[Feature Request]: Re-work modules to new dependency approach

[AlexanderSehr]

Description

Once PR #1624 is merged we can start transforming the current test parameter files into the new Bicep test files. As this will affect all top level modules it makes sense to do this module by module. To this end we should either create an issue per module or a checkbox list somewhere to track the progress.

Note: Several modules are already converted and await review in PR #1787

To get an overview of the expected effort you can find an outline of the expected dependencies in the following:

Resource Type	#	RG	MSI	Diag	Dependencies
AAD/DomainServices	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
AnalysisServices/servers	5	✅	✅	✅
ApiManagement/service	6	✅	✅	✅	Microsoft.KeyVault/vaults
AppConfiguration/configurationStores	6	✅	✅	✅	Microsoft.Network/virtualNetworks
Authorization/policyAssignments	1		✅
Authorization/policyExemptions	1				/subscriptions/<>/providers/Microsoft.Authorization/policyAssignments/adp-<>-sb-pass-loc-rg
Automation/automationAccounts	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
Batch/batchAccounts	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
Cache/redis	2	✅			Microsoft.Network/virtualNetworks
CognitiveServices/accounts	6	✅	✅	✅	Microsoft.Network/virtualNetworks
Compute/availabilitySets	3	✅	✅		Microsoft.Compute/proximityPlacementGroups
Compute/diskEncryptionSets	3	✅	✅		Microsoft.KeyVault/vaults
Compute/disks	4	✅	✅		/Subscriptions/<>/Providers/Microsoft.Compute/Locations/westeurope/Publishers/MicrosoftWindowsServer/ArtifactTypes/VMImage/Offers/WindowsServer/Skus/2016-Datacenter/Versions/14393.4906.2112080838 Microsoft.Storage/storageAccounts
Compute/galleries	2	✅	✅
Compute/images	2	✅	✅
Compute/proximityPlacementGroups	2	✅	✅
Compute/virtualMachines	10	✅	✅	✅	Microsoft.Compute/proximityPlacementGroups Microsoft.KeyVault/vaults Microsoft.Network/applicationSecurityGroups Microsoft.Network/loadBalancers Microsoft.Network/virtualNetworks
Compute/virtualMachineScaleSets	8	✅	✅	✅	Microsoft.Compute/proximityPlacementGroups Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
ContainerInstance/containerGroups	1	✅
ContainerRegistry/registries	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
ContainerService/managedClusters	7	✅	✅	✅	Microsoft.Compute/diskEncryptionSets Microsoft.Network/virtualNetworks
Databricks/workspaces	5	✅	✅	✅
DataFactory/factories	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
DataProtection/backupVaults	2	✅	✅
DBforPostgreSQL/flexibleServers	8	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/privateDnsZones Microsoft.Network/virtualNetworks
DesktopVirtualization/applicationgroups	5	✅	✅	✅
DesktopVirtualization/hostpools	5	✅	✅	✅
DesktopVirtualization/scalingplans	2	✅	✅
DesktopVirtualization/workspaces	5	✅	✅	✅
DocumentDB/databaseAccounts	5	✅	✅	✅
EventGrid/systemTopics	5	✅	✅	✅
EventGrid/topics	6	✅	✅	✅	Microsoft.Network/virtualNetworks
EventHub/namespaces	6	✅	✅	✅	Microsoft.Network/virtualNetworks
HealthBot/healthBots	2	✅	✅
Insights/actionGroups	2	✅	✅
Insights/activityLogAlerts	3	✅	✅		microsoft.insights/actiongroups
Insights/components	3	✅	✅	✅
Insights/diagnosticSettings	3			✅
Insights/metricAlerts	2	✅	✅
Insights/privateLinkScopes	4	✅	✅	✅	Microsoft.Network/virtualNetworks
Insights/scheduledQueryRules	2	✅	✅
KeyVault/vaults	6	✅	✅	✅	Microsoft.Network/virtualNetworks
KubernetesConfiguration/extensions	1	✅
KubernetesConfiguration/fluxConfigurations	1	✅
Logic/workflows	5	✅	✅	✅
MachineLearningServices/workspaces	8	✅	✅	✅	Microsoft.Insights/components Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
ManagedIdentity/userAssignedIdentities	2	✅	✅
NetApp/netAppAccounts	3	✅	✅		Microsoft.Network/virtualNetworks
Network/applicationGateways	8	✅	✅	✅	Microsoft.Network/applicationGateways Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
Network/applicationSecurityGroups	2	✅	✅
Network/azureFirewalls	7	✅	✅	✅	Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
Network/bastionHosts	7	✅	✅	✅	Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
Network/connections	3	✅			Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworkGateways
Network/ddosProtectionPlans	2	✅	✅
Network/expressRouteCircuits	5	✅	✅	✅
Network/firewallPolicies	1	✅
Network/frontDoors	3	✅	✅		Microsoft.Network/frontDoors
Network/ipGroups	2	✅	✅
Network/loadBalancers	7	✅	✅	✅	Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
Network/localNetworkGateways	2	✅	✅
Network/natGateways	5	✅	✅	✅
Network/networkInterfaces	8	✅	✅	✅	Microsoft.Network/applicationSecurityGroups Microsoft.Network/loadBalancers Microsoft.Network/virtualNetworks
Network/networkSecurityGroups	6	✅	✅	✅	Microsoft.Network/applicationSecurityGroups
Network/networkWatchers	6	✅	✅	✅	Microsoft.Compute/virtualMachines Microsoft.Network/networkSecurityGroups
Network/privateDnsZones	3	✅	✅		Microsoft.Network/virtualNetworks
Network/privateEndpoints	4	✅	✅		Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
Network/publicIPAddresses	5	✅	✅	✅
Network/publicIPPrefixes	2	✅	✅
Network/routeTables	2	✅	✅
Network/trafficmanagerprofiles	5	✅	✅	✅
Network/virtualHubs	4	✅			Microsoft.Network/virtualHubs Microsoft.Network/virtualNetworks Microsoft.Network/virtualWans
Network/virtualNetworkGateways	6	✅	✅	✅	Microsoft.Network/virtualNetworks
Network/virtualNetworks	8	✅	✅	✅	Microsoft.Network/networkSecurityGroups Microsoft.Network/routeTables Microsoft.Network/virtualNetworks
Network/virtualWans	2	✅	✅
Network/vpnGateways	3	✅			Microsoft.Network/virtualHubs Microsoft.Network/vpnSites
Network/vpnSites	3	✅	✅		Microsoft.Network/virtualWans
OperationalInsights/workspaces	6	✅	✅	✅	Microsoft.Automation/automationAccounts
OperationsManagement/solutions	1	✅
RecoveryServices/vaults	7	✅	✅	✅	Microsoft.Network/virtualNetworks Microsoft.RecoveryServices/vaults
Resources/deploymentScripts	1	✅
Resources/resourceGroups	1		✅
Security/azureSecurityCenter	2			✅	/subscriptions/<>
ServiceBus/namespaces	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
ServiceFabric/clusters	2	✅	✅
SignalRService/webPubSub	2	✅			Microsoft.Network/virtualNetworks
Sql/managedInstances	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
Sql/servers	7	✅	✅	✅	/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001 Microsoft.Network/virtualNetworks
Storage/storageAccounts	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
Synapse/privateLinkHubs	3	✅	✅		Microsoft.Network/virtualNetworks
Synapse/workspaces	7	✅	✅	✅	Microsoft.KeyVault/vaults Microsoft.Network/virtualNetworks
VirtualMachineImages/imageTemplates	3	✅	✅		Microsoft.Compute/galleries
Web/connections	3	✅	✅		/subscriptions/<>/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs
Web/hostingEnvironments	6	✅	✅	✅	Microsoft.Network/virtualNetworks
Web/serverfarms	5	✅	✅	✅
Web/sites	8	✅	✅	✅	Microsoft.Insights/components Microsoft.Network/virtualNetworks Microsoft.Web/serverFarms
Web/staticSites	3	✅	✅		Microsoft.Network/virtualNetworks
Authorization/locks	0
Authorization/policyDefinitions	0
Authorization/policySetDefinitions	0
Authorization/roleAssignments	0
Authorization/roleDefinitions	0
Consumption/budgets	0
ManagedServices/registrationDefinitions	0
Management/managementGroups	0
Resources/tags	0

The script that was used to generate the list is the following

Script

[CmdletBinding()]
param (
    [Parameter()]
    [string] $ModulesPath
)

$moduleFolderPaths = (Get-ChildItem -Path $ModulesPath -Directory -Recurse).FullName | Where-Object {
    ((($_ -replace '\\', '/') -split '/modules/')[1] -split '/').Count -eq 2 -and $_ -notlike '*.shared*'
}

$resultSet = @{}
foreach ($moduleFolderPath in $moduleFolderPaths) {

    $parameterFilePaths = (Get-ChildItem -Path (Join-Path $moduleFolderPath '.test') -Filter '*.json' -Recurse).FullName

    $references = [System.Collections.ArrayList]@()

    foreach ($parameterFilePath in $parameterFilePaths) {
        $content = Get-Content $parameterFilePath
        $references += $content | Where-Object {
            $_ -like '*:*' -and ($_ -split ':')[1].Trim() -like '*/subscriptions/*'
        } | ForEach-Object {
                ($_ -split ':')[1].Trim()
        } | ForEach-Object {
                ($_ -replace '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/', '') -replace '"', ''
        } | ForEach-Object {
            if ($_ -like 'Microsoft.*') {
                    ($_ -split '/')[0, 1] -join '/'
            } else {
                $_
            }
        }
    }

    # Special case: Resource Group
    $templatePath = Join-Path $moduleFolderPath 'deploy.bicep'
    $templateContent = Get-Content $templatePath
    if ($templateContent[0] -like '*resourceGroup*' -or $templateContent[0] -notlike '*targetScope*') {
        # Requires Resource Group deployment
        $references += 'Microsoft.Resources/resourceGroups'
    }

    # Special case: RBAC (MSI)
    $rbacFilePath = Join-Path $moduleFolderPath '.bicep' 'nested_roleAssignments.bicep'
    if (Test-Path $rbacFilePath) {
        # Requires Managed Identity deployment for RBAC
        $references += 'Microsoft.ManagedIdentity/userAssignedIdentities'
    }

    $providerNamespace = Split-Path (Split-Path $moduleFolderPath -Parent) -Leaf
    $resourceType = Split-Path $moduleFolderPath -Leaf

    $resultSet["$providerNamespace/$resourceType"] = ($references | Select-Object -Unique | Sort-Object)
}


$dependenciesTableTable = @(
    '| Resource Type | # | RG | MSI | Diag | Dependencies |',
    '| - | - | - | - | - | - |'
)

# With dependencies
foreach ($resourceType in ($resultSet.Keys | Where-Object { $resultSet[$_].Count -gt 0 } | Sort-Object)) {

    # Convert array to arraylist to allow operations
    $references = [System.Collections.ArrayList]@()
    if ($resultSet[$resourceType] -is [array]) {
        $references.AddRange($resultSet[$resourceType])
    } else {
        $null = $references.Add($resultSet[$resourceType])
    }
    $dependenciesCount = $references.Count

    # Filter common patterns
    if ($references -contains 'Microsoft.Resources/resourceGroups') {
        $references.Remove('Microsoft.Resources/resourceGroups')
        $hasRg = $true
    } else {
        $hasRg = $false
    }
    if ($references -contains 'Microsoft.ManagedIdentity/userAssignedIdentities') {
        $references.Remove('Microsoft.ManagedIdentity/userAssignedIdentities')
        $hasMsi = $true
    } else {
        $hasMsi = $false
    }
    if ($references -contains 'microsoft.operationalinsights/workspaces') {
        $references.Remove('microsoft.operationalinsights/workspaces')
        $references.Remove('Microsoft.Storage/storageAccounts')
        $references.Remove('Microsoft.EventHub/namespaces')
        $hasDiag = $true
    } else {
        $hasDiag = $false
    }

    $dependencies = ''
    $references | ForEach-Object {
        $dependencies += "<li>$_</li>"
    }
    $dependenciesTableTable += '| `{0}` | {1} | {2} | {3} | {4} | {5} |' -f ($resourceType -replace 'Microsoft.', ''), $dependenciesCount, ($hasRg ? ':white_check_mark:' : ''), ($hasMsi ? ':white_check_mark:' : ''), ($hasDiag ? ':white_check_mark:' : ''), $dependencies
}

# Without any dependencies
foreach ($resourceType in ($resultSet.Keys | Where-Object { $resultSet[$_].Count -eq 0 } | Sort-Object)) {
    $dependenciesTableTable += '| `{0}` | {1} | | | | |' -f ($resourceType -replace 'Microsoft.', ''), 0
}

$dependenciesTableTable

• Update AAD/DomainServices to new dependencies approach #1904
• Update AnalysisServices/servers to new dependencies approach #1905
• Update ApiManagement/service to new dependencies approach #1906
• Update AppConfiguration/configurationStores to new dependencies approach #1907
• Update Authorization/locks to new dependencies approach #1908
• Update Authorization/policyAssignments to new dependencies approach #1909
• Update Authorization/policyDefinitions to new dependencies approach #1910
• Update Authorization/policyExemptions to new dependencies approach #1911
• Update Authorization/policySetDefinitions to new dependencies approach #1912
• Update Authorization/roleAssignments to new dependencies approach #1913
• Update Authorization/roleDefinitions to new dependencies approach #1914
• Update Automation/automationAccounts to new dependencies approach #1915
• Update Batch/batchAccounts to new dependencies approach #1916
• Update Cache/redis to new dependencies approach #1917
• Update CognitiveServices/accounts to new dependencies approach #1922
• Update Compute/availabilitySets to new dependencies approach #1924
• Update Compute/diskEncryptionSets to new dependencies approach #1923
• Update Compute/disks to new dependencies approach #1926
• Update Compute/galleries to new dependencies approach #1925
• Update Compute/images to new dependencies approach #1921
• Update Compute/proximityPlacementGroups to new dependencies approach #1920
• Update Compute/virtualMachines to new dependencies approach #1919
• Update Compute/virtualMachineScaleSets to new dependencies approach #1918
• Update Consumption/budgets to new dependencies approach #1961
• Update ContainerInstance/containerGroups to new dependencies approach #1928
• Update ContainerRegistry/registries to new dependencies approach #1929
• Update ContainerService/managedClusters to new dependencies approach #1930
• Update Databricks/workspaces to new dependencies approach #1931
• Update DataFactory/factories to new dependencies approach #1932
• Update DataProtection/backupVaults to new dependencies approach #1933
• Update DBforPostgreSQL/flexibleServers to new dependencies approach #1935
• Update DesktopVirtualization/applicationgroups to new dependencies approach #1934
• Update DesktopVirtualization/hostpools to new dependencies approach #1936
• Update DesktopVirtualization/scalingplans to new dependencies approach #1937
• Update DesktopVirtualization/workspaces to new dependencies approach #1938
• Update DocumentDB/databaseAccounts to new dependencies approach #1992
• Update EventGrid/systemTopics to new dependencies approach #2059
• Update EventGrid/topics to new dependencies approach #2085
• Update EventHub/namespaces to new dependencies approach #2087
• Update HealthBot/healthBots to new dependencies approach #2097
• Update Insights/actionGroups to new dependencies approach #2101
• Update Insights/activityLogAlerts to new dependencies approach #2196
• Update Insights/components to new dependencies approach #2103
• Update Insights/diagnosticSettings to new dependencies approach #2105
• Update Insights/metricAlerts to new dependencies approach #2107
• Update Insights/privateLinkScopes to new dependencies approach #2186
• Update Insights/scheduledQueryRules to new dependencies approach #2095
• Update KeyVault/vaults to new dependencies approach #2001
• Update KubernetesConfiguration/extensions to new dependencies approach #1939
• Update KubernetesConfiguration/fluxConfigurations to new dependencies approach #1940
• Update Logic/workflows to new dependencies approach #1941
• Update MachineLearningServices/workspaces to new dependencies approach #1942
• Update ManagedIdentity/userAssignedIdentities to new dependencies approach #1943
• Update ManagedServices/registrationDefinitions to new dependencies approach #1996
• Update Management/managementGroups to new dependencies approach #1994
• Update NetApp/netAppAccounts to new dependencies approach #1944
• Update Network/applicationGateways to new dependencies approach #1945
• Update Network/applicationSecurityGroups to new dependencies approach #1946
• Update Network/azureFirewalls to new dependencies approach #1947
• Update Network/bastionHosts to new dependencies approach #1948
• Update Network/connections to new dependencies approach #1949
• Update Network/ddosProtectionPlans to new dependencies approach #2053
• Update Network/expressRouteCircuits to new dependencies approach #2055
• Update Network/firewallPolicies to new dependencies approach #2057
• Update Network/frontDoors to new dependencies approach #2049
• Update Network/ipGroups to new dependencies approach #2047
• Update Network/loadBalancers to new dependencies approach #2039
• Update Network/localNetworkGateways to new dependencies approach #2045
• Update Network/natGateways to new dependencies approach #2041
• Update Network/networkInterfaces to new dependencies approach #1950
• Update Network/networkSecurityGroups to new dependencies approach #1951
• Update Network/networkWatchers to new dependencies approach #2270
• Update Network/privateDnsZones to new dependencies approach #2083
• Update Network/privateEndpoints to new dependencies approach #2081
• Update Network/privateLinkServices to new dependencies approach #2339
• Update Network/publicIPAddresses to new dependencies approach #2079
• Update Network/publicIPPrefixes to new dependencies approach #2077
• Update Network/routeTables to new dependencies approach #2075
• Update Network/trafficmanagerprofiles to new dependencies approach #2051
• Update Network/virtualHubs to new dependencies approach #1952
• Update Network/virtualNetworkGateways to new dependencies approach #1953
• Update Network/virtualNetworks to new dependencies approach #1954
• Update Network/virtualWans to new dependencies approach #1955
• Update Network/vpnGateways to new dependencies approach #1956
• Update Network/vpnSites to new dependencies approach #1957
• Update OperationalInsights/workspaces to new dependencies approach #2177
• Update OperationsManagement/solutions to new dependencies approach #2012
• Update PowerBIDedicated/capacities to new dependencies approach #2338
• Update RecoveryServices/vaults to new dependencies approach #2010
• Update Resources/deploymentScripts to new dependencies approach #1958
• Update Resources/resourceGroups to new dependencies approach #2061
• Update Resources/tags to new dependencies approach #2073
• Update Security/azureSecurityCenter to new dependencies approach #2269
• Update ServiceBus/namespaces to new dependencies approach #2217
• Update ServiceFabric/clusters to new dependencies approach #2244
• Update SignalRService/webPubSub to new dependencies approach #2230
• Update Sql/managedInstances to new dependencies approach #1964
• Update Sql/servers to new dependencies approach #1960
• Update Storage/storageAccounts to new dependencies approach #2206
• Update Synapse/privateLinkHubs to new dependencies approach #2227
• Update Synapse/workspaces to new dependencies approach #2337
• Update VirtualMachineImages/imageTemplates to new dependencies approach #2226
• Update Web/connections to new dependencies approach #2143
• Update Web/hostingEnvironments to new dependencies approach #2144
• Update Web/serverfarms to new dependencies approach #2043
• Update Web/sites to new dependencies approach #1959
• [Modules] Update Web/staticSites to new dependencies approach #1897

[AlexanderSehr]

Note: Once the dependencies approach is implemented, we should address the following 2 comments:

• [CI Environment] Enabled CI environment to handle DeploymentTest (bicep) files for new self-contained dependency approach #1624 (comment)
• [CI Environment] Enabled CI environment to handle DeploymentTest (bicep) files for new self-contained dependency approach #1624 (comment)

[AlexanderSehr]

Helper artifacts (environment-specific -> paths must be updated to match your environment). Store each file in a location of your choice - with the name mentioned in the header and you should be good to go.

dependencyapproachHelper.ps1 script

$references = . 'C:\Users\alsehr\OneDrive - Microsoft\Desktop\CARML\Get-ResourceIDReferencesPerModule.ps1'

function New-FolderStructure {

    [CmdletBinding(SupportsShouldProcess)]
    param(
        [string] $moduleFolderPath,
        [ Object[]] $references
    )


    $matchingRefence = $references | Where-Object { $_ -match ('\| `{0}`.+' -f (($moduleFolderPath -split 'Microsoft.')[1] -replace '\\', '\/')) }
    if ($matchingRefence) {
        $dependencies = ($matchingRefence -split '\|')[6]
        $needsMSI = ($matchingRefence -split '\|')[4].Trim() -eq ':white_check_mark:'
        $needsDep = ($matchingRefence -split '\|')[5].Trim() -eq ':white_check_mark:'
    }

    $testFolderPath = Join-Path $moduleFolderPath '.test'
    $filePaths = (Get-ChildItem -Path $testFolderPath -Filter '*.json').FullName

    $shortenedName = 'ms.{0}' -f ($moduleFolderPath -split 'Microsoft.')[1]
    $providerNamespace = (Split-Path $shortenedName -Parent).ToLower()
    $resourceType = (Split-Path $shortenedName -Leaf).ToLower()

    foreach ($filePath in $filePaths) {
        $folderName = (Split-Path $filePath -LeafBase) -replace '.parameters', ''

        if ($folderName -eq 'parameters') {
            $folderName = 'common'
        }

        $folderPath = Join-Path (Split-Path $filePath -Parent) $folderName

        if (-not (Test-Path -Path $folderPath)) {
            if ($PSCmdlet.ShouldProcess("Folder in path [$folderPath]", 'Create')) {
                $null = New-Item -Path $folderPath -ItemType 'Directory'
            }
        }

        if (-not (Test-Path -Path (Join-Path $folderPath 'dependencies.bicep')) -and ($matchingRefence -split '|')[2].Trim() -ne '0') {
            $parameters = [System.Collections.ArrayList]@()
            $resources = [System.Collections.ArrayList]@()
            $outputs = [System.Collections.ArrayList]@()

            if ($dependencies -match '.*Microsoft.Network\/virtualNetworks.*') {
                $null = $parameters.Add(@(
                        "@description('Required. The name of the Virtual Network to create.')",
                        'param virtualNetworkName string',
                        ''
                    ))

                $null = $resources.Add(@(
                        "resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {",
                        '    name: virtualNetworkName',
                        '    location: location',
                        '    properties: {',
                        '        addressSpace: {',
                        '            addressPrefixes: [',
                        "            '10.0.0.0/24'",
                        '            ]',
                        '        }',
                        '        subnets: [',
                        '            {',
                        "                name: 'defaultSubnet'",
                        '                properties: {',
                        "                    addressPrefix: '10.0.0.0/24'",
                        '                }',
                        '            }',
                        '        ]',
                        '    }',
                        '}',
                        ''
                    ))

                $null = $outputs.Add(@(
                        "@description('The resource ID of the created Virtual Network Subnet.')",
                        'output subnetResourceId string = virtualNetwork.properties.subnets[0].id',
                        ''
                    ))
            }
            if ($dependencies -match '.*Microsoft.KeyVault\/vaults.*') {

                $null = $parameters.Add(@(
                        "@description('Required. The name of the Key Vault to create.')",
                        'param keyVaultName string',
                        ''
                    ))
                $null = $resources.Add(@(
                        "resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {",
                        '    name: keyVaultName',
                        '    location: location',
                        '    properties: {',
                        '        sku: {',
                        "            family: 'A'",
                        "            name: 'standard'",
                        '        }',
                        '        tenantId: tenant().tenantId',
                        '        enablePurgeProtection: null',
                        '        enabledForTemplateDeployment: true',
                        '        enabledForDiskEncryption: true',
                        '        enabledForDeployment: true',
                        '        enableRbacAuthorization: true',
                        '        accessPolicies: []',
                        '    }',
                        '}',
                        ''
                    ))
                $null = $outputs.Add(@(
                        "@description('The resource ID of the created Key Vault.')",
                        'output keyVaultResourceId string = keyVault.id',
                        '',
                        "@description('The URL of the created Key Vault.')",
                        'output keyVaultUrl string = keyVault.properties.vaultUri',
                        ''
                    ))

            }
            if ($dependencies -match '.*Microsoft.Network\/privateDnsZones.*') {

                $null = $resources.Add(@(
                        "resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {",
                        "    name: 'privatelink.azconfig.io'",
                        "    location: 'global'",
                        '',
                        "    resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {",
                        "        name: '`${virtualNetworkName}-vnetlink'",
                        "        location: 'global'",
                        '        properties: {',
                        '            virtualNetwork: {',
                        '                id: virtualNetwork.id',
                        '            }',
                        '        }',
                        '    }',
                        '}',
                        ''
                    ))
                $null = $outputs.Add(@(
                        "@description('The resource ID of the created Virtual Network Subnet.')",
                        'output privateDNSResourceId string = privateDNSZone.id',
                        ''
                    ))
            }
            if ($dependencies -match '.*Microsoft\.Network\/publicIPAddresses.*') {
                $null = $parameters.Add(@(
                        "@description('Required. The name of the Public IP to create.')",
                        'param publicIPName string',
                        ''
                    ))
                $null = $resources.Add(@(
                        "resource publicIP 'Microsoft.Network/publicIPAddresses@2022-01-01' = {",
                        '    name: publicIPName',
                        '    location: location',

                        '}',
                        ''
                    ))
                $null = $outputs.Add(@(
                        "@description('The resource ID of the created Public IP.')",
                        'output publicIPResourceId string = publicIP.id',
                        ''
                    ))
            }
            if ($needsMSI) {
                $null = $parameters.Add(@(
                        "@description('Required. The name of the Managed Identity to create.')",
                        'param managedIdentityName string',
                        ''
                    ))
                $null = $resources.Add(@(
                        "resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {",
                        '    name: managedIdentityName',
                        '    location: location',
                        '}',
                        ''
                    ))
                $null = $outputs.Add(@(
                        "@description('The principal ID of the created Managed Identity.')",
                        'output managedIdentityPrincipalId string = managedIdentity.properties.principalId',
                        ''
                    ))
            }

            $dependenciesContent = @(
                "@description('Optional. The location to deploy to.')",
                'param location string = resourceGroup().location',
                ''
            )
            if ($parameters) {
                $dependenciesContent += $parameters
            }
            if ($resources) {
                $dependenciesContent += $resources
            }
            if ($outputs) {
                $dependenciesContent += $outputs
            }

            $dependenciesFilePath = Join-Path $folderPath 'dependencies.bicep'
            if ($PSCmdlet.ShouldProcess("File in path [$dependenciesFilePath]", 'Create')) {
                $null = New-Item -Path $dependenciesFilePath -Value ($dependenciesContent | Out-String)
            }
        }

        if (-not (Test-Path -Path (Join-Path $folderPath 'deploy.test.bicep'))) {
            $draftFileContent = Get-Content -Path 'C:\Users\alsehr\OneDrive - Microsoft\Desktop\CARML\dependencyapproachHelper_deployTest.bicep'

            $draftFileContent = $draftFileContent -replace 'param resourceGroupName string .*', "param resourceGroupName string = '$providerNamespace.$resourceType-`${serviceShort}-rg'"

            $resourceNames = [System.Collections.ArrayList]@()
            if ($dependencies -match '.*Microsoft.Network\/virtualNetworks.*') {
                $null = $resourceNames.Add("    virtualNetworkName: 'dep-<<namePrefix>>-vnet-`${serviceShort}'")
            }
            if ($dependencies -match '.*Microsoft.KeyVault\/vaults.*') {
                $null = $resourceNames.Add("    keyVaultName: 'dep-<<namePrefix>>-kv-`${serviceShort}'")
            }
            if ($dependencies -match '.*Microsoft.Network\/publicIPAddresses.*') {
                $null = $resourceNames.Add("    publicIPName: 'dep-<<namePrefix>>-pip-`${serviceShort}'")
            }
            if ($needsMSI) {
                $null = $resourceNames.Add("    managedIdentityName: 'dep-<<namePrefix>>-msi-`${serviceShort}'")
            }

            if ($resourceNames) {
                $indexOfDepParam = $draftFileContent.IndexOf("module resourceGroupResources 'dependencies.bicep' = {") + 4 # row before header starts
                $draftContentBefore = $draftFileContent[0 .. ($indexOfDepParam - 1)]
                $draftContentAfter = $draftFileContent[$indexOfDepParam .. $draftFileContent.Count]
                $draftFileContent = @(
                    $draftContentBefore,
                    $resourceNames
                    $draftContentAfter
                ) | Out-String
                $draftFileContent = $draftFileContent -split '\n'
            }

            if ($needsDep) {
                $indexOfTestHeader = ((($draftFileContent | Out-String).Split("`n") | Select-String 'Test Execution').LineNumber - 1) - 2 # row before header starts
                $draftContentBefore = $draftFileContent[0 .. $indexOfTestHeader]
                $draftContentAfter = $draftFileContent[($indexOfTestHeader + 1) .. $draftFileContent.Count]
                $draftFileContent = @(
                    $draftContentBefore,
                    '// Diagnostics',
                    '// ===========',
                    "module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {",
                    '  scope: resourceGroup',
                    "  name: '`${uniqueString(deployment().name, location)}-diagnosticDependencies'",
                    '  params: {',
                    "    storageAccountName: 'dep<<namePrefix>>diasa`${serviceShort}01'",
                    "    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-`${serviceShort}'",
                    "    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-`${serviceShort}'",
                    "    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-`${serviceShort}'",
                    '    location: location',
                    '  }',
                    '}',
                    ''
                    $draftContentAfter
                ) | Out-String
            }

            $draftFileContent = ($draftFileContent | Out-String) -replace '\r', ''

            $testFilePath = Join-Path $folderPath 'deploy.test.bicep'
            if ($PSCmdlet.ShouldProcess("File in path [$testFilePath]", 'Create')) {
                $null = New-Item -Path $testFilePath -Value ($draftFileContent)
            }
        }

        if ($PSCmdlet.ShouldProcess("File [$filePath]", 'Remove')) {
            $null = Remove-Item $filePath -Force
        }
    }

    # Update worklow
    $repoRoot = (Get-Item $moduleFolderPath).Parent.Parent.Parent
    $pipelineFilePath = Join-Path $repoRoot '.github' 'workflows' ('{0}.yml' -f ($shortenedName.ToLower() -replace '\\', '.'))
    $content = Get-Content $pipelineFilePath

    $templateIndex = ((($content | Out-String).Split("`n") | Select-String 'templateFilePath:').LineNumber)[0] - 1
    $paramIndex = (($content | Out-String).Split("`n") | Select-String 'parameterFilePath: ').LineNumber - 1

    $content[$templateIndex] = "          templateFilePath: '`${{ env.modulePath }}/`${{ matrix.moduleTestFilePaths }}'"

    $newValue = $content[0 .. ($paramIndex - 1)] + $content[($paramIndex + 1) .. ($content.Count)]

    if ($PSCmdlet.ShouldProcess("Workflow [$pipelineFilePath]", 'Update')) {
        $null = Set-Content $pipelineFilePath -Value $newValue -Force
    }
}
New-FolderStructure -moduleFolderPath 'C:\dev\ip\Azure-ResourceModules\ResourceModules\modules\Microsoft.Resources\deploymentScripts' -references $references

Get-ResourceIDReferencesPerModule.ps1 script

[CmdletBinding()]
param (
    [Parameter()]
    [string] $ModulesPath = 'C:\dev\ip\Azure-ResourceModules\ResourceModules\modules'
)

$moduleFolderPaths = (Get-ChildItem -Path $ModulesPath -Directory -Recurse).FullName | Where-Object {
    ((($_ -replace '\\', '/') -split '/modules/')[1] -split '/').Count -eq 2 -and $_ -notlike '*.shared*'
}

$resultSet = @{}
foreach ($moduleFolderPath in $moduleFolderPaths) {

    $parameterFilePaths = (Get-ChildItem -Path (Join-Path $moduleFolderPath '.test') -Filter '*.json' -Recurse).FullName

    $references = [System.Collections.ArrayList]@()

    foreach ($parameterFilePath in $parameterFilePaths) {
        $content = Get-Content $parameterFilePath
        $references += $content | Where-Object {
            $_ -like '*:*' -and ($_ -split ':')[1].Trim() -like '*/subscriptions/*'
        } | ForEach-Object {
                ($_ -split ':')[1].Trim()
        } | ForEach-Object {
                ($_ -replace '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/', '') -replace '"', ''
        } | ForEach-Object {
            if ($_ -like 'Microsoft.*') {
                    ($_ -split '/')[0, 1] -join '/'
            } else {
                $_
            }
        }
    }

    # Special case: Resource Group
    $templatePath = Join-Path $moduleFolderPath 'deploy.bicep'
    $templateContent = Get-Content $templatePath
    if ($templateContent[0] -like '*resourceGroup*' -or $templateContent[0] -notlike '*targetScope*') {
        # Requires Resource Group deployment
        $references += 'Microsoft.Resources/resourceGroups'
    }

    # Special case: RBAC (MSI)
    $rbacFilePath = Join-Path $moduleFolderPath '.bicep' 'nested_roleAssignments.bicep'
    if (Test-Path $rbacFilePath) {
        # Requires Managed Identity deployment for RBAC
        $references += 'Microsoft.ManagedIdentity/userAssignedIdentities'
    }

    $providerNamespace = Split-Path (Split-Path $moduleFolderPath -Parent) -Leaf
    $resourceType = Split-Path $moduleFolderPath -Leaf

    $resultSet["$providerNamespace/$resourceType"] = ($references | Select-Object -Unique | Sort-Object)
}


$dependenciesTableTable = @(
    '| Resource Type | # | RG | MSI | Diag | Dependencies |',
    '| - | - | - | - | - | - |'
)

# With dependencies
foreach ($resourceType in ($resultSet.Keys | Where-Object { $resultSet[$_].Count -gt 0 } | Sort-Object)) {

    # Convert array to arraylist to allow operations
    $references = [System.Collections.ArrayList]@()
    if ($resultSet[$resourceType] -is [array]) {
        $references.AddRange($resultSet[$resourceType])
    } else {
        $null = $references.Add($resultSet[$resourceType])
    }
    $dependenciesCount = $references.Count

    # Filter common patterns
    if ($references -contains 'Microsoft.Resources/resourceGroups') {
        $references.Remove('Microsoft.Resources/resourceGroups')
        $hasRg = $true
    } else {
        $hasRg = $false
    }
    if ($references -contains 'Microsoft.ManagedIdentity/userAssignedIdentities') {
        $references.Remove('Microsoft.ManagedIdentity/userAssignedIdentities')
        $hasMsi = $true
    } else {
        $hasMsi = $false
    }
    if ($references -contains 'microsoft.operationalinsights/workspaces') {
        $references.Remove('microsoft.operationalinsights/workspaces')
        $references.Remove('Microsoft.Storage/storageAccounts')
        $references.Remove('Microsoft.EventHub/namespaces')
        $hasDiag = $true
    } else {
        $hasDiag = $false
    }

    $dependencies = ''
    $references | ForEach-Object {
        $dependencies += "<li>$_</li>"
    }
    $dependenciesTableTable += '| `{0}` | {1} | {2} | {3} | {4} | {5} |' -f ($resourceType -replace 'Microsoft.', ''), $dependenciesCount, ($hasRg ? ':white_check_mark:' : ''), ($hasMsi ? ':white_check_mark:' : ''), ($hasDiag ? ':white_check_mark:' : ''), $dependencies
}

# Without any dependencies
foreach ($resourceType in ($resultSet.Keys | Where-Object { $resultSet[$_].Count -eq 0 } | Sort-Object)) {
    $dependenciesTableTable += '| `{0}` | {1} | | | | |' -f ($resourceType -replace 'Microsoft.', ''), 0
}

return $dependenciesTableTable

dependencyapproachHelper_deployTest.bicep Bicep

targetScope = 'subscription'

// ========== //
// Parameters //
// ========== //
@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'ms.xxx.xxx-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = '...'

// =========== //
// Deployments //
// =========== //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
  name: resourceGroupName
  location: location
}

module resourceGroupResources 'dependencies.bicep' = {
  scope: resourceGroup
  name: '${uniqueString(deployment().name, location)}-paramNested'
  params: {
  }
}

// ============== //
// Test Execution //
// ============== //

module testDeployment '../../deploy.bicep' = {
  scope: resourceGroup
  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
  params: {
    name: '<<namePrefix>>${serviceShort}001'
  }
}