azd 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +2 -0
- data/lib/generators/azd/install_generator.rb +14 -0
- data/lib/generators/templates/azure.yaml.tt +22 -0
- data/lib/generators/templates/infra/abbreviations.json +136 -0
- data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
- data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
- data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
- data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
- data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
- data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
- data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
- data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
- data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
- data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
- data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
- data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
- data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
- data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
- data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
- data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
- data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
- data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
- data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
- data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
- data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
- data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
- data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
- data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
- data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
- data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
- data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
- data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
- data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
- data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/role.bicep +21 -0
- data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
- data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
- data/lib/generators/templates/infra/identity.bicep +20 -0
- data/lib/generators/templates/infra/main.bicep +243 -0
- data/lib/generators/templates/infra/main.parameters.json +25 -0
- data/lib/generators/templates/infra/rails.bicep +95 -0
- metadata +115 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a36bfca44f51ed3f8287ac7f8dd4e5184eaf51fcbfbe8d9b56b3111cdc03f668
|
4
|
+
data.tar.gz: fb85b56dbc25b399d0538afb032aed5d77b1a43f4813d6dbc1ebb404545fbad6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a2221d6cc7e6c0140c2581a598badf305ae2b8305e3b5a3e8d3d3ef5725c266f68d82414e882023cfff62a00e5a7bd57a5e213c6877a937b28d8bae3f818a3d1
|
7
|
+
data.tar.gz: 46005d1f8810c5538384b6bb89d7edfd02f9a9bce97b6ca05d6dcd4acef9f26e176fc70bcd39d71428b076c1fc836c72688cceff93fb78fd81a28f4f1b5a43e8
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2024 Dominique Broeglin
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
module Azd
|
2
|
+
module Generators
|
3
|
+
class InstallGenerator < Rails::Generators::Base
|
4
|
+
source_root File.expand_path("../templates", __dir__)
|
5
|
+
|
6
|
+
desc "Install Azure Developer CLI files"
|
7
|
+
|
8
|
+
def copy_install
|
9
|
+
template "azure.yaml"
|
10
|
+
directory "infra"
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
name: <%= Rails.application.class.module_parent_name.downcase %>
|
2
|
+
services:
|
3
|
+
azure-rails-starter:
|
4
|
+
language: js
|
5
|
+
project: ./
|
6
|
+
host: containerapp
|
7
|
+
docker:
|
8
|
+
path: ./Dockerfile
|
9
|
+
ports:
|
10
|
+
- 80:3000
|
11
|
+
hooks:
|
12
|
+
postprovision:
|
13
|
+
windows:
|
14
|
+
shell: pwsh
|
15
|
+
run: $output = azd env get-values; Add-Content -Path .env -Value $output;
|
16
|
+
interactive: true
|
17
|
+
continueOnError: false
|
18
|
+
posix:
|
19
|
+
shell: sh
|
20
|
+
run: azd env get-values > .env
|
21
|
+
interactive: true
|
22
|
+
continueOnError: false
|
@@ -0,0 +1,136 @@
|
|
1
|
+
{
|
2
|
+
"analysisServicesServers": "as",
|
3
|
+
"apiManagementService": "apim-",
|
4
|
+
"appConfigurationStores": "appcs-",
|
5
|
+
"appManagedEnvironments": "cae-",
|
6
|
+
"appContainerApps": "ca-",
|
7
|
+
"authorizationPolicyDefinitions": "policy-",
|
8
|
+
"automationAutomationAccounts": "aa-",
|
9
|
+
"blueprintBlueprints": "bp-",
|
10
|
+
"blueprintBlueprintsArtifacts": "bpa-",
|
11
|
+
"cacheRedis": "redis-",
|
12
|
+
"cdnProfiles": "cdnp-",
|
13
|
+
"cdnProfilesEndpoints": "cdne-",
|
14
|
+
"cognitiveServicesAccounts": "cog-",
|
15
|
+
"cognitiveServicesFormRecognizer": "cog-fr-",
|
16
|
+
"cognitiveServicesTextAnalytics": "cog-ta-",
|
17
|
+
"computeAvailabilitySets": "avail-",
|
18
|
+
"computeCloudServices": "cld-",
|
19
|
+
"computeDiskEncryptionSets": "des",
|
20
|
+
"computeDisks": "disk",
|
21
|
+
"computeDisksOs": "osdisk",
|
22
|
+
"computeGalleries": "gal",
|
23
|
+
"computeSnapshots": "snap-",
|
24
|
+
"computeVirtualMachines": "vm",
|
25
|
+
"computeVirtualMachineScaleSets": "vmss-",
|
26
|
+
"containerInstanceContainerGroups": "ci",
|
27
|
+
"containerRegistryRegistries": "cr",
|
28
|
+
"containerServiceManagedClusters": "aks-",
|
29
|
+
"databricksWorkspaces": "dbw-",
|
30
|
+
"dataFactoryFactories": "adf-",
|
31
|
+
"dataLakeAnalyticsAccounts": "dla",
|
32
|
+
"dataLakeStoreAccounts": "dls",
|
33
|
+
"dataMigrationServices": "dms-",
|
34
|
+
"dBforMySQLServers": "mysql-",
|
35
|
+
"dBforPostgreSQLServers": "psql-",
|
36
|
+
"devicesIotHubs": "iot-",
|
37
|
+
"devicesProvisioningServices": "provs-",
|
38
|
+
"devicesProvisioningServicesCertificates": "pcert-",
|
39
|
+
"documentDBDatabaseAccounts": "cosmos-",
|
40
|
+
"eventGridDomains": "evgd-",
|
41
|
+
"eventGridDomainsTopics": "evgt-",
|
42
|
+
"eventGridEventSubscriptions": "evgs-",
|
43
|
+
"eventHubNamespaces": "evhns-",
|
44
|
+
"eventHubNamespacesEventHubs": "evh-",
|
45
|
+
"hdInsightClustersHadoop": "hadoop-",
|
46
|
+
"hdInsightClustersHbase": "hbase-",
|
47
|
+
"hdInsightClustersKafka": "kafka-",
|
48
|
+
"hdInsightClustersMl": "mls-",
|
49
|
+
"hdInsightClustersSpark": "spark-",
|
50
|
+
"hdInsightClustersStorm": "storm-",
|
51
|
+
"hybridComputeMachines": "arcs-",
|
52
|
+
"insightsActionGroups": "ag-",
|
53
|
+
"insightsComponents": "appi-",
|
54
|
+
"keyVaultVaults": "kv-",
|
55
|
+
"kubernetesConnectedClusters": "arck",
|
56
|
+
"kustoClusters": "dec",
|
57
|
+
"kustoClustersDatabases": "dedb",
|
58
|
+
"loadTesting": "lt-",
|
59
|
+
"logicIntegrationAccounts": "ia-",
|
60
|
+
"logicWorkflows": "logic-",
|
61
|
+
"machineLearningServicesWorkspaces": "mlw-",
|
62
|
+
"managedIdentityUserAssignedIdentities": "id-",
|
63
|
+
"managementManagementGroups": "mg-",
|
64
|
+
"migrateAssessmentProjects": "migr-",
|
65
|
+
"networkApplicationGateways": "agw-",
|
66
|
+
"networkApplicationSecurityGroups": "asg-",
|
67
|
+
"networkAzureFirewalls": "afw-",
|
68
|
+
"networkBastionHosts": "bas-",
|
69
|
+
"networkConnections": "con-",
|
70
|
+
"networkDnsZones": "dnsz-",
|
71
|
+
"networkExpressRouteCircuits": "erc-",
|
72
|
+
"networkFirewallPolicies": "afwp-",
|
73
|
+
"networkFirewallPoliciesWebApplication": "waf",
|
74
|
+
"networkFirewallPoliciesRuleGroups": "wafrg",
|
75
|
+
"networkFrontDoors": "fd-",
|
76
|
+
"networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
|
77
|
+
"networkLoadBalancersExternal": "lbe-",
|
78
|
+
"networkLoadBalancersInternal": "lbi-",
|
79
|
+
"networkLoadBalancersInboundNatRules": "rule-",
|
80
|
+
"networkLocalNetworkGateways": "lgw-",
|
81
|
+
"networkNatGateways": "ng-",
|
82
|
+
"networkNetworkInterfaces": "nic-",
|
83
|
+
"networkNetworkSecurityGroups": "nsg-",
|
84
|
+
"networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
|
85
|
+
"networkNetworkWatchers": "nw-",
|
86
|
+
"networkPrivateDnsZones": "pdnsz-",
|
87
|
+
"networkPrivateLinkServices": "pl-",
|
88
|
+
"networkPublicIPAddresses": "pip-",
|
89
|
+
"networkPublicIPPrefixes": "ippre-",
|
90
|
+
"networkRouteFilters": "rf-",
|
91
|
+
"networkRouteTables": "rt-",
|
92
|
+
"networkRouteTablesRoutes": "udr-",
|
93
|
+
"networkTrafficManagerProfiles": "traf-",
|
94
|
+
"networkVirtualNetworkGateways": "vgw-",
|
95
|
+
"networkVirtualNetworks": "vnet-",
|
96
|
+
"networkVirtualNetworksSubnets": "snet-",
|
97
|
+
"networkVirtualNetworksVirtualNetworkPeerings": "peer-",
|
98
|
+
"networkVirtualWans": "vwan-",
|
99
|
+
"networkVpnGateways": "vpng-",
|
100
|
+
"networkVpnGatewaysVpnConnections": "vcn-",
|
101
|
+
"networkVpnGatewaysVpnSites": "vst-",
|
102
|
+
"notificationHubsNamespaces": "ntfns-",
|
103
|
+
"notificationHubsNamespacesNotificationHubs": "ntf-",
|
104
|
+
"operationalInsightsWorkspaces": "log-",
|
105
|
+
"portalDashboards": "dash-",
|
106
|
+
"powerBIDedicatedCapacities": "pbi-",
|
107
|
+
"purviewAccounts": "pview-",
|
108
|
+
"recoveryServicesVaults": "rsv-",
|
109
|
+
"resourcesResourceGroups": "rg-",
|
110
|
+
"searchSearchServices": "srch-",
|
111
|
+
"serviceBusNamespaces": "sb-",
|
112
|
+
"serviceBusNamespacesQueues": "sbq-",
|
113
|
+
"serviceBusNamespacesTopics": "sbt-",
|
114
|
+
"serviceEndPointPolicies": "se-",
|
115
|
+
"serviceFabricClusters": "sf-",
|
116
|
+
"signalRServiceSignalR": "sigr",
|
117
|
+
"sqlManagedInstances": "sqlmi-",
|
118
|
+
"sqlServers": "sql-",
|
119
|
+
"sqlServersDataWarehouse": "sqldw-",
|
120
|
+
"sqlServersDatabases": "sqldb-",
|
121
|
+
"sqlServersDatabasesStretch": "sqlstrdb-",
|
122
|
+
"storageStorageAccounts": "st",
|
123
|
+
"storageStorageAccountsVm": "stvm",
|
124
|
+
"storSimpleManagers": "ssimp",
|
125
|
+
"streamAnalyticsCluster": "asa-",
|
126
|
+
"synapseWorkspaces": "syn",
|
127
|
+
"synapseWorkspacesAnalyticsWorkspaces": "synw",
|
128
|
+
"synapseWorkspacesSqlPoolsDedicated": "syndp",
|
129
|
+
"synapseWorkspacesSqlPoolsSpark": "synsp",
|
130
|
+
"timeSeriesInsightsEnvironments": "tsi-",
|
131
|
+
"webServerFarms": "plan-",
|
132
|
+
"webSitesAppService": "app-",
|
133
|
+
"webSitesAppServiceEnvironment": "ase-",
|
134
|
+
"webSitesFunctions": "func-",
|
135
|
+
"webStaticSites": "stapp-"
|
136
|
+
}
|
@@ -0,0 +1,53 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cognitive Services instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
|
6
|
+
param customSubDomainName string = name
|
7
|
+
param deployments array = []
|
8
|
+
param kind string = 'OpenAI'
|
9
|
+
|
10
|
+
@allowed([ 'Enabled', 'Disabled' ])
|
11
|
+
param publicNetworkAccess string = 'Enabled'
|
12
|
+
param sku object = {
|
13
|
+
name: 'S0'
|
14
|
+
}
|
15
|
+
|
16
|
+
param allowedIpRules array = []
|
17
|
+
param networkAcls object = empty(allowedIpRules) ? {
|
18
|
+
defaultAction: 'Allow'
|
19
|
+
} : {
|
20
|
+
ipRules: allowedIpRules
|
21
|
+
defaultAction: 'Deny'
|
22
|
+
}
|
23
|
+
|
24
|
+
resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
|
25
|
+
name: name
|
26
|
+
location: location
|
27
|
+
tags: tags
|
28
|
+
kind: kind
|
29
|
+
properties: {
|
30
|
+
customSubDomainName: customSubDomainName
|
31
|
+
publicNetworkAccess: publicNetworkAccess
|
32
|
+
networkAcls: networkAcls
|
33
|
+
}
|
34
|
+
sku: sku
|
35
|
+
}
|
36
|
+
|
37
|
+
@batchSize(1)
|
38
|
+
resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
|
39
|
+
parent: account
|
40
|
+
name: deployment.name
|
41
|
+
properties: {
|
42
|
+
model: deployment.model
|
43
|
+
raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
|
44
|
+
}
|
45
|
+
sku: contains(deployment, 'sku') ? deployment.sku : {
|
46
|
+
name: 'Standard'
|
47
|
+
capacity: 20
|
48
|
+
}
|
49
|
+
}]
|
50
|
+
|
51
|
+
output endpoint string = account.properties.endpoint
|
52
|
+
output id string = account.id
|
53
|
+
output name string = account.name
|
@@ -0,0 +1,48 @@
|
|
1
|
+
metadata description = 'Creates an Azure App Configuration store.'
|
2
|
+
|
3
|
+
@description('The name for the Azure App Configuration store')
|
4
|
+
param name string
|
5
|
+
|
6
|
+
@description('The Azure region/location for the Azure App Configuration store')
|
7
|
+
param location string = resourceGroup().location
|
8
|
+
|
9
|
+
@description('Custom tags to apply to the Azure App Configuration store')
|
10
|
+
param tags object = {}
|
11
|
+
|
12
|
+
@description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.')
|
13
|
+
param keyValueNames array = []
|
14
|
+
|
15
|
+
@description('Specifies the values of the key-value resources.')
|
16
|
+
param keyValueValues array = []
|
17
|
+
|
18
|
+
@description('The principal ID to grant access to the Azure App Configuration store')
|
19
|
+
param principalId string
|
20
|
+
|
21
|
+
resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
|
22
|
+
name: name
|
23
|
+
location: location
|
24
|
+
sku: {
|
25
|
+
name: 'standard'
|
26
|
+
}
|
27
|
+
tags: tags
|
28
|
+
}
|
29
|
+
|
30
|
+
resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: {
|
31
|
+
parent: configStore
|
32
|
+
name: item
|
33
|
+
properties: {
|
34
|
+
value: keyValueValues[i]
|
35
|
+
tags: tags
|
36
|
+
}
|
37
|
+
}]
|
38
|
+
|
39
|
+
module configStoreAccess '../security/configstore-access.bicep' = {
|
40
|
+
name: 'app-configuration-access'
|
41
|
+
params: {
|
42
|
+
configStoreName: name
|
43
|
+
principalId: principalId
|
44
|
+
}
|
45
|
+
dependsOn: [configStore]
|
46
|
+
}
|
47
|
+
|
48
|
+
output endpoint string = configStore.properties.endpoint
|
@@ -0,0 +1,49 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cosmos DB account.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
|
7
|
+
param keyVaultName string
|
8
|
+
|
9
|
+
@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
|
10
|
+
param kind string
|
11
|
+
|
12
|
+
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
|
13
|
+
name: name
|
14
|
+
kind: kind
|
15
|
+
location: location
|
16
|
+
tags: tags
|
17
|
+
properties: {
|
18
|
+
consistencyPolicy: { defaultConsistencyLevel: 'Session' }
|
19
|
+
locations: [
|
20
|
+
{
|
21
|
+
locationName: location
|
22
|
+
failoverPriority: 0
|
23
|
+
isZoneRedundant: false
|
24
|
+
}
|
25
|
+
]
|
26
|
+
databaseAccountOfferType: 'Standard'
|
27
|
+
enableAutomaticFailover: false
|
28
|
+
enableMultipleWriteLocations: false
|
29
|
+
apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
|
30
|
+
capabilities: [ { name: 'EnableServerless' } ]
|
31
|
+
}
|
32
|
+
}
|
33
|
+
|
34
|
+
resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
35
|
+
parent: keyVault
|
36
|
+
name: connectionStringKey
|
37
|
+
properties: {
|
38
|
+
value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
|
39
|
+
}
|
40
|
+
}
|
41
|
+
|
42
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
|
43
|
+
name: keyVaultName
|
44
|
+
}
|
45
|
+
|
46
|
+
output connectionStringKey string = connectionStringKey
|
47
|
+
output endpoint string = cosmos.properties.documentEndpoint
|
48
|
+
output id string = cosmos.id
|
49
|
+
output name string = cosmos.name
|
@@ -0,0 +1,23 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cosmos DB for MongoDB account.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param keyVaultName string
|
7
|
+
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
|
8
|
+
|
9
|
+
module cosmos '../../cosmos/cosmos-account.bicep' = {
|
10
|
+
name: 'cosmos-account'
|
11
|
+
params: {
|
12
|
+
name: name
|
13
|
+
location: location
|
14
|
+
connectionStringKey: connectionStringKey
|
15
|
+
keyVaultName: keyVaultName
|
16
|
+
kind: 'MongoDB'
|
17
|
+
tags: tags
|
18
|
+
}
|
19
|
+
}
|
20
|
+
|
21
|
+
output connectionStringKey string = cosmos.outputs.connectionStringKey
|
22
|
+
output endpoint string = cosmos.outputs.endpoint
|
23
|
+
output id string = cosmos.outputs.id
|
@@ -0,0 +1,47 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cosmos DB for MongoDB account with a database.'
|
2
|
+
param accountName string
|
3
|
+
param databaseName string
|
4
|
+
param location string = resourceGroup().location
|
5
|
+
param tags object = {}
|
6
|
+
|
7
|
+
param collections array = []
|
8
|
+
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
|
9
|
+
param keyVaultName string
|
10
|
+
|
11
|
+
module cosmos 'cosmos-mongo-account.bicep' = {
|
12
|
+
name: 'cosmos-mongo-account'
|
13
|
+
params: {
|
14
|
+
name: accountName
|
15
|
+
location: location
|
16
|
+
keyVaultName: keyVaultName
|
17
|
+
tags: tags
|
18
|
+
connectionStringKey: connectionStringKey
|
19
|
+
}
|
20
|
+
}
|
21
|
+
|
22
|
+
resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
|
23
|
+
name: '${accountName}/${databaseName}'
|
24
|
+
tags: tags
|
25
|
+
properties: {
|
26
|
+
resource: { id: databaseName }
|
27
|
+
}
|
28
|
+
|
29
|
+
resource list 'collections' = [for collection in collections: {
|
30
|
+
name: collection.name
|
31
|
+
properties: {
|
32
|
+
resource: {
|
33
|
+
id: collection.id
|
34
|
+
shardKey: { _id: collection.shardKey }
|
35
|
+
indexes: [ { key: { keys: [ collection.indexKey ] } } ]
|
36
|
+
}
|
37
|
+
}
|
38
|
+
}]
|
39
|
+
|
40
|
+
dependsOn: [
|
41
|
+
cosmos
|
42
|
+
]
|
43
|
+
}
|
44
|
+
|
45
|
+
output connectionStringKey string = connectionStringKey
|
46
|
+
output databaseName string = databaseName
|
47
|
+
output endpoint string = cosmos.outputs.endpoint
|
@@ -0,0 +1,22 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cosmos DB for NoSQL account.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param keyVaultName string
|
7
|
+
|
8
|
+
module cosmos '../../cosmos/cosmos-account.bicep' = {
|
9
|
+
name: 'cosmos-account'
|
10
|
+
params: {
|
11
|
+
name: name
|
12
|
+
location: location
|
13
|
+
tags: tags
|
14
|
+
keyVaultName: keyVaultName
|
15
|
+
kind: 'GlobalDocumentDB'
|
16
|
+
}
|
17
|
+
}
|
18
|
+
|
19
|
+
output connectionStringKey string = cosmos.outputs.connectionStringKey
|
20
|
+
output endpoint string = cosmos.outputs.endpoint
|
21
|
+
output id string = cosmos.outputs.id
|
22
|
+
output name string = cosmos.outputs.name
|
@@ -0,0 +1,74 @@
|
|
1
|
+
metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.'
|
2
|
+
param accountName string
|
3
|
+
param databaseName string
|
4
|
+
param location string = resourceGroup().location
|
5
|
+
param tags object = {}
|
6
|
+
|
7
|
+
param containers array = []
|
8
|
+
param keyVaultName string
|
9
|
+
param principalIds array = []
|
10
|
+
|
11
|
+
module cosmos 'cosmos-sql-account.bicep' = {
|
12
|
+
name: 'cosmos-sql-account'
|
13
|
+
params: {
|
14
|
+
name: accountName
|
15
|
+
location: location
|
16
|
+
tags: tags
|
17
|
+
keyVaultName: keyVaultName
|
18
|
+
}
|
19
|
+
}
|
20
|
+
|
21
|
+
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
|
22
|
+
name: '${accountName}/${databaseName}'
|
23
|
+
properties: {
|
24
|
+
resource: { id: databaseName }
|
25
|
+
}
|
26
|
+
|
27
|
+
resource list 'containers' = [for container in containers: {
|
28
|
+
name: container.name
|
29
|
+
properties: {
|
30
|
+
resource: {
|
31
|
+
id: container.id
|
32
|
+
partitionKey: { paths: [ container.partitionKey ] }
|
33
|
+
}
|
34
|
+
options: {}
|
35
|
+
}
|
36
|
+
}]
|
37
|
+
|
38
|
+
dependsOn: [
|
39
|
+
cosmos
|
40
|
+
]
|
41
|
+
}
|
42
|
+
|
43
|
+
module roleDefinition 'cosmos-sql-role-def.bicep' = {
|
44
|
+
name: 'cosmos-sql-role-definition'
|
45
|
+
params: {
|
46
|
+
accountName: accountName
|
47
|
+
}
|
48
|
+
dependsOn: [
|
49
|
+
cosmos
|
50
|
+
database
|
51
|
+
]
|
52
|
+
}
|
53
|
+
|
54
|
+
// We need batchSize(1) here because sql role assignments have to be done sequentially
|
55
|
+
@batchSize(1)
|
56
|
+
module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
|
57
|
+
name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
|
58
|
+
params: {
|
59
|
+
accountName: accountName
|
60
|
+
roleDefinitionId: roleDefinition.outputs.id
|
61
|
+
principalId: principalId
|
62
|
+
}
|
63
|
+
dependsOn: [
|
64
|
+
cosmos
|
65
|
+
database
|
66
|
+
]
|
67
|
+
}]
|
68
|
+
|
69
|
+
output accountId string = cosmos.outputs.id
|
70
|
+
output accountName string = cosmos.outputs.name
|
71
|
+
output connectionStringKey string = cosmos.outputs.connectionStringKey
|
72
|
+
output databaseName string = databaseName
|
73
|
+
output endpoint string = cosmos.outputs.endpoint
|
74
|
+
output roleDefinitionId string = roleDefinition.outputs.id
|
@@ -0,0 +1,19 @@
|
|
1
|
+
metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.'
|
2
|
+
param accountName string
|
3
|
+
|
4
|
+
param roleDefinitionId string
|
5
|
+
param principalId string = ''
|
6
|
+
|
7
|
+
resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
|
8
|
+
parent: cosmos
|
9
|
+
name: guid(roleDefinitionId, principalId, cosmos.id)
|
10
|
+
properties: {
|
11
|
+
principalId: principalId
|
12
|
+
roleDefinitionId: roleDefinitionId
|
13
|
+
scope: cosmos.id
|
14
|
+
}
|
15
|
+
}
|
16
|
+
|
17
|
+
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
|
18
|
+
name: accountName
|
19
|
+
}
|
@@ -0,0 +1,30 @@
|
|
1
|
+
metadata description = 'Creates a SQL role definition under an Azure Cosmos DB account.'
|
2
|
+
param accountName string
|
3
|
+
|
4
|
+
resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
|
5
|
+
parent: cosmos
|
6
|
+
name: guid(cosmos.id, accountName, 'sql-role')
|
7
|
+
properties: {
|
8
|
+
assignableScopes: [
|
9
|
+
cosmos.id
|
10
|
+
]
|
11
|
+
permissions: [
|
12
|
+
{
|
13
|
+
dataActions: [
|
14
|
+
'Microsoft.DocumentDB/databaseAccounts/readMetadata'
|
15
|
+
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
|
16
|
+
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
|
17
|
+
]
|
18
|
+
notDataActions: []
|
19
|
+
}
|
20
|
+
]
|
21
|
+
roleName: 'Reader Writer'
|
22
|
+
type: 'CustomRole'
|
23
|
+
}
|
24
|
+
}
|
25
|
+
|
26
|
+
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
|
27
|
+
name: accountName
|
28
|
+
}
|
29
|
+
|
30
|
+
output id string = roleDefinition.id
|
@@ -0,0 +1,65 @@
|
|
1
|
+
metadata description = 'Creates an Azure Database for MySQL - Flexible Server.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param sku object
|
7
|
+
param storage object
|
8
|
+
param administratorLogin string
|
9
|
+
@secure()
|
10
|
+
param administratorLoginPassword string
|
11
|
+
param highAvailabilityMode string = 'Disabled'
|
12
|
+
param databaseNames array = []
|
13
|
+
param allowAzureIPsFirewall bool = false
|
14
|
+
param allowAllIPsFirewall bool = false
|
15
|
+
param allowedSingleIPs array = []
|
16
|
+
|
17
|
+
// MySQL version
|
18
|
+
param version string
|
19
|
+
|
20
|
+
resource mysqlServer 'Microsoft.DBforMySQL/flexibleServers@2023-06-30' = {
|
21
|
+
location: location
|
22
|
+
tags: tags
|
23
|
+
name: name
|
24
|
+
sku: sku
|
25
|
+
properties: {
|
26
|
+
version: version
|
27
|
+
administratorLogin: administratorLogin
|
28
|
+
administratorLoginPassword: administratorLoginPassword
|
29
|
+
storage: storage
|
30
|
+
highAvailability: {
|
31
|
+
mode: highAvailabilityMode
|
32
|
+
}
|
33
|
+
}
|
34
|
+
|
35
|
+
resource database 'databases' = [for name in databaseNames: {
|
36
|
+
name: name
|
37
|
+
}]
|
38
|
+
|
39
|
+
resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
|
40
|
+
name: 'allow-all-IPs'
|
41
|
+
properties: {
|
42
|
+
startIpAddress: '0.0.0.0'
|
43
|
+
endIpAddress: '255.255.255.255'
|
44
|
+
}
|
45
|
+
}
|
46
|
+
|
47
|
+
resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
|
48
|
+
name: 'allow-all-azure-internal-IPs'
|
49
|
+
properties: {
|
50
|
+
startIpAddress: '0.0.0.0'
|
51
|
+
endIpAddress: '0.0.0.0'
|
52
|
+
}
|
53
|
+
}
|
54
|
+
|
55
|
+
resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
|
56
|
+
name: 'allow-single-${replace(ip, '.', '')}'
|
57
|
+
properties: {
|
58
|
+
startIpAddress: ip
|
59
|
+
endIpAddress: ip
|
60
|
+
}
|
61
|
+
}]
|
62
|
+
|
63
|
+
}
|
64
|
+
|
65
|
+
output MYSQL_DOMAIN_NAME string = mysqlServer.properties.fullyQualifiedDomainName
|