Azure
diff --git a/‎avm/res/document-db/mongo-cluster/README.md
Lines changed: 261 additions & 53 deletions b/‎avm/res/document-db/mongo-cluster/README.md
Lines changed: 261 additions & 53 deletions
diff --git a/‎avm/res/document-db/mongo-cluster/firewall-rule/README.md
Lines changed: 10 additions & 10 deletions b/‎avm/res/document-db/mongo-cluster/firewall-rule/README.md
Lines changed: 10 additions & 10 deletions
diff --git a/‎avm/res/document-db/mongo-cluster/firewall-rule/main.bicep
Lines changed: 8 additions & 8 deletions b/‎avm/res/document-db/mongo-cluster/firewall-rule/main.bicep
Lines changed: 8 additions & 8 deletions
diff --git a/‎avm/res/document-db/mongo-cluster/firewall-rule/main.json
Lines changed: 9 additions & 9 deletions b/‎avm/res/document-db/mongo-cluster/firewall-rule/main.json
Lines changed: 9 additions & 9 deletions
diff --git a/‎avm/res/document-db/mongo-cluster/main.bicep
Lines changed: 71 additions & 22 deletions b/‎avm/res/document-db/mongo-cluster/main.bicep
Lines changed: 71 additions & 22 deletions
@@ -1,6 +1,6 @@
-# Azure Cosmos DB MongoDB vCore Cluster Config FireWall Rules `[Microsoft.DocumentDB/mongoClusters/firewallRules]`
+# Azure Cosmos DB for MongoDB (vCore) cluster Config FireWall Rules `[Microsoft.DocumentDB/mongoClusters/firewallRules]`
 
-This module config firewall rules for the Azure Cosmos DB MongoDB vCore cluster.
+This module config firewall rules for the Azure Cosmos DB for MongoDB (vCore) cluster.
 
 ## Navigation
 
@@ -12,27 +12,27 @@ This module config firewall rules for the Azure Cosmos DB MongoDB vCore cluster.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.DocumentDB/mongoClusters/firewallRules` | [2024-02-15-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2024-02-15-preview/mongoClusters/firewallRules) |
+| `Microsoft.DocumentDB/mongoClusters/firewallRules` | [2024-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2024-10-01-preview/mongoClusters/firewallRules) |
 
 ## Parameters
 
 **Required parameters**
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format. |
+| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format. |
 | [`name`](#parameter-name) | string | The name of the firewall rule. Must match the pattern `^[a-zA-Z0-9][-_a-zA-Z0-9]*`. |
-| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format. |
+| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format. |
 
 **Conditional parameters**
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`mongoClusterName`](#parameter-mongoclustername) | string | The name of the parent Azure Cosmos DB MongoDB vCore cluster. Required if the template is used in a standalone deployment. |
+| [`mongoClusterName`](#parameter-mongoclustername) | string | The name of the parent Azure Cosmos DB for MongoDB (vCore) cluster. Required if the template is used in a standalone deployment. |
 
 ### Parameter: `endIpAddress`
 
-The end IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format.
+The end IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format.
 
 - Required: Yes
 - Type: string
@@ -46,14 +46,14 @@ The name of the firewall rule. Must match the pattern `^[a-zA-Z0-9][-_a-zA-Z0-9]
 
 ### Parameter: `startIpAddress`
 
-The start IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format.
+The start IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format.
 
 - Required: Yes
 - Type: string
 
 ### Parameter: `mongoClusterName`
 
-The name of the parent Azure Cosmos DB MongoDB vCore cluster. Required if the template is used in a standalone deployment.
+The name of the parent Azure Cosmos DB for MongoDB (vCore) cluster. Required if the template is used in a standalone deployment.
 
 - Required: Yes
 - Type: string
@@ -63,5 +63,5 @@ The name of the parent Azure Cosmos DB MongoDB vCore cluster. Required if the te
 | Output | Type | Description |
 | :-- | :-- | :-- |
 | `name` | string | The name of the firewall rule. |
-| `resourceGroupName` | string | The name of the resource group the Azure Cosmos DB MongoDB vCore cluster was created in. |
+| `resourceGroupName` | string | The name of the resource group the Azure Cosmos DB for MongoDB (vCore) cluster was created in. |
 | `resourceId` | string | The resource ID of the firewall rule. |
@@ -1,23 +1,23 @@
-metadata name = 'Azure Cosmos DB MongoDB vCore Cluster Config FireWall Rules'
-metadata description = 'This module config firewall rules for the Azure Cosmos DB MongoDB vCore cluster.'
+metadata name = 'Azure Cosmos DB for MongoDB (vCore) cluster Config FireWall Rules'
+metadata description = 'This module config firewall rules for the Azure Cosmos DB for MongoDB (vCore) cluster.'
 
-@description('Conditional. The name of the parent Azure Cosmos DB MongoDB vCore cluster. Required if the template is used in a standalone deployment.')
+@description('Conditional. The name of the parent Azure Cosmos DB for MongoDB (vCore) cluster. Required if the template is used in a standalone deployment.')
 param mongoClusterName string
 
 @description('Required. The name of the firewall rule. Must match the pattern `^[a-zA-Z0-9][-_a-zA-Z0-9]*`.')
 param name string
 
-@description('Required. The start IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format.')
+@description('Required. The start IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format.')
 param startIpAddress string
 
-@description('Required. The end IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format.')
+@description('Required. The end IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format.')
 param endIpAddress string
 
-resource mongoCluster 'Microsoft.DocumentDB/mongoClusters@2024-02-15-preview' existing = {
+resource mongoCluster 'Microsoft.DocumentDB/mongoClusters@2024-10-01-preview' existing = {
   name: mongoClusterName
 }
 
-resource firewallRule 'Microsoft.DocumentDB/mongoClusters/firewallRules@2024-02-15-preview' = {
+resource firewallRule 'Microsoft.DocumentDB/mongoClusters/firewallRules@2024-10-01-preview' = {
   name: !contains(name, '.') // Custom validation as documented regex is incorrect and does fail with an 'InternalServerError'
     ? name
     : fail('The firewall rule name must match the pattern `^[a-zA-Z0-9][-_a-zA-Z0-9]*`. A `.` is **not** allowed.')
@@ -28,7 +28,7 @@ resource firewallRule 'Microsoft.DocumentDB/mongoClusters/firewallRules@2024-02-
   }
 }
 
-@description('The name of the resource group the Azure Cosmos DB MongoDB vCore cluster was created in.')
+@description('The name of the resource group the Azure Cosmos DB for MongoDB (vCore) cluster was created in.')
 output resourceGroupName string = resourceGroup().name
 
 @description('The name of the firewall rule.')
 
@@ -4,17 +4,17 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.34.44.8038",
-      "templateHash": "4427483613542642631"
+      "version": "0.35.1.17967",
+      "templateHash": "16764717011313154043"
     },
-    "name": "Azure Cosmos DB MongoDB vCore Cluster Config FireWall Rules",
-    "description": "This module config firewall rules for the Azure Cosmos DB MongoDB vCore cluster."
+    "name": "Azure Cosmos DB for MongoDB (vCore) cluster Config FireWall Rules",
+    "description": "This module config firewall rules for the Azure Cosmos DB for MongoDB (vCore) cluster."
   },
   "parameters": {
     "mongoClusterName": {
       "type": "string",
       "metadata": {
-        "description": "Conditional. The name of the parent Azure Cosmos DB MongoDB vCore cluster. Required if the template is used in a standalone deployment."
+        "description": "Conditional. The name of the parent Azure Cosmos DB for MongoDB (vCore) cluster. Required if the template is used in a standalone deployment."
       }
     },
     "name": {
@@ -26,20 +26,20 @@
     "startIpAddress": {
       "type": "string",
       "metadata": {
-        "description": "Required. The start IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format."
+        "description": "Required. The start IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format."
       }
     },
     "endIpAddress": {
       "type": "string",
       "metadata": {
-        "description": "Required. The end IP address of the Azure Cosmos DB MongoDB vCore cluster firewall rule. Must be IPv4 format."
+        "description": "Required. The end IP address of the Azure Cosmos DB for MongoDB (vCore) cluster firewall rule. Must be IPv4 format."
       }
     }
   },
   "resources": [
     {
       "type": "Microsoft.DocumentDB/mongoClusters/firewallRules",
-      "apiVersion": "2024-02-15-preview",
+      "apiVersion": "2024-10-01-preview",
       "name": "[format('{0}/{1}', parameters('mongoClusterName'), if(not(contains(parameters('name'), '.')), parameters('name'), fail('The firewall rule name must match the pattern `^[a-zA-Z0-9][-_a-zA-Z0-9]*`. A `.` is **not** allowed.')))]",
       "properties": {
         "startIpAddress": "[parameters('startIpAddress')]",
@@ -51,7 +51,7 @@
     "resourceGroupName": {
       "type": "string",
       "metadata": {
-        "description": "The name of the resource group the Azure Cosmos DB MongoDB vCore cluster was created in."
+        "description": "The name of the resource group the Azure Cosmos DB for MongoDB (vCore) cluster was created in."
       },
       "value": "[resourceGroup().name]"
     },
 
@@ -1,9 +1,9 @@
-metadata name = 'Azure Cosmos DB MongoDB vCore cluster'
-metadata description = '''This module deploys a Azure Cosmos DB MongoDB vCore cluster.
+metadata name = 'Azure Cosmos DB for MongoDB (vCore) cluster'
+metadata description = '''This module deploys a Azure Cosmos DB for MongoDB (vCore) cluster.
 
 **Note:** This module is not intended for broad, generic use, as it was designed to cater for the requirements of the AZD CLI product. Feature requests and bug fix requests are welcome if they support the development of the AZD CLI but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case.'''
 
-@description('Required. Name of the Azure Cosmos DB MongoDB vCore cluster.')
+@description('Required. Name of the Azure Cosmos DB for MongoDB (vCore) cluster.')
 param name string
 
 @description('Optional. Default to current resource group scope location. Location for all resources.')
@@ -21,7 +21,7 @@ param administratorLogin string
 @maxLength(128)
 param administratorLoginPassword string
 
-@description('Optional. Mode to create the azure cosmos db mongodb vCore cluster.')
+@description('Optional. Mode to create the Azure Cosmos DB for MongoDB (vCore) cluster.')
 param createMode string = 'Default'
 
 import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
@@ -32,7 +32,12 @@ param diagnosticSettings diagnosticSettingFullType[]?
 param enableTelemetry bool = true
 
 @description('Optional. Whether high availability is enabled on the node group.')
-param highAvailabilityMode bool = false
+@allowed([
+  'Disabled'
+  'SameZone'
+  'ZoneRedundantPreferred'
+])
+param highAvailabilityMode string = 'ZoneRedundantPreferred'
 
 import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
 @description('Optional. The lock settings of the service.')
@@ -44,9 +49,6 @@ param networkAcls networkAclsType?
 @description('Required. Number of nodes in the node group.')
 param nodeCount int
 
-@description('Optional. Deployed Node type in the node group.')
-param nodeType string = 'Shard'
-
 import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
 @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints privateEndpointSingleServiceType[]?
@@ -64,6 +66,12 @@ param sku string
 @description('Required. Disk storage size for the node group in GB.')
 param storage int
 
+@description('Optional. The type of the secrets export configuration.')
+param enableMicrosoftEntraAuth bool = false
+
+@description('Optional. The Microsoft Entra ID authentication identity assignments to be created for the cluster.')
+param entraAuthIdentities authIdentityType[]?
+
 var enableReferencedModulesTelemetry = false
 
 var builtInRoleNames = {
@@ -136,23 +144,40 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT
   }
 }
 
-resource mongoCluster 'Microsoft.DocumentDB/mongoClusters@2024-02-15-preview' = {
+resource mongoCluster 'Microsoft.DocumentDB/mongoClusters@2025-04-01-preview' = {
   name: name
   tags: tags
   location: location
   properties: {
-    administratorLogin: administratorLogin
-    administratorLoginPassword: administratorLoginPassword
+    administrator: {
+      userName: administratorLogin
+      password: administratorLoginPassword
+    }
     createMode: createMode
-    nodeGroupSpecs: [
-      {
-        diskSizeGB: storage
-        enableHa: highAvailabilityMode
-        kind: nodeType
-        nodeCount: nodeCount
-        sku: sku
-      }
-    ]
+    compute: {
+      tier: sku
+    }
+    sharding: {
+      shardCount: nodeCount
+    }
+    storage: {
+      sizeGb: storage
+    }
+    highAvailability: {
+      targetMode: highAvailabilityMode
+    }
+    authConfig: {
+      allowedModes: union(
+        [
+          'NativeAuth'
+        ],
+        enableMicrosoftEntraAuth
+          ? [
+              'MicrosoftEntraID'
+            ]
+          : []
+      )
+    }
   }
 }
 
@@ -213,6 +238,20 @@ module mongoCluster_configFireWallRules 'firewall-rule/main.bicep' = [
   }
 ]
 
+module mongoCluster_users 'user/main.bicep' = [
+  for (targetIdentity, index) in (entraAuthIdentities ?? []): {
+    name: '${uniqueString(deployment().name, location)}-user-${index}'
+    params: {
+      mongoClusterName: mongoCluster.name
+      location: location
+      targetIdentity: {
+        principalId: targetIdentity.principalId
+        principalType: targetIdentity.principalType ?? 'ServicePrincipal'
+      }
+    }
+  }
+]
+
 module secretsExport 'modules/keyVaultExport.bicep' = if (secretsExportConfiguration != null) {
   name: '${uniqueString(deployment().name, location)}-secrets-kv'
   scope: resourceGroup(
@@ -290,10 +329,10 @@ module mongoCluster_privateEndpoints 'br/public:avm/res/network/private-endpoint
   }
 ]
 
-@description('The name of the Azure Cosmos DB MongoDB vCore cluster.')
+@description('The name of the Azure Cosmos DB for MongoDB (vCore) cluster.')
 output name string = mongoCluster.name
 
-@description('The resource ID of the Azure Cosmos DB MongoDB vCore cluster.')
+@description('The resource ID of the Azure Cosmos DB for MongoDB (vCore) cluster.')
 output mongoClusterResourceId string = mongoCluster.id
 
 @description('The resource ID of the resource group the firewall rule was created in.')
@@ -408,3 +447,13 @@ type secretsOutputType = {
   @description('An exported secret\'s references.')
   *: secretSetType
 }
+
+@export()
+@description('The type for identities that can be used for Microsoft Entra ID authentication.')
+type authIdentityType = {
+  @description('Required. The principal (object) ID of the identity to create as a user on the cluster.')
+  principalId: string
+
+  @description('Optional. The type of principal to be used for the identity provider. Defaults to "ServicePrincipal".')
+  principalType: 'ServicePrincipal' | 'User'?
+}