoints": "[if(contains(parameters('subnets')[copyIndex()], 'serviceEndpoints'), createObject('value', parameters('subnets')[copyIndex()].serviceEndpoints), createObject('value', createArray()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17626849906838193825" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Optional. The Name of the subnet resource." + } + }, + "virtualNetworkName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment." + } + }, + "addressPrefix": { + "type": "string", + "metadata": { + "description": "Required. The address prefix for the subnet." + } + }, + "networkSecurityGroupId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the network security group to assign to the subnet." + } + }, + "routeTableId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the route table to assign to the subnet." + } + }, + "serviceEndpoints": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The service endpoints to enable on the subnet." + } + }, + "delegations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The delegations to enable on the subnet." + } + }, + "natGatewayId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the NAT Gateway to use for the subnet." + } + }, + "privateEndpointNetworkPolicies": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Disabled", + "Enabled", + "" + ], + "metadata": { + "description": "Optional. enable or disable apply network policies on private endpoint in the subnet." + } + }, + "privateLinkServiceNetworkPolicies": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Disabled", + "Enabled", + "" + ], + "metadata": { + "description": "Optional. enable or disable apply network policies on private link service in the subnet." + } + }, + "addressPrefixes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of address prefixes for the subnet." + } + }, + "applicationGatewayIpConfigurations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Application gateway IP configurations of virtual network resource." + } + }, + "ipAllocations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of IpAllocation which reference this subnet." + } + }, + "serviceEndpointPolicies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An array of service endpoint policies." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('name'))]", + "properties": { + "addressPrefix": "[parameters('addressPrefix')]", + "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupId'))), createObject('id', parameters('networkSecurityGroupId')), null())]", + "routeTable": "[if(not(empty(parameters('routeTableId'))), createObject('id', parameters('routeTableId')), null())]", + "natGateway": "[if(not(empty(parameters('natGatewayId'))), createObject('id', parameters('natGatewayId')), null())]", + "serviceEndpoints": "[parameters('serviceEndpoints')]", + "delegations": "[parameters('delegations')]", + "privateEndpointNetworkPolicies": "[if(not(empty(parameters('privateEndpointNetworkPolicies'))), parameters('privateEndpointNetworkPolicies'), null())]", + "privateLinkServiceNetworkPolicies": "[if(not(empty(parameters('privateLinkServiceNetworkPolicies'))), parameters('privateLinkServiceNetworkPolicies'), null())]", + "addressPrefixes": "[parameters('addressPrefixes')]", + "applicationGatewayIpConfigurations": "[parameters('applicationGatewayIpConfigurations')]", + "ipAllocations": "[parameters('ipAllocations')]", + "serviceEndpointPolicies": "[parameters('serviceEndpointPolicies')]" + } + }, + { + "copy": { + "name": "subnet_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Subnet-Rbac-{1}', uniqueString(deployment().name, resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "12693477980850797625" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1])]", + "name": "[guid(resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[0], split(format('{0}/{1}', split(parameters('resourceId'), '/')[8], split(parameters('resourceId'), '/')[10]), '/')[1]), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network peering was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network peering." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network peering." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]" + }, + "subnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the subnet." + }, + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), '2022-07-01').addressPrefix]" + }, + "subnetAddressPrefixes": { + "type": "array", + "metadata": { + "description": "List of address prefixes for the subnet." + }, + "value": "[if(not(empty(parameters('addressPrefixes'))), reference(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), '2022-07-01').addressPrefixes, createArray())]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + }, + { + "copy": { + "name": "virtualNetwork_peering_local", + "count": "[length(parameters('peerings'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "localVnetName": { + "value": "[parameters('name')]" + }, + "remoteVirtualNetworkId": { + "value": "[parameters('peerings')[copyIndex()].remoteVirtualNetworkId]" + }, + "name": "[if(contains(parameters('peerings')[copyIndex()], 'name'), createObject('value', parameters('peerings')[copyIndex()].name), createObject('value', format('{0}-{1}', parameters('name'), last(split(parameters('peerings')[copyIndex()].remoteVirtualNetworkId, '/')))))]", + "allowForwardedTraffic": "[if(contains(parameters('peerings')[copyIndex()], 'allowForwardedTraffic'), createObject('value', parameters('peerings')[copyIndex()].allowForwardedTraffic), createObject('value', true()))]", + "allowGatewayTransit": "[if(contains(parameters('peerings')[copyIndex()], 'allowGatewayTransit'), createObject('value', parameters('peerings')[copyIndex()].allowGatewayTransit), createObject('value', false()))]", + "allowVirtualNetworkAccess": "[if(contains(parameters('peerings')[copyIndex()], 'allowVirtualNetworkAccess'), createObject('value', parameters('peerings')[copyIndex()].allowVirtualNetworkAccess), createObject('value', true()))]", + "doNotVerifyRemoteGateways": "[if(contains(parameters('peerings')[copyIndex()], 'doNotVerifyRemoteGateways'), createObject('value', parameters('peerings')[copyIndex()].doNotVerifyRemoteGateways), createObject('value', true()))]", + "useRemoteGateways": "[if(contains(parameters('peerings')[copyIndex()], 'useRemoteGateways'), createObject('value', parameters('peerings')[copyIndex()].useRemoteGateways), createObject('value', false()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]", + "metadata": { + "description": "Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName." + } + }, + "localVnetName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment." + } + }, + "remoteVirtualNetworkId": { + "type": "string", + "metadata": { + "description": "Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID." + } + }, + "allowForwardedTraffic": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true." + } + }, + "allowGatewayTransit": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false." + } + }, + "allowVirtualNetworkAccess": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true." + } + }, + "doNotVerifyRemoteGateways": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If we need to verify the provisioning state of the remote gateway. Default is true." + } + }, + "useRemoteGateways": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('localVnetName'), parameters('name'))]", + "properties": { + "allowForwardedTraffic": "[parameters('allowForwardedTraffic')]", + "allowGatewayTransit": "[parameters('allowGatewayTransit')]", + "allowVirtualNetworkAccess": "[parameters('allowVirtualNetworkAccess')]", + "doNotVerifyRemoteGateways": "[parameters('doNotVerifyRemoteGateways')]", + "useRemoteGateways": "[parameters('useRemoteGateways')]", + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkId')]" + } + } + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network peering was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network peering." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network peering." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', parameters('localVnetName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + }, + { + "copy": { + "name": "virtualNetwork_peering_remote", + "count": "[length(parameters('peerings'))]" + }, + "condition": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringEnabled'), equals(parameters('peerings')[copyIndex()].remotePeeringEnabled, true()), false())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(parameters('peerings')[copyIndex()].remoteVirtualNetworkId, '/')[2]]", + "resourceGroup": "[split(parameters('peerings')[copyIndex()].remoteVirtualNetworkId, '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "localVnetName": { + "value": "[last(split(parameters('peerings')[copyIndex()].remoteVirtualNetworkId, '/'))]" + }, + "remoteVirtualNetworkId": { + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "name": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringName'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringName), createObject('value', format('{0}-{1}', last(split(parameters('peerings')[copyIndex()].remoteVirtualNetworkId, '/')), parameters('name'))))]", + "allowForwardedTraffic": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringAllowForwardedTraffic'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringAllowForwardedTraffic), createObject('value', true()))]", + "allowGatewayTransit": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringAllowGatewayTransit'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringAllowGatewayTransit), createObject('value', false()))]", + "allowVirtualNetworkAccess": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringAllowVirtualNetworkAccess'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringAllowVirtualNetworkAccess), createObject('value', true()))]", + "doNotVerifyRemoteGateways": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringDoNotVerifyRemoteGateways'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringDoNotVerifyRemoteGateways), createObject('value', true()))]", + "useRemoteGateways": "[if(contains(parameters('peerings')[copyIndex()], 'remotePeeringUseRemoteGateways'), createObject('value', parameters('peerings')[copyIndex()].remotePeeringUseRemoteGateways), createObject('value', false()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]", + "metadata": { + "description": "Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName." + } + }, + "localVnetName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment." + } + }, + "remoteVirtualNetworkId": { + "type": "string", + "metadata": { + "description": "Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID." + } + }, + "allowForwardedTraffic": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true." + } + }, + "allowGatewayTransit": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false." + } + }, + "allowVirtualNetworkAccess": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true." + } + }, + "doNotVerifyRemoteGateways": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If we need to verify the provisioning state of the remote gateway. Default is true." + } + }, + "useRemoteGateways": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('localVnetName'), parameters('name'))]", + "properties": { + "allowForwardedTraffic": "[parameters('allowForwardedTraffic')]", + "allowGatewayTransit": "[parameters('allowGatewayTransit')]", + "allowVirtualNetworkAccess": "[parameters('allowVirtualNetworkAccess')]", + "doNotVerifyRemoteGateways": "[parameters('doNotVerifyRemoteGateways')]", + "useRemoteGateways": "[parameters('useRemoteGateways')]", + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkId')]" + } + } + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network peering was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network peering." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network peering." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks/virtualNetworkPeerings', parameters('localVnetName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + }, + { + "copy": { + "name": "virtualNetwork_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VNet-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17072359188298457640" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/virtualNetworks', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the virtual network was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the virtual network." + }, + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the virtual network." + }, + "value": "[parameters('name')]" + }, + "subnetNames": { + "type": "array", + "metadata": { + "description": "The names of the deployed subnets." + }, + "copy": { + "count": "[length(parameters('subnets'))]", + "input": "[parameters('subnets')[copyIndex()].name]" + } + }, + "subnetResourceIds": { + "type": "array", + "metadata": { + "description": "The resource IDs of the deployed subnets." + }, + "copy": { + "count": "[length(parameters('subnets'))]", + "input": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('name'), parameters('subnets')[copyIndex()].name)]" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2022-07-01', 'full').location]" + }, + "diagnosticsLogs": { + "type": "array", + "metadata": { + "description": "The Diagnostic Settings of the virtual network." + }, + "value": "[variables('diagnosticsLogs')]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.file.core.windows.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.azure.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.file.core.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[not(parameters('deployFirewallInHubVirtualNetwork'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-vNet-{0}', parameters('time'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": "[if(parameters('createVnet'), createObject('value', parameters('vnetName')), createObject('value', variables('varExistingAvdVnetName')))]", + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "addressPrefixes": "[if(parameters('createVnet'), createObject('value', array(parameters('vnetAddressPrefixes'))), createObject('value', array(parameters('existingAvdVnetAddressPrefixes'))))]", + "peerings": "[if(parameters('createVnet'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('firewallVnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', true(), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('firewallRemoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', true(), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17281867178107781537" } }, "parameters": { @@ -11279,8 +13012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12913964363513527115" + "version": "0.23.1.45101", + "templateHash": "17626849906838193825" } }, "parameters": { @@ -11472,8 +13205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1508597549221173835" + "version": "0.23.1.45101", + "templateHash": "12693477980850797625" } }, "parameters": { @@ -11695,8 +13428,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -11861,8 +13594,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12896423701864490964" + "version": "0.23.1.45101", + "templateHash": "8715756746446460444" } }, "parameters": { @@ -12022,8 +13755,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7449417204208520653" + "version": "0.23.1.45101", + "templateHash": "17072359188298457640" } }, "parameters": { @@ -12224,373 +13957,15 @@ } } } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.windows.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.azure.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9421903776734870810" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] + } }, { "condition": "[parameters('deployFirewall')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", - "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -12610,8 +13985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4407823163253500708" + "version": "0.23.1.45101", + "templateHash": "8678866256111316638" } }, "parameters": { @@ -12900,8 +14275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2968908276504673942" + "version": "0.23.1.45101", + "templateHash": "3809923323773825116" } }, "parameters": { @@ -13031,8 +14406,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-Rcg-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", - "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13244,8 +14619,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2968908276504673942" + "version": "0.23.1.45101", + "templateHash": "3809923323773825116" } }, "parameters": { @@ -13333,7 +14708,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]" ] }, { @@ -13341,8 +14716,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Policy-Rcg-Optional-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", - "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13564,8 +14939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2968908276504673942" + "version": "0.23.1.45101", + "templateHash": "3809923323773825116" } }, "parameters": { @@ -13653,7 +15028,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-{0}', parameters('time')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-{0}', parameters('time')))]" ] }, { @@ -13661,8 +15036,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Subnet-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", - "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13676,7 +15051,7 @@ "value": "AzureFirewallSubnet" }, "virtualNetworkName": { - "value": "[variables('varExistingHubVnetName')]" + "value": "[variables('varFirewallVnetName')]" } }, "template": { @@ -13685,8 +15060,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4385347612687619252" + "version": "0.23.1.45101", + "templateHash": "17626849906838193825" } }, "parameters": { @@ -13878,8 +15253,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15642916335871461785" + "version": "0.23.1.45101", + "templateHash": "12693477980850797625" } }, "parameters": { @@ -14067,8 +15442,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varExistingHubSubId'))]", - "resourceGroup": "[format('{0}', variables('varExistingHubSubRgName'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -14079,10 +15454,10 @@ "value": "[parameters('firewallName')]" }, "vNetId": { - "value": "[parameters('existingHubVnetResourceId')]" + "value": "[parameters('firewallVnetResourceId')]" }, "firewallPolicyId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value]" } }, "template": { @@ -14091,8 +15466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2960346647454834982" + "version": "0.23.1.45101", + "templateHash": "13898684255357952418" } }, "parameters": { @@ -14489,8 +15864,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1998504441889364515" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -14805,8 +16180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -15023,8 +16398,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4956524931122744714" + "version": "0.23.1.45101", + "templateHash": "16022215935591204400" } }, "parameters": { @@ -15235,9 +16610,359 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varExistingHubSubId')), format('{0}', variables('varExistingHubSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createVnet'), parameters('deployFirewall'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-Fw-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'default', 'properties', createObject('addressPrefix', '0.0.0.0/0', 'nextHopIpAddress', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time'))), '2022-09-01').outputs.privateIp.value, 'nextHopType', 'VirtualAppliance')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "routes": "[parameters('routes')]", + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + ] + }, + { + "copy": { + "name": "routeTable_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-RouteTable-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/routeTables/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/routeTables', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the route table was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the route table." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the route table." + }, + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time')))]" ] } ], @@ -15356,8 +17081,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13709403264411118702" + "version": "0.23.1.45101", + "templateHash": "7326746777556089250" } }, "parameters": { @@ -15635,8 +17360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14753481159691076868" + "version": "0.23.1.45101", + "templateHash": "9101196936359798595" } }, "parameters": { @@ -16027,8 +17752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2314964423044495570" + "version": "0.23.1.45101", + "templateHash": "11881426718765556693" } }, "parameters": { @@ -16245,8 +17970,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "782391975946165786" + "version": "0.23.1.45101", + "templateHash": "8289764189113901043" } }, "parameters": { @@ -16498,8 +18223,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7203259033747042619" + "version": "0.23.1.45101", + "templateHash": "6540019795245021334" } }, "parameters": { @@ -16676,8 +18401,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1752140700494840741" + "version": "0.23.1.45101", + "templateHash": "17185902162980736485" } }, "parameters": { @@ -16883,8 +18608,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "324317554219687604" + "version": "0.23.1.45101", + "templateHash": "18193795661906928784" } }, "parameters": { @@ -17112,8 +18837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6421047844253253523" + "version": "0.23.1.45101", + "templateHash": "18390062164382385549" } }, "parameters": { @@ -17333,8 +19058,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17010593045994332917" + "version": "0.23.1.45101", + "templateHash": "6877120515836824501" } }, "parameters": { @@ -17601,8 +19326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12892308842611713996" + "version": "0.23.1.45101", + "templateHash": "9763204850902124901" } }, "parameters": { @@ -17830,8 +19555,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15372026578985083473" + "version": "0.23.1.45101", + "templateHash": "12068153438455870485" } }, "parameters": { @@ -17991,8 +19716,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -18114,8 +19839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -18308,8 +20033,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -18888,8 +20613,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -19466,8 +21191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -20049,8 +21774,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -20629,8 +22354,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -21209,8 +22934,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -21840,8 +23565,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3496664578163970555" + "version": "0.23.1.45101", + "templateHash": "10865746163538598377" } }, "parameters": { @@ -22007,8 +23732,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -22196,8 +23921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -22466,8 +24191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -22560,8 +24285,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -22830,8 +24555,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { @@ -22900,8 +24625,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -23484,8 +25209,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -24065,8 +25790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "15136491551081535379" + "version": "0.23.1.45101", + "templateHash": "17115660817704860359" } }, "parameters": { @@ -24188,8 +25913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8490200634198428200" + "version": "0.23.1.45101", + "templateHash": "14736459587384734965" } }, "parameters": { @@ -24379,8 +26104,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10569201387143117913" + "version": "0.23.1.45101", + "templateHash": "9545798095452579480" } }, "parameters": { @@ -24989,8 +26714,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17450213271810432516" + "version": "0.23.1.45101", + "templateHash": "9816348956723829998" } }, "parameters": { @@ -25130,8 +26855,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -25500,8 +27225,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -25632,8 +27357,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -25769,8 +27494,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -25964,8 +27689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -26147,8 +27872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -26350,8 +28075,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -26547,8 +28272,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -26682,8 +28407,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -26896,8 +28621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -27127,8 +28852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -27310,8 +29035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -27513,8 +29238,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9857842888967195839" + "version": "0.23.1.45101", + "templateHash": "7373774482178055452" } }, "parameters": { @@ -27724,8 +29449,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2377303483140510674" + "version": "0.23.1.45101", + "templateHash": "13893883968059192139" } }, "parameters": { @@ -27800,8 +29525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1764649882380429233" + "version": "0.23.1.45101", + "templateHash": "2571756615431841166" } }, "parameters": { @@ -27872,8 +29597,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -28003,8 +29728,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "205693325076049461" + "version": "0.23.1.45101", + "templateHash": "14656496075889817854" } }, "parameters": { @@ -28271,8 +29996,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10530929595373885258" + "version": "0.23.1.45101", + "templateHash": "10047657056248810406" } }, "parameters": { @@ -28641,8 +30366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6036891804343016093" + "version": "0.23.1.45101", + "templateHash": "15723327996763594758" } }, "parameters": { @@ -28773,8 +30498,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8593614529812859648" + "version": "0.23.1.45101", + "templateHash": "11763882678288104884" } }, "parameters": { @@ -28910,8 +30635,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7411396567157179257" + "version": "0.23.1.45101", + "templateHash": "6055979105496084751" } }, "parameters": { @@ -29105,8 +30830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1124355010779190486" + "version": "0.23.1.45101", + "templateHash": "4039932653764259703" } }, "parameters": { @@ -29288,8 +31013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7260777690340402293" + "version": "0.23.1.45101", + "templateHash": "16592614389473690770" } }, "parameters": { @@ -29491,8 +31216,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -29688,8 +31413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -29823,8 +31548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -30037,8 +31762,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2925986724999389514" + "version": "0.23.1.45101", + "templateHash": "6864497713956009622" } }, "parameters": { @@ -30289,8 +32014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7384659277214029075" + "version": "0.23.1.45101", + "templateHash": "16306650625703107232" } }, "parameters": { @@ -30570,8 +32295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -31406,8 +33131,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -31561,8 +33286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -31877,8 +33602,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -32129,8 +33854,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -32414,8 +34139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -32633,8 +34358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -32839,8 +34564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -33040,8 +34765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -33246,8 +34971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -33442,8 +35167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -33638,8 +35363,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -33838,8 +35563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -34046,8 +35771,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -34247,8 +35972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -34451,8 +36176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -34617,8 +36342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -34897,8 +36622,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2896530815646551587" + "version": "0.23.1.45101", + "templateHash": "15066392544574504888" } }, "parameters": { @@ -35094,7 +36819,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, @@ -35127,7 +36852,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -35163,8 +36888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { @@ -35711,8 +37436,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -35906,8 +37631,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -36103,8 +37828,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -36238,8 +37963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -36445,8 +38170,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { @@ -36569,8 +38294,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { @@ -36727,8 +38452,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { @@ -36948,8 +38673,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { @@ -37062,8 +38787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { @@ -37190,8 +38915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -37428,8 +39153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { @@ -37652,8 +39377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { @@ -37781,8 +39506,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -38020,8 +39745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { @@ -38217,8 +39942,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { @@ -38314,8 +40039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -38550,8 +40275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { @@ -38741,8 +40466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { @@ -38934,8 +40659,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16133335500075476844" + "version": "0.23.1.45101", + "templateHash": "16297322434069639917" } }, "parameters": { @@ -39105,8 +40830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2896530815646551587" + "version": "0.23.1.45101", + "templateHash": "15066392544574504888" } }, "parameters": { @@ -39302,7 +41027,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", "varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]", "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]" }, @@ -39335,7 +41060,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -39371,8 +41096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5115421894814797429" + "version": "0.23.1.45101", + "templateHash": "14398504551168498076" } }, "parameters": { @@ -39919,8 +41644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14509829261817545327" + "version": "0.23.1.45101", + "templateHash": "2942587223985886651" } }, "parameters": { @@ -40114,8 +41839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7311288048246157848" + "version": "0.23.1.45101", + "templateHash": "5300610667995634254" } }, "parameters": { @@ -40311,8 +42036,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12718574346799900200" + "version": "0.23.1.45101", + "templateHash": "4621144128017741284" } }, "parameters": { @@ -40446,8 +42171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "12287935360262920219" + "version": "0.23.1.45101", + "templateHash": "7828421530828782575" } }, "parameters": { @@ -40653,8 +42378,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "6611019192370176160" + "version": "0.23.1.45101", + "templateHash": "1348117273486411306" } }, "parameters": { @@ -40777,8 +42502,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "887985521850583920" + "version": "0.23.1.45101", + "templateHash": "11852166519395262106" } }, "parameters": { @@ -40935,8 +42660,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10541476086832691043" + "version": "0.23.1.45101", + "templateHash": "16250297962913546641" } }, "parameters": { @@ -41156,8 +42881,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4711998299496378361" + "version": "0.23.1.45101", + "templateHash": "4382308215526481443" } }, "parameters": { @@ -41270,8 +42995,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9600027410745431357" + "version": "0.23.1.45101", + "templateHash": "9652540868161281860" } }, "parameters": { @@ -41398,8 +43123,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2765385875040083757" + "version": "0.23.1.45101", + "templateHash": "1186095586884481044" } }, "parameters": { @@ -41636,8 +43361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "1150612779421396008" + "version": "0.23.1.45101", + "templateHash": "13780602292868075803" } }, "parameters": { @@ -41860,8 +43585,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17475626136384362732" + "version": "0.23.1.45101", + "templateHash": "3594065565754312854" } }, "parameters": { @@ -41989,8 +43714,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "398511802813701603" + "version": "0.23.1.45101", + "templateHash": "8261337544383310328" } }, "parameters": { @@ -42228,8 +43953,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8639862570197941224" + "version": "0.23.1.45101", + "templateHash": "12165290990779845298" } }, "parameters": { @@ -42425,8 +44150,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "8626996903060982853" + "version": "0.23.1.45101", + "templateHash": "9089725752901472518" } }, "parameters": { @@ -42522,8 +44247,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "7868704077465009471" + "version": "0.23.1.45101", + "templateHash": "1979270992674854961" } }, "parameters": { @@ -42758,8 +44483,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "2885217159765875903" + "version": "0.23.1.45101", + "templateHash": "1526593365088296650" } }, "parameters": { @@ -42949,8 +44674,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10506944460358814800" + "version": "0.23.1.45101", + "templateHash": "168390130983077015" } }, "parameters": { @@ -43142,8 +44867,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "16133335500075476844" + "version": "0.23.1.45101", + "templateHash": "16297322434069639917" } }, "parameters": { @@ -43258,8 +44983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "14889137037653853520" + "version": "0.23.1.45101", + "templateHash": "1483242996907610497" } }, "parameters": { @@ -43337,8 +45062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "11940163391569342138" + "version": "0.23.1.45101", + "templateHash": "9592547259644072861" } }, "parameters": { @@ -43495,8 +45220,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10835079600690809858" + "version": "0.23.1.45101", + "templateHash": "5076096840451227372" } }, "parameters": { @@ -43806,8 +45531,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2996410650525322037" + "version": "0.23.1.45101", + "templateHash": "14086253950155708433" } }, "parameters": { @@ -44197,8 +45922,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "547922033158170612" + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" } }, "parameters": { @@ -45033,8 +46758,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "10525586211840772754" + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" } }, "parameters": { @@ -45188,8 +46913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3109828817825228978" + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" } }, "parameters": { @@ -45504,8 +47229,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "9526391067242259796" + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" } }, "parameters": { @@ -45756,8 +47481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "4280335810449335065" + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" } }, "parameters": { @@ -46041,8 +47766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "934300040337690336" + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" } }, "parameters": { @@ -46260,8 +47985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -46466,8 +48191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -46667,8 +48392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -46873,8 +48598,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -47069,8 +48794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -47265,8 +48990,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -47465,8 +49190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -47673,8 +49398,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -47874,8 +49599,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -48078,8 +49803,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "542004733048752795" + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" } }, "parameters": { @@ -48244,8 +49969,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5545265229641785727" + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" } }, "parameters": { @@ -48484,8 +50209,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -48704,8 +50429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "3345220041904522099" + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" } }, "parameters": { @@ -48919,8 +50644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12985795676096332650" + "version": "0.23.1.45101", + "templateHash": "16467384531279284955" } }, "parameters": { @@ -49091,8 +50816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "231872691044961836" + "version": "0.23.1.45101", + "templateHash": "2295716801014819460" } }, "parameters": { @@ -49184,8 +50909,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "5657647834665443119" + "version": "0.23.1.45101", + "templateHash": "5643654873197907708" } }, "parameters": { @@ -49359,8 +51084,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "17165573628970783202" + "version": "0.23.1.45101", + "templateHash": "16982263610748880634" } }, "parameters": { @@ -49628,8 +51353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.17.1.54307", - "templateHash": "13416191842446717007" + "version": "0.23.1.45101", + "templateHash": "13135776147734170244" } }, "parameters": { diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index bdc50977d..8768bc72c 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -920,7 +920,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros } // Azure Firewall subnet -module hubVirtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) { +module virtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Subnet-${time}' params: { @@ -936,12 +936,12 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d name: 'Fw-${time}' params: { name: firewallName - vNetId: existingHubVnetResourceId + vNetId: firewallVnetResourceId firewallPolicyId: firewallPolicy.outputs.resourceId } dependsOn: [ firewallPolicyOptionalRuleCollectionGroup - hubVirtualNetworkAzureFirewallSubnet + virtualNetworkAzureFirewallSubnet ] } From 38e6c9da6f24ba60f173d8057c861f2ed1a1db58 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 23:11:42 +0900 Subject: [PATCH 078/117] update bicep --- workload/bicep/modules/networking/deploy.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 8768bc72c..fbfe834b4 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -936,6 +936,7 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d name: 'Fw-${time}' params: { name: firewallName + zones: [] vNetId: firewallVnetResourceId firewallPolicyId: firewallPolicy.outputs.resourceId } From 0d8571b8e1ffbea56337ca5bbc94dec345deb43c Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 23:26:14 +0900 Subject: [PATCH 079/117] update bicep --- .../Microsoft.Network/azureFirewalls/deploy.bicep | 11 ++++++----- workload/bicep/modules/networking/deploy.bicep | 1 - 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep b/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep index 7281725d3..fe1057d39 100644 --- a/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/carml/1.3.0/Microsoft.Network/azureFirewalls/deploy.bicep @@ -50,11 +50,12 @@ param virtualHubId string = '' param threatIntelMode string = 'Deny' @description('Optional. Zone numbers e.g. 1,2,3.') -param zones array = [ - '1' - '2' - '3' -] +param zones array = [] +// param zones array = [ +// '1' +// '2' +// '3' +// ] @description('Optional. Diagnostic Storage Account resource identifier.') param diagnosticStorageAccountId string = '' diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index fbfe834b4..8768bc72c 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -936,7 +936,6 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d name: 'Fw-${time}' params: { name: firewallName - zones: [] vNetId: firewallVnetResourceId firewallPolicyId: firewallPolicy.outputs.resourceId } From 0eb9e4b1dced35cc2c1dcbdce856fc21d014de35 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 13 Nov 2023 23:38:25 +0900 Subject: [PATCH 080/117] update bicep --- workload/arm/deploy-baseline.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 46ee9220d..ef856778f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "1728772615600776975" + "templateHash": "14675817864886083077" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8111,7 +8111,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "15613686645614990169" + "templateHash": "7522148216674431877" } }, "parameters": { @@ -15467,7 +15467,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "13898684255357952418" + "templateHash": "13441509441096819021" } }, "parameters": { @@ -15579,11 +15579,7 @@ }, "zones": { "type": "array", - "defaultValue": [ - "1", - "2", - "3" - ], + "defaultValue": [], "metadata": { "description": "Optional. Zone numbers e.g. 1,2,3." } From 2d65f239172bc01bf3fa776f548d1c63e321bf44 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Tue, 14 Nov 2023 00:21:57 +0900 Subject: [PATCH 081/117] update bicep --- workload/arm/deploy-baseline.json | 354 +----------------- .../bicep/modules/networking/deploy.bicep | 44 +-- 2 files changed, 24 insertions(+), 374 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index ef856778f..b13befe1e 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "14675817864886083077" + "templateHash": "1980367732467048409" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8111,7 +8111,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "7522148216674431877" + "templateHash": "3996755604597070002" } }, "parameters": { @@ -16610,356 +16610,6 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" ] - }, - { - "condition": "[and(parameters('createVnet'), parameters('deployFirewall'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Route-Table-AVD-Fw-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('avdRouteTableName')]" - }, - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'default', 'properties', createObject('addressPrefix', '0.0.0.0/0', 'nextHopIpAddress', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time'))), '2022-09-01').outputs.privateIp.value, 'nextHopType', 'VirtualAppliance')))), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name given for the hub route table." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "routes": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of Routes to be established within the hub route table." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to disable BGP route propagation." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "routes": "[parameters('routes')]", - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" - } - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - ] - }, - { - "copy": { - "name": "routeTable_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-RouteTable-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/routeTables/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/routeTables', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the route table was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the route table." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the route table." - }, - "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2022-07-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time')))]" - ] } ], "outputs": { diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 8768bc72c..32b925933 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -946,28 +946,28 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d } // AVD route table for Firewall -module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployFirewall) { - scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') - name: 'Route-Table-AVD-Fw-${time}' - params: { - name: avdRouteTableName - location: sessionHostLocation - tags: tags - routes: varCreateAvdStaicRoute ? [ - { - name: 'default' - properties: { - addressPrefix: '0.0.0.0/0' - nextHopIpAddress: azureFirewall.outputs.privateIp - nextHopType: 'VirtualAppliance' - } - } - ] : [] - } - dependsOn: [ - azureFirewall - ] -} +// module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployFirewall) { +// scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') +// name: 'Route-Table-AVD-Fw-${time}' +// params: { +// name: avdRouteTableName +// location: sessionHostLocation +// tags: tags +// routes: varCreateAvdStaicRoute ? [ +// { +// name: 'default' +// properties: { +// addressPrefix: '0.0.0.0/0' +// nextHopIpAddress: azureFirewall.outputs.privateIp +// nextHopType: 'VirtualAppliance' +// } +// } +// ] : [] +// } +// dependsOn: [ +// azureFirewall +// ] +// } // =========== // // Outputs // From e3ac1339efadbb9dcd82c6b8c0541dfb05d1982e Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Tue, 14 Nov 2023 14:58:22 +0900 Subject: [PATCH 082/117] update bicep --- workload/arm/deploy-baseline.json | 354 +++++++++++++++++- .../bicep/modules/networking/deploy.bicep | 44 +-- 2 files changed, 374 insertions(+), 24 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 43427725f..5aa18164d 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "18150029523121872439" + "templateHash": "779543941352442851" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "3996755604597070002" + "templateHash": "7522148216674431877" } }, "parameters": { @@ -16609,6 +16609,356 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Policy-Rcg-Optional-{0}', parameters('time')))]", "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-Subnet-{0}', parameters('time')))]" ] + }, + { + "condition": "[and(parameters('createVnet'), parameters('deployFirewall'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-Fw-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'default', 'properties', createObject('addressPrefix', '0.0.0.0/0', 'nextHopIpAddress', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time'))), '2022-09-01').outputs.privateIp.value, 'nextHopType', 'VirtualAppliance')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "11111904184589082982" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "routes": "[parameters('routes')]", + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/routeTables/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + ] + }, + { + "copy": { + "name": "routeTable_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-RouteTable-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "1512519384923161590" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/routeTables/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/routeTables', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the route table was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the route table." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the route table." + }, + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/routeTables', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Resources/deployments', format('Fw-{0}', parameters('time')))]" + ] } ], "outputs": { diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 32b925933..8768bc72c 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -946,28 +946,28 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d } // AVD route table for Firewall -// module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployFirewall) { -// scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') -// name: 'Route-Table-AVD-Fw-${time}' -// params: { -// name: avdRouteTableName -// location: sessionHostLocation -// tags: tags -// routes: varCreateAvdStaicRoute ? [ -// { -// name: 'default' -// properties: { -// addressPrefix: '0.0.0.0/0' -// nextHopIpAddress: azureFirewall.outputs.privateIp -// nextHopType: 'VirtualAppliance' -// } -// } -// ] : [] -// } -// dependsOn: [ -// azureFirewall -// ] -// } +module routeTableAvdforFirewall '../../../../carml/1.3.0/Microsoft.Network/routeTables/deploy.bicep' = if (createVnet && deployFirewall) { + scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') + name: 'Route-Table-AVD-Fw-${time}' + params: { + name: avdRouteTableName + location: sessionHostLocation + tags: tags + routes: varCreateAvdStaicRoute ? [ + { + name: 'default' + properties: { + addressPrefix: '0.0.0.0/0' + nextHopIpAddress: azureFirewall.outputs.privateIp + nextHopType: 'VirtualAppliance' + } + } + ] : [] + } + dependsOn: [ + azureFirewall + ] +} // =========== // // Outputs // From 361141bfe826d2393862ad4de3e739c79e52c2ff Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Fri, 17 Nov 2023 13:22:24 +0900 Subject: [PATCH 083/117] update bicep --- workload/arm/deploy-baseline.json | 80 ++++++++++++++++++- .../bicep/modules/networking/deploy.bicep | 78 ++++++++++++++++++ 2 files changed, 156 insertions(+), 2 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 5aa18164d..3578589ed 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "779543941352442851" + "templateHash": "2778860648847566569" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "7522148216674431877" + "templateHash": "2983649306522981053" } }, "parameters": { @@ -14798,6 +14798,82 @@ "destinationPorts": [ "443" ] + }, + { + "ruleType": "NetworkRule", + "name": "AzureInstanceMetadataServiceEndpoint", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "169.254.169.254" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "80" + ] + }, + { + "ruleType": "NetworkRule", + "name": "SessionHostHealthMonitoring", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "168.63.129.16" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "80" + ] + }, + { + "ruleType": "NetworkRule", + "name": "AgentTraffic", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "gcs.prod.monitoring.core.windows.net" + ], + "destinationPorts": [ + "443" + ] + }, + { + "ruleType": "NetworkRule", + "name": "AzureFileStorage", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "file.core.windows.net" + ], + "destinationPorts": [ + "443" + ] } ] }, diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 8768bc72c..ed8ded9e8 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -508,6 +508,8 @@ module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicie } // Firewall policy rule collection group +// https://learn.microsoft.com/azure/firewall/protect-azure-virtual-desktop +// https://learn.microsoft.com/azure/virtual-desktop/safe-url-list module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Policy-Rcg-${time}' @@ -782,6 +784,82 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros '443' ] } + { + ruleType: 'NetworkRule' + name: 'AzureInstanceMetadataServiceEndpoint' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + '169.254.169.254' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '80' + ] + } + { + ruleType: 'NetworkRule' + name: 'SessionHostHealthMonitoring' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [ + '168.63.129.16' + ] + destinationIpGroups: [] + destinationFqdns: [] + destinationPorts: [ + '80' + ] + } + { + ruleType: 'NetworkRule' + name: 'AgentTraffic' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'gcs.prod.monitoring.core.windows.net' + ] + destinationPorts: [ + '443' + ] + } + { + ruleType: 'NetworkRule' + name: 'AzureFileStorage' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'file.core.windows.net' + ] + destinationPorts: [ + '443' + ] + } ] } { From 6dc9643cfcd18bfb8c70f387ec137802d128b137 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Fri, 17 Nov 2023 14:51:21 +0900 Subject: [PATCH 084/117] update bicep --- workload/arm/deploy-baseline.json | 24 +++++++++++++++++-- .../bicep/modules/networking/deploy.bicep | 20 ++++++++++++++++ 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 3578589ed..1037afc9f 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "2778860648847566569" + "templateHash": "13094907018285523315" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "2983649306522981053" + "templateHash": "6455745274277470494" } }, "parameters": { @@ -14856,6 +14856,26 @@ "443" ] }, + { + "ruleType": "NetworkRule", + "name": "GitHub", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "sourceIpGroups": [], + "destinationAddresses": [], + "destinationIpGroups": [], + "destinationFqdns": [ + "github.com", + "raw.githubusercontent.com" + ], + "destinationPorts": [ + "443" + ] + }, { "ruleType": "NetworkRule", "name": "AzureFileStorage", diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index ed8ded9e8..a7115961c 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -841,6 +841,26 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros '443' ] } + { + ruleType: 'NetworkRule' + name: 'GitHub' + ipProtocols: [ + 'TCP' + ] + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + sourceIpGroups: [] + destinationAddresses: [] + destinationIpGroups: [] + destinationFqdns: [ + 'github.com' + 'raw.githubusercontent.com' + ] + destinationPorts: [ + '443' + ] + } { ruleType: 'NetworkRule' name: 'AzureFileStorage' From 7d03dc8ac41754f8f068197c53477650cd92aead Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Sun, 10 Dec 2023 23:43:05 +0900 Subject: [PATCH 085/117] update bicep --- workload/arm/deploy-baseline.json | 77 ++++++++++++++++--- .../bicep/modules/networking/deploy.bicep | 73 +++++++++++++++--- 2 files changed, 128 insertions(+), 22 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 1037afc9f..96c8dd781 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "13094907018285523315" + "templateHash": "3684202385086406686" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "6455745274277470494" + "templateHash": "7212900989514738341" } }, "parameters": { @@ -14420,13 +14420,13 @@ "value": "[parameters('firewallPolicyName')]" }, "priority": { - "value": 100 + "value": 1000 }, "ruleCollections": { "value": [ { "name": "[parameters('firewallPolicyNetworkRuleCollectionName')]", - "priority": 100, + "priority": 1100, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" @@ -14730,13 +14730,13 @@ "value": "[parameters('firewallPolicyName')]" }, "priority": { - "value": 200 + "value": 2000 }, "ruleCollections": { "value": [ { "name": "[parameters('firewallPolicyOptionalNetworkRuleCollectionName')]", - "priority": 100, + "priority": 2100, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" @@ -14878,7 +14878,7 @@ }, { "ruleType": "NetworkRule", - "name": "AzureFileStorage", + "name": "AzureStorage", "ipProtocols": [ "TCP" ], @@ -14886,11 +14886,11 @@ "[parameters('vnetAvdSubnetAddressPrefix')]" ], "sourceIpGroups": [], - "destinationAddresses": [], - "destinationIpGroups": [], - "destinationFqdns": [ - "file.core.windows.net" + "destinationAddresses": [ + "Storage" ], + "destinationIpGroups": [], + "destinationFqdns": [], "destinationPorts": [ "443" ] @@ -14899,7 +14899,7 @@ }, { "name": "[parameters('firewallPolicyOptionalApplicationRuleCollectionName')]", - "priority": 200, + "priority": 2200, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" @@ -15022,6 +15022,59 @@ "destinationAddresses": [], "sourceIpGroups": [], "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "PowerShellGallery", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "go.microsoft.com", + "onegetcdn.azureedge.net" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] + }, + { + "ruleType": "ApplicationRule", + "name": "AzurePowerShell", + "protocols": [ + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "webCategories": [], + "targetFqdns": [ + "login.microsoftonline.com", + "login.live.com", + "management.azure.com", + "directory.services.live.com", + "management.core.windows.net", + "provisioningapi.microsoftonline.com", + "graph.windows.net" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "[parameters('vnetAvdSubnetAddressPrefix')]" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "httpHeadersToInsert": [] } ] } diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index a7115961c..a449b8fbc 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -516,11 +516,11 @@ module firewallPolicyRuleCollectionGroup '../../../../carml/1.3.0/Microsoft.Netw params: { name: firewallPolicyRuleCollectionGroupName firewallPolicyName: firewallPolicyName - priority: 100 + priority: 1000 ruleCollections: [ { name: firewallPolicyNetworkRuleCollectionName - priority: 100 + priority: 1100 ruleCollectionType: 'FirewallPolicyFilterRuleCollection' action: { type: 'Allow' @@ -717,11 +717,11 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros params: { name: firewallPolicyOptionalRuleCollectionGroupName firewallPolicyName: firewallPolicyName - priority: 200 + priority: 2000 ruleCollections: [ { name: firewallPolicyOptionalNetworkRuleCollectionName - priority: 100 + priority: 2100 ruleCollectionType: 'FirewallPolicyFilterRuleCollection' action: { type: 'Allow' @@ -863,7 +863,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros } { ruleType: 'NetworkRule' - name: 'AzureFileStorage' + name: 'AzureStorage' ipProtocols: [ 'TCP' ] @@ -871,11 +871,11 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros vnetAvdSubnetAddressPrefix ] sourceIpGroups: [] - destinationAddresses: [] - destinationIpGroups: [] - destinationFqdns: [ - 'file.core.windows.net' + destinationAddresses: [ + 'Storage' ] + destinationIpGroups: [] + destinationFqdns: [] destinationPorts: [ '443' ] @@ -884,7 +884,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros } { name: firewallPolicyOptionalApplicationRuleCollectionName - priority: 200 + priority: 2200 ruleCollectionType: 'FirewallPolicyFilterRuleCollection' action: { type: 'Allow' @@ -1008,6 +1008,59 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros sourceIpGroups: [] httpHeadersToInsert: [] } + { + ruleType: 'ApplicationRule' + name: 'PowerShellGallery' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + 'go.microsoft.com' + 'onegetcdn.azureedge.net' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } + { + ruleType: 'ApplicationRule' + name: 'AzurePowerShell' + protocols: [ + { + protocolType: 'Https' + port: 443 + } + ] + fqdnTags: [] + webCategories: [] + targetFqdns: [ + 'login.microsoftonline.com' + 'login.live.com' + 'management.azure.com' + 'directory.services.live.com' + 'management.core.windows.net' + 'provisioningapi.microsoftonline.com' + 'graph.windows.net' + ] + targetUrls: [] + terminateTLS: false + sourceAddresses: [ + vnetAvdSubnetAddressPrefix + ] + destinationAddresses: [] + sourceIpGroups: [] + httpHeadersToInsert: [] + } ] } ] From 616381a1c4118856e577ee478dd10ff6a41d07c2 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 01:46:17 +0900 Subject: [PATCH 086/117] update bicep --- workload/arm/deploy-baseline.json | 7 ++++--- workload/bicep/modules/networking/deploy.bicep | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 96c8dd781..7e1750c90 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "3684202385086406686" + "templateHash": "11894936974634827666" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "7212900989514738341" + "templateHash": "2431612964863944033" } }, "parameters": { @@ -15065,7 +15065,8 @@ "directory.services.live.com", "management.core.windows.net", "provisioningapi.microsoftonline.com", - "graph.windows.net" + "graph.windows.net", + "query.prod.cms.rt.microsoft.com" ], "targetUrls": [], "terminateTLS": false, diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index a449b8fbc..dfac27897 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -1051,6 +1051,7 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros 'management.core.windows.net' 'provisioningapi.microsoftonline.com' 'graph.windows.net' + 'query.prod.cms.rt.microsoft.com' ] targetUrls: [] terminateTLS: false From e4110a9b7a02fd4c5100654d6ac53e31445a51f0 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 10:53:36 +0900 Subject: [PATCH 087/117] update bicep --- workload/arm/deploy-baseline.json | 14 ++++++++++++-- workload/bicep/modules/networking/deploy.bicep | 4 ++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 7e1750c90..0aa16613a 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "11894936974634827666" + "templateHash": "3391049251614086580" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "2431612964863944033" + "templateHash": "11136799972914430537" } }, "parameters": { @@ -8235,6 +8235,13 @@ "description": "Create firewall and firewall Policy to hub virtual network." } }, + "firewallLocation": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "Location where to deploy firewall." + } + }, "firewallVnetResourceId": { "type": "string", "metadata": { @@ -15602,6 +15609,9 @@ "name": { "value": "[parameters('firewallName')]" }, + "location": { + "value": "[parameters('firewallLocation')]" + }, "vNetId": { "value": "[parameters('firewallVnetResourceId')]" }, diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index dfac27897..91ca0d691 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -63,6 +63,9 @@ param deployFirewall bool @sys.description('Create firewall and firewall Policy to hub virtual network.') param deployFirewallInHubVirtualNetwork bool +@sys.description('Location where to deploy firewall.') +param firewallLocation string = deployment().location + @sys.description('Firewall virtual network') param firewallVnetResourceId string @@ -1088,6 +1091,7 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d name: 'Fw-${time}' params: { name: firewallName + location: firewallLocation vNetId: firewallVnetResourceId firewallPolicyId: firewallPolicy.outputs.resourceId } From dcfc683f2f1b9bab20b6171b0564512d02cfaf53 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 11:36:44 +0900 Subject: [PATCH 088/117] update bicep --- workload/arm/deploy-baseline.json | 19 ++++++++++++++++--- workload/bicep/deploy-baseline.bicep | 4 ++++ .../bicep/modules/networking/deploy.bicep | 5 +++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 0aa16613a..027bc92cb 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "3391049251614086580" + "templateHash": "16459301773560512581" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -55,6 +55,13 @@ "description": "Location where to deploy AVD management plane. (Default: eastus2)" } }, + "firewallLocation": { + "type": "string", + "defaultValue": "eastus2", + "metadata": { + "description": "Location where to deploy Firewall. (Default: eastus2)" + } + }, "avdWorkloadSubsId": { "type": "string", "defaultValue": "", @@ -8069,6 +8076,9 @@ "deployFirewallInHubVirtualNetwork": { "value": "[parameters('deployFirewallInHubVirtualNetwork')]" }, + "firewallLocation": { + "value": "[parameters('firewallLocation')]" + }, "firewallVnetResourceId": { "value": "[parameters('firewallVnetResourceId')]" }, @@ -8110,7 +8120,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "11136799972914430537" + "templateHash": "2958368092249918004" } }, "parameters": { @@ -12676,7 +12686,10 @@ "value": "[parameters('sessionHostLocation')]" }, "addressPrefixes": "[if(parameters('createVnet'), createObject('value', array(parameters('vnetAddressPrefixes'))), createObject('value', array(parameters('existingAvdVnetAddressPrefixes'))))]", - "peerings": "[if(parameters('createVnet'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('firewallVnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', true(), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('firewallRemoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', true(), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))))]" + "dnsServers": { + "value": "[parameters('dnsServers')]" + }, + "peerings": "[if(parameters('createVnet'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('firewallVnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', false(), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('firewallRemoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', false(), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 9537d80bf..639f2bed1 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -31,6 +31,9 @@ param avdSessionHostLocation string = 'eastus2' @sys.description('Location where to deploy AVD management plane. (Default: eastus2)') param avdManagementPlaneLocation string = 'eastus2' +@sys.description('Location where to deploy Firewall. (Default: eastus2)') +param firewallLocation string = 'eastus2' + @sys.description('AVD workload subscription ID, multiple subscriptions scenario. (Default: "")') param avdWorkloadSubsId string = '' @@ -952,6 +955,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' deployFirewall: deployFirewall deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork + firewallLocation: firewallLocation firewallVnetResourceId: firewallVnetResourceId firewallVnetPeeringName: varFirewallVnetPeeringName firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 91ca0d691..a203156b5 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -462,6 +462,7 @@ module firewallVirtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtual name: createVnet ? vnetName : varExistingAvdVnetName location: sessionHostLocation addressPrefixes: createVnet ? array(vnetAddressPrefixes): array(existingAvdVnetAddressPrefixes) + dnsServers: dnsServers peerings: createVnet ? [ { remoteVirtualNetworkId: firewallVnetResourceId @@ -487,11 +488,11 @@ module firewallVirtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtual allowGatewayTransit: false allowVirtualNetworkAccess: true doNotVerifyRemoteGateways: true - useRemoteGateways: true + useRemoteGateways: false remotePeeringEnabled: true remotePeeringName: firewallRemoteVnetPeeringName remotePeeringAllowForwardedTraffic: true - remotePeeringAllowGatewayTransit: true + remotePeeringAllowGatewayTransit: false remotePeeringAllowVirtualNetworkAccess: true remotePeeringDoNotVerifyRemoteGateways: true remotePeeringUseRemoteGateways: false From 92290a3114ed5efa9e20c20ff570453b2bb70d27 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 13:23:43 +0900 Subject: [PATCH 089/117] update bicep --- workload/arm/deploy-baseline.json | 892 +++++++++--------- .../bicep/modules/networking/deploy.bicep | 117 ++- 2 files changed, 524 insertions(+), 485 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 027bc92cb..36db3168b 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "16459301773560512581" + "templateHash": "14403764263679148105" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8120,7 +8120,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "2958368092249918004" + "templateHash": "1014014810749337316" } }, "parameters": { @@ -11009,7 +11009,7 @@ "dnsServers": { "value": "[parameters('dnsServers')]" }, - "peerings": "[if(parameters('createVnetPeering'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('existingHubVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray()))]", + "peerings": "[if(parameters('createVnetPeering'), if(and(parameters('deployFirewall'), not(parameters('deployFirewallInHubVirtualNetwork'))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('existingHubVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()), createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('firewallVnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', false(), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('firewallRemoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', false(), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('existingHubVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false())))), createObject('value', createArray()))]", "subnets": "[if(parameters('deployPrivateEndpointSubnet'), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))))]", "tags": { "value": "[parameters('tags')]" @@ -12318,24 +12318,46 @@ ] }, { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "condition": "[and(not(parameters('createVnet')), parameters('deployFirewall'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "name": "[format('Existing-vNet-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varExistingAvdVnetSubId'))]", + "resourceGroup": "[format('{0}', variables('varExistingAvdVnetSubRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.windows.net" + "name": { + "value": "[variables('varExistingAvdVnetName')]" }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "addressPrefixes": { + "value": "[array(parameters('existingAvdVnetAddressPrefixes'))]" + }, + "peerings": { + "value": [ + { + "remoteVirtualNetworkId": "[parameters('firewallVnetResourceId')]", + "name": "[parameters('firewallVnetPeeringName')]", + "allowForwardedTraffic": true, + "allowGatewayTransit": false, + "allowVirtualNetworkAccess": true, + "doNotVerifyRemoteGateways": true, + "useRemoteGateways": false, + "remotePeeringEnabled": true, + "remotePeeringName": "[parameters('firewallRemoteVnetPeeringName')]", + "remotePeeringAllowForwardedTraffic": true, + "remotePeeringAllowGatewayTransit": false, + "remotePeeringAllowVirtualNetworkAccess": true, + "remotePeeringDoNotVerifyRemoteGateways": true, + "remotePeeringUseRemoteGateways": false + } + ] } }, "template": { @@ -12345,455 +12367,102 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "templateHash": "17281867178107781537" } }, "parameters": { - "privateDnsZoneName": { + "name": { "type": "string", "metadata": { - "description": "Name space of the private DNS zone" + "description": "Required. The Virtual Network (vNet) Name." } }, - "tags": { - "type": "object", + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Tags to be applied to resources" + "description": "Optional. Location for all resources." } }, - "virtualNetworkResourceId": { - "type": "string", + "addressPrefixes": { + "type": "array", "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" + "description": "Required. An Array of 1 or more IP Address Prefixes for the Virtual Network." } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.azure.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", + "subnets": { + "type": "array", + "defaultValue": [], "metadata": { - "description": "Name space of the private DNS zone" + "description": "Optional. An Array of subnets to deploy to the Virtual Network." } }, - "tags": { - "type": "object", + "dnsServers": { + "type": "array", + "defaultValue": [], "metadata": { - "description": "Tags to be applied to resources" + "description": "Optional. DNS Servers associated to the Virtual Network." } }, - "virtualNetworkResourceId": { + "ddosProtectionPlanId": { "type": "string", + "defaultValue": "", "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" + "description": "Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription." } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { + "peerings": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Virtual Network Peerings configurations." + } + }, + "vnetEncryption": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property." + } + }, + "vnetEncryptionEnforcement": { "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.file.core.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" - } - }, - "parameters": { - "privateDnsZoneName": { + "defaultValue": "AllowUnencrypted", + "allowedValues": [ + "AllowUnencrypted", + "DropUnencrypted" + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } + }, + "flowTimeoutInMinutes": { + "type": "int", + "defaultValue": 0, + "maxValue": 30, + "metadata": { + "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." + } + }, + "diagnosticStorageAccountId": { "type": "string", + "defaultValue": "", "metadata": { - "description": "Name space of the private DNS zone" + "description": "Optional. Resource ID of the diagnostic storage account." } }, - "tags": { - "type": "object", + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", "metadata": { - "description": "Tags to be applied to resources" + "description": "Optional. Resource ID of the diagnostic log analytics workspace." } }, - "virtualNetworkResourceId": { + "diagnosticEventHubAuthorizationRuleId": { "type": "string", + "defaultValue": "", "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneName": { - "value": "privatelink.vaultcore.usgovcloudapi.net" - }, - "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" - } - }, - "parameters": { - "privateDnsZoneName": { - "type": "string", - "metadata": { - "description": "Name space of the private DNS zone" - } - }, - "tags": { - "type": "object", - "metadata": { - "description": "Tags to be applied to resources" - } - }, - "virtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "Virtual network resource ID to link private DNS zone to" - } - } - }, - "resources": [ - { - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2020-06-01", - "name": "[parameters('privateDnsZoneName')]", - "location": "Global", - "tags": "[parameters('tags')]" - }, - { - "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", - "apiVersion": "2020-06-01", - "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", - "location": "Global", - "tags": "[parameters('tags')]", - "properties": { - "registrationEnabled": false, - "virtualNetwork": { - "id": "[parameters('virtualNetworkResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" - ] - }, - { - "condition": "[not(parameters('deployFirewallInHubVirtualNetwork'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Fw-vNet-{0}', parameters('time'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": "[if(parameters('createVnet'), createObject('value', parameters('vnetName')), createObject('value', variables('varExistingAvdVnetName')))]", - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "addressPrefixes": "[if(parameters('createVnet'), createObject('value', array(parameters('vnetAddressPrefixes'))), createObject('value', array(parameters('existingAvdVnetAddressPrefixes'))))]", - "dnsServers": { - "value": "[parameters('dnsServers')]" - }, - "peerings": "[if(parameters('createVnet'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('firewallVnetResourceId'), 'name', parameters('firewallVnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', false(), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('firewallRemoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', false(), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17281867178107781537" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The Virtual Network (vNet) Name." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "addressPrefixes": { - "type": "array", - "metadata": { - "description": "Required. An Array of 1 or more IP Address Prefixes for the Virtual Network." - } - }, - "subnets": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of subnets to deploy to the Virtual Network." - } - }, - "dnsServers": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. DNS Servers associated to the Virtual Network." - } - }, - "ddosProtectionPlanId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription." - } - }, - "peerings": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Virtual Network Peerings configurations." - } - }, - "vnetEncryption": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property." - } - }, - "vnetEncryptionEnforcement": { - "type": "string", - "defaultValue": "AllowUnencrypted", - "allowedValues": [ - "AllowUnencrypted", - "DropUnencrypted" - ], - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - } - }, - "flowTimeoutInMinutes": { - "type": "int", - "defaultValue": 0, - "maxValue": 30, - "metadata": { - "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - } - }, - "diagnosticStorageAccountId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account." - } - }, - "diagnosticWorkspaceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace." - } - }, - "diagnosticEventHubAuthorizationRuleId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." } }, "diagnosticEventHubName": { @@ -13979,20 +13648,375 @@ } }, { - "condition": "[parameters('deployFirewall')]", + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Fw-Policy-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", - "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", + "name": "[format('Private-DNS-Comm-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[parameters('firewallPolicyName')]" + "privateDnsZoneName": { + "value": "privatelink.file.core.windows.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureCloud'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Comm-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.azure.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Files-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.file.core.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[and(parameters('createPrivateDnsZones'), equals(variables('varAzureCloudName'), 'AzureUSGovernment'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Private-DNS-Gov-Kv-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "privateDnsZoneName": { + "value": "privatelink.vaultcore.usgovcloudapi.net" + }, + "virtualNetworkResourceId": "[if(parameters('createVnet'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', variables('varExistingAvdVnetResourceId')))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15373132827567558553" + } + }, + "parameters": { + "privateDnsZoneName": { + "type": "string", + "metadata": { + "description": "Name space of the private DNS zone" + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + }, + "virtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "Virtual network resource ID to link private DNS zone to" + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2020-06-01", + "name": "[parameters('privateDnsZoneName')]", + "location": "Global", + "tags": "[parameters('tags')]" + }, + { + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/'))))]", + "location": "Global", + "tags": "[parameters('tags')]", + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('virtualNetworkResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('vNet-{0}', parameters('time')))]" + ] + }, + { + "condition": "[parameters('deployFirewall')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Fw-Policy-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varFirewallSubId'))]", + "resourceGroup": "[format('{0}', variables('varFirewallSubRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallPolicyName')]" + }, + "location": { + "value": "[parameters('firewallLocation')]" }, "enableProxy": { "value": true diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index a203156b5..089e5241a 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -342,7 +342,7 @@ module routeTablePrivateEndpoint '../../../../carml/1.3.0/Microsoft.Network/rout dependsOn: [] } -// Virtual network. +// Virtual network module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (createVnet) { scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') name: 'vNet-${time}' @@ -351,7 +351,7 @@ module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks location: sessionHostLocation addressPrefixes: array(vnetAddressPrefixes) dnsServers: dnsServers - peerings: createVnetPeering ? [ + peerings: createVnetPeering ? ((deployFirewall && !deployFirewallInHubVirtualNetwork) ? [ { remoteVirtualNetworkId: existingHubVnetResourceId name: vnetPeeringName @@ -368,7 +368,40 @@ module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks remotePeeringDoNotVerifyRemoteGateways: true remotePeeringUseRemoteGateways: false } - ] : [] + { + remoteVirtualNetworkId: firewallVnetResourceId + name: firewallVnetPeeringName + allowForwardedTraffic: true + allowGatewayTransit: false + allowVirtualNetworkAccess: true + doNotVerifyRemoteGateways: true + useRemoteGateways: false + remotePeeringEnabled: true + remotePeeringName: firewallRemoteVnetPeeringName + remotePeeringAllowForwardedTraffic: true + remotePeeringAllowGatewayTransit: false + remotePeeringAllowVirtualNetworkAccess: true + remotePeeringDoNotVerifyRemoteGateways: true + remotePeeringUseRemoteGateways: false + } + ] : [ + { + remoteVirtualNetworkId: existingHubVnetResourceId + name: vnetPeeringName + allowForwardedTraffic: true + allowGatewayTransit: false + allowVirtualNetworkAccess: true + doNotVerifyRemoteGateways: true + useRemoteGateways: vNetworkGatewayOnHub ? true : false + remotePeeringEnabled: true + remotePeeringName: remoteVnetPeeringName + remotePeeringAllowForwardedTraffic: true + remotePeeringAllowGatewayTransit: vNetworkGatewayOnHub ? true : false + remotePeeringAllowVirtualNetworkAccess: true + remotePeeringDoNotVerifyRemoteGateways: true + remotePeeringUseRemoteGateways: false + } + ]):[] subnets: deployPrivateEndpointSubnet ? [ { name: vnetAvdSubnetName @@ -396,7 +429,6 @@ module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks routeTableId: createVnet ? routeTableAvd.outputs.resourceId : '' } ] - tags: tags diagnosticWorkspaceId: alaWorkspaceResourceId diagnosticLogCategoriesToEnable: varVirtualNetworkLogsDiagnostic @@ -410,6 +442,35 @@ module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks ] : [] } +// Peering between existing AVD vNet and Firewall vNet +module virtualNetworkExistingAvd '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (!createVnet && deployFirewall) { + scope: resourceGroup('${varExistingAvdVnetSubId}', '${varExistingAvdVnetSubRgName}') + name: 'Existing-vNet-${time}' + params: { + name: varExistingAvdVnetName + location: sessionHostLocation + addressPrefixes: array(existingAvdVnetAddressPrefixes) + peerings: [ + { + remoteVirtualNetworkId: firewallVnetResourceId + name: firewallVnetPeeringName + allowForwardedTraffic: true + allowGatewayTransit: false + allowVirtualNetworkAccess: true + doNotVerifyRemoteGateways: true + useRemoteGateways: false + remotePeeringEnabled: true + remotePeeringName: firewallRemoteVnetPeeringName + remotePeeringAllowForwardedTraffic: true + remotePeeringAllowGatewayTransit: false + remotePeeringAllowVirtualNetworkAccess: true + remotePeeringDoNotVerifyRemoteGateways: true + remotePeeringUseRemoteGateways: false + } + ] + } +} + // Private DNS zones Azure files commercial module privateDnsZoneAzureFilesCommercial '.bicep/privateDnsZones.bicep' = if (createPrivateDnsZones && (varAzureCloudName == 'AzureCloud')) { scope: resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') @@ -454,59 +515,13 @@ module privateDnsZoneKeyVaultGov '.bicep/privateDnsZones.bicep' = if (createPriv } } -// Firewall virtual network -module firewallVirtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (!deployFirewallInHubVirtualNetwork) { - scope: createVnet ? resourceGroup('${workloadSubsId}', '${networkObjectsRgName}') : resourceGroup('${varExistingAvdVnetSubId}', '${varExistingAvdVnetSubRgName}') - name: 'Fw-vNet-${time}' - params: { - name: createVnet ? vnetName : varExistingAvdVnetName - location: sessionHostLocation - addressPrefixes: createVnet ? array(vnetAddressPrefixes): array(existingAvdVnetAddressPrefixes) - dnsServers: dnsServers - peerings: createVnet ? [ - { - remoteVirtualNetworkId: firewallVnetResourceId - name: vnetPeeringName - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - doNotVerifyRemoteGateways: true - useRemoteGateways: vNetworkGatewayOnHub ? true : false - remotePeeringEnabled: true - remotePeeringName: remoteVnetPeeringName - remotePeeringAllowForwardedTraffic: true - remotePeeringAllowGatewayTransit: vNetworkGatewayOnHub ? true : false - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringDoNotVerifyRemoteGateways: true - remotePeeringUseRemoteGateways: false - } - ] : [ - { - remoteVirtualNetworkId: firewallVnetResourceId - name: firewallVnetPeeringName - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - doNotVerifyRemoteGateways: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: firewallRemoteVnetPeeringName - remotePeeringAllowForwardedTraffic: true - remotePeeringAllowGatewayTransit: false - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringDoNotVerifyRemoteGateways: true - remotePeeringUseRemoteGateways: false - } - ] - } -} - // Firewall policy module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicies/deploy.bicep' = if (deployFirewall) { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Policy-${time}' params: { name: firewallPolicyName + location: firewallLocation enableProxy: true } } From 040782f0b0c39caa421b082ed482d38ee56f3ba7 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 14:15:41 +0900 Subject: [PATCH 090/117] update bicep --- workload/bicep/deploy-baseline.bicep | 8 ++++---- workload/bicep/modules/networking/deploy.bicep | 11 ++++++----- workload/portal-ui/portal-ui-baseline.json | 1 + 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 639f2bed1..7524ae054 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -31,9 +31,6 @@ param avdSessionHostLocation string = 'eastus2' @sys.description('Location where to deploy AVD management plane. (Default: eastus2)') param avdManagementPlaneLocation string = 'eastus2' -@sys.description('Location where to deploy Firewall. (Default: eastus2)') -param firewallLocation string = 'eastus2' - @sys.description('AVD workload subscription ID, multiple subscriptions scenario. (Default: "")') param avdWorkloadSubsId string = '' @@ -171,6 +168,9 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' +@sys.description('Azure firewall virtual network location. (Default: "")') +param firewallVnetLocation string = '' + @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -955,8 +955,8 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' deployFirewall: deployFirewall deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork - firewallLocation: firewallLocation firewallVnetResourceId: firewallVnetResourceId + firewallVnetLocation: firewallVnetLocation firewallVnetPeeringName: varFirewallVnetPeeringName firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName firewallName: varFiwewallName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 089e5241a..7905b40e8 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -63,12 +63,12 @@ param deployFirewall bool @sys.description('Create firewall and firewall Policy to hub virtual network.') param deployFirewallInHubVirtualNetwork bool -@sys.description('Location where to deploy firewall.') -param firewallLocation string = deployment().location - @sys.description('Firewall virtual network') param firewallVnetResourceId string +@sys.description('Firewall virtual network location') +param firewallVnetLocation string + @sys.description('VNet peering name for AVD VNet to Firewall VNet.') param firewallVnetPeeringName string @@ -162,6 +162,7 @@ var varExistingAvdVnetResourceId = !createVnet ? '/subscriptions/${varExistingAv var varFirewallSubId = split(firewallVnetResourceId, '/')[2] var varFirewallSubRgName = split(firewallVnetResourceId, '/')[4] var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] + // =========== // // Deployments // // =========== // @@ -521,7 +522,7 @@ module firewallPolicy '../../../../carml/1.3.0/Microsoft.Network/firewallPolicie name: 'Fw-Policy-${time}' params: { name: firewallPolicyName - location: firewallLocation + location: firewallVnetLocation enableProxy: true } } @@ -1107,7 +1108,7 @@ module azureFirewall '../../../../carml/1.3.0/Microsoft.Network/azureFirewalls/d name: 'Fw-${time}' params: { name: firewallName - location: firewallLocation + location: firewallVnetLocation vNetId: firewallVnetResourceId firewallPolicyId: firewallPolicy.outputs.resourceId } diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 82a0e47ef..2ea73cbb8 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2475,6 +2475,7 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", + "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork.location, steps('network').firewallOptions.firewallVirtualNetwork.location)]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From ed5e3fa9a30cfb10cf7ecfaccb7994e57ca1afce Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 14:30:04 +0900 Subject: [PATCH 091/117] update bicep --- workload/arm/deploy-baseline.json | 37 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 36db3168b..36f6b34cc 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "14403764263679148105" + "templateHash": "15588700170601581977" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -55,13 +55,6 @@ "description": "Location where to deploy AVD management plane. (Default: eastus2)" } }, - "firewallLocation": { - "type": "string", - "defaultValue": "eastus2", - "metadata": { - "description": "Location where to deploy Firewall. (Default: eastus2)" - } - }, "avdWorkloadSubsId": { "type": "string", "defaultValue": "", @@ -347,6 +340,13 @@ "description": "Azure firewall virtual network. (Default: \"\")" } }, + "firewallVnetLocation": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure firewall virtual network location. (Default: \"\")" + } + }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "10.0.2.0/24", @@ -8076,12 +8076,12 @@ "deployFirewallInHubVirtualNetwork": { "value": "[parameters('deployFirewallInHubVirtualNetwork')]" }, - "firewallLocation": { - "value": "[parameters('firewallLocation')]" - }, "firewallVnetResourceId": { "value": "[parameters('firewallVnetResourceId')]" }, + "firewallVnetLocation": { + "value": "[parameters('firewallVnetLocation')]" + }, "firewallVnetPeeringName": { "value": "[variables('varFirewallVnetPeeringName')]" }, @@ -8120,7 +8120,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "1014014810749337316" + "templateHash": "17804418920818822466" } }, "parameters": { @@ -8245,17 +8245,16 @@ "description": "Create firewall and firewall Policy to hub virtual network." } }, - "firewallLocation": { + "firewallVnetResourceId": { "type": "string", - "defaultValue": "[deployment().location]", "metadata": { - "description": "Location where to deploy firewall." + "description": "Firewall virtual network" } }, - "firewallVnetResourceId": { + "firewallVnetLocation": { "type": "string", "metadata": { - "description": "Firewall virtual network" + "description": "Firewall virtual network location" } }, "firewallVnetPeeringName": { @@ -14016,7 +14015,7 @@ "value": "[parameters('firewallPolicyName')]" }, "location": { - "value": "[parameters('firewallLocation')]" + "value": "[parameters('firewallVnetLocation')]" }, "enableProxy": { "value": true @@ -15647,7 +15646,7 @@ "value": "[parameters('firewallName')]" }, "location": { - "value": "[parameters('firewallLocation')]" + "value": "[parameters('firewallVnetLocation')]" }, "vNetId": { "value": "[parameters('firewallVnetResourceId')]" From 2f8d1962066f2887030a0644c2f05b721e3dfba8 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 14:53:19 +0900 Subject: [PATCH 092/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 2ea73cbb8..5bf6a603c 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1420,7 +1420,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', [toLower(vnet.id), vnet.location], '\"}')) )]", "required": true } }, @@ -1540,7 +1540,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', [toLower(vnet.id), vnet.location], '\"}')) )]", "required": true } }, @@ -2474,8 +2474,8 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork.location, steps('network').firewallOptions.firewallVirtualNetwork.location)]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[0], steps('network').firewallOptions.firewallVirtualNetwork[0])]", + "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[1], steps('network').firewallOptions.firewallVirtualNetworkp[1)]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From e3b2aeea4312ca0f58d178670ab21be15878273c Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 14:56:44 +0900 Subject: [PATCH 093/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 5bf6a603c..aa2eb4777 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2475,7 +2475,7 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[0], steps('network').firewallOptions.firewallVirtualNetwork[0])]", - "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[1], steps('network').firewallOptions.firewallVirtualNetworkp[1)]", + "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[1], steps('network').firewallOptions.firewallVirtualNetwork[1)]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From 546cdc2028c2f6a5911016a67fcdb2a07e2e1805 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:04:14 +0900 Subject: [PATCH 094/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index aa2eb4777..f5da76144 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1420,7 +1420,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', [toLower(vnet.id), vnet.location], '\"}')) )]", + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', vnet.location, '.', toLower(vnet.id), '\"}')) )]", "required": true } }, @@ -1540,7 +1540,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', [toLower(vnet.id), vnet.location], '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', vnet.location, '.', toLower(vnet.id), '\"}')) )]", "required": true } }, @@ -2474,8 +2474,8 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[0], steps('network').firewallOptions.firewallVirtualNetwork[0])]", - "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork[1], steps('network').firewallOptions.firewallVirtualNetwork[1)]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[0]]", + "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[1], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[1])]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From d663fe88853afe34727485760a110a64e770db32 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:07:20 +0900 Subject: [PATCH 095/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index f5da76144..d638f67ca 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2474,7 +2474,7 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[0]]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[0])]", "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[1], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[1])]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", From e7c6ff4ac330f8cbd7696ed7f7626999bb81f7da Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:12:56 +0900 Subject: [PATCH 096/117] update bicep --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index d638f67ca..bce349aaf 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2474,8 +2474,8 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[0])]", - "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, ',')[1], split(steps('network').firewallOptions.firewallVirtualNetwork, ',')[1])]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '.')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, '.')[0])]", + "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '.')[1], split(steps('network').firewallOptions.firewallVirtualNetwork, '.')[1])]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From 885b996fe3b552cc1f908a4656b7a1e307497e51 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:26:00 +0900 Subject: [PATCH 097/117] update bicep --- workload/bicep/deploy-baseline.bicep | 13 ++++++------- workload/portal-ui/portal-ui-baseline.json | 3 +-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 7524ae054..0a12609af 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -166,10 +166,7 @@ param deployFirewall bool = false param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') -param firewallVnetResourceId string = '' - -@sys.description('Azure firewall virtual network location. (Default: "")') -param firewallVnetLocation string = '' +param firewallVnetLocationAndResourceId string = '' @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -527,7 +524,9 @@ var varPrivateEndpointNetworksecurityGroupName = avdUseCustomNaming ? privateEnd var varAvdRouteTableName = avdUseCustomNaming ? avdRouteTableCustomName : 'route-avd-${varComputeStorageResourcesNamingStandard}-001' var varPrivateEndpointRouteTableName = avdUseCustomNaming ? privateEndpointRouteTableCustomName : 'route-pe-${varComputeStorageResourcesNamingStandard}-001' var varApplicationSecurityGroupName = avdUseCustomNaming ? avdApplicationSecurityGroupCustomName : 'asg-${varComputeStorageResourcesNamingStandard}-001' -var varFirewallVnetName = (deployFirewall) ? split(firewallVnetResourceId, '/')[8] : '' +var varFirewallVnetLocation = (deployFirewall) ? split(firewallVnetLocationAndResourceId, '.')[0] : '' +var varFirewallVnetResourceId = (deployFirewall) ? split(firewallVnetLocationAndResourceId, '.')[1] : '' +var varFirewallVnetName = (deployFirewall) ? split(varFirewallVnetResourceId, '/')[8] : '' var varFirewallVnetPeeringName = 'peer-${varFirewallVnetName}' var varFirewallRemoteVnetPeeringName = (createAvdVnet) ? 'peer-${varVnetName}' : 'peer-${split(existingVnetAvdSubnetResourceId, '/')[8]}' var varFiwewallName = 'fw-avd-${varFirewallVnetName}' @@ -955,8 +954,8 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' deployFirewall: deployFirewall deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork - firewallVnetResourceId: firewallVnetResourceId - firewallVnetLocation: firewallVnetLocation + firewallVnetResourceId: varFirewallVnetResourceId + firewallVnetLocation: varFirewallVnetLocation firewallVnetPeeringName: varFirewallVnetPeeringName firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName firewallName: varFiwewallName diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index bce349aaf..f975f4123 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2474,8 +2474,7 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '.')[0], split(steps('network').firewallOptions.firewallVirtualNetwork, '.')[0])]", - "firewallVnetLocation": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), split(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '.')[1], split(steps('network').firewallOptions.firewallVirtualNetwork, '.')[1])]", + "firewallVnetLocationAndResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From 2a572212e888583047dc3fc28165545665e3a3ae Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:27:08 +0900 Subject: [PATCH 098/117] update bicep --- workload/arm/deploy-baseline.json | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 36f6b34cc..fbedae482 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "15588700170601581977" + "templateHash": "4800065811924661468" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -333,20 +333,13 @@ "description": "Create Azure Firewall and Azure Firewall Policy in hub virtual network. (Default: false)" } }, - "firewallVnetResourceId": { + "firewallVnetLocationAndResourceId": { "type": "string", "defaultValue": "", "metadata": { "description": "Azure firewall virtual network. (Default: \"\")" } }, - "firewallVnetLocation": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Azure firewall virtual network location. (Default: \"\")" - } - }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "10.0.2.0/24", @@ -1265,7 +1258,9 @@ "varAvdRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('avdRouteTableCustomName'), format('route-avd-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varPrivateEndpointRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('privateEndpointRouteTableCustomName'), format('route-pe-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varApplicationSecurityGroupName": "[if(parameters('avdUseCustomNaming'), parameters('avdApplicationSecurityGroupCustomName'), format('asg-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", - "varFirewallVnetName": "[if(parameters('deployFirewall'), split(parameters('firewallVnetResourceId'), '/')[8], '')]", + "varFirewallVnetLocation": "[if(parameters('deployFirewall'), split(parameters('firewallVnetLocationAndResourceId'), '.')[0], '')]", + "varFirewallVnetResourceId": "[if(parameters('deployFirewall'), split(parameters('firewallVnetLocationAndResourceId'), '.')[1], '')]", + "varFirewallVnetName": "[if(parameters('deployFirewall'), split(variables('varFirewallVnetResourceId'), '/')[8], '')]", "varFirewallVnetPeeringName": "[format('peer-{0}', variables('varFirewallVnetName'))]", "varFirewallRemoteVnetPeeringName": "[if(parameters('createAvdVnet'), format('peer-{0}', variables('varVnetName')), format('peer-{0}', split(parameters('existingVnetAvdSubnetResourceId'), '/')[8]))]", "varFiwewallName": "[format('fw-avd-{0}', variables('varFirewallVnetName'))]", @@ -8077,10 +8072,10 @@ "value": "[parameters('deployFirewallInHubVirtualNetwork')]" }, "firewallVnetResourceId": { - "value": "[parameters('firewallVnetResourceId')]" + "value": "[variables('varFirewallVnetResourceId')]" }, "firewallVnetLocation": { - "value": "[parameters('firewallVnetLocation')]" + "value": "[variables('varFirewallVnetLocation')]" }, "firewallVnetPeeringName": { "value": "[variables('varFirewallVnetPeeringName')]" From 27c0c9712d16655f5576cbe1d99b7b88c68b5f56 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 15:49:57 +0900 Subject: [PATCH 099/117] update bicep --- workload/arm/deploy-baseline.json | 22 ++++++++++++------- workload/bicep/deploy-baseline.bicep | 13 ++++++----- .../bicep/modules/networking/deploy.bicep | 2 +- workload/portal-ui/portal-ui-baseline.json | 6 ++--- 4 files changed, 25 insertions(+), 18 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index fbedae482..b08abb61b 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "4800065811924661468" + "templateHash": "16835231226766718476" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -333,13 +333,20 @@ "description": "Create Azure Firewall and Azure Firewall Policy in hub virtual network. (Default: false)" } }, - "firewallVnetLocationAndResourceId": { + "firewallVnetResourceId": { "type": "string", "defaultValue": "", "metadata": { "description": "Azure firewall virtual network. (Default: \"\")" } }, + "firewallVnetLocation": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Azure firewall virtual network location. (Default: \"\")" + } + }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "10.0.2.0/24", @@ -1258,9 +1265,7 @@ "varAvdRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('avdRouteTableCustomName'), format('route-avd-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varPrivateEndpointRouteTableName": "[if(parameters('avdUseCustomNaming'), parameters('privateEndpointRouteTableCustomName'), format('route-pe-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", "varApplicationSecurityGroupName": "[if(parameters('avdUseCustomNaming'), parameters('avdApplicationSecurityGroupCustomName'), format('asg-{0}-001', variables('varComputeStorageResourcesNamingStandard')))]", - "varFirewallVnetLocation": "[if(parameters('deployFirewall'), split(parameters('firewallVnetLocationAndResourceId'), '.')[0], '')]", - "varFirewallVnetResourceId": "[if(parameters('deployFirewall'), split(parameters('firewallVnetLocationAndResourceId'), '.')[1], '')]", - "varFirewallVnetName": "[if(parameters('deployFirewall'), split(variables('varFirewallVnetResourceId'), '/')[8], '')]", + "varFirewallVnetName": "[if(parameters('deployFirewall'), split(parameters('firewallVnetResourceId'), '/')[8], '')]", "varFirewallVnetPeeringName": "[format('peer-{0}', variables('varFirewallVnetName'))]", "varFirewallRemoteVnetPeeringName": "[if(parameters('createAvdVnet'), format('peer-{0}', variables('varVnetName')), format('peer-{0}', split(parameters('existingVnetAvdSubnetResourceId'), '/')[8]))]", "varFiwewallName": "[format('fw-avd-{0}', variables('varFirewallVnetName'))]", @@ -8072,10 +8077,10 @@ "value": "[parameters('deployFirewallInHubVirtualNetwork')]" }, "firewallVnetResourceId": { - "value": "[variables('varFirewallVnetResourceId')]" + "value": "[parameters('firewallVnetResourceId')]" }, "firewallVnetLocation": { - "value": "[variables('varFirewallVnetLocation')]" + "value": "[parameters('firewallVnetLocation')]" }, "firewallVnetPeeringName": { "value": "[variables('varFirewallVnetPeeringName')]" @@ -8115,7 +8120,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "17804418920818822466" + "templateHash": "15875264970848569045" } }, "parameters": { @@ -8248,6 +8253,7 @@ }, "firewallVnetLocation": { "type": "string", + "defaultValue": "[deployment().location]", "metadata": { "description": "Firewall virtual network location" } diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 0a12609af..7524ae054 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -166,7 +166,10 @@ param deployFirewall bool = false param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') -param firewallVnetLocationAndResourceId string = '' +param firewallVnetResourceId string = '' + +@sys.description('Azure firewall virtual network location. (Default: "")') +param firewallVnetLocation string = '' @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -524,9 +527,7 @@ var varPrivateEndpointNetworksecurityGroupName = avdUseCustomNaming ? privateEnd var varAvdRouteTableName = avdUseCustomNaming ? avdRouteTableCustomName : 'route-avd-${varComputeStorageResourcesNamingStandard}-001' var varPrivateEndpointRouteTableName = avdUseCustomNaming ? privateEndpointRouteTableCustomName : 'route-pe-${varComputeStorageResourcesNamingStandard}-001' var varApplicationSecurityGroupName = avdUseCustomNaming ? avdApplicationSecurityGroupCustomName : 'asg-${varComputeStorageResourcesNamingStandard}-001' -var varFirewallVnetLocation = (deployFirewall) ? split(firewallVnetLocationAndResourceId, '.')[0] : '' -var varFirewallVnetResourceId = (deployFirewall) ? split(firewallVnetLocationAndResourceId, '.')[1] : '' -var varFirewallVnetName = (deployFirewall) ? split(varFirewallVnetResourceId, '/')[8] : '' +var varFirewallVnetName = (deployFirewall) ? split(firewallVnetResourceId, '/')[8] : '' var varFirewallVnetPeeringName = 'peer-${varFirewallVnetName}' var varFirewallRemoteVnetPeeringName = (createAvdVnet) ? 'peer-${varVnetName}' : 'peer-${split(existingVnetAvdSubnetResourceId, '/')[8]}' var varFiwewallName = 'fw-avd-${varFirewallVnetName}' @@ -954,8 +955,8 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' deployFirewall: deployFirewall deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork - firewallVnetResourceId: varFirewallVnetResourceId - firewallVnetLocation: varFirewallVnetLocation + firewallVnetResourceId: firewallVnetResourceId + firewallVnetLocation: firewallVnetLocation firewallVnetPeeringName: varFirewallVnetPeeringName firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName firewallName: varFiwewallName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 7905b40e8..0dd761a87 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -67,7 +67,7 @@ param deployFirewallInHubVirtualNetwork bool param firewallVnetResourceId string @sys.description('Firewall virtual network location') -param firewallVnetLocation string +param firewallVnetLocation string = deployment().location @sys.description('VNet peering name for AVD VNet to Firewall VNet.') param firewallVnetPeeringName string diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index f975f4123..82a0e47ef 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1420,7 +1420,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', vnet.location, '.', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", "required": true } }, @@ -1540,7 +1540,7 @@ "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', vnet.location, '.', toLower(vnet.id), '\"}')) )]", + "allowedValues": "[map(steps('network').firewallOptions.firewallVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", "required": true } }, @@ -2474,7 +2474,7 @@ "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", - "firewallVnetLocationAndResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", + "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", From e77472d9d5b5c16f194f674869af33cbf8309ef4 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 11 Dec 2023 16:03:18 +0900 Subject: [PATCH 100/117] update bicep --- workload/arm/deploy-baseline.json | 6 +++--- workload/bicep/deploy-baseline.bicep | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index b08abb61b..34df3b710 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "16835231226766718476" + "templateHash": "9750479323496588530" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -342,9 +342,9 @@ }, "firewallVnetLocation": { "type": "string", - "defaultValue": "", + "defaultValue": "eastus2", "metadata": { - "description": "Azure firewall virtual network location. (Default: \"\")" + "description": "Azure firewall virtual network location. (Default: eastus2)" } }, "firewallSubnetAddressPrefix": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 7524ae054..6e9f0dafb 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -168,8 +168,8 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' -@sys.description('Azure firewall virtual network location. (Default: "")') -param firewallVnetLocation string = '' +@sys.description('Azure firewall virtual network location. (Default: eastus2)') +param firewallVnetLocation string = 'eastus2' @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' From 00e65117cb3708cb25d0eb2e0253a94148f86d1d Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 21 Dec 2023 10:39:15 +0900 Subject: [PATCH 101/117] fix firewall location to be the same as existing vnet --- workload/arm/deploy-baseline.json | 29 +++---------------- workload/bicep/deploy-baseline.bicep | 4 --- .../bicep/modules/networking/deploy.bicep | 9 ++++-- 3 files changed, 10 insertions(+), 32 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 34df3b710..13ace618c 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "9750479323496588530" + "templateHash": "12448972630710590522" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -340,13 +340,6 @@ "description": "Azure firewall virtual network. (Default: \"\")" } }, - "firewallVnetLocation": { - "type": "string", - "defaultValue": "eastus2", - "metadata": { - "description": "Azure firewall virtual network location. (Default: eastus2)" - } - }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "10.0.2.0/24", @@ -8079,9 +8072,6 @@ "firewallVnetResourceId": { "value": "[parameters('firewallVnetResourceId')]" }, - "firewallVnetLocation": { - "value": "[parameters('firewallVnetLocation')]" - }, "firewallVnetPeeringName": { "value": "[variables('varFirewallVnetPeeringName')]" }, @@ -8120,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "15875264970848569045" + "templateHash": "13842355173990144132" } }, "parameters": { @@ -8251,13 +8241,6 @@ "description": "Firewall virtual network" } }, - "firewallVnetLocation": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "Firewall virtual network location" - } - }, "firewallVnetPeeringName": { "type": "string", "metadata": { @@ -14015,9 +13998,7 @@ "name": { "value": "[parameters('firewallPolicyName')]" }, - "location": { - "value": "[parameters('firewallVnetLocation')]" - }, + "location": "[if(not(parameters('createVnet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varExistingAvdVnetSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varExistingAvdVnetName')), '2020-06-01', 'full').location), createObject('value', deployment().location))]", "enableProxy": { "value": true } @@ -15646,9 +15627,7 @@ "name": { "value": "[parameters('firewallName')]" }, - "location": { - "value": "[parameters('firewallVnetLocation')]" - }, + "location": "[if(not(parameters('createVnet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varExistingAvdVnetSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varExistingAvdVnetName')), '2020-06-01', 'full').location), createObject('value', deployment().location))]", "vNetId": { "value": "[parameters('firewallVnetResourceId')]" }, diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 6e9f0dafb..9537d80bf 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -168,9 +168,6 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' -@sys.description('Azure firewall virtual network location. (Default: eastus2)') -param firewallVnetLocation string = 'eastus2' - @sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '10.0.2.0/24' @@ -956,7 +953,6 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre deployFirewall: deployFirewall deployFirewallInHubVirtualNetwork: deployFirewallInHubVirtualNetwork firewallVnetResourceId: firewallVnetResourceId - firewallVnetLocation: firewallVnetLocation firewallVnetPeeringName: varFirewallVnetPeeringName firewallRemoteVnetPeeringName: varFirewallRemoteVnetPeeringName firewallName: varFiwewallName diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 0dd761a87..1bc6e4391 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -66,9 +66,6 @@ param deployFirewallInHubVirtualNetwork bool @sys.description('Firewall virtual network') param firewallVnetResourceId string -@sys.description('Firewall virtual network location') -param firewallVnetLocation string = deployment().location - @sys.description('VNet peering name for AVD VNet to Firewall VNet.') param firewallVnetPeeringName string @@ -163,6 +160,12 @@ var varFirewallSubId = split(firewallVnetResourceId, '/')[2] var varFirewallSubRgName = split(firewallVnetResourceId, '/')[4] var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] +resource existingAvdVNet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { + scope: resourceGroup(varExistingAvdVnetSubRgName) + name: varExistingAvdVnetName +} +var firewallVnetLocation = !createVnet ? existingAvdVNet.location : deployment().location + // =========== // // Deployments // // =========== // From 00f7a637f2f1f50b74d8855c7b796f3a275e2fde Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Thu, 21 Dec 2023 11:21:52 +0900 Subject: [PATCH 102/117] fix firewall location to be the same as existing vnet --- workload/arm/deploy-baseline.json | 884 +++++++++--------- .../bicep/modules/networking/deploy.bicep | 8 +- 2 files changed, 448 insertions(+), 444 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 13ace618c..d5ee7ec71 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12448972630710590522" + "version": "0.24.24.22086", + "templateHash": "7066932748950813156" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1592,8 +1592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.24.24.22086", + "templateHash": "2517070614714634945" } }, "parameters": { @@ -1701,8 +1701,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.24.24.22086", + "templateHash": "5261637614282567226" } }, "parameters": { @@ -1831,8 +1831,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.24.24.22086", + "templateHash": "10735397712111716035" } }, "parameters": { @@ -2192,8 +2192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.24.24.22086", + "templateHash": "2517070614714634945" } }, "parameters": { @@ -2301,8 +2301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.24.24.22086", + "templateHash": "5261637614282567226" } }, "parameters": { @@ -2431,8 +2431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.24.24.22086", + "templateHash": "10735397712111716035" } }, "parameters": { @@ -2787,8 +2787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.24.24.22086", + "templateHash": "2517070614714634945" } }, "parameters": { @@ -2896,8 +2896,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.24.24.22086", + "templateHash": "5261637614282567226" } }, "parameters": { @@ -3026,8 +3026,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.24.24.22086", + "templateHash": "10735397712111716035" } }, "parameters": { @@ -3400,8 +3400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10265430126183385998" + "version": "0.24.24.22086", + "templateHash": "3799883154990972414" } }, "parameters": { @@ -3524,8 +3524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14479610109813008203" + "version": "0.24.24.22086", + "templateHash": "2517070614714634945" } }, "parameters": { @@ -3633,8 +3633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "727668444186100245" + "version": "0.24.24.22086", + "templateHash": "5261637614282567226" } }, "parameters": { @@ -3763,8 +3763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13976546302901379815" + "version": "0.24.24.22086", + "templateHash": "10735397712111716035" } }, "parameters": { @@ -4124,8 +4124,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15031312632057308059" + "version": "0.24.24.22086", + "templateHash": "2365826423299471744" } }, "parameters": { @@ -4518,8 +4518,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15258493604851481315" + "version": "0.24.24.22086", + "templateHash": "15849702054005344486" } }, "parameters": { @@ -4662,8 +4662,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8116463202302820849" + "version": "0.24.24.22086", + "templateHash": "10863078211007786001" } }, "parameters": { @@ -4796,8 +4796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4881003164746404595" + "version": "0.24.24.22086", + "templateHash": "8520623357422506173" } }, "parameters": { @@ -4931,8 +4931,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14365252475725366454" + "version": "0.24.24.22086", + "templateHash": "15490589645988343017" } }, "parameters": { @@ -5103,8 +5103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17250399248258895412" + "version": "0.24.24.22086", + "templateHash": "16144824622195466183" } }, "parameters": { @@ -5250,8 +5250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.24.24.22086", + "templateHash": "8345784985264509742" } }, "parameters": { @@ -5477,8 +5477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "219986384503122327" + "version": "0.24.24.22086", + "templateHash": "15995393084088667676" } }, "parameters": { @@ -5646,8 +5646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10708379588686916495" + "version": "0.24.24.22086", + "templateHash": "17168218083015351722" } }, "parameters": { @@ -5797,8 +5797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6190525379812728386" + "version": "0.24.24.22086", + "templateHash": "13287433087953420901" } }, "parameters": { @@ -6009,8 +6009,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2155605377371361902" + "version": "0.24.24.22086", + "templateHash": "11123443055704659456" } }, "parameters": { @@ -6341,8 +6341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.24.24.22086", + "templateHash": "2634065372700405738" } }, "parameters": { @@ -6524,8 +6524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6105432212734897298" + "version": "0.24.24.22086", + "templateHash": "8256294517634668004" } }, "parameters": { @@ -6703,8 +6703,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.24.24.22086", + "templateHash": "13733791048554096882" } }, "parameters": { @@ -6972,8 +6972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.24.24.22086", + "templateHash": "13770858722823970618" } }, "parameters": { @@ -7052,8 +7052,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12579875714884369933" + "version": "0.24.24.22086", + "templateHash": "8530746724060931167" } }, "parameters": { @@ -7524,8 +7524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.24.24.22086", + "templateHash": "8345784985264509742" } }, "parameters": { @@ -7757,8 +7757,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1095708959185756276" + "version": "0.24.24.22086", + "templateHash": "8345784985264509742" } }, "parameters": { @@ -8109,8 +8109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13842355173990144132" + "version": "0.24.24.22086", + "templateHash": "2946604926399380762" } }, "parameters": { @@ -8532,8 +8532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11199916256768589744" + "version": "0.24.24.22086", + "templateHash": "6138327344478546608" } }, "parameters": { @@ -8796,8 +8796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9525169534051986947" + "version": "0.24.24.22086", + "templateHash": "16632688053718667654" } }, "parameters": { @@ -9041,8 +9041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14484082002093003293" + "version": "0.24.24.22086", + "templateHash": "111760690921807955" } }, "parameters": { @@ -9256,8 +9256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11199916256768589744" + "version": "0.24.24.22086", + "templateHash": "6138327344478546608" } }, "parameters": { @@ -9520,8 +9520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9525169534051986947" + "version": "0.24.24.22086", + "templateHash": "16632688053718667654" } }, "parameters": { @@ -9765,8 +9765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14484082002093003293" + "version": "0.24.24.22086", + "templateHash": "111760690921807955" } }, "parameters": { @@ -9971,8 +9971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17265889212529350267" + "version": "0.24.24.22086", + "templateHash": "5370582947614692753" } }, "parameters": { @@ -10094,8 +10094,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1115677000975531972" + "version": "0.24.24.22086", + "templateHash": "17477482957984744599" } }, "parameters": { @@ -10301,8 +10301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" + "version": "0.24.24.22086", + "templateHash": "7121964656085462352" } }, "parameters": { @@ -10441,8 +10441,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" + "version": "0.24.24.22086", + "templateHash": "18358369372560772682" } }, "parameters": { @@ -10650,8 +10650,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" + "version": "0.24.24.22086", + "templateHash": "7121964656085462352" } }, "parameters": { @@ -10790,8 +10790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" + "version": "0.24.24.22086", + "templateHash": "18358369372560772682" } }, "parameters": { @@ -11013,8 +11013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17281867178107781537" + "version": "0.24.24.22086", + "templateHash": "17620242328379309971" } }, "parameters": { @@ -11347,8 +11347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17626849906838193825" + "version": "0.24.24.22086", + "templateHash": "914732954037131991" } }, "parameters": { @@ -11540,8 +11540,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12693477980850797625" + "version": "0.24.24.22086", + "templateHash": "10831299095782999288" } }, "parameters": { @@ -11763,8 +11763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.24.24.22086", + "templateHash": "10639041025585290225" } }, "parameters": { @@ -11929,8 +11929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.24.24.22086", + "templateHash": "10639041025585290225" } }, "parameters": { @@ -12090,8 +12090,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17072359188298457640" + "version": "0.24.24.22086", + "templateHash": "13888576034706477552" } }, "parameters": { @@ -12349,8 +12349,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17281867178107781537" + "version": "0.24.24.22086", + "templateHash": "17620242328379309971" } }, "parameters": { @@ -12683,8 +12683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17626849906838193825" + "version": "0.24.24.22086", + "templateHash": "914732954037131991" } }, "parameters": { @@ -12876,8 +12876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12693477980850797625" + "version": "0.24.24.22086", + "templateHash": "10831299095782999288" } }, "parameters": { @@ -13099,8 +13099,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.24.24.22086", + "templateHash": "10639041025585290225" } }, "parameters": { @@ -13265,8 +13265,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8715756746446460444" + "version": "0.24.24.22086", + "templateHash": "10639041025585290225" } }, "parameters": { @@ -13426,8 +13426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17072359188298457640" + "version": "0.24.24.22086", + "templateHash": "13888576034706477552" } }, "parameters": { @@ -13657,8 +13657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.24.24.22086", + "templateHash": "8379798746548034463" } }, "parameters": { @@ -13745,8 +13745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.24.24.22086", + "templateHash": "8379798746548034463" } }, "parameters": { @@ -13833,8 +13833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.24.24.22086", + "templateHash": "8379798746548034463" } }, "parameters": { @@ -13921,8 +13921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15373132827567558553" + "version": "0.24.24.22086", + "templateHash": "8379798746548034463" } }, "parameters": { @@ -13998,7 +13998,9 @@ "name": { "value": "[parameters('firewallPolicyName')]" }, - "location": "[if(not(parameters('createVnet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varExistingAvdVnetSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varExistingAvdVnetName')), '2020-06-01', 'full').location), createObject('value', deployment().location))]", + "location": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varFirewallSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" + }, "enableProxy": { "value": true } @@ -14009,8 +14011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8678866256111316638" + "version": "0.24.24.22086", + "templateHash": "12858216276229330811" } }, "parameters": { @@ -14299,8 +14301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3809923323773825116" + "version": "0.24.24.22086", + "templateHash": "9560862758073291225" } }, "parameters": { @@ -14643,8 +14645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3809923323773825116" + "version": "0.24.24.22086", + "templateHash": "9560862758073291225" } }, "parameters": { @@ -15113,8 +15115,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3809923323773825116" + "version": "0.24.24.22086", + "templateHash": "9560862758073291225" } }, "parameters": { @@ -15234,8 +15236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17626849906838193825" + "version": "0.24.24.22086", + "templateHash": "914732954037131991" } }, "parameters": { @@ -15427,8 +15429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12693477980850797625" + "version": "0.24.24.22086", + "templateHash": "10831299095782999288" } }, "parameters": { @@ -15627,7 +15629,9 @@ "name": { "value": "[parameters('firewallName')]" }, - "location": "[if(not(parameters('createVnet')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varExistingAvdVnetSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varExistingAvdVnetName')), '2020-06-01', 'full').location), createObject('value', deployment().location))]", + "location": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varFirewallSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" + }, "vNetId": { "value": "[parameters('firewallVnetResourceId')]" }, @@ -15641,8 +15645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13441509441096819021" + "version": "0.24.24.22086", + "templateHash": "9603897788412212335" } }, "parameters": { @@ -16035,8 +16039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14697279465996570029" + "version": "0.24.24.22086", + "templateHash": "9414577766029056313" } }, "parameters": { @@ -16351,8 +16355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15781585805590730053" + "version": "0.24.24.22086", + "templateHash": "10254776496318105172" } }, "parameters": { @@ -16569,8 +16573,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16022215935591204400" + "version": "0.24.24.22086", + "templateHash": "10895696250199598980" } }, "parameters": { @@ -16816,8 +16820,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11111904184589082982" + "version": "0.24.24.22086", + "templateHash": "7121964656085462352" } }, "parameters": { @@ -16956,8 +16960,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1512519384923161590" + "version": "0.24.24.22086", + "templateHash": "18358369372560772682" } }, "parameters": { @@ -17252,8 +17256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7326746777556089250" + "version": "0.24.24.22086", + "templateHash": "8107657986455794101" } }, "parameters": { @@ -17531,8 +17535,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9101196936359798595" + "version": "0.24.24.22086", + "templateHash": "10389145545415899731" } }, "parameters": { @@ -17923,8 +17927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11881426718765556693" + "version": "0.24.24.22086", + "templateHash": "6425857238276829806" } }, "parameters": { @@ -18141,8 +18145,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8289764189113901043" + "version": "0.24.24.22086", + "templateHash": "10308768902920369737" } }, "parameters": { @@ -18394,8 +18398,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6540019795245021334" + "version": "0.24.24.22086", + "templateHash": "16203623105828235602" } }, "parameters": { @@ -18572,8 +18576,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17185902162980736485" + "version": "0.24.24.22086", + "templateHash": "3997567384720382342" } }, "parameters": { @@ -18779,8 +18783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18193795661906928784" + "version": "0.24.24.22086", + "templateHash": "5191474872378464830" } }, "parameters": { @@ -19008,8 +19012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18390062164382385549" + "version": "0.24.24.22086", + "templateHash": "4735419548847812706" } }, "parameters": { @@ -19229,8 +19233,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6877120515836824501" + "version": "0.24.24.22086", + "templateHash": "7013454961015868409" } }, "parameters": { @@ -19497,8 +19501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9763204850902124901" + "version": "0.24.24.22086", + "templateHash": "8342302527426602748" } }, "parameters": { @@ -19726,8 +19730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12068153438455870485" + "version": "0.24.24.22086", + "templateHash": "11148544851418427635" } }, "parameters": { @@ -19887,8 +19891,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17115660817704860359" + "version": "0.24.24.22086", + "templateHash": "1209128013382695969" } }, "parameters": { @@ -20010,8 +20014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14736459587384734965" + "version": "0.24.24.22086", + "templateHash": "17889767664939482865" } }, "parameters": { @@ -20204,8 +20208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -20784,8 +20788,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -21362,8 +21366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -21945,8 +21949,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -22525,8 +22529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -23105,8 +23109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -23736,8 +23740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10865746163538598377" + "version": "0.24.24.22086", + "templateHash": "16424433956124968834" } }, "parameters": { @@ -23903,8 +23907,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.24.24.22086", + "templateHash": "2634065372700405738" } }, "parameters": { @@ -24092,8 +24096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.24.24.22086", + "templateHash": "13733791048554096882" } }, "parameters": { @@ -24362,8 +24366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.24.24.22086", + "templateHash": "13770858722823970618" } }, "parameters": { @@ -24456,8 +24460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.24.24.22086", + "templateHash": "13733791048554096882" } }, "parameters": { @@ -24726,8 +24730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.24.24.22086", + "templateHash": "13770858722823970618" } }, "parameters": { @@ -24796,8 +24800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -25380,8 +25384,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -25961,8 +25965,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17115660817704860359" + "version": "0.24.24.22086", + "templateHash": "1209128013382695969" } }, "parameters": { @@ -26084,8 +26088,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14736459587384734965" + "version": "0.24.24.22086", + "templateHash": "17889767664939482865" } }, "parameters": { @@ -26275,8 +26279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9545798095452579480" + "version": "0.24.24.22086", + "templateHash": "6953643909278292232" } }, "parameters": { @@ -26885,8 +26889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9816348956723829998" + "version": "0.24.24.22086", + "templateHash": "7204340581870023356" } }, "parameters": { @@ -27026,8 +27030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10047657056248810406" + "version": "0.24.24.22086", + "templateHash": "970091050271102932" } }, "parameters": { @@ -27396,8 +27400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.24.24.22086", + "templateHash": "10030047623262780672" } }, "parameters": { @@ -27528,8 +27532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11763882678288104884" + "version": "0.24.24.22086", + "templateHash": "14160924319726835238" } }, "parameters": { @@ -27665,8 +27669,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6055979105496084751" + "version": "0.24.24.22086", + "templateHash": "9057779657363667135" } }, "parameters": { @@ -27860,8 +27864,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.24.24.22086", + "templateHash": "7831429889926211190" } }, "parameters": { @@ -28043,8 +28047,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.24.24.22086", + "templateHash": "17234567602536304311" } }, "parameters": { @@ -28246,8 +28250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.24.24.22086", + "templateHash": "2516207548282735604" } }, "parameters": { @@ -28443,8 +28447,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.24.24.22086", + "templateHash": "4938350038598666744" } }, "parameters": { @@ -28578,8 +28582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.24.24.22086", + "templateHash": "14162095909703477931" } }, "parameters": { @@ -28792,8 +28796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6864497713956009622" + "version": "0.24.24.22086", + "templateHash": "16647295602491961660" } }, "parameters": { @@ -29023,8 +29027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.24.24.22086", + "templateHash": "7831429889926211190" } }, "parameters": { @@ -29206,8 +29210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.24.24.22086", + "templateHash": "17234567602536304311" } }, "parameters": { @@ -29409,8 +29413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7373774482178055452" + "version": "0.24.24.22086", + "templateHash": "9027137430207210172" } }, "parameters": { @@ -29620,8 +29624,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13893883968059192139" + "version": "0.24.24.22086", + "templateHash": "13094745876033837723" } }, "parameters": { @@ -29696,8 +29700,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2571756615431841166" + "version": "0.24.24.22086", + "templateHash": "10018140639144511721" } }, "parameters": { @@ -29768,8 +29772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.24.24.22086", + "templateHash": "10030047623262780672" } }, "parameters": { @@ -29899,8 +29903,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14656496075889817854" + "version": "0.24.24.22086", + "templateHash": "3788100772468570169" } }, "parameters": { @@ -30167,8 +30171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "10047657056248810406" + "version": "0.24.24.22086", + "templateHash": "970091050271102932" } }, "parameters": { @@ -30537,8 +30541,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15723327996763594758" + "version": "0.24.24.22086", + "templateHash": "10030047623262780672" } }, "parameters": { @@ -30669,8 +30673,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11763882678288104884" + "version": "0.24.24.22086", + "templateHash": "14160924319726835238" } }, "parameters": { @@ -30806,8 +30810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6055979105496084751" + "version": "0.24.24.22086", + "templateHash": "9057779657363667135" } }, "parameters": { @@ -31001,8 +31005,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4039932653764259703" + "version": "0.24.24.22086", + "templateHash": "7831429889926211190" } }, "parameters": { @@ -31184,8 +31188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16592614389473690770" + "version": "0.24.24.22086", + "templateHash": "17234567602536304311" } }, "parameters": { @@ -31387,8 +31391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.24.24.22086", + "templateHash": "2516207548282735604" } }, "parameters": { @@ -31584,8 +31588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.24.24.22086", + "templateHash": "4938350038598666744" } }, "parameters": { @@ -31719,8 +31723,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.24.24.22086", + "templateHash": "14162095909703477931" } }, "parameters": { @@ -31933,8 +31937,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6864497713956009622" + "version": "0.24.24.22086", + "templateHash": "16647295602491961660" } }, "parameters": { @@ -32185,8 +32189,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16306650625703107232" + "version": "0.24.24.22086", + "templateHash": "9297638532596174292" } }, "parameters": { @@ -32466,8 +32470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3205620537307637582" + "version": "0.24.24.22086", + "templateHash": "16312835383302959746" } }, "parameters": { @@ -33302,8 +33306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16578501272871551398" + "version": "0.24.24.22086", + "templateHash": "1063750606576410026" } }, "parameters": { @@ -33457,8 +33461,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14697279465996570029" + "version": "0.24.24.22086", + "templateHash": "9414577766029056313" } }, "parameters": { @@ -33773,8 +33777,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15781585805590730053" + "version": "0.24.24.22086", + "templateHash": "10254776496318105172" } }, "parameters": { @@ -34025,8 +34029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17125191375440227612" + "version": "0.24.24.22086", + "templateHash": "15654479489258886138" } }, "parameters": { @@ -34310,8 +34314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14837312545510225155" + "version": "0.24.24.22086", + "templateHash": "16966422285057288924" } }, "parameters": { @@ -34529,8 +34533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -34735,8 +34739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -34936,8 +34940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -35142,8 +35146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -35338,8 +35342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -35534,8 +35538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -35734,8 +35738,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -35942,8 +35946,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -36143,8 +36147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -36347,8 +36351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15242592157036190831" + "version": "0.24.24.22086", + "templateHash": "11525054918559098128" } }, "parameters": { @@ -36513,8 +36517,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9607326914801692122" + "version": "0.24.24.22086", + "templateHash": "17481608944836963488" } }, "parameters": { @@ -36796,8 +36800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13591692348976261694" + "version": "0.24.24.22086", + "templateHash": "10178540586997188960" } }, "parameters": { @@ -37069,8 +37073,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14398504551168498076" + "version": "0.24.24.22086", + "templateHash": "12415790862062173742" } }, "parameters": { @@ -37617,8 +37621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2942587223985886651" + "version": "0.24.24.22086", + "templateHash": "8203775990943243336" } }, "parameters": { @@ -37812,8 +37816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.24.24.22086", + "templateHash": "2516207548282735604" } }, "parameters": { @@ -38009,8 +38013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.24.24.22086", + "templateHash": "4938350038598666744" } }, "parameters": { @@ -38144,8 +38148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.24.24.22086", + "templateHash": "14162095909703477931" } }, "parameters": { @@ -38351,8 +38355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1348117273486411306" + "version": "0.24.24.22086", + "templateHash": "8570124243761424300" } }, "parameters": { @@ -38475,8 +38479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11852166519395262106" + "version": "0.24.24.22086", + "templateHash": "4282479370081948914" } }, "parameters": { @@ -38633,8 +38637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16250297962913546641" + "version": "0.24.24.22086", + "templateHash": "1423434177159479648" } }, "parameters": { @@ -38854,8 +38858,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4382308215526481443" + "version": "0.24.24.22086", + "templateHash": "2374698285890274507" } }, "parameters": { @@ -38968,8 +38972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9652540868161281860" + "version": "0.24.24.22086", + "templateHash": "8735943571370088259" } }, "parameters": { @@ -39096,8 +39100,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1186095586884481044" + "version": "0.24.24.22086", + "templateHash": "3221234738227957096" } }, "parameters": { @@ -39334,8 +39338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13780602292868075803" + "version": "0.24.24.22086", + "templateHash": "15192480916534434290" } }, "parameters": { @@ -39558,8 +39562,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3594065565754312854" + "version": "0.24.24.22086", + "templateHash": "3443731476568413652" } }, "parameters": { @@ -39687,8 +39691,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8261337544383310328" + "version": "0.24.24.22086", + "templateHash": "13811438743872515386" } }, "parameters": { @@ -39926,8 +39930,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12165290990779845298" + "version": "0.24.24.22086", + "templateHash": "12918423402462544543" } }, "parameters": { @@ -40123,8 +40127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9089725752901472518" + "version": "0.24.24.22086", + "templateHash": "12718351608592638120" } }, "parameters": { @@ -40220,8 +40224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1979270992674854961" + "version": "0.24.24.22086", + "templateHash": "33372281839171660" } }, "parameters": { @@ -40456,8 +40460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1526593365088296650" + "version": "0.24.24.22086", + "templateHash": "7982804078679336074" } }, "parameters": { @@ -40647,8 +40651,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "168390130983077015" + "version": "0.24.24.22086", + "templateHash": "6307676178101994247" } }, "parameters": { @@ -40833,8 +40837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4048736729822728060" + "version": "0.24.24.22086", + "templateHash": "652984592548258194" } }, "parameters": { @@ -41004,8 +41008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13591692348976261694" + "version": "0.24.24.22086", + "templateHash": "10178540586997188960" } }, "parameters": { @@ -41277,8 +41281,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14398504551168498076" + "version": "0.24.24.22086", + "templateHash": "12415790862062173742" } }, "parameters": { @@ -41825,8 +41829,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2942587223985886651" + "version": "0.24.24.22086", + "templateHash": "8203775990943243336" } }, "parameters": { @@ -42020,8 +42024,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5300610667995634254" + "version": "0.24.24.22086", + "templateHash": "2516207548282735604" } }, "parameters": { @@ -42217,8 +42221,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4621144128017741284" + "version": "0.24.24.22086", + "templateHash": "4938350038598666744" } }, "parameters": { @@ -42352,8 +42356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "7828421530828782575" + "version": "0.24.24.22086", + "templateHash": "14162095909703477931" } }, "parameters": { @@ -42559,8 +42563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1348117273486411306" + "version": "0.24.24.22086", + "templateHash": "8570124243761424300" } }, "parameters": { @@ -42683,8 +42687,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "11852166519395262106" + "version": "0.24.24.22086", + "templateHash": "4282479370081948914" } }, "parameters": { @@ -42841,8 +42845,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16250297962913546641" + "version": "0.24.24.22086", + "templateHash": "1423434177159479648" } }, "parameters": { @@ -43062,8 +43066,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4382308215526481443" + "version": "0.24.24.22086", + "templateHash": "2374698285890274507" } }, "parameters": { @@ -43176,8 +43180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9652540868161281860" + "version": "0.24.24.22086", + "templateHash": "8735943571370088259" } }, "parameters": { @@ -43304,8 +43308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1186095586884481044" + "version": "0.24.24.22086", + "templateHash": "3221234738227957096" } }, "parameters": { @@ -43542,8 +43546,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13780602292868075803" + "version": "0.24.24.22086", + "templateHash": "15192480916534434290" } }, "parameters": { @@ -43766,8 +43770,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3594065565754312854" + "version": "0.24.24.22086", + "templateHash": "3443731476568413652" } }, "parameters": { @@ -43895,8 +43899,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "8261337544383310328" + "version": "0.24.24.22086", + "templateHash": "13811438743872515386" } }, "parameters": { @@ -44134,8 +44138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "12165290990779845298" + "version": "0.24.24.22086", + "templateHash": "12918423402462544543" } }, "parameters": { @@ -44331,8 +44335,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9089725752901472518" + "version": "0.24.24.22086", + "templateHash": "12718351608592638120" } }, "parameters": { @@ -44428,8 +44432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1979270992674854961" + "version": "0.24.24.22086", + "templateHash": "33372281839171660" } }, "parameters": { @@ -44664,8 +44668,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1526593365088296650" + "version": "0.24.24.22086", + "templateHash": "7982804078679336074" } }, "parameters": { @@ -44855,8 +44859,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "168390130983077015" + "version": "0.24.24.22086", + "templateHash": "6307676178101994247" } }, "parameters": { @@ -45041,8 +45045,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4048736729822728060" + "version": "0.24.24.22086", + "templateHash": "652984592548258194" } }, "parameters": { @@ -45154,8 +45158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "1483242996907610497" + "version": "0.24.24.22086", + "templateHash": "12827447937233330812" } }, "parameters": { @@ -45233,8 +45237,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9592547259644072861" + "version": "0.24.24.22086", + "templateHash": "6625514028047611323" } }, "parameters": { @@ -45391,8 +45395,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5076096840451227372" + "version": "0.24.24.22086", + "templateHash": "6766861314561299802" } }, "parameters": { @@ -45702,8 +45706,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "6078602552923195855" + "version": "0.24.24.22086", + "templateHash": "18060612807894225230" } }, "parameters": { @@ -46092,8 +46096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "3205620537307637582" + "version": "0.24.24.22086", + "templateHash": "16312835383302959746" } }, "parameters": { @@ -46928,8 +46932,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16578501272871551398" + "version": "0.24.24.22086", + "templateHash": "1063750606576410026" } }, "parameters": { @@ -47083,8 +47087,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14697279465996570029" + "version": "0.24.24.22086", + "templateHash": "9414577766029056313" } }, "parameters": { @@ -47399,8 +47403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15781585805590730053" + "version": "0.24.24.22086", + "templateHash": "10254776496318105172" } }, "parameters": { @@ -47651,8 +47655,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "17125191375440227612" + "version": "0.24.24.22086", + "templateHash": "15654479489258886138" } }, "parameters": { @@ -47936,8 +47940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "14837312545510225155" + "version": "0.24.24.22086", + "templateHash": "16966422285057288924" } }, "parameters": { @@ -48155,8 +48159,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -48361,8 +48365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -48562,8 +48566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -48768,8 +48772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -48964,8 +48968,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -49160,8 +49164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -49360,8 +49364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -49568,8 +49572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -49769,8 +49773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -49973,8 +49977,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "15242592157036190831" + "version": "0.24.24.22086", + "templateHash": "11525054918559098128" } }, "parameters": { @@ -50139,8 +50143,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "9607326914801692122" + "version": "0.24.24.22086", + "templateHash": "17481608944836963488" } }, "parameters": { @@ -50379,8 +50383,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -50599,8 +50603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "18224849399427196214" + "version": "0.24.24.22086", + "templateHash": "15417543601715333142" } }, "parameters": { @@ -50814,8 +50818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "4753285980306081600" + "version": "0.24.24.22086", + "templateHash": "6272958380443997213" } }, "parameters": { @@ -50986,8 +50990,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "2295716801014819460" + "version": "0.24.24.22086", + "templateHash": "6267107344638485558" } }, "parameters": { @@ -51079,8 +51083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "5643654873197907708" + "version": "0.24.24.22086", + "templateHash": "2634065372700405738" } }, "parameters": { @@ -51254,8 +51258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "16982263610748880634" + "version": "0.24.24.22086", + "templateHash": "13733791048554096882" } }, "parameters": { @@ -51523,8 +51527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.23.1.45101", - "templateHash": "13135776147734170244" + "version": "0.24.24.22086", + "templateHash": "13770858722823970618" } }, "parameters": { diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 1bc6e4391..8e47cd8ce 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -160,11 +160,11 @@ var varFirewallSubId = split(firewallVnetResourceId, '/')[2] var varFirewallSubRgName = split(firewallVnetResourceId, '/')[4] var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] -resource existingAvdVNet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { - scope: resourceGroup(varExistingAvdVnetSubRgName) - name: varExistingAvdVnetName +resource existingFirewallVnet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { + scope: resourceGroup(varFirewallSubRgName) + name: varFirewallVnetName } -var firewallVnetLocation = !createVnet ? existingAvdVNet.location : deployment().location +var firewallVnetLocation = existingFirewallVnet.location // =========== // // Deployments // From c8cafb70b41ed0475491cb02cb8bc2b529500e84 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 24 Jan 2024 12:11:26 +0900 Subject: [PATCH 103/117] fix a bug for different subs with Hub vNet --- workload/bicep/modules/networking/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 8e47cd8ce..4da0e824d 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -161,7 +161,7 @@ var varFirewallSubRgName = split(firewallVnetResourceId, '/')[4] var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] resource existingFirewallVnet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { - scope: resourceGroup(varFirewallSubRgName) + scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: varFirewallVnetName } var firewallVnetLocation = existingFirewallVnet.location From b9b313513b881bcdec45ba902db4f0ca366a592a Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 24 Jan 2024 12:30:40 +0900 Subject: [PATCH 104/117] fix a bug for different subs with Hub vNet --- workload/arm/deploy-baseline.json | 10 +++++----- workload/bicep/modules/networking/deploy.bicep | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index d5ee7ec71..de897ae36 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "7066932748950813156" + "templateHash": "7575618108726881178" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "2946604926399380762" + "templateHash": "16830943410604245299" } }, "parameters": { @@ -12304,7 +12304,7 @@ "condition": "[and(not(parameters('createVnet')), parameters('deployFirewall'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Existing-vNet-{0}', parameters('time'))]", + "name": "[format('Peering-Existing-vNet-{0}', parameters('time'))]", "subscriptionId": "[format('{0}', variables('varExistingAvdVnetSubId'))]", "resourceGroup": "[format('{0}', variables('varExistingAvdVnetSubRgName'))]", "properties": { @@ -13999,7 +13999,7 @@ "value": "[parameters('firewallPolicyName')]" }, "location": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varFirewallSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', 'Existing-Fw-vNet'), '2020-06-01', 'full').location]" }, "enableProxy": { "value": true @@ -15630,7 +15630,7 @@ "value": "[parameters('firewallName')]" }, "location": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, variables('varFirewallSubRgName')), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', 'Existing-Fw-vNet'), '2020-06-01', 'full').location]" }, "vNetId": { "value": "[parameters('firewallVnetResourceId')]" diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 4da0e824d..b6ea452fa 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -162,7 +162,7 @@ var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] resource existingFirewallVnet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') - name: varFirewallVnetName + name: 'Existing-Fw-vNet' } var firewallVnetLocation = existingFirewallVnet.location @@ -449,7 +449,7 @@ module virtualNetwork '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks // Peering between existing AVD vNet and Firewall vNet module virtualNetworkExistingAvd '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (!createVnet && deployFirewall) { scope: resourceGroup('${varExistingAvdVnetSubId}', '${varExistingAvdVnetSubRgName}') - name: 'Existing-vNet-${time}' + name: 'Peering-Existing-vNet-${time}' params: { name: varExistingAvdVnetName location: sessionHostLocation From dead5c3312af2547821c7de12f77e812c90eb6eb Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Wed, 24 Jan 2024 12:38:34 +0900 Subject: [PATCH 105/117] fix a bug for different subs with Hub vNet --- workload/arm/deploy-baseline.json | 8 ++++---- workload/bicep/modules/networking/deploy.bicep | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index de897ae36..9c18d9bc9 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "7575618108726881178" + "templateHash": "2001729057696308403" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -8110,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.24.24.22086", - "templateHash": "16830943410604245299" + "templateHash": "6237281002861192349" } }, "parameters": { @@ -13999,7 +13999,7 @@ "value": "[parameters('firewallPolicyName')]" }, "location": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', 'Existing-Fw-vNet'), '2020-06-01', 'full').location]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" }, "enableProxy": { "value": true @@ -15630,7 +15630,7 @@ "value": "[parameters('firewallName')]" }, "location": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', 'Existing-Fw-vNet'), '2020-06-01', 'full').location]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varFirewallSubId')), format('{0}', variables('varFirewallSubRgName'))), 'Microsoft.Network/virtualNetworks', variables('varFirewallVnetName')), '2020-06-01', 'full').location]" }, "vNetId": { "value": "[parameters('firewallVnetResourceId')]" diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index b6ea452fa..94c520c05 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -162,7 +162,7 @@ var varFirewallVnetName = split(firewallVnetResourceId, '/')[8] resource existingFirewallVnet 'Microsoft.Network/virtualNetworks@2020-06-01' existing = { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') - name: 'Existing-Fw-vNet' + name: varFirewallVnetName } var firewallVnetLocation = existingFirewallVnet.location From 899f8fe59bc1e2227eee2a0567b004917799f3cb Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 16:06:07 +0900 Subject: [PATCH 106/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 82a0e47ef..4f6a4466f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1468,6 +1468,7 @@ "type": "Microsoft.Common.TextBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "label": "AzureFirewallSubnet address prefix", + "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { @@ -1557,6 +1558,7 @@ "type": "Microsoft.Common.TextBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets))]", "label": "AzureFirewallSubnet address prefix", + "defaultValue" : "[steps('network').firewallOptions.firewallSubnets.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { From ef039895dd4e58d323d14a08a93b5d4dfd9aaec6 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 16:16:45 +0900 Subject: [PATCH 107/117] added defaultValue for firewallSubnetAddressPrefix --- workload/arm/deploy-baseline.json | 880 +++++++++++++-------------- workload/bicep/deploy-baseline.bicep | 4 +- 2 files changed, 442 insertions(+), 442 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 9c18d9bc9..2e3974ca4 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2001729057696308403" + "version": "0.25.53.49325", + "templateHash": "17995204825564777548" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -342,9 +342,9 @@ }, "firewallSubnetAddressPrefix": { "type": "string", - "defaultValue": "10.0.2.0/24", + "defaultValue": "", "metadata": { - "description": "AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)" + "description": "AzureFirewallSubnet prefixes. (Default: \"\")" } }, "createAvdFslogixDeployment": { @@ -1592,8 +1592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2517070614714634945" + "version": "0.25.53.49325", + "templateHash": "12292252359804307794" } }, "parameters": { @@ -1701,8 +1701,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5261637614282567226" + "version": "0.25.53.49325", + "templateHash": "7768724676070584900" } }, "parameters": { @@ -1831,8 +1831,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10735397712111716035" + "version": "0.25.53.49325", + "templateHash": "11354169233680011470" } }, "parameters": { @@ -2192,8 +2192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2517070614714634945" + "version": "0.25.53.49325", + "templateHash": "12292252359804307794" } }, "parameters": { @@ -2301,8 +2301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5261637614282567226" + "version": "0.25.53.49325", + "templateHash": "7768724676070584900" } }, "parameters": { @@ -2431,8 +2431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10735397712111716035" + "version": "0.25.53.49325", + "templateHash": "11354169233680011470" } }, "parameters": { @@ -2787,8 +2787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2517070614714634945" + "version": "0.25.53.49325", + "templateHash": "12292252359804307794" } }, "parameters": { @@ -2896,8 +2896,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5261637614282567226" + "version": "0.25.53.49325", + "templateHash": "7768724676070584900" } }, "parameters": { @@ -3026,8 +3026,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10735397712111716035" + "version": "0.25.53.49325", + "templateHash": "11354169233680011470" } }, "parameters": { @@ -3400,8 +3400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3799883154990972414" + "version": "0.25.53.49325", + "templateHash": "12690703717096350637" } }, "parameters": { @@ -3524,8 +3524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2517070614714634945" + "version": "0.25.53.49325", + "templateHash": "12292252359804307794" } }, "parameters": { @@ -3633,8 +3633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5261637614282567226" + "version": "0.25.53.49325", + "templateHash": "7768724676070584900" } }, "parameters": { @@ -3763,8 +3763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10735397712111716035" + "version": "0.25.53.49325", + "templateHash": "11354169233680011470" } }, "parameters": { @@ -4124,8 +4124,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2365826423299471744" + "version": "0.25.53.49325", + "templateHash": "6864958014578962239" } }, "parameters": { @@ -4518,8 +4518,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15849702054005344486" + "version": "0.25.53.49325", + "templateHash": "10712248292572770731" } }, "parameters": { @@ -4662,8 +4662,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10863078211007786001" + "version": "0.25.53.49325", + "templateHash": "15525667819164711871" } }, "parameters": { @@ -4796,8 +4796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8520623357422506173" + "version": "0.25.53.49325", + "templateHash": "7956846534422926843" } }, "parameters": { @@ -4931,8 +4931,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15490589645988343017" + "version": "0.25.53.49325", + "templateHash": "4132022049528997937" } }, "parameters": { @@ -5103,8 +5103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16144824622195466183" + "version": "0.25.53.49325", + "templateHash": "634448685951071300" } }, "parameters": { @@ -5250,8 +5250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8345784985264509742" + "version": "0.25.53.49325", + "templateHash": "16998168533110938741" } }, "parameters": { @@ -5477,8 +5477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15995393084088667676" + "version": "0.25.53.49325", + "templateHash": "14780168633851831245" } }, "parameters": { @@ -5646,8 +5646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17168218083015351722" + "version": "0.25.53.49325", + "templateHash": "8590995720995950285" } }, "parameters": { @@ -5797,8 +5797,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13287433087953420901" + "version": "0.25.53.49325", + "templateHash": "12775460115048384129" } }, "parameters": { @@ -6009,8 +6009,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11123443055704659456" + "version": "0.25.53.49325", + "templateHash": "14290365869733520453" } }, "parameters": { @@ -6341,8 +6341,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2634065372700405738" + "version": "0.25.53.49325", + "templateHash": "16366878944950885213" } }, "parameters": { @@ -6524,8 +6524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8256294517634668004" + "version": "0.25.53.49325", + "templateHash": "15023465224228696502" } }, "parameters": { @@ -6703,8 +6703,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13733791048554096882" + "version": "0.25.53.49325", + "templateHash": "9921924060700053957" } }, "parameters": { @@ -6972,8 +6972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13770858722823970618" + "version": "0.25.53.49325", + "templateHash": "8206826062141249300" } }, "parameters": { @@ -7052,8 +7052,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8530746724060931167" + "version": "0.25.53.49325", + "templateHash": "14808459893929069654" } }, "parameters": { @@ -7524,8 +7524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8345784985264509742" + "version": "0.25.53.49325", + "templateHash": "16998168533110938741" } }, "parameters": { @@ -7757,8 +7757,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8345784985264509742" + "version": "0.25.53.49325", + "templateHash": "16998168533110938741" } }, "parameters": { @@ -8109,8 +8109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6237281002861192349" + "version": "0.25.53.49325", + "templateHash": "12405886113516870679" } }, "parameters": { @@ -8532,8 +8532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6138327344478546608" + "version": "0.25.53.49325", + "templateHash": "14112173790522417995" } }, "parameters": { @@ -8796,8 +8796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16632688053718667654" + "version": "0.25.53.49325", + "templateHash": "12193979794539898441" } }, "parameters": { @@ -9041,8 +9041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "111760690921807955" + "version": "0.25.53.49325", + "templateHash": "5765421206374700512" } }, "parameters": { @@ -9256,8 +9256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6138327344478546608" + "version": "0.25.53.49325", + "templateHash": "14112173790522417995" } }, "parameters": { @@ -9520,8 +9520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16632688053718667654" + "version": "0.25.53.49325", + "templateHash": "12193979794539898441" } }, "parameters": { @@ -9765,8 +9765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "111760690921807955" + "version": "0.25.53.49325", + "templateHash": "5765421206374700512" } }, "parameters": { @@ -9971,8 +9971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5370582947614692753" + "version": "0.25.53.49325", + "templateHash": "234465331784371878" } }, "parameters": { @@ -10094,8 +10094,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17477482957984744599" + "version": "0.25.53.49325", + "templateHash": "4315892491362596456" } }, "parameters": { @@ -10301,8 +10301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7121964656085462352" + "version": "0.25.53.49325", + "templateHash": "15757478643348271669" } }, "parameters": { @@ -10441,8 +10441,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18358369372560772682" + "version": "0.25.53.49325", + "templateHash": "14905130144383272137" } }, "parameters": { @@ -10650,8 +10650,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7121964656085462352" + "version": "0.25.53.49325", + "templateHash": "15757478643348271669" } }, "parameters": { @@ -10790,8 +10790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18358369372560772682" + "version": "0.25.53.49325", + "templateHash": "14905130144383272137" } }, "parameters": { @@ -11013,8 +11013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17620242328379309971" + "version": "0.25.53.49325", + "templateHash": "11835927411927003964" } }, "parameters": { @@ -11347,8 +11347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "914732954037131991" + "version": "0.25.53.49325", + "templateHash": "9180394596190190176" } }, "parameters": { @@ -11540,8 +11540,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10831299095782999288" + "version": "0.25.53.49325", + "templateHash": "7564413547026489149" } }, "parameters": { @@ -11763,8 +11763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10639041025585290225" + "version": "0.25.53.49325", + "templateHash": "13331946135592856005" } }, "parameters": { @@ -11929,8 +11929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10639041025585290225" + "version": "0.25.53.49325", + "templateHash": "13331946135592856005" } }, "parameters": { @@ -12090,8 +12090,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13888576034706477552" + "version": "0.25.53.49325", + "templateHash": "9149460602678223988" } }, "parameters": { @@ -12349,8 +12349,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17620242328379309971" + "version": "0.25.53.49325", + "templateHash": "11835927411927003964" } }, "parameters": { @@ -12683,8 +12683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "914732954037131991" + "version": "0.25.53.49325", + "templateHash": "9180394596190190176" } }, "parameters": { @@ -12876,8 +12876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10831299095782999288" + "version": "0.25.53.49325", + "templateHash": "7564413547026489149" } }, "parameters": { @@ -13099,8 +13099,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10639041025585290225" + "version": "0.25.53.49325", + "templateHash": "13331946135592856005" } }, "parameters": { @@ -13265,8 +13265,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10639041025585290225" + "version": "0.25.53.49325", + "templateHash": "13331946135592856005" } }, "parameters": { @@ -13426,8 +13426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13888576034706477552" + "version": "0.25.53.49325", + "templateHash": "9149460602678223988" } }, "parameters": { @@ -13657,8 +13657,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8379798746548034463" + "version": "0.25.53.49325", + "templateHash": "13875987280669970442" } }, "parameters": { @@ -13745,8 +13745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8379798746548034463" + "version": "0.25.53.49325", + "templateHash": "13875987280669970442" } }, "parameters": { @@ -13833,8 +13833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8379798746548034463" + "version": "0.25.53.49325", + "templateHash": "13875987280669970442" } }, "parameters": { @@ -13921,8 +13921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8379798746548034463" + "version": "0.25.53.49325", + "templateHash": "13875987280669970442" } }, "parameters": { @@ -14011,8 +14011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12858216276229330811" + "version": "0.25.53.49325", + "templateHash": "2784937374602837472" } }, "parameters": { @@ -14301,8 +14301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9560862758073291225" + "version": "0.25.53.49325", + "templateHash": "15644270621000068323" } }, "parameters": { @@ -14645,8 +14645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9560862758073291225" + "version": "0.25.53.49325", + "templateHash": "15644270621000068323" } }, "parameters": { @@ -15115,8 +15115,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9560862758073291225" + "version": "0.25.53.49325", + "templateHash": "15644270621000068323" } }, "parameters": { @@ -15236,8 +15236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "914732954037131991" + "version": "0.25.53.49325", + "templateHash": "9180394596190190176" } }, "parameters": { @@ -15429,8 +15429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10831299095782999288" + "version": "0.25.53.49325", + "templateHash": "7564413547026489149" } }, "parameters": { @@ -15645,8 +15645,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9603897788412212335" + "version": "0.25.53.49325", + "templateHash": "3118866382218524943" } }, "parameters": { @@ -16039,8 +16039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9414577766029056313" + "version": "0.25.53.49325", + "templateHash": "6211906708273254990" } }, "parameters": { @@ -16355,8 +16355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10254776496318105172" + "version": "0.25.53.49325", + "templateHash": "9343218311273659076" } }, "parameters": { @@ -16573,8 +16573,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10895696250199598980" + "version": "0.25.53.49325", + "templateHash": "5980302427600921910" } }, "parameters": { @@ -16820,8 +16820,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7121964656085462352" + "version": "0.25.53.49325", + "templateHash": "15757478643348271669" } }, "parameters": { @@ -16960,8 +16960,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18358369372560772682" + "version": "0.25.53.49325", + "templateHash": "14905130144383272137" } }, "parameters": { @@ -17256,8 +17256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8107657986455794101" + "version": "0.25.53.49325", + "templateHash": "4377068094740763699" } }, "parameters": { @@ -17535,8 +17535,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10389145545415899731" + "version": "0.25.53.49325", + "templateHash": "10946687561392641108" } }, "parameters": { @@ -17927,8 +17927,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6425857238276829806" + "version": "0.25.53.49325", + "templateHash": "18152637080061235815" } }, "parameters": { @@ -18145,8 +18145,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10308768902920369737" + "version": "0.25.53.49325", + "templateHash": "5992877783107057923" } }, "parameters": { @@ -18398,8 +18398,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16203623105828235602" + "version": "0.25.53.49325", + "templateHash": "14504846300346869432" } }, "parameters": { @@ -18576,8 +18576,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3997567384720382342" + "version": "0.25.53.49325", + "templateHash": "12579340611659815338" } }, "parameters": { @@ -18783,8 +18783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "5191474872378464830" + "version": "0.25.53.49325", + "templateHash": "13802770955036882635" } }, "parameters": { @@ -19012,8 +19012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4735419548847812706" + "version": "0.25.53.49325", + "templateHash": "3195066862165962007" } }, "parameters": { @@ -19233,8 +19233,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7013454961015868409" + "version": "0.25.53.49325", + "templateHash": "12134927289243356128" } }, "parameters": { @@ -19501,8 +19501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8342302527426602748" + "version": "0.25.53.49325", + "templateHash": "15762950364235268063" } }, "parameters": { @@ -19730,8 +19730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11148544851418427635" + "version": "0.25.53.49325", + "templateHash": "6750996700838484047" } }, "parameters": { @@ -19891,8 +19891,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1209128013382695969" + "version": "0.25.53.49325", + "templateHash": "12626407851499807648" } }, "parameters": { @@ -20014,8 +20014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17889767664939482865" + "version": "0.25.53.49325", + "templateHash": "17872005159545648628" } }, "parameters": { @@ -20208,8 +20208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -20788,8 +20788,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -21366,8 +21366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -21949,8 +21949,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -22529,8 +22529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -23109,8 +23109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -23740,8 +23740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16424433956124968834" + "version": "0.25.53.49325", + "templateHash": "5684940686425057871" } }, "parameters": { @@ -23907,8 +23907,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2634065372700405738" + "version": "0.25.53.49325", + "templateHash": "16366878944950885213" } }, "parameters": { @@ -24096,8 +24096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13733791048554096882" + "version": "0.25.53.49325", + "templateHash": "9921924060700053957" } }, "parameters": { @@ -24366,8 +24366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13770858722823970618" + "version": "0.25.53.49325", + "templateHash": "8206826062141249300" } }, "parameters": { @@ -24460,8 +24460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13733791048554096882" + "version": "0.25.53.49325", + "templateHash": "9921924060700053957" } }, "parameters": { @@ -24730,8 +24730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13770858722823970618" + "version": "0.25.53.49325", + "templateHash": "8206826062141249300" } }, "parameters": { @@ -24800,8 +24800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -25384,8 +25384,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -25965,8 +25965,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1209128013382695969" + "version": "0.25.53.49325", + "templateHash": "12626407851499807648" } }, "parameters": { @@ -26088,8 +26088,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17889767664939482865" + "version": "0.25.53.49325", + "templateHash": "17872005159545648628" } }, "parameters": { @@ -26279,8 +26279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6953643909278292232" + "version": "0.25.53.49325", + "templateHash": "2893256879685001488" } }, "parameters": { @@ -26889,8 +26889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7204340581870023356" + "version": "0.25.53.49325", + "templateHash": "918219264555033494" } }, "parameters": { @@ -27030,8 +27030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "970091050271102932" + "version": "0.25.53.49325", + "templateHash": "5505059584063534567" } }, "parameters": { @@ -27400,8 +27400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10030047623262780672" + "version": "0.25.53.49325", + "templateHash": "4387030601544728752" } }, "parameters": { @@ -27532,8 +27532,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14160924319726835238" + "version": "0.25.53.49325", + "templateHash": "1159527747916901251" } }, "parameters": { @@ -27669,8 +27669,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9057779657363667135" + "version": "0.25.53.49325", + "templateHash": "4258025481774090239" } }, "parameters": { @@ -27864,8 +27864,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7831429889926211190" + "version": "0.25.53.49325", + "templateHash": "17079762578847421513" } }, "parameters": { @@ -28047,8 +28047,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17234567602536304311" + "version": "0.25.53.49325", + "templateHash": "371738912741587586" } }, "parameters": { @@ -28250,8 +28250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2516207548282735604" + "version": "0.25.53.49325", + "templateHash": "2607498626356179793" } }, "parameters": { @@ -28447,8 +28447,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4938350038598666744" + "version": "0.25.53.49325", + "templateHash": "1026210003422117961" } }, "parameters": { @@ -28582,8 +28582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14162095909703477931" + "version": "0.25.53.49325", + "templateHash": "10581564202361414711" } }, "parameters": { @@ -28796,8 +28796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16647295602491961660" + "version": "0.25.53.49325", + "templateHash": "120829755030313324" } }, "parameters": { @@ -29027,8 +29027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7831429889926211190" + "version": "0.25.53.49325", + "templateHash": "17079762578847421513" } }, "parameters": { @@ -29210,8 +29210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17234567602536304311" + "version": "0.25.53.49325", + "templateHash": "371738912741587586" } }, "parameters": { @@ -29413,8 +29413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9027137430207210172" + "version": "0.25.53.49325", + "templateHash": "7609481978529968702" } }, "parameters": { @@ -29624,8 +29624,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13094745876033837723" + "version": "0.25.53.49325", + "templateHash": "6157101774591066586" } }, "parameters": { @@ -29700,8 +29700,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10018140639144511721" + "version": "0.25.53.49325", + "templateHash": "2563872156902418273" } }, "parameters": { @@ -29772,8 +29772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10030047623262780672" + "version": "0.25.53.49325", + "templateHash": "4387030601544728752" } }, "parameters": { @@ -29903,8 +29903,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3788100772468570169" + "version": "0.25.53.49325", + "templateHash": "10106544324923970980" } }, "parameters": { @@ -30171,8 +30171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "970091050271102932" + "version": "0.25.53.49325", + "templateHash": "5505059584063534567" } }, "parameters": { @@ -30541,8 +30541,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10030047623262780672" + "version": "0.25.53.49325", + "templateHash": "4387030601544728752" } }, "parameters": { @@ -30673,8 +30673,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14160924319726835238" + "version": "0.25.53.49325", + "templateHash": "1159527747916901251" } }, "parameters": { @@ -30810,8 +30810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9057779657363667135" + "version": "0.25.53.49325", + "templateHash": "4258025481774090239" } }, "parameters": { @@ -31005,8 +31005,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7831429889926211190" + "version": "0.25.53.49325", + "templateHash": "17079762578847421513" } }, "parameters": { @@ -31188,8 +31188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17234567602536304311" + "version": "0.25.53.49325", + "templateHash": "371738912741587586" } }, "parameters": { @@ -31391,8 +31391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2516207548282735604" + "version": "0.25.53.49325", + "templateHash": "2607498626356179793" } }, "parameters": { @@ -31588,8 +31588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4938350038598666744" + "version": "0.25.53.49325", + "templateHash": "1026210003422117961" } }, "parameters": { @@ -31723,8 +31723,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14162095909703477931" + "version": "0.25.53.49325", + "templateHash": "10581564202361414711" } }, "parameters": { @@ -31937,8 +31937,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16647295602491961660" + "version": "0.25.53.49325", + "templateHash": "120829755030313324" } }, "parameters": { @@ -32189,8 +32189,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9297638532596174292" + "version": "0.25.53.49325", + "templateHash": "14098197738308319886" } }, "parameters": { @@ -32470,8 +32470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16312835383302959746" + "version": "0.25.53.49325", + "templateHash": "4341061413743151984" } }, "parameters": { @@ -33306,8 +33306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1063750606576410026" + "version": "0.25.53.49325", + "templateHash": "14705626545682901296" } }, "parameters": { @@ -33461,8 +33461,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9414577766029056313" + "version": "0.25.53.49325", + "templateHash": "6211906708273254990" } }, "parameters": { @@ -33777,8 +33777,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10254776496318105172" + "version": "0.25.53.49325", + "templateHash": "9343218311273659076" } }, "parameters": { @@ -34029,8 +34029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15654479489258886138" + "version": "0.25.53.49325", + "templateHash": "7369736388877432875" } }, "parameters": { @@ -34314,8 +34314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16966422285057288924" + "version": "0.25.53.49325", + "templateHash": "16539403773257108260" } }, "parameters": { @@ -34533,8 +34533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -34739,8 +34739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -34940,8 +34940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -35146,8 +35146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -35342,8 +35342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -35538,8 +35538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -35738,8 +35738,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -35946,8 +35946,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -36147,8 +36147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -36351,8 +36351,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11525054918559098128" + "version": "0.25.53.49325", + "templateHash": "17667298835532124070" } }, "parameters": { @@ -36517,8 +36517,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17481608944836963488" + "version": "0.25.53.49325", + "templateHash": "8562202520133236147" } }, "parameters": { @@ -36800,8 +36800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10178540586997188960" + "version": "0.25.53.49325", + "templateHash": "486316681950145646" } }, "parameters": { @@ -37073,8 +37073,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12415790862062173742" + "version": "0.25.53.49325", + "templateHash": "9910970489292941732" } }, "parameters": { @@ -37621,8 +37621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8203775990943243336" + "version": "0.25.53.49325", + "templateHash": "18049283252780117674" } }, "parameters": { @@ -37816,8 +37816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2516207548282735604" + "version": "0.25.53.49325", + "templateHash": "2607498626356179793" } }, "parameters": { @@ -38013,8 +38013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4938350038598666744" + "version": "0.25.53.49325", + "templateHash": "1026210003422117961" } }, "parameters": { @@ -38148,8 +38148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14162095909703477931" + "version": "0.25.53.49325", + "templateHash": "10581564202361414711" } }, "parameters": { @@ -38355,8 +38355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8570124243761424300" + "version": "0.25.53.49325", + "templateHash": "9841295803264973025" } }, "parameters": { @@ -38479,8 +38479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4282479370081948914" + "version": "0.25.53.49325", + "templateHash": "12815982659211531394" } }, "parameters": { @@ -38637,8 +38637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1423434177159479648" + "version": "0.25.53.49325", + "templateHash": "15052557238641722622" } }, "parameters": { @@ -38858,8 +38858,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2374698285890274507" + "version": "0.25.53.49325", + "templateHash": "14610563169069349090" } }, "parameters": { @@ -38972,8 +38972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8735943571370088259" + "version": "0.25.53.49325", + "templateHash": "16670590515084711866" } }, "parameters": { @@ -39100,8 +39100,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3221234738227957096" + "version": "0.25.53.49325", + "templateHash": "886740980296979585" } }, "parameters": { @@ -39338,8 +39338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15192480916534434290" + "version": "0.25.53.49325", + "templateHash": "3995854442477526357" } }, "parameters": { @@ -39562,8 +39562,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3443731476568413652" + "version": "0.25.53.49325", + "templateHash": "13661727566134140417" } }, "parameters": { @@ -39691,8 +39691,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13811438743872515386" + "version": "0.25.53.49325", + "templateHash": "96570062580248241" } }, "parameters": { @@ -39930,8 +39930,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12918423402462544543" + "version": "0.25.53.49325", + "templateHash": "8521514798963212613" } }, "parameters": { @@ -40127,8 +40127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12718351608592638120" + "version": "0.25.53.49325", + "templateHash": "14923480199200050194" } }, "parameters": { @@ -40224,8 +40224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "33372281839171660" + "version": "0.25.53.49325", + "templateHash": "13169072407489385513" } }, "parameters": { @@ -40460,8 +40460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7982804078679336074" + "version": "0.25.53.49325", + "templateHash": "15836715994169610140" } }, "parameters": { @@ -40651,8 +40651,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6307676178101994247" + "version": "0.25.53.49325", + "templateHash": "8142387156390773156" } }, "parameters": { @@ -40837,8 +40837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "652984592548258194" + "version": "0.25.53.49325", + "templateHash": "10694653721016278359" } }, "parameters": { @@ -41008,8 +41008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10178540586997188960" + "version": "0.25.53.49325", + "templateHash": "486316681950145646" } }, "parameters": { @@ -41281,8 +41281,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12415790862062173742" + "version": "0.25.53.49325", + "templateHash": "9910970489292941732" } }, "parameters": { @@ -41829,8 +41829,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8203775990943243336" + "version": "0.25.53.49325", + "templateHash": "18049283252780117674" } }, "parameters": { @@ -42024,8 +42024,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2516207548282735604" + "version": "0.25.53.49325", + "templateHash": "2607498626356179793" } }, "parameters": { @@ -42221,8 +42221,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4938350038598666744" + "version": "0.25.53.49325", + "templateHash": "1026210003422117961" } }, "parameters": { @@ -42356,8 +42356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "14162095909703477931" + "version": "0.25.53.49325", + "templateHash": "10581564202361414711" } }, "parameters": { @@ -42563,8 +42563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8570124243761424300" + "version": "0.25.53.49325", + "templateHash": "9841295803264973025" } }, "parameters": { @@ -42687,8 +42687,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "4282479370081948914" + "version": "0.25.53.49325", + "templateHash": "12815982659211531394" } }, "parameters": { @@ -42845,8 +42845,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1423434177159479648" + "version": "0.25.53.49325", + "templateHash": "15052557238641722622" } }, "parameters": { @@ -43066,8 +43066,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2374698285890274507" + "version": "0.25.53.49325", + "templateHash": "14610563169069349090" } }, "parameters": { @@ -43180,8 +43180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "8735943571370088259" + "version": "0.25.53.49325", + "templateHash": "16670590515084711866" } }, "parameters": { @@ -43308,8 +43308,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3221234738227957096" + "version": "0.25.53.49325", + "templateHash": "886740980296979585" } }, "parameters": { @@ -43546,8 +43546,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15192480916534434290" + "version": "0.25.53.49325", + "templateHash": "3995854442477526357" } }, "parameters": { @@ -43770,8 +43770,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "3443731476568413652" + "version": "0.25.53.49325", + "templateHash": "13661727566134140417" } }, "parameters": { @@ -43899,8 +43899,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13811438743872515386" + "version": "0.25.53.49325", + "templateHash": "96570062580248241" } }, "parameters": { @@ -44138,8 +44138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12918423402462544543" + "version": "0.25.53.49325", + "templateHash": "8521514798963212613" } }, "parameters": { @@ -44335,8 +44335,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12718351608592638120" + "version": "0.25.53.49325", + "templateHash": "14923480199200050194" } }, "parameters": { @@ -44432,8 +44432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "33372281839171660" + "version": "0.25.53.49325", + "templateHash": "13169072407489385513" } }, "parameters": { @@ -44668,8 +44668,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "7982804078679336074" + "version": "0.25.53.49325", + "templateHash": "15836715994169610140" } }, "parameters": { @@ -44859,8 +44859,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6307676178101994247" + "version": "0.25.53.49325", + "templateHash": "8142387156390773156" } }, "parameters": { @@ -45045,8 +45045,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "652984592548258194" + "version": "0.25.53.49325", + "templateHash": "10694653721016278359" } }, "parameters": { @@ -45158,8 +45158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "12827447937233330812" + "version": "0.25.53.49325", + "templateHash": "11372024463860693902" } }, "parameters": { @@ -45237,8 +45237,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6625514028047611323" + "version": "0.25.53.49325", + "templateHash": "2628832346865009792" } }, "parameters": { @@ -45395,8 +45395,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6766861314561299802" + "version": "0.25.53.49325", + "templateHash": "6263498830324888332" } }, "parameters": { @@ -45706,8 +45706,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "18060612807894225230" + "version": "0.25.53.49325", + "templateHash": "921372536274458156" } }, "parameters": { @@ -46096,8 +46096,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16312835383302959746" + "version": "0.25.53.49325", + "templateHash": "4341061413743151984" } }, "parameters": { @@ -46932,8 +46932,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "1063750606576410026" + "version": "0.25.53.49325", + "templateHash": "14705626545682901296" } }, "parameters": { @@ -47087,8 +47087,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "9414577766029056313" + "version": "0.25.53.49325", + "templateHash": "6211906708273254990" } }, "parameters": { @@ -47403,8 +47403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "10254776496318105172" + "version": "0.25.53.49325", + "templateHash": "9343218311273659076" } }, "parameters": { @@ -47655,8 +47655,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15654479489258886138" + "version": "0.25.53.49325", + "templateHash": "7369736388877432875" } }, "parameters": { @@ -47940,8 +47940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "16966422285057288924" + "version": "0.25.53.49325", + "templateHash": "16539403773257108260" } }, "parameters": { @@ -48159,8 +48159,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -48365,8 +48365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -48566,8 +48566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -48772,8 +48772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -48968,8 +48968,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -49164,8 +49164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -49364,8 +49364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -49572,8 +49572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -49773,8 +49773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -49977,8 +49977,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "11525054918559098128" + "version": "0.25.53.49325", + "templateHash": "17667298835532124070" } }, "parameters": { @@ -50143,8 +50143,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "17481608944836963488" + "version": "0.25.53.49325", + "templateHash": "8562202520133236147" } }, "parameters": { @@ -50383,8 +50383,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -50603,8 +50603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "15417543601715333142" + "version": "0.25.53.49325", + "templateHash": "7884811935781859282" } }, "parameters": { @@ -50818,8 +50818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6272958380443997213" + "version": "0.25.53.49325", + "templateHash": "16759319256140935946" } }, "parameters": { @@ -50990,8 +50990,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "6267107344638485558" + "version": "0.25.53.49325", + "templateHash": "13951926603341249200" } }, "parameters": { @@ -51083,8 +51083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "2634065372700405738" + "version": "0.25.53.49325", + "templateHash": "16366878944950885213" } }, "parameters": { @@ -51258,8 +51258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13733791048554096882" + "version": "0.25.53.49325", + "templateHash": "9921924060700053957" } }, "parameters": { @@ -51527,8 +51527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.24.24.22086", - "templateHash": "13770858722823970618" + "version": "0.25.53.49325", + "templateHash": "8206826062141249300" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 9537d80bf..30c58361f 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -168,8 +168,8 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' -@sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') -param firewallSubnetAddressPrefix string = '10.0.2.0/24' +@sys.description('AzureFirewallSubnet prefixes. (Default: "")') +param firewallSubnetAddressPrefix string = '' @sys.description('Deploy Fslogix setup. (Default: true)') param createAvdFslogixDeployment bool = true From 2f786fc47291e7624786aca12ac5d2042aa68d09 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 16:22:45 +0900 Subject: [PATCH 108/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 4f6a4466f..285dac456 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1466,7 +1466,7 @@ { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", + "visible": true, "label": "AzureFirewallSubnet address prefix", "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", From 3d86e362bf0618a6935a8bcfff3069d46dd25231 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 16:29:51 +0900 Subject: [PATCH 109/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 285dac456..297b167ef 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1468,7 +1468,7 @@ "type": "Microsoft.Common.TextBox", "visible": true, "label": "AzureFirewallSubnet address prefix", - "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", + "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.value.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { From a62c9a2db08f524d1c84a749e2007c2ddff5781d Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 21:01:02 +0900 Subject: [PATCH 110/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 297b167ef..66f4b1509 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1468,7 +1468,7 @@ "type": "Microsoft.Common.TextBox", "visible": true, "label": "AzureFirewallSubnet address prefix", - "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.value.properties.addressPrefix]", + "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { @@ -1477,6 +1477,24 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, + { + "name": "test1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork]", + "style": "info" + } + }, + { + "name": "test2", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", + "style": "info" + } + }, { "name": "firewallSubnetInHubVirtualNetworkInfoBox", "type": "Microsoft.Common.InfoBox", From 479edb08a693429aecc7bb93038d6fd744eb4bcf Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 21:20:26 +0900 Subject: [PATCH 111/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 66f4b1509..4f6a4466f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1466,7 +1466,7 @@ { "name": "firewallSubnetSizeInHubVirtualNetwork", "type": "Microsoft.Common.TextBox", - "visible": true, + "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "label": "AzureFirewallSubnet address prefix", "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", @@ -1477,24 +1477,6 @@ "validationMessage": "Invalid CIDR range. The address prefix must be smaller than or equal to 26." } }, - { - "name": "test1", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork]", - "style": "info" - } - }, - { - "name": "test2", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", - "style": "info" - } - }, { "name": "firewallSubnetInHubVirtualNetworkInfoBox", "type": "Microsoft.Common.InfoBox", From 19bb471608a67cd99c86633c23c8db3762d65204 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 21:28:15 +0900 Subject: [PATCH 112/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 4f6a4466f..50eef38a6 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1468,7 +1468,7 @@ "type": "Microsoft.Common.TextBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "label": "AzureFirewallSubnet address prefix", - "defaultValue" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", + "value" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { From 2b6722a172b8d6fc6e0231d16c9468920aa83e43 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 22:06:44 +0900 Subject: [PATCH 113/117] added defaultValue for firewallSubnetAddressPrefix --- workload/arm/deploy-baseline.json | 24 +++++++++++++++---- workload/bicep/deploy-baseline.bicep | 4 ++++ .../bicep/modules/networking/deploy.bicep | 5 +++- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 2e3974ca4..4550629e3 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "17995204825564777548" + "templateHash": "16213932253931384324" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -340,6 +340,13 @@ "description": "Azure firewall virtual network. (Default: \"\")" } }, + "firewallSubnetAddressPrefixInHubVirtualNetwork": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AzureFirewallSubnet prefixes. (Default: \"\")" + } + }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "", @@ -8101,6 +8108,9 @@ }, "firewallSubnetAddressPrefix": { "value": "[parameters('firewallSubnetAddressPrefix')]" + }, + "firewallSubnetAddressPrefixInHubVirtualNetwork": { + "value": "[parameters('firewallSubnetAddressPrefixInHubVirtualNetwork')]" } }, "template": { @@ -8110,7 +8120,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "12405886113516870679" + "templateHash": "2977269184131160668" } }, "parameters": { @@ -8295,6 +8305,12 @@ "description": "Firewall policy application rule collection name (optional)" } }, + "firewallSubnetAddressPrefixInHubVirtualNetwork": { + "type": "string", + "metadata": { + "description": "Firewall subnet adderss prefix" + } + }, "firewallSubnetAddressPrefix": { "type": "string", "metadata": { @@ -15220,9 +15236,7 @@ }, "mode": "Incremental", "parameters": { - "addressPrefix": { - "value": "[parameters('firewallSubnetAddressPrefix')]" - }, + "addressPrefix": "[if(parameters('deployFirewallInHubVirtualNetwork'), createObject('value', parameters('firewallSubnetAddressPrefixInHubVirtualNetwork')), createObject('value', parameters('firewallSubnetAddressPrefix')))]", "name": { "value": "AzureFirewallSubnet" }, diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 30c58361f..f9551f7d9 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -168,6 +168,9 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' +@sys.description('AzureFirewallSubnet prefixes. (Default: "")') +param firewallSubnetAddressPrefixInHubVirtualNetwork string = '' + @sys.description('AzureFirewallSubnet prefixes. (Default: "")') param firewallSubnetAddressPrefix string = '' @@ -963,6 +966,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre firewallPolicyOptionalNetworkRuleCollectionName: varFiwewallPolicyOptionalNetworkRuleCollectionName firewallPolicyOptionalApplicationRuleCollectionName: varFiwewallPolicyOptionalApplicationRuleCollectionName firewallSubnetAddressPrefix: firewallSubnetAddressPrefix + firewallSubnetAddressPrefixInHubVirtualNetwork: firewallSubnetAddressPrefixInHubVirtualNetwork } dependsOn: [ baselineNetworkResourceGroup diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index 94c520c05..a3e28ac31 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -93,6 +93,9 @@ param firewallPolicyOptionalNetworkRuleCollectionName string @sys.description('Firewall policy application rule collection name (optional)') param firewallPolicyOptionalApplicationRuleCollectionName string +@sys.description('Firewall subnet adderss prefix') +param firewallSubnetAddressPrefixInHubVirtualNetwork string + @sys.description('Firewall subnet adderss prefix') param firewallSubnetAddressPrefix string @@ -1099,7 +1102,7 @@ module virtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Netw scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Subnet-${time}' params: { - addressPrefix: firewallSubnetAddressPrefix + addressPrefix: deployFirewallInHubVirtualNetwork ? firewallSubnetAddressPrefixInHubVirtualNetwork : firewallSubnetAddressPrefix name: 'AzureFirewallSubnet' virtualNetworkName: varFirewallVnetName } diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 50eef38a6..9a26bd15f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1468,7 +1468,6 @@ "type": "Microsoft.Common.TextBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork))]", "label": "AzureFirewallSubnet address prefix", - "value" : "[steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { @@ -2477,7 +2476,8 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", + "firewallSubnetAddressPrefixInHubVirtualNetwork": "[if(equals(and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork)), true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix)]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), true), steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 97aae518e77e55a3ff903c6ca3213d7df358bb42 Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 22:10:54 +0900 Subject: [PATCH 114/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 9a26bd15f..145c8d04f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2477,7 +2477,7 @@ "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", "firewallSubnetAddressPrefixInHubVirtualNetwork": "[if(equals(and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork)), true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix)]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), true), steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", + "firewallSubnetAddressPrefix": "[if(equals(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)), true), steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 1d99cedcf5ce967f761dcfc4417c9b17f6d86b9b Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 22:27:58 +0900 Subject: [PATCH 115/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 145c8d04f..9ea235739 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2476,8 +2476,8 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallSubnetAddressPrefixInHubVirtualNetwork": "[if(equals(and(steps('network').firewallOptions.deployFirewall, not(empty(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork)), steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, empty(steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork)), true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix)]", - "firewallSubnetAddressPrefix": "[if(equals(and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork)), true), steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", + "firewallSubnetAddressPrefixInHubVirtualNetwork": "[if(equals(steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, ''), steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix, steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork)]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.firewallSubnetSize, ''), steps('network').firewallOptions.firewallSubnets.properties.addressPrefix, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 920b337f257c5e7af15bd25368e139802072c16d Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Mon, 19 Feb 2024 22:45:49 +0900 Subject: [PATCH 116/117] added defaultValue for firewallSubnetAddressPrefix --- workload/portal-ui/portal-ui-baseline.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 9ea235739..8d0281aae 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -2476,8 +2476,8 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallSubnetAddressPrefixInHubVirtualNetwork": "[if(equals(steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, ''), steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix, steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork)]", - "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.firewallSubnetSize, ''), steps('network').firewallOptions.firewallSubnets.properties.addressPrefix, steps('network').firewallOptions.firewallSubnetSize)]", + "firewallSubnetAddressPrefixInHubVirtualNetwork": "[coalesce(steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix)]", + "firewallSubnetAddressPrefix": "[coalesce(steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", From 6e1d8c45fe3ba793ed1463cc8e58cd4380b6cd9f Mon Sep 17 00:00:00 2001 From: Yasuhiro Handa Date: Tue, 20 Feb 2024 00:09:12 +0900 Subject: [PATCH 117/117] fix a bug for firewallSubnetAddressPrefix --- workload/arm/deploy-baseline.json | 28 +++++-------------- workload/bicep/deploy-baseline.bicep | 6 +--- .../bicep/modules/networking/deploy.bicep | 7 ++--- workload/portal-ui/portal-ui-baseline.json | 4 +-- 4 files changed, 11 insertions(+), 34 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 4550629e3..5d29efb60 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "16213932253931384324" + "templateHash": "13417945876232594035" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -340,18 +340,11 @@ "description": "Azure firewall virtual network. (Default: \"\")" } }, - "firewallSubnetAddressPrefixInHubVirtualNetwork": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "AzureFirewallSubnet prefixes. (Default: \"\")" - } - }, "firewallSubnetAddressPrefix": { "type": "string", "defaultValue": "", "metadata": { - "description": "AzureFirewallSubnet prefixes. (Default: \"\")" + "description": "AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)" } }, "createAvdFslogixDeployment": { @@ -8108,9 +8101,6 @@ }, "firewallSubnetAddressPrefix": { "value": "[parameters('firewallSubnetAddressPrefix')]" - }, - "firewallSubnetAddressPrefixInHubVirtualNetwork": { - "value": "[parameters('firewallSubnetAddressPrefixInHubVirtualNetwork')]" } }, "template": { @@ -8120,7 +8110,7 @@ "_generator": { "name": "bicep", "version": "0.25.53.49325", - "templateHash": "2977269184131160668" + "templateHash": "4115192130459361023" } }, "parameters": { @@ -8305,12 +8295,6 @@ "description": "Firewall policy application rule collection name (optional)" } }, - "firewallSubnetAddressPrefixInHubVirtualNetwork": { - "type": "string", - "metadata": { - "description": "Firewall subnet adderss prefix" - } - }, "firewallSubnetAddressPrefix": { "type": "string", "metadata": { @@ -15224,7 +15208,7 @@ ] }, { - "condition": "[parameters('deployFirewall')]", + "condition": "[and(parameters('deployFirewall'), not(equals(parameters('firewallSubnetAddressPrefix'), '')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('Fw-Subnet-{0}', parameters('time'))]", @@ -15236,7 +15220,9 @@ }, "mode": "Incremental", "parameters": { - "addressPrefix": "[if(parameters('deployFirewallInHubVirtualNetwork'), createObject('value', parameters('firewallSubnetAddressPrefixInHubVirtualNetwork')), createObject('value', parameters('firewallSubnetAddressPrefix')))]", + "addressPrefix": { + "value": "[parameters('firewallSubnetAddressPrefix')]" + }, "name": { "value": "AzureFirewallSubnet" }, diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index f9551f7d9..59ff85f8a 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -168,10 +168,7 @@ param deployFirewallInHubVirtualNetwork bool = false @sys.description('Azure firewall virtual network. (Default: "")') param firewallVnetResourceId string = '' -@sys.description('AzureFirewallSubnet prefixes. (Default: "")') -param firewallSubnetAddressPrefixInHubVirtualNetwork string = '' - -@sys.description('AzureFirewallSubnet prefixes. (Default: "")') +@sys.description('AzureFirewallSubnet prefixes. (Default: 10.0.2.0/24)') param firewallSubnetAddressPrefix string = '' @sys.description('Deploy Fslogix setup. (Default: true)') @@ -966,7 +963,6 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre firewallPolicyOptionalNetworkRuleCollectionName: varFiwewallPolicyOptionalNetworkRuleCollectionName firewallPolicyOptionalApplicationRuleCollectionName: varFiwewallPolicyOptionalApplicationRuleCollectionName firewallSubnetAddressPrefix: firewallSubnetAddressPrefix - firewallSubnetAddressPrefixInHubVirtualNetwork: firewallSubnetAddressPrefixInHubVirtualNetwork } dependsOn: [ baselineNetworkResourceGroup diff --git a/workload/bicep/modules/networking/deploy.bicep b/workload/bicep/modules/networking/deploy.bicep index a3e28ac31..d7f1401c1 100644 --- a/workload/bicep/modules/networking/deploy.bicep +++ b/workload/bicep/modules/networking/deploy.bicep @@ -93,9 +93,6 @@ param firewallPolicyOptionalNetworkRuleCollectionName string @sys.description('Firewall policy application rule collection name (optional)') param firewallPolicyOptionalApplicationRuleCollectionName string -@sys.description('Firewall subnet adderss prefix') -param firewallSubnetAddressPrefixInHubVirtualNetwork string - @sys.description('Firewall subnet adderss prefix') param firewallSubnetAddressPrefix string @@ -1098,11 +1095,11 @@ module firewallPolicyOptionalRuleCollectionGroup '../../../../carml/1.3.0/Micros } // Azure Firewall subnet -module virtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall) { +module virtualNetworkAzureFirewallSubnet '../../../../carml/1.3.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep' = if (deployFirewall && (firewallSubnetAddressPrefix != '')) { scope: resourceGroup('${varFirewallSubId}', '${varFirewallSubRgName}') name: 'Fw-Subnet-${time}' params: { - addressPrefix: deployFirewallInHubVirtualNetwork ? firewallSubnetAddressPrefixInHubVirtualNetwork : firewallSubnetAddressPrefix + addressPrefix: firewallSubnetAddressPrefix name: 'AzureFirewallSubnet' virtualNetworkName: varFirewallVnetName } diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index 8d0281aae..82a0e47ef 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -1557,7 +1557,6 @@ "type": "Microsoft.Common.TextBox", "visible": "[and(steps('network').firewallOptions.deployFirewall, not(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork), empty(steps('network').firewallOptions.firewallSubnets))]", "label": "AzureFirewallSubnet address prefix", - "defaultValue" : "[steps('network').firewallOptions.firewallSubnets.properties.addressPrefix]", "toolTip": "Virtual network subnet CIDR for Azure Firewall (AzureFirewallSubnet)", "placeholder": "Example: 10.0.2.0/24", "constraints": { @@ -2476,8 +2475,7 @@ "deployFirewall": "[steps('network').firewallOptions.deployFirewall]", "deployFirewallInHubVirtualNetwork": "[steps('network').firewallOptions.deployFirewallInHubVirtualNetwork]", "firewallVnetResourceId": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, steps('network').firewallOptions.firewallVirtualNetwork)]", - "firewallSubnetAddressPrefixInHubVirtualNetwork": "[coalesce(steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetsInHubVirtualNetwork.properties.addressPrefix)]", - "firewallSubnetAddressPrefix": "[coalesce(steps('network').firewallOptions.firewallSubnetSize, steps('network').firewallOptions.firewallSubnets.properties.addressPrefix)]", + "firewallSubnetAddressPrefix": "[if(equals(steps('network').firewallOptions.deployFirewallInHubVirtualNetwork, true), steps('network').firewallOptions.firewallSubnetSizeInHubVirtualNetwork, steps('network').firewallOptions.firewallSubnetSize)]", "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]",