fix diagnotics changes (#180)

* fix diag settings for azFW

* fix: diagnostics settings

Author: thotheod

scenarios/secure-baseline-multitenant/azure-resource-manager/main.json

@@ -24,27 +24,27 @@
         // Feature Flags
         // set to true if you want to intercept all outbound traffic with azure firewall
         "enableEgressLockdown" : {
-            "value": "true"
+            "value": true
         },
         // set to true if you want to a redis cache
         "deployRedis": {
-            "value": "false"
+            "value": true
         },
         // set to true if you want to deploy a azure SQL server and default database
         "deployAzureSql": {
-            "value": "true"
+            "value": true
         },
         // set to true if you want to deploy application configuration
         "deployAppConfig": {
-            "value": "true"
+            "value": true
         },
         // set to true if you want to deploy a jumpbox/devops VM
         "deployJumpHost": {
-            "value": "true"
+            "value": true
         },
         // set to true if you want to auto approve the Private Endpoint of the AFD Premium
         "autoApproveAfdPrivateEndpoint": {
-            "value": "true"
+            "value": true
         },
         // CIDR of the subnet that will host the azure Firewall
         "subnetHubFirewallAddressSpace": {

scenarios/secure-baseline-multitenant/azure-resource-manager/main.parameters.jsonc

@@ -3,7 +3,7 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "workloadName" : {
-           "value": "appsvclza2"         
+           "value": "appsvclza1"         
         },
         "environmentName": {
             "value": "${AZURE_ENV_NAME}"
@@ -24,13 +24,13 @@
             "value": false
         },
         "deployAzureSql": {
-            "value": true
+            "value": false
         },
         "deployAppConfig": {
             "value": false
         },
         "deployJumpHost": {
-            "value": true
+            "value": false
         },
         "autoApproveAfdPrivateEndpoint": {
             "value": true

scenarios/secure-baseline-multitenant/bicep/main.parameters.json

@@ -32,7 +32,7 @@
         },
         // set to true if you want to deploy a azure SQL server and default database
         "deployAzureSql": {
-            "value": "true"
+            "value": true
         },
         // set to true if you want to deploy application configuration
         "deployAppConfig": {

scenarios/secure-baseline-multitenant/bicep/main.parameters.jsonc

@@ -49,11 +49,6 @@ param targetWorkerSize int = 0
 @description('Optional. The name of the diagnostic setting, if deployed.')
 param diagnosticSettingsName string = '${name}-diagnosticSettings'
 
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
-
 @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
 param diagnosticWorkspaceId string = ''
 
@@ -80,10 +75,6 @@ var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 // https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/patterns-configuration-set#example

scenarios/shared/bicep/app-services/app-service-plan.bicep

@@ -74,10 +74,6 @@ param slots array = []
 param tags object = {}
 
 // Diagnostic Settings
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
 
 @description('Optional. Resource ID of log analytics workspace.')
 param diagnosticWorkspaceId string = ''
@@ -151,31 +147,19 @@ param redundancyMode string = 'None'
 var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
   category: category
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
   {
     categoryGroup: 'allLogs'
     enabled: true
-    retentionPolicy: {
-      enabled: true
-      days: diagnosticLogsRetentionInDays
-    }
   }
 ] : diagnosticsLogsSpecified
 
 var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
@@ -315,7 +299,6 @@ module app_slots 'web-app.slots.bicep' = [for (slot, index) in slots: {
     storageAccountId: contains(slot, 'storageAccountId') ? slot.storageAccountId : storageAccountId
     appInsightId: contains(slot, 'appInsightId') ? slot.appInsightId : appInsightId
     setAzureWebJobsDashboard: contains(slot, 'setAzureWebJobsDashboard') ? slot.setAzureWebJobsDashboard : setAzureWebJobsDashboard
-    diagnosticLogsRetentionInDays: contains(slot, 'diagnosticLogsRetentionInDays') ? slot.diagnosticLogsRetentionInDays : diagnosticLogsRetentionInDays
     diagnosticWorkspaceId: diagnosticWorkspaceId
     diagnosticLogCategoriesToEnable: contains(slot, 'diagnosticLogCategoriesToEnable') ? slot.diagnosticLogCategoriesToEnable : diagnosticLogCategoriesToEnable
     diagnosticMetricsToEnable: contains(slot, 'diagnosticMetricsToEnable') ? slot.diagnosticMetricsToEnable : diagnosticMetricsToEnable

scenarios/shared/bicep/app-services/web-app.bicep

@@ -71,11 +71,6 @@ param appSettingsKeyValuePairs object = {}
 param tags object = {}
 
 // Diagnostic Settings
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
-
 @description('Optional. Resource ID of log analytics workspace.')
 param diagnosticWorkspaceId string = ''
 
@@ -160,20 +155,12 @@ param vnetRouteAllEnabled bool = false
 var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: {
   category: category
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')

scenarios/shared/bicep/app-services/web-app.slots.bicep

@@ -62,11 +62,6 @@ param subnetId string = ''
 @description('Optional. The name of the diagnostic setting, if deployed.')
 param diagnosticSettingsName string = '${name}-diagnosticSettings'
 
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
-
 @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
 param diagnosticWorkspaceId string = ''
 
@@ -93,31 +88,19 @@ param hasPrivateLink bool = false
 var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
   category: category
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
   {
     categoryGroup: 'allLogs'
     enabled: true
-    retentionPolicy: {
-      enabled: true
-      days: diagnosticLogsRetentionInDays
-    }
   }
 ] : diagnosticsLogsSpecified
 
 var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 // var identityType = systemAssignedIdentity ? 'SystemAssigned' : !empty(userAssignedIdentities) ? 'UserAssigned' : 'None'

scenarios/shared/bicep/databases/redis.bicep

@@ -52,11 +52,6 @@ param diagnosticStorageAccountId string = ''
 @description('Optional. Log Analytics workspace resource identifier.')
 param diagnosticWorkspaceId string = ''
 
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
-
 @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
 param diagnosticEventHubAuthorizationRuleId string = ''
 
@@ -96,31 +91,19 @@ var azureSkuName = 'AZFW_VNet'
 var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
   category: category
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
   {
     categoryGroup: 'allLogs'
     enabled: true
-    retentionPolicy: {
-      enabled: true
-      days: diagnosticLogsRetentionInDays
-    }
   }
 ] : diagnosticsLogsSpecified
 
 var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var ipConfigurations = [{

scenarios/shared/bicep/network/firewall.bicep

@@ -61,11 +61,6 @@ param wafPolicyMode string = 'Prevention'
 @description('if no diagnostic serttings are required, provide an empty string. Resource ID of log analytics workspace.')
 param diagnosticWorkspaceId string
 
-@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
-@minValue(0)
-@maxValue(365)
-param diagnosticLogsRetentionInDays int = 365
-
 // Create an Array of all Endpoint which includes customDomain Id and afdEndpoint Id
 // This array is needed to be attached to Microsoft.Cdn/profiles/securitypolicies
 // var customDomainIds = [for (domain, index) in customDomains: {id: custom_domains[index].id}]
@@ -140,31 +135,19 @@ param diagnosticMetricsToEnable array = [
 var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
   category: category
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
   {
     categoryGroup: 'allLogs'
     enabled: true
-    retentionPolicy: {
-      enabled: true
-      days: diagnosticLogsRetentionInDays
-    }
   }
 ] : diagnosticsLogsSpecified
 
 var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
   category: metric
   timeGrain: null
   enabled: true
-  retentionPolicy: {
-    enabled: true
-    days: diagnosticLogsRetentionInDays
-  }
 }]
 
 @description('Optional. The name of the diagnostic setting, if deployed.')