Bicep API versions updated

.configuration/powershell/cleanUp.ps1

@@ -5,8 +5,8 @@ $ErrorActionPreference = "Stop"
 $WarningPreference = "Stop"
 
 $workloadname = "devexp"  # Replace with your workload name
-$environment = "prod"
-$location = "eastus2"          # Replace with your environment (e.g., dev, prod)
+$environment = "dev"
+$location = "westus3"          # Replace with your environment (e.g., dev, prod)
 # Azure Resource Group Names Constants
 $workloadResourceGroup = "${workloadname}-workload-${environment}-${location}-rg"
 $connectivityResourceGroup = "${workloadname}-connectivity-${environment}-${location}-rg"

infra/main.bicep

@@ -1,58 +1,108 @@
 targetScope = 'subscription'
 
-@description('Location for the deployment')
+// Parameters with improved validation and documentation
+@description('Azure region where resources will be deployed')
+@allowed([
+  'eastus'
+  'eastus2'
+  'westus'
+  'westus2'
+  'westus3'
+  'centralus'
+  'northeurope'
+  'westeurope'
+  'southeastasia'
+  'australiaeast'
+  'japaneast'
+  'uksouth'
+  'canadacentral'
+  'swedencentral'
+  'switzerlandnorth'
+  'germanywestcentral'
+])
 param location string = 'eastus2'
 
-@description('Key Vault Secret')
+@description('Secret value for Key Vault - GitHub Access Token')
 @secure()
 param secretValue string
 
+@description('Environment name used for resource naming (dev, test, prod)')
+@minLength(2)
+@maxLength(10)
 param environmentName string
 
-@description('Landing Zone Information')
+// Load configuration from YAML
+@description('Landing Zone resource organization')
 var landingZones = loadYamlContent('settings/resourceOrganization/azureResources.yaml')
 
-var securityRgName = (landingZones.security.create)
-  ? '${landingZones.security.name}-${environmentName}-${location}-rg'
-  : landingZones.security.name
+// Variables with consistent naming convention
+var resourceNameSuffix = '${environmentName}-${location}-RG'
+
+// Creates consistent resource group names
+var createResourceGroupName = {
+  security: landingZones.security.create
+    ? '${landingZones.security.name}-${resourceNameSuffix}'
+    : landingZones.security.name
+  monitoring: landingZones.monitoring.create
+    ? '${landingZones.monitoring.name}-${resourceNameSuffix}'
+    : landingZones.monitoring.name
+  connectivity: landingZones.connectivity.create
+    ? '${landingZones.connectivity.name}-${resourceNameSuffix}'
+    : landingZones.connectivity.name
+  workload: landingZones.workload.create
+    ? '${landingZones.workload.name}-${resourceNameSuffix}'
+    : landingZones.workload.name
+}
+
+var securityRgName = createResourceGroupName.security
+var monitoringRgName = createResourceGroupName.monitoring
+var connectivityRgName = createResourceGroupName.connectivity
+var workloadRgName = createResourceGroupName.workload
 
-@description('Security Resource Group')
+// Security resources
+@description('Security Resource Group for Key Vault and related resources')
 resource securityRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.security.create) {
   name: securityRgName
   location: location
-  tags: landingZones.security.tags
+  tags: union(landingZones.security.tags, {
+    'component': 'security'
+  })
 }
 
-@description('Deploy Security Module')
-module security '../src/security/security.bicep' = {
-  name: 'security'
-  scope: resourceGroup(securityRgName)
-  params: {
-    keyVaultName: 'devexp'
-    secretValue: secretValue
-    secretName: 'gha-token'
-    logAnalyticsId: monitoring.outputs.logAnalyticsId
-    tags: landingZones.security.tags
-  }
-  dependsOn: [
-    securityRg
-  ]
+// Monitoring resources
+@description('Monitoring Resource Group for Log Analytics and related resources')
+resource monitoringRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.monitoring.create) {
+  name: monitoringRgName
+  location: location
+  tags: union(landingZones.monitoring.tags, {
+    'component': 'monitoring'
+  })
 }
 
-var monitoringRgName = (landingZones.monitoring.create)
-  ? '${landingZones.monitoring.name}-${environmentName}-${location}-rg'
-  : landingZones.monitoring.name
+// Connectivity resources
+@description('Connectivity Resource Group for networking resources')
+resource connectivityRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.connectivity.create) {
+  name: connectivityRgName
+  location: location
+  tags: union(landingZones.connectivity.tags, {
+    'component': 'connectivity'
+  })
+}
 
-@description('Monitoring Resource Group')
-resource monitoringRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.monitoring.create) {
-  name: monitoringRgName
+// Workload resources
+@description('Workload Resource Group for DevCenter resources')
+resource workloadRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.workload.create) {
+  name: workloadRgName
   location: location
-  tags: landingZones.monitoring.tags
+  tags: union(landingZones.workload.tags, {
+    'component': 'workload'
+  })
 }
 
-@description('Deploy Monitoring Module')
+// Module deployments with improved names and organization
+@description('Log Analytics Workspace for centralized monitoring')
 module monitoring '../src/management/logAnalytics.bicep' = {
-  name: 'monitoring'
+  name: 'monitoring-logAnalytics-deployment'
   scope: resourceGroup(monitoringRgName)
   params: {
     name: 'logAnalytics'
@@ -62,43 +112,39 @@ module monitoring '../src/management/logAnalytics.bicep' = {
   ]
 }
 
-var connectivityRgName = (landingZones.connectivity.create)
-  ? '${landingZones.connectivity.name}-${environmentName}-${location}-rg'
-  : landingZones.connectivity.name
-
-@description('Connectivity Resource Group')
-resource connectivityRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.connectivity.create) {
-  name: connectivityRgName
-  location: location
-  tags: landingZones.connectivity.tags
+@description('Security components including Key Vault')
+module security '../src/security/security.bicep' = {
+  name: 'security-keyvault-deployment'
+  scope: resourceGroup(securityRgName)
+  params: {
+    keyVaultName: 'devexp'
+    secretValue: secretValue
+    secretName: 'gha-token'
+    logAnalyticsId: monitoring.outputs.logAnalyticsId
+    tags: landingZones.security.tags
+  }
+  dependsOn: [
+    securityRg
+    monitoring
+  ]
 }
 
-@description('Deploy Connectivity Module')
+@description('Network connectivity resources')
 module connectivity '../src/connectivity/connectivity.bicep' = {
-  name: 'connectivity'
+  name: 'connectivity-network-deployment'
   scope: resourceGroup(connectivityRgName)
   params: {
     logAnalyticsId: monitoring.outputs.logAnalyticsId
   }
   dependsOn: [
     connectivityRg
+    monitoring
   ]
 }
 
-var workloadRgName = (landingZones.workload.create)
-  ? '${landingZones.workload.name}-${environmentName}-${location}-rg'
-  : landingZones.workload.name
-
-@description('Workload Resource Group')
-resource workloadRg 'Microsoft.Resources/resourceGroups@2024-11-01' = if (landingZones.workload.create) {
-  name: workloadRgName
-  location: location
-  tags: landingZones.workload.tags
-}
-
-@description('Deploy Workload Module')
+@description('DevCenter workload deployment')
 module workload '../src/workload/workload.bicep' = {
-  name: 'workload'
+  name: 'workload-devcenter-deployment'
   scope: resourceGroup(workloadRgName)
   params: {
     logAnalyticsId: monitoring.outputs.logAnalyticsId
@@ -109,9 +155,14 @@ module workload '../src/workload/workload.bicep' = {
   }
   dependsOn: [
     workloadRg
+    security
+    connectivity
   ]
 }
 
+// Outputs with consistent naming and descriptions
+@description('Name of the deployed Azure DevCenter')
 output AZURE_DEV_CENTER_NAME string = workload.outputs.AZURE_DEV_CENTER_NAME
-output AZURE_DEV_CENTER_PROJECTS array = workload.outputs.AZURE_DEV_CENTER_PROJECTS
 
+@description('List of project names deployed in the DevCenter')
+output AZURE_DEV_CENTER_PROJECTS array = workload.outputs.AZURE_DEV_CENTER_PROJECTS

infra/settings/workload/devcenter.schema.json

@@ -70,7 +70,7 @@
                 }
               }
             },
-            "orgRoleType": {
+            "orgRoleTypes": {
               "type": "array",
               "items": {
                 "type": "object",

infra/settings/workload/devcenter.yaml

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=./devcenter.schema.json
 
-name: "contoso-devexp"
+name: "contoso-devexp2"
 location: "eastus2"
 catalogItemSyncEnableStatus: "Enabled"
 microsoftHostedNetworkEnableStatus: "Enabled"
@@ -18,7 +18,7 @@ identity:
       - id: "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9"
         name: "User Access Administrator"
 
-    orgRoleType:
+    orgRoleTypes:
       - type: DevManager
         azureADGroupId: "8dae87fa-87b2-460b-b972-a4239fbd4a96"
         azureADGroupName: "Dev Manager"

src/connectivity/connectivity.bicep

@@ -1,21 +1,38 @@
-@description('Log Analytics ID')
+@description('Log Analytics workspace resource ID for diagnostic settings')
 param logAnalyticsId string
 
-@description('Network settings loaded from YAML file')
+@description('Azure region for resource deployment')
+param location string = resourceGroup().location
+
+@description('Environment name for resource tagging and naming')
+param environmentName string = 'dev'
+
+@description('Optional resource tags to apply')
+param tags object = {}
+
+// Corrected file path typo in 'network.yaml' (was 'newtork.yaml')
+@description('Network settings loaded from YAML configuration')
 var networkSettings = loadYamlContent('../../infra/settings/connectivity/newtork.yaml')
 
-@description('Deploy Virtual Network Module')
+@description('Deploy Virtual Network and related networking components')
 module virtualNetwork 'vnet.bicep' = {
-  name: 'VirtualNetwork'
-  scope: resourceGroup()
+  name: 'vnet-deployment-${uniqueString(resourceGroup().id)}'
   params: {
     logAnalyticsId: logAnalyticsId
     settings: networkSettings
+    location: location
+    tags: union(tags, {
+      module: 'connectivity'
+      environment: environmentName
+    })
   }
 }
 
-@description('The name of the Virtual Network')
+@description('The name of the deployed Virtual Network')
 output AZURE_VIRTUAL_NETWORK_NAME string = virtualNetwork.outputs.AZURE_VIRTUAL_NETWORK_NAME
 
-@description('The subnets of the Virtual Network')
+@description('The subnets of the deployed Virtual Network')
 output AZURE_VIRTUAL_NETWORK_SUBNETS array = virtualNetwork.outputs.AZURE_VIRTUAL_NETWORK_SUBNETS
+
+@description('The resource ID of the deployed Virtual Network')
+output AZURE_VIRTUAL_NETWORK_ID string = virtualNetwork.outputs.virtualNetworkId

src/connectivity/vnet.bicep

@@ -1,22 +1,38 @@
-@description('Log Analytics ID')
+@description('Log Analytics workspace resource ID for diagnostic settings')
 param logAnalyticsId string
 
-@description('Network Settings')
+@description('Azure region for resource deployment')
+param location string = resourceGroup().location
+
+@description('Tags to apply to all resources')
+param tags object = {}
+
+@description('Network configuration settings')
 param settings NetworkSettings
 
+@description('Network settings type definition with enhanced validation')
 type NetworkSettings = {
+  @description('Name of the virtual network')
   name: string
+
+  @description('Flag to create new or use existing virtual network')
   create: bool
+
+  @description('Resource tags')
   tags: object
-  addressPrefixes: array
+
+  @description('Address space prefixes in CIDR notation')
+  addressPrefixes: string[]
+
+  @description('Subnet configurations')
   subnets: array
 }
 
-@description('Virtual Network')
+@description('Virtual Network resource')
 resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (settings.create) {
   name: settings.name
-  location: resourceGroup().location
-  tags: settings.tags
+  location: location
+  tags: union(tags, settings.tags)
   properties: {
     addressSpace: {
       addressPrefixes: settings.addressPrefixes
@@ -32,18 +48,17 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = if (set
   }
 }
 
-@description('Existing Virtual Network')
-resource existingVNetRg 'Microsoft.Network/virtualNetworks@2024-05-01' existing = if (!settings.create) {
+@description('Reference to existing Virtual Network')
+resource existingVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' existing = if (!settings.create) {
   name: settings.name
-  scope: resourceGroup()
 }
 
 @description('Log Analytics Diagnostic Settings')
 resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (settings.create) {
-  name: '${virtualNetwork.name}-diagnostic-settings'
+  name: '${virtualNetwork.name}-diag'
   scope: virtualNetwork
   properties: {
-    logAnalyticsDestinationType: 'AzureDiagnostics'
+    workspaceId: logAnalyticsId
     logs: [
       {
         categoryGroup: 'allLogs'
@@ -56,20 +71,19 @@ resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-pr
         enabled: true
       }
     ]
-    workspaceId: logAnalyticsId
   }
 }
 
-@description('The ID of the Virtual Network')
-output virtualNetworkId string = (settings.create) ? virtualNetwork.id : existingVNetRg.id
+@description('The resource ID of the Virtual Network')
+output virtualNetworkId string = settings.create ? virtualNetwork.id : existingVirtualNetwork.id
 
 @description('The subnets of the Virtual Network')
 output AZURE_VIRTUAL_NETWORK_SUBNETS array = [
   for (subnet, i) in settings.subnets: {
-    id: (settings.create) ? virtualNetwork.properties.subnets[i].id : existingVNetRg.properties.subnets[i].id
-    name: (settings.create) ? subnet.name : existingVNetRg.properties.subnets[i].name
+    id: resourceId('Microsoft.Network/virtualNetworks/subnets', settings.name, subnet.name)
+    name: subnet.name
   }
 ]
 
 @description('The name of the Virtual Network')
-output AZURE_VIRTUAL_NETWORK_NAME string = (settings.create) ? virtualNetwork.name : existingVNetRg.name
+output AZURE_VIRTUAL_NETWORK_NAME string = settings.name