Azure · AlexanderSehr · Dec 23, 2022 · Sep 2, 2022 · Sep 2, 2022 · Sep 2, 2022
@@ -0,0 +1,47 @@
+@description('Required. The name of the managed identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Optional. The location to deploy resources to.')
+param location string = resourceGroup().location
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+  name: virtualNetworkName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        '10.0.0.0/24'
+      ]
+    }
+    subnets: [
+      {
+        name: 'defaultSubnet'
+        properties: {
+          addressPrefix: '10.0.0.0/24'
+          delegations: [
+            {
+              name: 'Microsoft.ContainerInstance.containerGroups'
+              properties: {
+                serviceName: 'Microsoft.ContainerInstance/containerGroups'
+              }
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
@@ -0,0 +1,129 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.containerinstance.containergroups-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'cicgprivate'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    enableDefaultTelemetry: enableDefaultTelemetry
+    name: '<<namePrefix>>${serviceShort}001'
+    lock: 'CanNotDelete'
+    containers: [
+      {
+        name: '<<namePrefix>>-az-aci-x-001'
+        properties: {
+          command: []
+          environmentVariables: []
+          image: 'mcr.microsoft.com/azuredocs/aci-helloworld'
+          ports: [
+            {
+              port: '80'
+              protocol: 'Tcp'
+            }
+            {
+              port: '443'
+              protocol: 'Tcp'
+            }
+          ]
+          resources: {
+            requests: {
+              cpu: 2
+              memoryInGB: 4
+            }
+          }
+          volumeMounts: [
+            {
+              name: 'my-name'
+              mountPath: '/mnt/empty'
+            }
+          ]
+        }
+      }
+      {
+        name: '<<namePrefix>>-az-aci-x-002'
+        properties: {
+          command: []
+          environmentVariables: []
+          image: 'mcr.microsoft.com/azuredocs/aci-helloworld'
+          ports: [
+            {
+              port: '8080'
+              protocol: 'Tcp'
+            }
+          ]
+          resources: {
+            requests: {
+              cpu: 2
+              memoryInGB: 2
+            }
+          }
+        }
+      }
+    ]
+    ipAddressType: 'Private'
+    ipAddressPorts: [
+      {
+        protocol: 'Tcp'
+        port: 80
+      }
+      {
+        protocol: 'Tcp'
+        port: 443
+      }
+      {
+        protocol: 'Tcp'
+        port: '8080'
+      }
+    ]
+    subnetId: resourceGroupResources.outputs.subnetResourceId
+    volumes: [
+      {
+        emptyDir: {}
+        name: 'my-name'
+      }
+    ]
+    systemAssignedIdentity: true
+    userAssignedIdentities: {
+      '${resourceGroupResources.outputs.managedIdentityResourceId}': {}
+    }
+  }
+}
@@ -4,15 +4,24 @@ param name string
 @description('Required. The containers and their respective config within the container group.')
 param containers array
 
-@description('Optional. Ports to open on the public IP address. Must include all ports assigned on container level.')
+@description('Conditional. Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`.')
 param ipAddressPorts array = []
 
 @description('Optional. The operating system type required by the containers in the container group. - Windows or Linux.')
 param osType string = 'Linux'
 
+@allowed([
+  'Always'
+  'OnFailure'
+  'Never'
+])
 @description('Optional. Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never.')
 param restartPolicy string = 'Always'
 
+@allowed([
+  'Public'
+  'Private'
+])
 @description('Optional. Specifies if the IP is exposed to the public internet or private VNET. - Public or Private.')
 param ipAddressType string = 'Public'
 
@@ -22,6 +31,50 @@ param imageRegistryCredentials array = []
 @description('Optional. Location for all Resources.')
 param location string = resourceGroup().location
 
+@allowed([
+  'Noreuse'
+  'ResourceGroupReuse'
+  'SubscriptionReuse'
+  'TenantReuse'
+  'Unsecure'
+])
+@description('Optional. Specify level of protection of the domain name label.')
+param autoGeneratedDomainNameLabelScope string = 'TenantReuse'
+
+@description('Optional. The Dns name label for the resource.')
+param dnsNameLabel string = ''
+
+@allowed([
+  'Standard'
+  'Dedicated'
+])
+@description('Optional. Specify the Sku.')
+param sku string = 'Standard'
+
+@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key vaults base URL.')
+param encryptionVaultBaseUrl string = ''
+
+@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key name.')
+param encrytionKeyName string = ''
+
+@description('Optional. If Non-Microsoft-managed encryption should be used, specify the key version.')
+param encryptionKeyVersion string = ''
+
+@description('Optional. List of dns servers used by the containers for lookups.')
+param dnsNameServers array = []
+
+@description('Optional. DNS search domain which will be appended to each DNS lookup.')
+param dnsSearchDomains string = ''
+
+@description('Optional. A list of container definitions which will be executed before the application container starts.')
+param initContainers array = []
+
+@description('Optional. Resource ID of the subnet. Only specify when ipAddressType is Private.')
+param subnetId string = ''
+
+@description('Optional. Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup.')
+param volumes array = []
+
 @allowed([
   ''
   'CanNotDelete'
@@ -49,6 +102,46 @@ var identity = identityType != 'None' ? {
   userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
 } : null
 
+var dnsConfig = !empty(dnsNameServers) ? {
+  nameServers: dnsNameServers
+  searchDomains: dnsSearchDomains
+} : null
+
+var encryptionProperties = !empty(encryptionVaultBaseUrl) ? {
+  vaultBaseUrl: encryptionVaultBaseUrl
+  keyName: encrytionKeyName
+  keyVersion: encryptionKeyVersion
+} : null
+
+var subnetIds = !empty(subnetId) ? [
+  {
+    id: subnetId
+  }
+] : null
+
+var generatedDomainNameLabelScope = !empty(dnsNameServers) ? autoGeneratedDomainNameLabelScope : null
+
+var basicContainerProperties = {
+  containers: containers
+  dnsConfig: dnsConfig
+  encryptionProperties: encryptionProperties
+  imageRegistryCredentials: imageRegistryCredentials
+  initContainers: initContainers
+  restartPolicy: restartPolicy
+  osType: osType
+  ipAddress: {
+    type: ipAddressType
+    autoGeneratedDomainNameLabelScope: generatedDomainNameLabelScope
+    dnsNameLabel: dnsNameLabel
+    ports: ipAddressPorts
+  }
+  sku: sku
+  subnetIds: subnetIds
+  volumes: volumes
+}
+
+var containerProperties = !empty(dnsNameServers) ? union(basicContainerProperties, { dnsConfig: dnsConfig }) : basicContainerProperties
+
 resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
   name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
   properties: {
@@ -66,16 +159,7 @@ resource containergroup 'Microsoft.ContainerInstance/containerGroups@2021-10-01'
   location: location
   identity: identity
   tags: tags
-  properties: {
-    containers: containers
-    imageRegistryCredentials: imageRegistryCredentials
-    restartPolicy: restartPolicy
-    osType: osType
-    ipAddress: {
-      type: ipAddressType
-      ports: ipAddressPorts
-    }
-  }
+  properties: containerProperties
 }
 
 resource containergroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) {