azd 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +21 -0
  3. data/README.md +2 -0
  4. data/lib/generators/azd/install_generator.rb +14 -0
  5. data/lib/generators/templates/azure.yaml.tt +22 -0
  6. data/lib/generators/templates/infra/abbreviations.json +136 -0
  7. data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
  8. data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
  9. data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
  10. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
  11. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
  12. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
  13. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
  14. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
  15. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
  16. data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
  17. data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
  18. data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
  19. data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
  20. data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
  21. data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
  22. data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
  23. data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
  24. data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
  25. data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
  26. data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
  27. data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
  28. data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
  29. data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
  30. data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
  31. data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
  32. data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
  33. data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
  34. data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
  35. data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
  36. data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
  37. data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
  38. data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
  39. data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
  40. data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
  41. data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
  42. data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
  43. data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
  44. data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
  45. data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
  46. data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
  47. data/lib/generators/templates/infra/core/security/role.bicep +21 -0
  48. data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
  49. data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
  50. data/lib/generators/templates/infra/identity.bicep +20 -0
  51. data/lib/generators/templates/infra/main.bicep +243 -0
  52. data/lib/generators/templates/infra/main.parameters.json +25 -0
  53. data/lib/generators/templates/infra/rails.bicep +95 -0
  54. metadata +115 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a36bfca44f51ed3f8287ac7f8dd4e5184eaf51fcbfbe8d9b56b3111cdc03f668
4
+ data.tar.gz: fb85b56dbc25b399d0538afb032aed5d77b1a43f4813d6dbc1ebb404545fbad6
5
+ SHA512:
6
+ metadata.gz: a2221d6cc7e6c0140c2581a598badf305ae2b8305e3b5a3e8d3d3ef5725c266f68d82414e882023cfff62a00e5a7bd57a5e213c6877a937b28d8bae3f818a3d1
7
+ data.tar.gz: 46005d1f8810c5538384b6bb89d7edfd02f9a9bce97b6ca05d6dcd4acef9f26e176fc70bcd39d71428b076c1fc836c72688cceff93fb78fd81a28f4f1b5a43e8
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2024 Dominique Broeglin
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,2 @@
1
+ # azure-dev-gem
2
+ Azure Developer CLI generators gem
@@ -0,0 +1,14 @@
1
+ module Azd
2
+ module Generators
3
+ class InstallGenerator < Rails::Generators::Base
4
+ source_root File.expand_path("../templates", __dir__)
5
+
6
+ desc "Install Azure Developer CLI files"
7
+
8
+ def copy_install
9
+ template "azure.yaml"
10
+ directory "infra"
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,22 @@
1
+ name: <%= Rails.application.class.module_parent_name.downcase %>
2
+ services:
3
+ azure-rails-starter:
4
+ language: js
5
+ project: ./
6
+ host: containerapp
7
+ docker:
8
+ path: ./Dockerfile
9
+ ports:
10
+ - 80:3000
11
+ hooks:
12
+ postprovision:
13
+ windows:
14
+ shell: pwsh
15
+ run: $output = azd env get-values; Add-Content -Path .env -Value $output;
16
+ interactive: true
17
+ continueOnError: false
18
+ posix:
19
+ shell: sh
20
+ run: azd env get-values > .env
21
+ interactive: true
22
+ continueOnError: false
@@ -0,0 +1,136 @@
1
+ {
2
+ "analysisServicesServers": "as",
3
+ "apiManagementService": "apim-",
4
+ "appConfigurationStores": "appcs-",
5
+ "appManagedEnvironments": "cae-",
6
+ "appContainerApps": "ca-",
7
+ "authorizationPolicyDefinitions": "policy-",
8
+ "automationAutomationAccounts": "aa-",
9
+ "blueprintBlueprints": "bp-",
10
+ "blueprintBlueprintsArtifacts": "bpa-",
11
+ "cacheRedis": "redis-",
12
+ "cdnProfiles": "cdnp-",
13
+ "cdnProfilesEndpoints": "cdne-",
14
+ "cognitiveServicesAccounts": "cog-",
15
+ "cognitiveServicesFormRecognizer": "cog-fr-",
16
+ "cognitiveServicesTextAnalytics": "cog-ta-",
17
+ "computeAvailabilitySets": "avail-",
18
+ "computeCloudServices": "cld-",
19
+ "computeDiskEncryptionSets": "des",
20
+ "computeDisks": "disk",
21
+ "computeDisksOs": "osdisk",
22
+ "computeGalleries": "gal",
23
+ "computeSnapshots": "snap-",
24
+ "computeVirtualMachines": "vm",
25
+ "computeVirtualMachineScaleSets": "vmss-",
26
+ "containerInstanceContainerGroups": "ci",
27
+ "containerRegistryRegistries": "cr",
28
+ "containerServiceManagedClusters": "aks-",
29
+ "databricksWorkspaces": "dbw-",
30
+ "dataFactoryFactories": "adf-",
31
+ "dataLakeAnalyticsAccounts": "dla",
32
+ "dataLakeStoreAccounts": "dls",
33
+ "dataMigrationServices": "dms-",
34
+ "dBforMySQLServers": "mysql-",
35
+ "dBforPostgreSQLServers": "psql-",
36
+ "devicesIotHubs": "iot-",
37
+ "devicesProvisioningServices": "provs-",
38
+ "devicesProvisioningServicesCertificates": "pcert-",
39
+ "documentDBDatabaseAccounts": "cosmos-",
40
+ "eventGridDomains": "evgd-",
41
+ "eventGridDomainsTopics": "evgt-",
42
+ "eventGridEventSubscriptions": "evgs-",
43
+ "eventHubNamespaces": "evhns-",
44
+ "eventHubNamespacesEventHubs": "evh-",
45
+ "hdInsightClustersHadoop": "hadoop-",
46
+ "hdInsightClustersHbase": "hbase-",
47
+ "hdInsightClustersKafka": "kafka-",
48
+ "hdInsightClustersMl": "mls-",
49
+ "hdInsightClustersSpark": "spark-",
50
+ "hdInsightClustersStorm": "storm-",
51
+ "hybridComputeMachines": "arcs-",
52
+ "insightsActionGroups": "ag-",
53
+ "insightsComponents": "appi-",
54
+ "keyVaultVaults": "kv-",
55
+ "kubernetesConnectedClusters": "arck",
56
+ "kustoClusters": "dec",
57
+ "kustoClustersDatabases": "dedb",
58
+ "loadTesting": "lt-",
59
+ "logicIntegrationAccounts": "ia-",
60
+ "logicWorkflows": "logic-",
61
+ "machineLearningServicesWorkspaces": "mlw-",
62
+ "managedIdentityUserAssignedIdentities": "id-",
63
+ "managementManagementGroups": "mg-",
64
+ "migrateAssessmentProjects": "migr-",
65
+ "networkApplicationGateways": "agw-",
66
+ "networkApplicationSecurityGroups": "asg-",
67
+ "networkAzureFirewalls": "afw-",
68
+ "networkBastionHosts": "bas-",
69
+ "networkConnections": "con-",
70
+ "networkDnsZones": "dnsz-",
71
+ "networkExpressRouteCircuits": "erc-",
72
+ "networkFirewallPolicies": "afwp-",
73
+ "networkFirewallPoliciesWebApplication": "waf",
74
+ "networkFirewallPoliciesRuleGroups": "wafrg",
75
+ "networkFrontDoors": "fd-",
76
+ "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
77
+ "networkLoadBalancersExternal": "lbe-",
78
+ "networkLoadBalancersInternal": "lbi-",
79
+ "networkLoadBalancersInboundNatRules": "rule-",
80
+ "networkLocalNetworkGateways": "lgw-",
81
+ "networkNatGateways": "ng-",
82
+ "networkNetworkInterfaces": "nic-",
83
+ "networkNetworkSecurityGroups": "nsg-",
84
+ "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
85
+ "networkNetworkWatchers": "nw-",
86
+ "networkPrivateDnsZones": "pdnsz-",
87
+ "networkPrivateLinkServices": "pl-",
88
+ "networkPublicIPAddresses": "pip-",
89
+ "networkPublicIPPrefixes": "ippre-",
90
+ "networkRouteFilters": "rf-",
91
+ "networkRouteTables": "rt-",
92
+ "networkRouteTablesRoutes": "udr-",
93
+ "networkTrafficManagerProfiles": "traf-",
94
+ "networkVirtualNetworkGateways": "vgw-",
95
+ "networkVirtualNetworks": "vnet-",
96
+ "networkVirtualNetworksSubnets": "snet-",
97
+ "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
98
+ "networkVirtualWans": "vwan-",
99
+ "networkVpnGateways": "vpng-",
100
+ "networkVpnGatewaysVpnConnections": "vcn-",
101
+ "networkVpnGatewaysVpnSites": "vst-",
102
+ "notificationHubsNamespaces": "ntfns-",
103
+ "notificationHubsNamespacesNotificationHubs": "ntf-",
104
+ "operationalInsightsWorkspaces": "log-",
105
+ "portalDashboards": "dash-",
106
+ "powerBIDedicatedCapacities": "pbi-",
107
+ "purviewAccounts": "pview-",
108
+ "recoveryServicesVaults": "rsv-",
109
+ "resourcesResourceGroups": "rg-",
110
+ "searchSearchServices": "srch-",
111
+ "serviceBusNamespaces": "sb-",
112
+ "serviceBusNamespacesQueues": "sbq-",
113
+ "serviceBusNamespacesTopics": "sbt-",
114
+ "serviceEndPointPolicies": "se-",
115
+ "serviceFabricClusters": "sf-",
116
+ "signalRServiceSignalR": "sigr",
117
+ "sqlManagedInstances": "sqlmi-",
118
+ "sqlServers": "sql-",
119
+ "sqlServersDataWarehouse": "sqldw-",
120
+ "sqlServersDatabases": "sqldb-",
121
+ "sqlServersDatabasesStretch": "sqlstrdb-",
122
+ "storageStorageAccounts": "st",
123
+ "storageStorageAccountsVm": "stvm",
124
+ "storSimpleManagers": "ssimp",
125
+ "streamAnalyticsCluster": "asa-",
126
+ "synapseWorkspaces": "syn",
127
+ "synapseWorkspacesAnalyticsWorkspaces": "synw",
128
+ "synapseWorkspacesSqlPoolsDedicated": "syndp",
129
+ "synapseWorkspacesSqlPoolsSpark": "synsp",
130
+ "timeSeriesInsightsEnvironments": "tsi-",
131
+ "webServerFarms": "plan-",
132
+ "webSitesAppService": "app-",
133
+ "webSitesAppServiceEnvironment": "ase-",
134
+ "webSitesFunctions": "func-",
135
+ "webStaticSites": "stapp-"
136
+ }
@@ -0,0 +1,53 @@
1
+ metadata description = 'Creates an Azure Cognitive Services instance.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+ @description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
6
+ param customSubDomainName string = name
7
+ param deployments array = []
8
+ param kind string = 'OpenAI'
9
+
10
+ @allowed([ 'Enabled', 'Disabled' ])
11
+ param publicNetworkAccess string = 'Enabled'
12
+ param sku object = {
13
+ name: 'S0'
14
+ }
15
+
16
+ param allowedIpRules array = []
17
+ param networkAcls object = empty(allowedIpRules) ? {
18
+ defaultAction: 'Allow'
19
+ } : {
20
+ ipRules: allowedIpRules
21
+ defaultAction: 'Deny'
22
+ }
23
+
24
+ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
25
+ name: name
26
+ location: location
27
+ tags: tags
28
+ kind: kind
29
+ properties: {
30
+ customSubDomainName: customSubDomainName
31
+ publicNetworkAccess: publicNetworkAccess
32
+ networkAcls: networkAcls
33
+ }
34
+ sku: sku
35
+ }
36
+
37
+ @batchSize(1)
38
+ resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
39
+ parent: account
40
+ name: deployment.name
41
+ properties: {
42
+ model: deployment.model
43
+ raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
44
+ }
45
+ sku: contains(deployment, 'sku') ? deployment.sku : {
46
+ name: 'Standard'
47
+ capacity: 20
48
+ }
49
+ }]
50
+
51
+ output endpoint string = account.properties.endpoint
52
+ output id string = account.id
53
+ output name string = account.name
@@ -0,0 +1,48 @@
1
+ metadata description = 'Creates an Azure App Configuration store.'
2
+
3
+ @description('The name for the Azure App Configuration store')
4
+ param name string
5
+
6
+ @description('The Azure region/location for the Azure App Configuration store')
7
+ param location string = resourceGroup().location
8
+
9
+ @description('Custom tags to apply to the Azure App Configuration store')
10
+ param tags object = {}
11
+
12
+ @description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.')
13
+ param keyValueNames array = []
14
+
15
+ @description('Specifies the values of the key-value resources.')
16
+ param keyValueValues array = []
17
+
18
+ @description('The principal ID to grant access to the Azure App Configuration store')
19
+ param principalId string
20
+
21
+ resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
22
+ name: name
23
+ location: location
24
+ sku: {
25
+ name: 'standard'
26
+ }
27
+ tags: tags
28
+ }
29
+
30
+ resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: {
31
+ parent: configStore
32
+ name: item
33
+ properties: {
34
+ value: keyValueValues[i]
35
+ tags: tags
36
+ }
37
+ }]
38
+
39
+ module configStoreAccess '../security/configstore-access.bicep' = {
40
+ name: 'app-configuration-access'
41
+ params: {
42
+ configStoreName: name
43
+ principalId: principalId
44
+ }
45
+ dependsOn: [configStore]
46
+ }
47
+
48
+ output endpoint string = configStore.properties.endpoint
@@ -0,0 +1,49 @@
1
+ metadata description = 'Creates an Azure Cosmos DB account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
7
+ param keyVaultName string
8
+
9
+ @allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
10
+ param kind string
11
+
12
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
13
+ name: name
14
+ kind: kind
15
+ location: location
16
+ tags: tags
17
+ properties: {
18
+ consistencyPolicy: { defaultConsistencyLevel: 'Session' }
19
+ locations: [
20
+ {
21
+ locationName: location
22
+ failoverPriority: 0
23
+ isZoneRedundant: false
24
+ }
25
+ ]
26
+ databaseAccountOfferType: 'Standard'
27
+ enableAutomaticFailover: false
28
+ enableMultipleWriteLocations: false
29
+ apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
30
+ capabilities: [ { name: 'EnableServerless' } ]
31
+ }
32
+ }
33
+
34
+ resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
35
+ parent: keyVault
36
+ name: connectionStringKey
37
+ properties: {
38
+ value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
39
+ }
40
+ }
41
+
42
+ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
43
+ name: keyVaultName
44
+ }
45
+
46
+ output connectionStringKey string = connectionStringKey
47
+ output endpoint string = cosmos.properties.documentEndpoint
48
+ output id string = cosmos.id
49
+ output name string = cosmos.name
@@ -0,0 +1,23 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for MongoDB account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param keyVaultName string
7
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
8
+
9
+ module cosmos '../../cosmos/cosmos-account.bicep' = {
10
+ name: 'cosmos-account'
11
+ params: {
12
+ name: name
13
+ location: location
14
+ connectionStringKey: connectionStringKey
15
+ keyVaultName: keyVaultName
16
+ kind: 'MongoDB'
17
+ tags: tags
18
+ }
19
+ }
20
+
21
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
22
+ output endpoint string = cosmos.outputs.endpoint
23
+ output id string = cosmos.outputs.id
@@ -0,0 +1,47 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for MongoDB account with a database.'
2
+ param accountName string
3
+ param databaseName string
4
+ param location string = resourceGroup().location
5
+ param tags object = {}
6
+
7
+ param collections array = []
8
+ param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
9
+ param keyVaultName string
10
+
11
+ module cosmos 'cosmos-mongo-account.bicep' = {
12
+ name: 'cosmos-mongo-account'
13
+ params: {
14
+ name: accountName
15
+ location: location
16
+ keyVaultName: keyVaultName
17
+ tags: tags
18
+ connectionStringKey: connectionStringKey
19
+ }
20
+ }
21
+
22
+ resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
23
+ name: '${accountName}/${databaseName}'
24
+ tags: tags
25
+ properties: {
26
+ resource: { id: databaseName }
27
+ }
28
+
29
+ resource list 'collections' = [for collection in collections: {
30
+ name: collection.name
31
+ properties: {
32
+ resource: {
33
+ id: collection.id
34
+ shardKey: { _id: collection.shardKey }
35
+ indexes: [ { key: { keys: [ collection.indexKey ] } } ]
36
+ }
37
+ }
38
+ }]
39
+
40
+ dependsOn: [
41
+ cosmos
42
+ ]
43
+ }
44
+
45
+ output connectionStringKey string = connectionStringKey
46
+ output databaseName string = databaseName
47
+ output endpoint string = cosmos.outputs.endpoint
@@ -0,0 +1,22 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for NoSQL account.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param keyVaultName string
7
+
8
+ module cosmos '../../cosmos/cosmos-account.bicep' = {
9
+ name: 'cosmos-account'
10
+ params: {
11
+ name: name
12
+ location: location
13
+ tags: tags
14
+ keyVaultName: keyVaultName
15
+ kind: 'GlobalDocumentDB'
16
+ }
17
+ }
18
+
19
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
20
+ output endpoint string = cosmos.outputs.endpoint
21
+ output id string = cosmos.outputs.id
22
+ output name string = cosmos.outputs.name
@@ -0,0 +1,74 @@
1
+ metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.'
2
+ param accountName string
3
+ param databaseName string
4
+ param location string = resourceGroup().location
5
+ param tags object = {}
6
+
7
+ param containers array = []
8
+ param keyVaultName string
9
+ param principalIds array = []
10
+
11
+ module cosmos 'cosmos-sql-account.bicep' = {
12
+ name: 'cosmos-sql-account'
13
+ params: {
14
+ name: accountName
15
+ location: location
16
+ tags: tags
17
+ keyVaultName: keyVaultName
18
+ }
19
+ }
20
+
21
+ resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
22
+ name: '${accountName}/${databaseName}'
23
+ properties: {
24
+ resource: { id: databaseName }
25
+ }
26
+
27
+ resource list 'containers' = [for container in containers: {
28
+ name: container.name
29
+ properties: {
30
+ resource: {
31
+ id: container.id
32
+ partitionKey: { paths: [ container.partitionKey ] }
33
+ }
34
+ options: {}
35
+ }
36
+ }]
37
+
38
+ dependsOn: [
39
+ cosmos
40
+ ]
41
+ }
42
+
43
+ module roleDefinition 'cosmos-sql-role-def.bicep' = {
44
+ name: 'cosmos-sql-role-definition'
45
+ params: {
46
+ accountName: accountName
47
+ }
48
+ dependsOn: [
49
+ cosmos
50
+ database
51
+ ]
52
+ }
53
+
54
+ // We need batchSize(1) here because sql role assignments have to be done sequentially
55
+ @batchSize(1)
56
+ module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
57
+ name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
58
+ params: {
59
+ accountName: accountName
60
+ roleDefinitionId: roleDefinition.outputs.id
61
+ principalId: principalId
62
+ }
63
+ dependsOn: [
64
+ cosmos
65
+ database
66
+ ]
67
+ }]
68
+
69
+ output accountId string = cosmos.outputs.id
70
+ output accountName string = cosmos.outputs.name
71
+ output connectionStringKey string = cosmos.outputs.connectionStringKey
72
+ output databaseName string = databaseName
73
+ output endpoint string = cosmos.outputs.endpoint
74
+ output roleDefinitionId string = roleDefinition.outputs.id
@@ -0,0 +1,19 @@
1
+ metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.'
2
+ param accountName string
3
+
4
+ param roleDefinitionId string
5
+ param principalId string = ''
6
+
7
+ resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
8
+ parent: cosmos
9
+ name: guid(roleDefinitionId, principalId, cosmos.id)
10
+ properties: {
11
+ principalId: principalId
12
+ roleDefinitionId: roleDefinitionId
13
+ scope: cosmos.id
14
+ }
15
+ }
16
+
17
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
18
+ name: accountName
19
+ }
@@ -0,0 +1,30 @@
1
+ metadata description = 'Creates a SQL role definition under an Azure Cosmos DB account.'
2
+ param accountName string
3
+
4
+ resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
5
+ parent: cosmos
6
+ name: guid(cosmos.id, accountName, 'sql-role')
7
+ properties: {
8
+ assignableScopes: [
9
+ cosmos.id
10
+ ]
11
+ permissions: [
12
+ {
13
+ dataActions: [
14
+ 'Microsoft.DocumentDB/databaseAccounts/readMetadata'
15
+ 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
16
+ 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
17
+ ]
18
+ notDataActions: []
19
+ }
20
+ ]
21
+ roleName: 'Reader Writer'
22
+ type: 'CustomRole'
23
+ }
24
+ }
25
+
26
+ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
27
+ name: accountName
28
+ }
29
+
30
+ output id string = roleDefinition.id
@@ -0,0 +1,65 @@
1
+ metadata description = 'Creates an Azure Database for MySQL - Flexible Server.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param sku object
7
+ param storage object
8
+ param administratorLogin string
9
+ @secure()
10
+ param administratorLoginPassword string
11
+ param highAvailabilityMode string = 'Disabled'
12
+ param databaseNames array = []
13
+ param allowAzureIPsFirewall bool = false
14
+ param allowAllIPsFirewall bool = false
15
+ param allowedSingleIPs array = []
16
+
17
+ // MySQL version
18
+ param version string
19
+
20
+ resource mysqlServer 'Microsoft.DBforMySQL/flexibleServers@2023-06-30' = {
21
+ location: location
22
+ tags: tags
23
+ name: name
24
+ sku: sku
25
+ properties: {
26
+ version: version
27
+ administratorLogin: administratorLogin
28
+ administratorLoginPassword: administratorLoginPassword
29
+ storage: storage
30
+ highAvailability: {
31
+ mode: highAvailabilityMode
32
+ }
33
+ }
34
+
35
+ resource database 'databases' = [for name in databaseNames: {
36
+ name: name
37
+ }]
38
+
39
+ resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
40
+ name: 'allow-all-IPs'
41
+ properties: {
42
+ startIpAddress: '0.0.0.0'
43
+ endIpAddress: '255.255.255.255'
44
+ }
45
+ }
46
+
47
+ resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
48
+ name: 'allow-all-azure-internal-IPs'
49
+ properties: {
50
+ startIpAddress: '0.0.0.0'
51
+ endIpAddress: '0.0.0.0'
52
+ }
53
+ }
54
+
55
+ resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
56
+ name: 'allow-single-${replace(ip, '.', '')}'
57
+ properties: {
58
+ startIpAddress: ip
59
+ endIpAddress: ip
60
+ }
61
+ }]
62
+
63
+ }
64
+
65
+ output MYSQL_DOMAIN_NAME string = mysqlServer.properties.fullyQualifiedDomainName