azd 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +21 -0
  3. data/README.md +2 -0
  4. data/lib/generators/azd/install_generator.rb +14 -0
  5. data/lib/generators/templates/azure.yaml.tt +22 -0
  6. data/lib/generators/templates/infra/abbreviations.json +136 -0
  7. data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
  8. data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
  9. data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
  10. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
  11. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
  12. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
  13. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
  14. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
  15. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
  16. data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
  17. data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
  18. data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
  19. data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
  20. data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
  21. data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
  22. data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
  23. data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
  24. data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
  25. data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
  26. data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
  27. data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
  28. data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
  29. data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
  30. data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
  31. data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
  32. data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
  33. data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
  34. data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
  35. data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
  36. data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
  37. data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
  38. data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
  39. data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
  40. data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
  41. data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
  42. data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
  43. data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
  44. data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
  45. data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
  46. data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
  47. data/lib/generators/templates/infra/core/security/role.bicep +21 -0
  48. data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
  49. data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
  50. data/lib/generators/templates/infra/identity.bicep +20 -0
  51. data/lib/generators/templates/infra/main.bicep +243 -0
  52. data/lib/generators/templates/infra/main.parameters.json +25 -0
  53. data/lib/generators/templates/infra/rails.bicep +95 -0
  54. metadata +115 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a36bfca44f51ed3f8287ac7f8dd4e5184eaf51fcbfbe8d9b56b3111cdc03f668
4
+ data.tar.gz: fb85b56dbc25b399d0538afb032aed5d77b1a43f4813d6dbc1ebb404545fbad6
5
+ SHA512:
6
+ metadata.gz: a2221d6cc7e6c0140c2581a598badf305ae2b8305e3b5a3e8d3d3ef5725c266f68d82414e882023cfff62a00e5a7bd57a5e213c6877a937b28d8bae3f818a3d1
7
+ data.tar.gz: 46005d1f8810c5538384b6bb89d7edfd02f9a9bce97b6ca05d6dcd4acef9f26e176fc70bcd39d71428b076c1fc836c72688cceff93fb78fd81a28f4f1b5a43e8
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2024 Dominique Broeglin
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,2 @@
1
+ # azure-dev-gem
2
+ Azure Developer CLI generators gem
@@ -0,0 +1,14 @@
1
+ module Azd
2
+ module Generators
3
+ class InstallGenerator < Rails::Generators::Base
4
+ source_root File.expand_path("../templates", __dir__)
5
+
6
+ desc "Install Azure Developer CLI files"
7
+
8
+ def copy_install
9
+ template "azure.yaml"
10
+ directory "infra"
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,22 @@
1
+ name: <%= Rails.application.class.module_parent_name.downcase %>
2
+ services:
3
+ azure-rails-starter:
4
+ language: js
5
+ project: ./
6
+ host: containerapp
7
+ docker:
8
+ path: ./Dockerfile
9
+ ports:
10
+ - 80:3000
11
+ hooks:
12
+ postprovision:
13
+ windows:
14
+ shell: pwsh
15
+ run: $output = azd env get-values; Add-Content -Path .env -Value $output;
16
+ interactive: true
17
+ continueOnError: false
18
+ posix:
19
+ shell: sh
20
+ run: azd env get-values > .env
21
+ interactive: true
22
+ continueOnError: false
@@ -0,0 +1,136 @@
1
+ {
2
+ "analysisServicesServers": "as",
3
+ "apiManagementService": "apim-",
4
+ "appConfigurationStores": "appcs-",
5
+ "appManagedEnvironments": "cae-",
6
+ "appContainerApps": "ca-",
7
+ "authorizationPolicyDefinitions": "policy-",
8
+ "automationAutomationAccounts": "aa-",
9
+ "blueprintBlueprints": "bp-",
10
+ "blueprintBlueprintsArtifacts": "bpa-",
11
+ "cacheRedis": "redis-",
12
+ "cdnProfiles": "cdnp-",
13
+ "cdnProfilesEndpoints": "cdne-",
14
+ "cognitiveServicesAccounts": "cog-",
15
+ "cognitiveServicesFormRecognizer": "cog-fr-",
16
+ "cognitiveServicesTextAnalytics": "cog-ta-",
17
+ "computeAvailabilitySets": "avail-",
18
+ "computeCloudServices": "cld-",
19
+ "computeDiskEncryptionSets": "des",
20
+ "computeDisks": "disk",
21
+ "computeDisksOs": "osdisk",
22
+ "computeGalleries": "gal",
23
+ "computeSnapshots": "snap-",
24
+ "computeVirtualMachines": "vm",
25
+ "computeVirtualMachineScaleSets": "vmss-",
26
+ "containerInstanceContainerGroups": "ci",
27
+ "containerRegistryRegistries": "cr",
28
+ "containerServiceManagedClusters": "aks-",
29
+ "databricksWorkspaces": "dbw-",
30
+ "dataFactoryFactories": "adf-",
31
+ "dataLakeAnalyticsAccounts": "dla",
32
+ "dataLakeStoreAccounts": "dls",
33
+ "dataMigrationServices": "dms-",
34
+ "dBforMySQLServers": "mysql-",
35
+ "dBforPostgreSQLServers": "psql-",
36
+ "devicesIotHubs": "iot-",
37
+ "devicesProvisioningServices": "provs-",
38
+ "devicesProvisioningServicesCertificates": "pcert-",
39
+ "documentDBDatabaseAccounts": "cosmos-",
40
+ "eventGridDomains": "evgd-",
41
+ "eventGridDomainsTopics": "evgt-",
42
+ "eventGridEventSubscriptions": "evgs-",
43
+ "eventHubNamespaces": "evhns-",
44
+ "eventHubNamespacesEventHubs": "evh-",
45
+ "hdInsightClustersHadoop": "hadoop-",
46
+ "hdInsightClustersHbase": "hbase-",
47
+ "hdInsightClustersKafka": "kafka-",
48
+ "hdInsightClustersMl": "mls-",
49
+ "hdInsightClustersSpark": "spark-",
50
+ "hdInsightClustersStorm": "storm-",
51
+ "hybridComputeMachines": "arcs-",
52
+ "insightsActionGroups": "ag-",
53
+ "insightsComponents": "appi-",
54
+ "keyVaultVaults": "kv-",
55
+ "kubernetesConnectedClusters": "arck",
56
+ "kustoClusters": "dec",
57
+ "kustoClustersDatabases": "dedb",
58
+ "loadTesting": "lt-",
59
+ "logicIntegrationAccounts": "ia-",
60
+ "logicWorkflows": "logic-",
61
+ "machineLearningServicesWorkspaces": "mlw-",
62
+ "managedIdentityUserAssignedIdentities": "id-",
63
+ "managementManagementGroups": "mg-",
64
+ "migrateAssessmentProjects": "migr-",
65
+ "networkApplicationGateways": "agw-",
66
+ "networkApplicationSecurityGroups": "asg-",
67
+ "networkAzureFirewalls": "afw-",
68
+ "networkBastionHosts": "bas-",
69
+ "networkConnections": "con-",
70
+ "networkDnsZones": "dnsz-",
71
+ "networkExpressRouteCircuits": "erc-",
72
+ "networkFirewallPolicies": "afwp-",
73
+ "networkFirewallPoliciesWebApplication": "waf",
74
+ "networkFirewallPoliciesRuleGroups": "wafrg",
75
+ "networkFrontDoors": "fd-",
76
+ "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
77
+ "networkLoadBalancersExternal": "lbe-",
78
+ "networkLoadBalancersInternal": "lbi-",
79
+ "networkLoadBalancersInboundNatRules": "rule-",
80
+ "networkLocalNetworkGateways": "lgw-",
81
+ "networkNatGateways": "ng-",
82
+ "networkNetworkInterfaces": "nic-",
83
+ "networkNetworkSecurityGroups": "nsg-",
84
+ "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
85
+ "networkNetworkWatchers": "nw-",
86
+ "networkPrivateDnsZones": "pdnsz-",
87
+ "networkPrivateLinkServices": "pl-",
88
+ "networkPublicIPAddresses": "pip-",
89
+ "networkPublicIPPrefixes": "ippre-",
90
+ "networkRouteFilters": "rf-",
91
+ "networkRouteTables": "rt-",
92
+ "networkRouteTablesRoutes": "udr-",
93
+ "networkTrafficManagerProfiles": "traf-",
94
+ "networkVirtualNetworkGateways": "vgw-",
95
+ "networkVirtualNetworks": "vnet-",
96
+ "networkVirtualNetworksSubnets": "snet-",
97
+ "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
98
+ "networkVirtualWans": "vwan-",
99
+ "networkVpnGateways": "vpng-",
100
+ "networkVpnGatewaysVpnConnections": "vcn-",
101
+ "networkVpnGatewaysVpnSites": "vst-",
102
+ "notificationHubsNamespaces": "ntfns-",
103
+ "notificationHubsNamespacesNotificationHubs": "ntf-",
104
+ "operationalInsightsWorkspaces": "log-",
105
+ "portalDashboards": "dash-",
106
+ "powerBIDedicatedCapacities": "pbi-",
107
+ "purviewAccounts": "pview-",
108
+ "recoveryServicesVaults": "rsv-",
109
+ "resourcesResourceGroups": "rg-",
110
+ "searchSearchServices": "srch-",
111
+ "serviceBusNamespaces": "sb-",
112
+ "serviceBusNamespacesQueues": "sbq-",
113
+ "serviceBusNamespacesTopics": "sbt-",
114
+ "serviceEndPointPolicies": "se-",
115
+ "serviceFabricClusters": "sf-",
116
+ "signalRServiceSignalR": "sigr",
117
+ "sqlManagedInstances": "sqlmi-",
118
+ "sqlServers": "sql-",
119
+ "sqlServersDataWarehouse": "sqldw-",
120
+ "sqlServersDatabases": "sqldb-",
121
+ "sqlServersDatabasesStretch": "sqlstrdb-",
122
+ "storageStorageAccounts": "st",
123
+ "storageStorageAccountsVm": "stvm",
124
+ "storSimpleManagers": "ssimp",
125
+ "streamAnalyticsCluster": "asa-",
126
+ "synapseWorkspaces": "syn",
127
+ "synapseWorkspacesAnalyticsWorkspaces": "synw",
128
+ "synapseWorkspacesSqlPoolsDedicated": "syndp",
129
+ "synapseWorkspacesSqlPoolsSpark": "synsp",
130
+ "timeSeriesInsightsEnvironments": "tsi-",
131
+ "webServerFarms": "plan-",
132
+ "webSitesAppService": "app-",
133
+ "webSitesAppServiceEnvironment": "ase-",
134
+ "webSitesFunctions": "func-",
135
+ "webStaticSites": "stapp-"
136
+ }
@@ -0,0 +1,53 @@
1
+ metadata description = 'Creates an Azure Cognitive Services instance.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+ @description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
6
+ param customSubDomainName string = name
7
+ param deployments array = []
8
+ param kind string = 'OpenAI'
9
+
10
+ @allowed([ 'Enabled', 'Disabled' ])
11
+ param publicNetworkAccess string = 'Enabled'
12
+ param sku object = {
13
+ name: 'S0'
14
+ }
15
+
16
+ param allowedIpRules array = []
17
+ param networkAcls object = empty(allowedIpRules) ? {
18
+ defaultAction: 'Allow'
19
+ } : {
20
+ ipRules: allowedIpRules
21
+ defaultAction: 'Deny'
22
+ }
23
+
24
+ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
25
+ name: name
26
+ location: location
27
+ tags: tags
28
+ kind: kind
29
+ properties: {
30
+ customSubDomainName: customSubDomainName
31
+ publicNetworkAccess: publicNetworkAccess
32
+ networkAcls: networkAcls
33
+ }
34
+ sku: sku
35
+ }
36
+
37
+ @batchSize(1)
38
+ resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
39
+ parent: account
40
+ name: deployment.name
41
+ properties: {
42
+ model: deployment.model
43
+ raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
44
+ }
45
+ sku: contains(deployment, 'sku') ? deployment.sku : {
46
+ name: 'Standard'
47
+ capacity: 20
48
+ }
49
+ }]
50
+
51
+ output endpoint string = account.properties.endpoint
52
+ output id string = account.id
53
+ output name string = account.name
@@ -0,0 +1,48 @@
1
+ metadata description = 'Creates an Azure App Configuration store.'
2
+
3
+ @description('The name for the Azure App Configuration store')
4
+ param name string
5
+
6
+ @description('The Azure region/location for the Azure App Configuration store')
7
+ param location string = resourceGroup().location
8
+
9
+ @description('Custom tags to apply to the Azure App Configuration store')
10
+ param tags object = {}
11
+
12
+ @description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.')
13
+ param keyValueNames array = []
14
+
15
+ @description('Specifies the values of the key-value resources.')
16
+ param keyValueValues array = []
17
+
18
+ @description('The principal ID to grant access to the Azure App Configuration store')
19
+ param principalId string
20
+
21
+ resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
22
+ name: name
23
+ location: location
24
+ sku: {
25
+ name: 'standard'
26
+ }
27
+ tags: tags
28
+ }
29
+
30
+ resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: {
31
+ parent: configStore
32
+ name: item
33
+ properties: {
34
+ value: keyValueValues[i]
35
+ tags: tags
36
+ }
37
+ }]
38
+
39
+ module configStoreAccess '../security/configstore-access.bicep' = {
40
+ name: 'app-configuration-access'
41
+ params: {
42
+ configStoreName: name
43
+ principalId: principalId
44
+ }
45
+ dependsOn: [configStore]
46
+ }
47
+
48
+ output endpoint string = configStore.properties.endpoint
@@ -0,0 +1,49 @@
1
+ metadata description = 'Creates an Azure Cosmos DB account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
7
+ param keyVaultName string
8
+
9
+ @allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
10
+ param kind string
11
+
12
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
13
+ name: name
14
+ kind: kind
15
+ location: location
16
+ tags: tags
17
+ properties: {
18
+ consistencyPolicy: { defaultConsistencyLevel: 'Session' }
19
+ locations: [
20
+ {
21
+ locationName: location
22
+ failoverPriority: 0
23
+ isZoneRedundant: false
24
+ }
25
+ ]
26
+ databaseAccountOfferType: 'Standard'
27
+ enableAutomaticFailover: false
28
+ enableMultipleWriteLocations: false
29
+ apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
30
+ capabilities: [ { name: 'EnableServerless' } ]
31
+ }
32
+ }
33
+
34
+ resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
35
+ parent: keyVault
36
+ name: connectionStringKey
37
+ properties: {
38
+ value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
39
+ }
40
+ }
41
+
42
+ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
43
+ name: keyVaultName
44
+ }
45
+
46
+ output connectionStringKey string = connectionStringKey
47
+ output endpoint string = cosmos.properties.documentEndpoint
48
+ output id string = cosmos.id
49
+ output name string = cosmos.name
@@ -0,0 +1,23 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for MongoDB account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param keyVaultName string
7
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
8
+
9
+ module cosmos '../../cosmos/cosmos-account.bicep' = {
10
+ name: 'cosmos-account'
11
+ params: {
12
+ name: name
13
+ location: location
14
+ connectionStringKey: connectionStringKey
15
+ keyVaultName: keyVaultName
16
+ kind: 'MongoDB'
17
+ tags: tags
18
+ }
19
+ }
20
+
21
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
22
+ output endpoint string = cosmos.outputs.endpoint
23
+ output id string = cosmos.outputs.id
@@ -0,0 +1,47 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for MongoDB account with a database.'
2
+ param accountName string
3
+ param databaseName string
4
+ param location string = resourceGroup().location
5
+ param tags object = {}
6
+
7
+ param collections array = []
8
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
9
+ param keyVaultName string
10
+
11
+ module cosmos 'cosmos-mongo-account.bicep' = {
12
+ name: 'cosmos-mongo-account'
13
+ params: {
14
+ name: accountName
15
+ location: location
16
+ keyVaultName: keyVaultName
17
+ tags: tags
18
+ connectionStringKey: connectionStringKey
19
+ }
20
+ }
21
+
22
+ resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
23
+ name: '${accountName}/${databaseName}'
24
+ tags: tags
25
+ properties: {
26
+ resource: { id: databaseName }
27
+ }
28
+
29
+ resource list 'collections' = [for collection in collections: {
30
+ name: collection.name
31
+ properties: {
32
+ resource: {
33
+ id: collection.id
34
+ shardKey: { _id: collection.shardKey }
35
+ indexes: [ { key: { keys: [ collection.indexKey ] } } ]
36
+ }
37
+ }
38
+ }]
39
+
40
+ dependsOn: [
41
+ cosmos
42
+ ]
43
+ }
44
+
45
+ output connectionStringKey string = connectionStringKey
46
+ output databaseName string = databaseName
47
+ output endpoint string = cosmos.outputs.endpoint
@@ -0,0 +1,22 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for NoSQL account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param keyVaultName string
7
+
8
+ module cosmos '../../cosmos/cosmos-account.bicep' = {
9
+ name: 'cosmos-account'
10
+ params: {
11
+ name: name
12
+ location: location
13
+ tags: tags
14
+ keyVaultName: keyVaultName
15
+ kind: 'GlobalDocumentDB'
16
+ }
17
+ }
18
+
19
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
20
+ output endpoint string = cosmos.outputs.endpoint
21
+ output id string = cosmos.outputs.id
22
+ output name string = cosmos.outputs.name
@@ -0,0 +1,74 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.'
2
+ param accountName string
3
+ param databaseName string
4
+ param location string = resourceGroup().location
5
+ param tags object = {}
6
+
7
+ param containers array = []
8
+ param keyVaultName string
9
+ param principalIds array = []
10
+
11
+ module cosmos 'cosmos-sql-account.bicep' = {
12
+ name: 'cosmos-sql-account'
13
+ params: {
14
+ name: accountName
15
+ location: location
16
+ tags: tags
17
+ keyVaultName: keyVaultName
18
+ }
19
+ }
20
+
21
+ resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
22
+ name: '${accountName}/${databaseName}'
23
+ properties: {
24
+ resource: { id: databaseName }
25
+ }
26
+
27
+ resource list 'containers' = [for container in containers: {
28
+ name: container.name
29
+ properties: {
30
+ resource: {
31
+ id: container.id
32
+ partitionKey: { paths: [ container.partitionKey ] }
33
+ }
34
+ options: {}
35
+ }
36
+ }]
37
+
38
+ dependsOn: [
39
+ cosmos
40
+ ]
41
+ }
42
+
43
+ module roleDefinition 'cosmos-sql-role-def.bicep' = {
44
+ name: 'cosmos-sql-role-definition'
45
+ params: {
46
+ accountName: accountName
47
+ }
48
+ dependsOn: [
49
+ cosmos
50
+ database
51
+ ]
52
+ }
53
+
54
+ // We need batchSize(1) here because sql role assignments have to be done sequentially
55
+ @batchSize(1)
56
+ module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
57
+ name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
58
+ params: {
59
+ accountName: accountName
60
+ roleDefinitionId: roleDefinition.outputs.id
61
+ principalId: principalId
62
+ }
63
+ dependsOn: [
64
+ cosmos
65
+ database
66
+ ]
67
+ }]
68
+
69
+ output accountId string = cosmos.outputs.id
70
+ output accountName string = cosmos.outputs.name
71
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
72
+ output databaseName string = databaseName
73
+ output endpoint string = cosmos.outputs.endpoint
74
+ output roleDefinitionId string = roleDefinition.outputs.id
@@ -0,0 +1,19 @@
1
+ metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.'
2
+ param accountName string
3
+
4
+ param roleDefinitionId string
5
+ param principalId string = ''
6
+
7
+ resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
8
+ parent: cosmos
9
+ name: guid(roleDefinitionId, principalId, cosmos.id)
10
+ properties: {
11
+ principalId: principalId
12
+ roleDefinitionId: roleDefinitionId
13
+ scope: cosmos.id
14
+ }
15
+ }
16
+
17
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
18
+ name: accountName
19
+ }
@@ -0,0 +1,30 @@
1
+ metadata description = 'Creates a SQL role definition under an Azure Cosmos DB account.'
2
+ param accountName string
3
+
4
+ resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
5
+ parent: cosmos
6
+ name: guid(cosmos.id, accountName, 'sql-role')
7
+ properties: {
8
+ assignableScopes: [
9
+ cosmos.id
10
+ ]
11
+ permissions: [
12
+ {
13
+ dataActions: [
14
+ 'Microsoft.DocumentDB/databaseAccounts/readMetadata'
15
+ 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
16
+ 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
17
+ ]
18
+ notDataActions: []
19
+ }
20
+ ]
21
+ roleName: 'Reader Writer'
22
+ type: 'CustomRole'
23
+ }
24
+ }
25
+
26
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
27
+ name: accountName
28
+ }
29
+
30
+ output id string = roleDefinition.id
@@ -0,0 +1,65 @@
1
+ metadata description = 'Creates an Azure Database for MySQL - Flexible Server.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param sku object
7
+ param storage object
8
+ param administratorLogin string
9
+ @secure()
10
+ param administratorLoginPassword string
11
+ param highAvailabilityMode string = 'Disabled'
12
+ param databaseNames array = []
13
+ param allowAzureIPsFirewall bool = false
14
+ param allowAllIPsFirewall bool = false
15
+ param allowedSingleIPs array = []
16
+
17
+ // MySQL version
18
+ param version string
19
+
20
+ resource mysqlServer 'Microsoft.DBforMySQL/flexibleServers@2023-06-30' = {
21
+ location: location
22
+ tags: tags
23
+ name: name
24
+ sku: sku
25
+ properties: {
26
+ version: version
27
+ administratorLogin: administratorLogin
28
+ administratorLoginPassword: administratorLoginPassword
29
+ storage: storage
30
+ highAvailability: {
31
+ mode: highAvailabilityMode
32
+ }
33
+ }
34
+
35
+ resource database 'databases' = [for name in databaseNames: {
36
+ name: name
37
+ }]
38
+
39
+ resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
40
+ name: 'allow-all-IPs'
41
+ properties: {
42
+ startIpAddress: '0.0.0.0'
43
+ endIpAddress: '255.255.255.255'
44
+ }
45
+ }
46
+
47
+ resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
48
+ name: 'allow-all-azure-internal-IPs'
49
+ properties: {
50
+ startIpAddress: '0.0.0.0'
51
+ endIpAddress: '0.0.0.0'
52
+ }
53
+ }
54
+
55
+ resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
56
+ name: 'allow-single-${replace(ip, '.', '')}'
57
+ properties: {
58
+ startIpAddress: ip
59
+ endIpAddress: ip
60
+ }
61
+ }]
62
+
63
+ }
64
+
65
+ output MYSQL_DOMAIN_NAME string = mysqlServer.properties.fullyQualifiedDomainName