[DRAFT] Updated API versions to latest version available

bicep/aksmetricalerts.bicep

@@ -720,7 +720,7 @@ resource PV_usage_violates_the_configured_threshold_for_clustername_CI_21 'micro
 }
 
 
-resource Daily_law_datacap 'Microsoft.Insights/scheduledQueryRules@2022-08-01-preview' = {
+resource Daily_law_datacap 'Microsoft.Insights/scheduledQueryRules@2023-12-01' = {
   name: 'Daily data cap breached for workspace ${logAnalyticsWorkspaceName} CIQ-1'
   location: logAnalyticsWorkspaceLocation
   properties: {

bicep/aksnetcontrib.bicep

@@ -20,12 +20,12 @@ var existingAksVnetName = !empty(byoAKSSubnetId) ? split(byoAKSSubnetId, '/')[8]
 resource existingvnet 'Microsoft.Network/virtualNetworks@2023-04-01' existing =  {
   name: existingAksVnetName
 }
-resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' existing = {
+resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = {
   parent: existingvnet
   name: existingAksSubnetName
 }
 
-resource existingAksPodSubnet 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' existing = {
+resource existingAksPodSubnet 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = {
   parent: existingvnet
   name: existingAksPodSubnetName
 }

bicep/keyvault.bicep

@@ -27,7 +27,7 @@ var kvIPRules = [for kvIp in keyVaultIPAllowlist: {
   value: kvIp
 }]
 
-resource kv 'Microsoft.KeyVault/vaults@2022-07-01' = {
+resource kv 'Microsoft.KeyVault/vaults@2023-07-01' = {
   name: akvName
   location: location
   properties: {

bicep/keyvaultkey.bicep

@@ -1,10 +1,10 @@
 param keyVaultName string
 
-resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource kv 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 
-resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2022-07-01' = {
+resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2024-04-01-preview' = {
   name: 'kmskey'
   parent: kv
   properties: {

bicep/keyvaultrbac.bicep

@@ -48,7 +48,7 @@ var keyVaultCryptoUserRole = subscriptionResourceId('Microsoft.Authorization/rol
 var keyVaultCryptoOfficerRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603')
 var keyVaultCryptoServiceEncrpytionRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','e147488a-f6f5-4113-8e2d-b22465e65bf6')
 
-resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource kv 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

bicep/main.bicep

@@ -283,7 +283,7 @@ var kmsRbacWaitSeconds=30
 @description('This indicates if the deploying user has provided their PrincipalId in order for the key to be created')
 var keyVaultKmsCreateAndPrereqs = keyVaultKmsCreate && !empty(keyVaultKmsOfficerRolePrincipalId) && privateLinks == false
 
-resource kvKmsByo 'Microsoft.KeyVault/vaults@2022-07-01' existing = if(!empty(keyVaultKmsByoName)) {
+resource kvKmsByo 'Microsoft.KeyVault/vaults@2023-07-01' existing = if(!empty(keyVaultKmsByoName)) {
   name: keyVaultKmsByoName
   scope: resourceGroup(keyVaultKmsByoRG)
 }
@@ -1429,7 +1429,7 @@ module privateDnsZoneRbac './dnsZoneRbac.bicep' = if (enablePrivateCluster && !e
 var policySetBaseline = '/providers/Microsoft.Authorization/policySetDefinitions/a8640138-9b0a-4a28-b8cb-1666c838647d'
 var policySetRestrictive = '/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00'
 
-resource aks_policies 'Microsoft.Authorization/policyAssignments@2022-06-01' = if (!empty(azurepolicy)) {
+resource aks_policies 'Microsoft.Authorization/policyAssignments@2024-04-01' = if (!empty(azurepolicy)) {
   name: '${resourceName}-${azurePolicyInitiative}'
   location: location
   properties: {
@@ -1555,7 +1555,7 @@ resource AksDiags 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' =
   }
 }
 
-resource sysLog 'Microsoft.Insights/dataCollectionRules@2022-06-01' = if (createLaw && omsagent && enableSysLog) {
+resource sysLog 'Microsoft.Authorization/policyAssignments@2023-03-11' = if (createLaw && omsagent && enableSysLog) {
   name: 'MSCI-${location}-${aks.name}'
   location: location
   kind: 'Linux'
@@ -1638,7 +1638,7 @@ resource sysLog 'Microsoft.Insights/dataCollectionRules@2022-06-01' = if (create
   }
 }
 
-resource association 'Microsoft.Insights/dataCollectionRuleAssociations@2022-06-01' = if (createLaw && omsagent && enableSysLog) {
+resource association 'Microsoft.Insights/dataCollectionRuleAssociations@2023-03-11' = if (createLaw && omsagent && enableSysLog) {
   name: '${aks.name}-${aks_law.name}-association'
   scope: aks
   properties: {

bicep/nsg.bicep

@@ -14,7 +14,7 @@ output nsgId string = nsg.id
 
 param ruleInAllowGwManagement bool = false
 param ruleInGwManagementPort string = '443,65200-65535'
-resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowGwManagement) {
+resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowGwManagement) {
   parent: nsg
   name: 'Allow_AppGatewayManagement'
   properties: {
@@ -30,7 +30,7 @@ resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRu
 }
 
 param ruleInAllowAzureLoadBalancer bool = false
-resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if (ruleInAllowAzureLoadBalancer) {
+resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if (ruleInAllowAzureLoadBalancer) {
   parent: nsg
   name: 'Allow_AzureLoadBalancer'
   properties: {
@@ -50,7 +50,7 @@ resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/security
 }
 
 param ruleInDenyInternet bool = false
-resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInDenyInternet) {
+resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInDenyInternet) {
   parent: nsg
   name: 'Deny_AllInboundInternet'
   properties: {
@@ -71,7 +71,7 @@ resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules
 }
 
 param ruleInAllowInternetHttp bool = false
-resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowInternetHttp) {
+resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowInternetHttp) {
   parent: nsg
   name: 'Allow_Internet_Http'
   properties: {
@@ -92,7 +92,7 @@ resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules
 }
 
 param ruleInAllowInternetHttps bool = false
-resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowInternetHttps) {
+resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowInternetHttps) {
   parent: nsg
   name: 'Allow_Internet_Https'
   properties: {
@@ -113,7 +113,7 @@ resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRule
 }
 
 param ruleInAllowBastionHostComms bool = false
-resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowBastionHostComms) {
+resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowBastionHostComms) {
   parent: nsg
   name: 'Allow_Bastion_Host_Communication'
   properties: {
@@ -135,7 +135,7 @@ resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@
 }
 
 param ruleOutAllowBastionComms bool = false
-resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) {
+resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) {
   parent: nsg
   name: 'Allow_SshRdp_Outbound'
   properties: {
@@ -156,7 +156,7 @@ resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securi
   }
 }
 
-resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) {
+resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) {
   parent: nsg
   name: 'Allow_Azure_Cloud_Outbound'
   properties: {
@@ -176,7 +176,7 @@ resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securit
   }
 }
 
-resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) {
+resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) {
   parent: nsg
   name: 'Allow_Bastion_Communication'
   properties: {
@@ -197,7 +197,7 @@ resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/
   }
 }
 
-resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) {
+resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) {
   parent: nsg
   name: 'Allow_Get_Session_Info'
   properties: {
@@ -218,7 +218,7 @@ resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/s
 }
 
 param ruleInDenySsh bool = false
-resource ruleSshIngressDeny 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInDenySsh) {
+resource ruleSshIngressDeny 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInDenySsh) {
   parent: nsg
   name: 'DenySshInbound'
   properties: {