Nell/eShopOnWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update bicep add azure.yaml scripts

Browse Source
This commit is contained in:
Jon Gallant
2022-12-09 16:03:04 -08:00
parent 45ad9ed83f
commit 5b86898d61
7 changed files with 24 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
azure.yaml
View File

@@ -1,8 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
# yaml-language-server: $schema=https://raw.githubusercontent.com/wbreza/azure-dev/main/schemas/v1.0/azure.yaml.json
name: eShopOnWeb
services:
web:
project: ./src/Web
language: csharp
host: appservice
web:
project: ./src/Web
language: csharp
host: appservice
scripts:
postprovision:
path: './scripts/setup-database.ps1'

31
infra/app/catalog-db.bicep
View File

@@ -1,31 +0,0 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param databaseName string = 'CatalogDB'
param keyVaultName string
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
// Because databaseName is optional in main.bicep, we make sure the database name is set here.
var defaultDatabaseName = 'Todo'
var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName
module sqlServer1 '../core/database/sqlserver/sqlserver-catalog.bicep' = {
name: 'sqlServer01'
params: {
name: name
location: location
tags: tags
databaseName: actualDatabaseName
keyVaultName: keyVaultName
sqlAdminPassword: sqlAdminPassword
appUserPassword: appUserPassword
}
}
output sqlCatalogConnectionStringKey string = sqlServer1.outputs.connectionStringKey
output sqlCatalogDatabase1Name string = sqlServer1.outputs.databaseName

31
infra/app/identity-db.bicep
View File

@@ -1,31 +0,0 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param databaseName string = 'IdentityDB'
param keyVaultName string
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
// Because databaseName is optional in main.bicep, we make sure the database name is set here.
var defaultDatabaseName = 'Todo'
var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName
module sqlServer2 '../core/database/sqlserver/sqlserver-identity.bicep' = {
name: 'sqlServer02'
params: {
name: name
location: location
tags: tags
databaseName: actualDatabaseName
keyVaultName: keyVaultName
sqlAdminPassword: sqlAdminPassword
appUserPassword: appUserPassword
}
}
output sqlCatalogConnectionStringKey string = sqlServer2.outputs.connectionStringKey
output sqlCatalogDatabase1Name string = sqlServer2.outputs.databaseName

23
infra/app/web.bicep
View File

@@ -1,23 +0,0 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param serviceName string = 'web'
param appCommandLine string = 'pm2 serve /home/site/wwwroot --no-daemon --spa'
param applicationInsightsName string = ''
param appServicePlanId string
param appSettings object = {}
module web '../core/host/appservice.bicep' = {
name: '${name}-deployment'
params: {
name: name
location: location
appServicePlanId: appServicePlanId
runtimeName: 'dotnetcore'
runtimeVersion: '6.0'
tags: union(tags, { 'azd-service-name': serviceName })
scmDoBuildDuringDeployment: false
}
}
output REACT_APP_WEB_BASE_URL string = web.outputs.uri

129
infra/core/database/sqlserver/sqlserver-catalog.bicep
View File

@@ -1,129 +0,0 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param appUser string = 'appUser'
param databaseName string
param keyVaultName string
param sqlAdmin string = 'sqlAdmin'
param connectionStringKey string = 'AZURE-SQL-CATALOG-CONNECTION-STRING'
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
name: name
location: location
tags: tags
properties: {
version: '12.0'
minimalTlsVersion: '1.2'
publicNetworkAccess: 'Enabled'
administratorLogin: sqlAdmin
administratorLoginPassword: sqlAdminPassword
}
resource database 'databases' = {
name: databaseName
location: location
}
resource firewall 'firewallRules' = {
name: 'Azure Services'
properties: {
// Allow all clients
// Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
// This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
startIpAddress: '0.0.0.1'
endIpAddress: '255.255.255.254'
}
}
}
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: '${name}-deployment-script'
location: location
kind: 'AzureCLI'
properties: {
azCliVersion: '2.37.0'
retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
timeout: 'PT5M' // Five minutes
cleanupPreference: 'OnSuccess'
environmentVariables: [
{
name: 'APPUSERNAME'
value: appUser
}
{
name: 'APPUSERPASSWORD'
secureValue: appUserPassword
}
{
name: 'DBNAME'
value: databaseName
}
{
name: 'DBSERVER'
value: sqlServer.properties.fullyQualifiedDomainName
}
{
name: 'SQLCMDPASSWORD'
secureValue: sqlAdminPassword
}
{
name: 'SQLADMIN'
value: sqlAdmin
}
]
scriptContent: '''
wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
cat <<SCRIPT_END > ./initDb.sql
drop user ${APPUSERNAME}
go
create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
go
alter role db_owner add member ${APPUSERNAME}
go
SCRIPT_END
./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
'''
}
}
resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'sqlAdminPassword'
properties: {
value: sqlAdminPassword
}
}
resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'appUserPassword'
properties: {
value: appUserPassword
}
}
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: connectionStringKey
properties: {
value: '${connectionString}; Password=${appUserPassword}'
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output connectionStringKey string = connectionStringKey
output databaseName string = sqlServer::database.name

129
infra/core/database/sqlserver/sqlserver-identity.bicep
View File

@@ -1,129 +0,0 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param appUser string = 'appUser'
param databaseName string
param keyVaultName string
param sqlAdmin string = 'sqlAdmin'
param connectionStringKey string = 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
name: name
location: location
tags: tags
properties: {
version: '12.0'
minimalTlsVersion: '1.2'
publicNetworkAccess: 'Enabled'
administratorLogin: sqlAdmin
administratorLoginPassword: sqlAdminPassword
}
resource database 'databases' = {
name: databaseName
location: location
}
resource firewall 'firewallRules' = {
name: 'Azure Services'
properties: {
// Allow all clients
// Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
// This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
startIpAddress: '0.0.0.1'
endIpAddress: '255.255.255.254'
}
}
}
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: '${name}-deployment-script'
location: location
kind: 'AzureCLI'
properties: {
azCliVersion: '2.37.0'
retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
timeout: 'PT5M' // Five minutes
cleanupPreference: 'OnSuccess'
environmentVariables: [
{
name: 'APPUSERNAME'
value: appUser
}
{
name: 'APPUSERPASSWORD'
secureValue: appUserPassword
}
{
name: 'DBNAME'
value: databaseName
}
{
name: 'DBSERVER'
value: sqlServer.properties.fullyQualifiedDomainName
}
{
name: 'SQLCMDPASSWORD'
secureValue: sqlAdminPassword
}
{
name: 'SQLADMIN'
value: sqlAdmin
}
]
scriptContent: '''
wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
cat <<SCRIPT_END > ./initDb.sql
drop user ${APPUSERNAME}
go
create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
go
alter role db_owner add member ${APPUSERNAME}
go
SCRIPT_END
./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
'''
}
}
resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'sqlAdminPassword'
properties: {
value: sqlAdminPassword
}
}
resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'appUserPassword'
properties: {
value: appUserPassword
}
}
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: connectionStringKey
properties: {
value: '${connectionString}; Password=${appUserPassword}'
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output connectionStringKey string = connectionStringKey
output databaseName string = sqlServer::database.name

30
infra/main.bicep
View File

@@ -15,9 +15,10 @@ param location string
// }
param resourceGroupName string = ''
param webServiceName string = ''
param sqlServer1Name string = 'sqlServer-catalog-01'
param sqlServer2Name string = 'sqlServer-identity-01'
param sqlDatabaseName string = ''
param catalogDatabaseName string = ''
param catalogDatabaseServerName string = ''
param identityDatabaseName string = ''
param identityDatabaseServerName string = ''
param appServicePlanName string = ''
param keyVaultName string = ''
@@ -44,49 +45,51 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
}
// The application frontend
module web './app/web.bicep' = {
module web './core/host/appservice.bicep' = {
name: 'web'
scope: rg
params: {
name: !empty(webServiceName) ? webServiceName : '${abbrs.webSitesAppService}web-${resourceToken}'
location: location
tags: tags
appServicePlanId: appServicePlan.outputs.id
runtimeName: 'dotnetcore'
runtimeVersion: '6.0'
tags: union(tags, { 'azd-service-name': 'web' })
}
}
// The application database: Catalog
module sqlServer1 './app/catalog-db.bicep' = {
module catalogDb './core/database/sqlserver/sqlserver.bicep' = {
name: 'sql-catalog'
scope: rg
params: {
name: !empty(sqlServer1Name) ? sqlServer1Name : '${abbrs.sqlServers}${resourceToken}'
databaseName: sqlDatabaseName
name: !empty(catalogDatabaseServerName) ? catalogDatabaseServerName : '${abbrs.sqlServers}catalog-${resourceToken}'
databaseName: catalogDatabaseName
location: location
tags: tags
sqlAdminPassword: sqlAdminPassword
appUserPassword: appUserPassword
keyVaultName: keyVault.outputs.name
connectionStringKey: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
}
}
// The application database: Identity
module sqlServer2 './app/identity-db.bicep' = {
module identityDb './core/database/sqlserver/sqlserver.bicep' = {
name: 'sql-identity'
scope: rg
params: {
name: !empty(sqlServer2Name) ? sqlServer2Name : '${abbrs.sqlServers}${resourceToken}'
databaseName: sqlDatabaseName
name: !empty(identityDatabaseServerName) ? identityDatabaseServerName : '${abbrs.sqlServers}identity-${resourceToken}'
databaseName: identityDatabaseName
location: location
tags: tags
sqlAdminPassword: sqlAdminPassword
appUserPassword: appUserPassword
keyVaultName: keyVault.outputs.name
connectionStringKey: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
}
}
// Store secrets in a keyvault
module keyVault './core/security/keyvault.bicep' = {
name: 'keyvault'
@@ -99,7 +102,6 @@ module keyVault './core/security/keyvault.bicep' = {
}
}
// Create an App Service Plan to group applications under the same payment plan and SKU
module appServicePlan './core/host/appserviceplan.bicep' = {
name: 'appserviceplan'