Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
chbragg committed Nov 4, 2024
2 parents a12bc95 + b12b8c4 commit 631eb01
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 11 deletions.
4 changes: 2 additions & 2 deletions workload/arm/deploy-baseline.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "6631429466860926774"
"templateHash": "16220838410328199964"
},
"name": "AVD Accelerator - Baseline Deployment",
"description": "AVD Accelerator - Deployment Baseline",
Expand Down Expand Up @@ -19924,7 +19924,7 @@
},
"publicNetworkAccess": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]",
"networkAcls": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', createObject('bypass', 'AzureServices', 'defaultAction', 'Deny', 'virtualNetworkRules', createArray(), 'ipRules', createArray())), createObject('value', createObject()))]",
"privateEndpoints": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', createArray(createObject('name', variables('varWrklKvPrivateEndpointName'), 'subnetResourceId', if(parameters('createAvdVnet'), format('{0}/subnets/{1}', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.virtualNetworkResourceId.value, variables('varVnetPrivateEndpointSubnetName')), parameters('existingVnetPrivateEndpointSubnetResourceId')), 'customNetworkInterfaceName', format('nic-01-{0}', variables('varWrklKvPrivateEndpointName')), 'service', 'vault', 'privateDnsZoneGroup', createObject('privateDNSResourceIds', createArray(if(parameters('createPrivateDnsZones'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.keyVaultDnsZoneResourceId.value, parameters('avdVnetPrivateDnsZoneKeyvaultId'))))))), createObject('value', createArray()))]",
"privateEndpoints": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', createArray(createObject('name', variables('varWrklKvPrivateEndpointName'), 'subnetResourceId', if(parameters('createAvdVnet'), format('{0}/subnets/{1}', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.virtualNetworkResourceId.value, variables('varVnetPrivateEndpointSubnetName')), parameters('existingVnetPrivateEndpointSubnetResourceId')), 'customNetworkInterfaceName', format('nic-01-{0}', variables('varWrklKvPrivateEndpointName')), 'service', 'vault', 'privateDnsZoneGroupName', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value, '/')[8], 'privateDnsZoneResourceIds', createArray(if(parameters('createPrivateDnsZones'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value, parameters('avdVnetPrivateDnsZoneKeyvaultId')))))), createObject('value', createArray()))]",
"secrets": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'EntraID')), createObject('value', createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials'))), createObject('value', createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'NoUsername', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'NoPassword', 'contentType', 'Domain join credentials'))))]",
"tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))), createObject('value', union(variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))))]"
},
Expand Down
12 changes: 5 additions & 7 deletions workload/bicep/deploy-baseline.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -1267,22 +1267,20 @@ module wrklKeyVault '../../avm/1.0.0/res/key-vault/vault/main.bicep' = {
ipRules: []
}
: {}
privateEndpoints: deployPrivateEndpointKeyvaultStorage
? [
privateEndpoints: deployPrivateEndpointKeyvaultStorage? [
{
name: varWrklKvPrivateEndpointName
subnetResourceId: createAvdVnet
? '${networking.outputs.virtualNetworkResourceId}/subnets/${varVnetPrivateEndpointSubnetName}'
: existingVnetPrivateEndpointSubnetResourceId
customNetworkInterfaceName: 'nic-01-${varWrklKvPrivateEndpointName}'
service: 'vault'
privateDnsZoneGroup: {
privateDNSResourceIds: [
privateDnsZoneGroupName: split(networking.outputs.keyVaultDnsZoneResourceId, '/')[8]
privateDnsZoneResourceIds: [
createPrivateDnsZones ? networking.outputs.keyVaultDnsZoneResourceId : avdVnetPrivateDnsZoneKeyvaultId
]
}
]
}
]
]
: []
secrets: (avdIdentityServiceProvider != 'EntraID')
? [
Expand Down
Binary file modified workload/scripts/DSCStorageScripts/1.0.1/DSCStorageScripts.zip
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ $ErrorActionPreference = "Stop"

. (Join-Path $ScriptPath "Logger.ps1")

if ($IdentityServiceProvider -ne 'AAD') {
if ($IdentityServiceProvider -ne 'EntraID') {
Write-Log "Forcing group policy updates"
gpupdate /force /wait:0

Expand Down Expand Up @@ -171,7 +171,7 @@ Try {
icacls ${DriveLetter}: /remove "BUILTIN\Users"
Write-Log "ACLs set"
#AVD group permissions
if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'AAD') {
if ($SecurityPrincipalName -eq 'none' -or $IdentityServiceProvider -eq 'EntraID') {
Write-Log "AD group not provided or using Microsoft Entra ID joined session hosts, ACLs for AD group not set"
}
else {
Expand Down

0 comments on commit 631eb01

Please sign in to comment.