azd 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +2 -0
- data/lib/generators/azd/install_generator.rb +14 -0
- data/lib/generators/templates/azure.yaml.tt +22 -0
- data/lib/generators/templates/infra/abbreviations.json +136 -0
- data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
- data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
- data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
- data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
- data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
- data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
- data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
- data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
- data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
- data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
- data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
- data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
- data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
- data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
- data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
- data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
- data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
- data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
- data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
- data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
- data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
- data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
- data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
- data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
- data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
- data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
- data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
- data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
- data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
- data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
- data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
- data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
- data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
- data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
- data/lib/generators/templates/infra/core/security/role.bicep +21 -0
- data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
- data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
- data/lib/generators/templates/infra/identity.bicep +20 -0
- data/lib/generators/templates/infra/main.bicep +243 -0
- data/lib/generators/templates/infra/main.parameters.json +25 -0
- data/lib/generators/templates/infra/rails.bicep +95 -0
- metadata +115 -0
@@ -0,0 +1,30 @@
|
|
1
|
+
metadata description = 'Creates an Application Insights instance based on an existing Log Analytics workspace.'
|
2
|
+
param name string
|
3
|
+
param dashboardName string = ''
|
4
|
+
param location string = resourceGroup().location
|
5
|
+
param tags object = {}
|
6
|
+
param logAnalyticsWorkspaceId string
|
7
|
+
|
8
|
+
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
|
9
|
+
name: name
|
10
|
+
location: location
|
11
|
+
tags: tags
|
12
|
+
kind: 'web'
|
13
|
+
properties: {
|
14
|
+
Application_Type: 'web'
|
15
|
+
WorkspaceResourceId: logAnalyticsWorkspaceId
|
16
|
+
}
|
17
|
+
}
|
18
|
+
|
19
|
+
module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' = if (!empty(dashboardName)) {
|
20
|
+
name: 'application-insights-dashboard'
|
21
|
+
params: {
|
22
|
+
name: dashboardName
|
23
|
+
location: location
|
24
|
+
applicationInsightsName: applicationInsights.name
|
25
|
+
}
|
26
|
+
}
|
27
|
+
|
28
|
+
output connectionString string = applicationInsights.properties.ConnectionString
|
29
|
+
output instrumentationKey string = applicationInsights.properties.InstrumentationKey
|
30
|
+
output name string = applicationInsights.name
|
@@ -0,0 +1,22 @@
|
|
1
|
+
metadata description = 'Creates a Log Analytics workspace.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
|
7
|
+
name: name
|
8
|
+
location: location
|
9
|
+
tags: tags
|
10
|
+
properties: any({
|
11
|
+
retentionInDays: 30
|
12
|
+
features: {
|
13
|
+
searchVersion: 1
|
14
|
+
}
|
15
|
+
sku: {
|
16
|
+
name: 'PerGB2018'
|
17
|
+
}
|
18
|
+
})
|
19
|
+
}
|
20
|
+
|
21
|
+
output id string = logAnalytics.id
|
22
|
+
output name string = logAnalytics.name
|
@@ -0,0 +1,32 @@
|
|
1
|
+
metadata description = 'Creates an Application Insights instance and a Log Analytics workspace.'
|
2
|
+
param logAnalyticsName string
|
3
|
+
param applicationInsightsName string
|
4
|
+
param applicationInsightsDashboardName string = ''
|
5
|
+
param location string = resourceGroup().location
|
6
|
+
param tags object = {}
|
7
|
+
|
8
|
+
module logAnalytics 'loganalytics.bicep' = {
|
9
|
+
name: 'loganalytics'
|
10
|
+
params: {
|
11
|
+
name: logAnalyticsName
|
12
|
+
location: location
|
13
|
+
tags: tags
|
14
|
+
}
|
15
|
+
}
|
16
|
+
|
17
|
+
module applicationInsights 'applicationinsights.bicep' = {
|
18
|
+
name: 'applicationinsights'
|
19
|
+
params: {
|
20
|
+
name: applicationInsightsName
|
21
|
+
location: location
|
22
|
+
tags: tags
|
23
|
+
dashboardName: applicationInsightsDashboardName
|
24
|
+
logAnalyticsWorkspaceId: logAnalytics.outputs.id
|
25
|
+
}
|
26
|
+
}
|
27
|
+
|
28
|
+
output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString
|
29
|
+
output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey
|
30
|
+
output applicationInsightsName string = applicationInsights.outputs.name
|
31
|
+
output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
|
32
|
+
output logAnalyticsWorkspaceName string = logAnalytics.outputs.name
|
@@ -0,0 +1,52 @@
|
|
1
|
+
metadata description = 'Adds an endpoint to an Azure CDN profile.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@description('The name of the CDN profile resource')
|
7
|
+
@minLength(1)
|
8
|
+
param cdnProfileName string
|
9
|
+
|
10
|
+
@description('Delivery policy rules')
|
11
|
+
param deliveryPolicyRules array = []
|
12
|
+
|
13
|
+
@description('The origin URL for the endpoint')
|
14
|
+
@minLength(1)
|
15
|
+
param originUrl string
|
16
|
+
|
17
|
+
resource endpoint 'Microsoft.Cdn/profiles/endpoints@2022-05-01-preview' = {
|
18
|
+
parent: cdnProfile
|
19
|
+
name: name
|
20
|
+
location: location
|
21
|
+
tags: tags
|
22
|
+
properties: {
|
23
|
+
originHostHeader: originUrl
|
24
|
+
isHttpAllowed: false
|
25
|
+
isHttpsAllowed: true
|
26
|
+
queryStringCachingBehavior: 'UseQueryString'
|
27
|
+
optimizationType: 'GeneralWebDelivery'
|
28
|
+
origins: [
|
29
|
+
{
|
30
|
+
name: replace(originUrl, '.', '-')
|
31
|
+
properties: {
|
32
|
+
hostName: originUrl
|
33
|
+
originHostHeader: originUrl
|
34
|
+
priority: 1
|
35
|
+
weight: 1000
|
36
|
+
enabled: true
|
37
|
+
}
|
38
|
+
}
|
39
|
+
]
|
40
|
+
deliveryPolicy: {
|
41
|
+
rules: deliveryPolicyRules
|
42
|
+
}
|
43
|
+
}
|
44
|
+
}
|
45
|
+
|
46
|
+
resource cdnProfile 'Microsoft.Cdn/profiles@2022-05-01-preview' existing = {
|
47
|
+
name: cdnProfileName
|
48
|
+
}
|
49
|
+
|
50
|
+
output id string = endpoint.id
|
51
|
+
output name string = endpoint.name
|
52
|
+
output uri string = 'https://${endpoint.properties.hostName}'
|
@@ -0,0 +1,34 @@
|
|
1
|
+
metadata description = 'Creates an Azure CDN profile.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@description('The pricing tier of this CDN profile')
|
7
|
+
@allowed([
|
8
|
+
'Custom_Verizon'
|
9
|
+
'Premium_AzureFrontDoor'
|
10
|
+
'Premium_Verizon'
|
11
|
+
'StandardPlus_955BandWidth_ChinaCdn'
|
12
|
+
'StandardPlus_AvgBandWidth_ChinaCdn'
|
13
|
+
'StandardPlus_ChinaCdn'
|
14
|
+
'Standard_955BandWidth_ChinaCdn'
|
15
|
+
'Standard_Akamai'
|
16
|
+
'Standard_AvgBandWidth_ChinaCdn'
|
17
|
+
'Standard_AzureFrontDoor'
|
18
|
+
'Standard_ChinaCdn'
|
19
|
+
'Standard_Microsoft'
|
20
|
+
'Standard_Verizon'
|
21
|
+
])
|
22
|
+
param sku string = 'Standard_Microsoft'
|
23
|
+
|
24
|
+
resource profile 'Microsoft.Cdn/profiles@2022-05-01-preview' = {
|
25
|
+
name: name
|
26
|
+
location: location
|
27
|
+
tags: tags
|
28
|
+
sku: {
|
29
|
+
name: sku
|
30
|
+
}
|
31
|
+
}
|
32
|
+
|
33
|
+
output id string = profile.id
|
34
|
+
output name string = profile.name
|
@@ -0,0 +1,42 @@
|
|
1
|
+
metadata description = 'Creates an Azure CDN profile with a single endpoint.'
|
2
|
+
param location string = resourceGroup().location
|
3
|
+
param tags object = {}
|
4
|
+
|
5
|
+
@description('Name of the CDN endpoint resource')
|
6
|
+
param cdnEndpointName string
|
7
|
+
|
8
|
+
@description('Name of the CDN profile resource')
|
9
|
+
param cdnProfileName string
|
10
|
+
|
11
|
+
@description('Delivery policy rules')
|
12
|
+
param deliveryPolicyRules array = []
|
13
|
+
|
14
|
+
@description('Origin URL for the CDN endpoint')
|
15
|
+
param originUrl string
|
16
|
+
|
17
|
+
module cdnProfile 'cdn-profile.bicep' = {
|
18
|
+
name: 'cdn-profile'
|
19
|
+
params: {
|
20
|
+
name: cdnProfileName
|
21
|
+
location: location
|
22
|
+
tags: tags
|
23
|
+
}
|
24
|
+
}
|
25
|
+
|
26
|
+
module cdnEndpoint 'cdn-endpoint.bicep' = {
|
27
|
+
name: 'cdn-endpoint'
|
28
|
+
params: {
|
29
|
+
name: cdnEndpointName
|
30
|
+
location: location
|
31
|
+
tags: tags
|
32
|
+
cdnProfileName: cdnProfile.outputs.name
|
33
|
+
originUrl: originUrl
|
34
|
+
deliveryPolicyRules: deliveryPolicyRules
|
35
|
+
}
|
36
|
+
}
|
37
|
+
|
38
|
+
output endpointName string = cdnEndpoint.outputs.name
|
39
|
+
output endpointId string = cdnEndpoint.outputs.id
|
40
|
+
output profileName string = cdnProfile.outputs.name
|
41
|
+
output profileId string = cdnProfile.outputs.id
|
42
|
+
output uri string = cdnEndpoint.outputs.uri
|
@@ -0,0 +1,68 @@
|
|
1
|
+
metadata description = 'Creates an Azure AI Search instance.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param sku object = {
|
7
|
+
name: 'standard'
|
8
|
+
}
|
9
|
+
|
10
|
+
param authOptions object = {}
|
11
|
+
param disableLocalAuth bool = false
|
12
|
+
param disabledDataExfiltrationOptions array = []
|
13
|
+
param encryptionWithCmk object = {
|
14
|
+
enforcement: 'Unspecified'
|
15
|
+
}
|
16
|
+
@allowed([
|
17
|
+
'default'
|
18
|
+
'highDensity'
|
19
|
+
])
|
20
|
+
param hostingMode string = 'default'
|
21
|
+
param networkRuleSet object = {
|
22
|
+
bypass: 'None'
|
23
|
+
ipRules: []
|
24
|
+
}
|
25
|
+
param partitionCount int = 1
|
26
|
+
@allowed([
|
27
|
+
'enabled'
|
28
|
+
'disabled'
|
29
|
+
])
|
30
|
+
param publicNetworkAccess string = 'enabled'
|
31
|
+
param replicaCount int = 1
|
32
|
+
@allowed([
|
33
|
+
'disabled'
|
34
|
+
'free'
|
35
|
+
'standard'
|
36
|
+
])
|
37
|
+
param semanticSearch string = 'disabled'
|
38
|
+
|
39
|
+
var searchIdentityProvider = (sku.name == 'free') ? null : {
|
40
|
+
type: 'SystemAssigned'
|
41
|
+
}
|
42
|
+
|
43
|
+
resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = {
|
44
|
+
name: name
|
45
|
+
location: location
|
46
|
+
tags: tags
|
47
|
+
// The free tier does not support managed identity
|
48
|
+
identity: searchIdentityProvider
|
49
|
+
properties: {
|
50
|
+
authOptions: authOptions
|
51
|
+
disableLocalAuth: disableLocalAuth
|
52
|
+
disabledDataExfiltrationOptions: disabledDataExfiltrationOptions
|
53
|
+
encryptionWithCmk: encryptionWithCmk
|
54
|
+
hostingMode: hostingMode
|
55
|
+
networkRuleSet: networkRuleSet
|
56
|
+
partitionCount: partitionCount
|
57
|
+
publicNetworkAccess: publicNetworkAccess
|
58
|
+
replicaCount: replicaCount
|
59
|
+
semanticSearch: semanticSearch
|
60
|
+
}
|
61
|
+
sku: sku
|
62
|
+
}
|
63
|
+
|
64
|
+
output id string = search.id
|
65
|
+
output endpoint string = 'https://${name}.search.windows.net/'
|
66
|
+
output name string = search.name
|
67
|
+
output principalId string = !empty(searchIdentityProvider) ? search.identity.principalId : ''
|
68
|
+
|
@@ -0,0 +1,19 @@
|
|
1
|
+
metadata description = 'Assigns RBAC role to the specified AKS cluster and principal.'
|
2
|
+
param clusterName string
|
3
|
+
param principalId string
|
4
|
+
|
5
|
+
var aksClusterAdminRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')
|
6
|
+
|
7
|
+
resource aksRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
8
|
+
scope: aksCluster // Use when specifying a scope that is different than the deployment scope
|
9
|
+
name: guid(subscription().id, resourceGroup().id, principalId, aksClusterAdminRole)
|
10
|
+
properties: {
|
11
|
+
roleDefinitionId: aksClusterAdminRole
|
12
|
+
principalType: 'User'
|
13
|
+
principalId: principalId
|
14
|
+
}
|
15
|
+
}
|
16
|
+
|
17
|
+
resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = {
|
18
|
+
name: clusterName
|
19
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
@description('Name of Azure App Configuration store')
|
2
|
+
param configStoreName string
|
3
|
+
|
4
|
+
@description('The principal ID of the service principal to assign the role to')
|
5
|
+
param principalId string
|
6
|
+
|
7
|
+
resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
|
8
|
+
name: configStoreName
|
9
|
+
}
|
10
|
+
|
11
|
+
var configStoreDataReaderRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071')
|
12
|
+
|
13
|
+
resource configStoreDataReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
14
|
+
name: guid(subscription().id, resourceGroup().id, principalId, configStoreDataReaderRole)
|
15
|
+
scope: configStore
|
16
|
+
properties: {
|
17
|
+
roleDefinitionId: configStoreDataReaderRole
|
18
|
+
principalId: principalId
|
19
|
+
principalType: 'ServicePrincipal'
|
20
|
+
}
|
21
|
+
}
|
@@ -0,0 +1,22 @@
|
|
1
|
+
metadata description = 'Assigns an Azure Key Vault access policy.'
|
2
|
+
param name string = 'add'
|
3
|
+
|
4
|
+
param keyVaultName string
|
5
|
+
param permissions object = { secrets: [ 'get', 'list' ] }
|
6
|
+
param principalId string
|
7
|
+
|
8
|
+
resource keyVaultAccessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
|
9
|
+
parent: keyVault
|
10
|
+
name: name
|
11
|
+
properties: {
|
12
|
+
accessPolicies: [ {
|
13
|
+
objectId: principalId
|
14
|
+
tenantId: subscription().tenantId
|
15
|
+
permissions: permissions
|
16
|
+
} ]
|
17
|
+
}
|
18
|
+
}
|
19
|
+
|
20
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
|
21
|
+
name: keyVaultName
|
22
|
+
}
|
@@ -0,0 +1,31 @@
|
|
1
|
+
metadata description = 'Creates or updates a secret in an Azure Key Vault.'
|
2
|
+
param name string
|
3
|
+
param tags object = {}
|
4
|
+
param keyVaultName string
|
5
|
+
param contentType string = 'string'
|
6
|
+
@description('The value of the secret. Provide only derived values like blob storage access, but do not hard code any secrets in your templates')
|
7
|
+
@secure()
|
8
|
+
param secretValue string
|
9
|
+
|
10
|
+
param enabled bool = true
|
11
|
+
param exp int = 0
|
12
|
+
param nbf int = 0
|
13
|
+
|
14
|
+
resource keyVaultSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
|
15
|
+
name: name
|
16
|
+
tags: tags
|
17
|
+
parent: keyVault
|
18
|
+
properties: {
|
19
|
+
attributes: {
|
20
|
+
enabled: enabled
|
21
|
+
exp: exp
|
22
|
+
nbf: nbf
|
23
|
+
}
|
24
|
+
contentType: contentType
|
25
|
+
value: secretValue
|
26
|
+
}
|
27
|
+
}
|
28
|
+
|
29
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
|
30
|
+
name: keyVaultName
|
31
|
+
}
|
@@ -0,0 +1,31 @@
|
|
1
|
+
metadata description = 'Creates an Azure Key Vault.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
param identityName string = ''
|
7
|
+
|
8
|
+
resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) {
|
9
|
+
name: identityName
|
10
|
+
}
|
11
|
+
|
12
|
+
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
|
13
|
+
name: name
|
14
|
+
location: location
|
15
|
+
tags: tags
|
16
|
+
properties: {
|
17
|
+
tenantId: subscription().tenantId
|
18
|
+
sku: { family: 'A', name: 'standard' }
|
19
|
+
accessPolicies: !empty(userIdentity.properties.principalId) ? [
|
20
|
+
{
|
21
|
+
objectId: userIdentity.properties.principalId
|
22
|
+
permissions: { secrets: [ 'get', 'list' ] }
|
23
|
+
tenantId: subscription().tenantId
|
24
|
+
}
|
25
|
+
] : []
|
26
|
+
}
|
27
|
+
}
|
28
|
+
|
29
|
+
output endpoint string = keyVault.properties.vaultUri
|
30
|
+
output name string = keyVault.name
|
31
|
+
output principalId string = userIdentity.properties.principalId
|
@@ -0,0 +1,19 @@
|
|
1
|
+
metadata description = 'Assigns ACR Pull permissions to access an Azure Container Registry.'
|
2
|
+
param containerRegistryName string
|
3
|
+
param principalId string
|
4
|
+
|
5
|
+
var acrPullRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
|
6
|
+
|
7
|
+
resource aksAcrPull 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
8
|
+
scope: containerRegistry // Use when specifying a scope that is different than the deployment scope
|
9
|
+
name: guid(subscription().id, resourceGroup().id, principalId, acrPullRole)
|
10
|
+
properties: {
|
11
|
+
roleDefinitionId: acrPullRole
|
12
|
+
principalType: 'ServicePrincipal'
|
13
|
+
principalId: principalId
|
14
|
+
}
|
15
|
+
}
|
16
|
+
|
17
|
+
resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' existing = {
|
18
|
+
name: containerRegistryName
|
19
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
metadata description = 'Creates a role assignment for a service principal.'
|
2
|
+
param principalId string
|
3
|
+
|
4
|
+
@allowed([
|
5
|
+
'Device'
|
6
|
+
'ForeignGroup'
|
7
|
+
'Group'
|
8
|
+
'ServicePrincipal'
|
9
|
+
'User'
|
10
|
+
])
|
11
|
+
param principalType string = 'ServicePrincipal'
|
12
|
+
param roleDefinitionId string
|
13
|
+
|
14
|
+
resource role 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
15
|
+
name: guid(subscription().id, resourceGroup().id, principalId, roleDefinitionId)
|
16
|
+
properties: {
|
17
|
+
principalId: principalId
|
18
|
+
principalType: principalType
|
19
|
+
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
|
20
|
+
}
|
21
|
+
}
|
@@ -0,0 +1,64 @@
|
|
1
|
+
metadata description = 'Creates an Azure storage account.'
|
2
|
+
param name string
|
3
|
+
param location string = resourceGroup().location
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
@allowed([
|
7
|
+
'Cool'
|
8
|
+
'Hot'
|
9
|
+
'Premium' ])
|
10
|
+
param accessTier string = 'Hot'
|
11
|
+
param allowBlobPublicAccess bool = true
|
12
|
+
param allowCrossTenantReplication bool = true
|
13
|
+
param allowSharedKeyAccess bool = true
|
14
|
+
param containers array = []
|
15
|
+
param defaultToOAuthAuthentication bool = false
|
16
|
+
param deleteRetentionPolicy object = {}
|
17
|
+
@allowed([ 'AzureDnsZone', 'Standard' ])
|
18
|
+
param dnsEndpointType string = 'Standard'
|
19
|
+
param kind string = 'StorageV2'
|
20
|
+
param minimumTlsVersion string = 'TLS1_2'
|
21
|
+
param supportsHttpsTrafficOnly bool = true
|
22
|
+
param networkAcls object = {
|
23
|
+
bypass: 'AzureServices'
|
24
|
+
defaultAction: 'Allow'
|
25
|
+
}
|
26
|
+
@allowed([ 'Enabled', 'Disabled' ])
|
27
|
+
param publicNetworkAccess string = 'Enabled'
|
28
|
+
param sku object = { name: 'Standard_LRS' }
|
29
|
+
|
30
|
+
resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
|
31
|
+
name: name
|
32
|
+
location: location
|
33
|
+
tags: tags
|
34
|
+
kind: kind
|
35
|
+
sku: sku
|
36
|
+
properties: {
|
37
|
+
accessTier: accessTier
|
38
|
+
allowBlobPublicAccess: allowBlobPublicAccess
|
39
|
+
allowCrossTenantReplication: allowCrossTenantReplication
|
40
|
+
allowSharedKeyAccess: allowSharedKeyAccess
|
41
|
+
defaultToOAuthAuthentication: defaultToOAuthAuthentication
|
42
|
+
dnsEndpointType: dnsEndpointType
|
43
|
+
minimumTlsVersion: minimumTlsVersion
|
44
|
+
networkAcls: networkAcls
|
45
|
+
publicNetworkAccess: publicNetworkAccess
|
46
|
+
supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
|
47
|
+
}
|
48
|
+
|
49
|
+
resource blobServices 'blobServices' = if (!empty(containers)) {
|
50
|
+
name: 'default'
|
51
|
+
properties: {
|
52
|
+
deleteRetentionPolicy: deleteRetentionPolicy
|
53
|
+
}
|
54
|
+
resource container 'containers' = [for container in containers: {
|
55
|
+
name: container.name
|
56
|
+
properties: {
|
57
|
+
publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None'
|
58
|
+
}
|
59
|
+
}]
|
60
|
+
}
|
61
|
+
}
|
62
|
+
|
63
|
+
output name string = storage.name
|
64
|
+
output primaryEndpoints object = storage.properties.primaryEndpoints
|
@@ -0,0 +1,15 @@
|
|
1
|
+
param name string
|
2
|
+
param location string = resourceGroup().location
|
3
|
+
param managedIdentity bool = false
|
4
|
+
param tags object = {}
|
5
|
+
|
6
|
+
resource loadTest 'Microsoft.LoadTestService/loadTests@2022-12-01' = {
|
7
|
+
name: name
|
8
|
+
location: location
|
9
|
+
tags: tags
|
10
|
+
identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
|
11
|
+
properties: {
|
12
|
+
}
|
13
|
+
}
|
14
|
+
|
15
|
+
output loadTestingName string = loadTest.name
|
@@ -0,0 +1,20 @@
|
|
1
|
+
//
|
2
|
+
// Module that creates a user assigned managed identity
|
3
|
+
//
|
4
|
+
|
5
|
+
@description('Name of the user assigned managed identity to creates')
|
6
|
+
param name string
|
7
|
+
param location string = resourceGroup().location
|
8
|
+
param tags object = {}
|
9
|
+
|
10
|
+
resource webIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
|
11
|
+
name: name
|
12
|
+
location: location
|
13
|
+
tags: tags
|
14
|
+
}
|
15
|
+
|
16
|
+
@description('Name of the created user managed identity')
|
17
|
+
output name string = webIdentity.name
|
18
|
+
|
19
|
+
@description('Principal ID of the created user managed identity')
|
20
|
+
output principalId string = webIdentity.properties.principalId
|