From 5b86898d61bb075c75c26ffd07db8f82787f11a8 Mon Sep 17 00:00:00 2001 From: Jon Gallant Date: Fri, 9 Dec 2022 16:03:04 -0800 Subject: [PATCH] Update bicep add azure.yaml scripts --- azure.yaml | 13 +- infra/app/catalog-db.bicep | 31 ----- infra/app/identity-db.bicep | 31 ----- infra/app/web.bicep | 23 ---- .../sqlserver/sqlserver-catalog.bicep | 129 ------------------ .../sqlserver/sqlserver-identity.bicep | 129 ------------------ infra/main.bicep | 30 ++-- 7 files changed, 24 insertions(+), 362 deletions(-) delete mode 100644 infra/app/catalog-db.bicep delete mode 100644 infra/app/identity-db.bicep delete mode 100644 infra/app/web.bicep delete mode 100644 infra/core/database/sqlserver/sqlserver-catalog.bicep delete mode 100644 infra/core/database/sqlserver/sqlserver-identity.bicep diff --git a/azure.yaml b/azure.yaml index 9590449..f36e91e 100644 --- a/azure.yaml +++ b/azure.yaml @@ -1,8 +1,11 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/wbreza/azure-dev/main/schemas/v1.0/azure.yaml.json name: eShopOnWeb services: - web: - project: ./src/Web - language: csharp - host: appservice + web: + project: ./src/Web + language: csharp + host: appservice +scripts: + postprovision: + path: './scripts/setup-database.ps1' \ No newline at end of file diff --git a/infra/app/catalog-db.bicep b/infra/app/catalog-db.bicep deleted file mode 100644 index 3d40c45..0000000 --- a/infra/app/catalog-db.bicep +++ /dev/null @@ -1,31 +0,0 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param databaseName string = 'CatalogDB' -param keyVaultName string - -@secure() -param sqlAdminPassword string -@secure() -param appUserPassword string - -// Because databaseName is optional in main.bicep, we make sure the database name is set here. -var defaultDatabaseName = 'Todo' -var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName - -module sqlServer1 '../core/database/sqlserver/sqlserver-catalog.bicep' = { - name: 'sqlServer01' - params: { - name: name - location: location - tags: tags - databaseName: actualDatabaseName - keyVaultName: keyVaultName - sqlAdminPassword: sqlAdminPassword - appUserPassword: appUserPassword - } -} - -output sqlCatalogConnectionStringKey string = sqlServer1.outputs.connectionStringKey -output sqlCatalogDatabase1Name string = sqlServer1.outputs.databaseName diff --git a/infra/app/identity-db.bicep b/infra/app/identity-db.bicep deleted file mode 100644 index 9717032..0000000 --- a/infra/app/identity-db.bicep +++ /dev/null @@ -1,31 +0,0 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param databaseName string = 'IdentityDB' -param keyVaultName string - -@secure() -param sqlAdminPassword string -@secure() -param appUserPassword string - -// Because databaseName is optional in main.bicep, we make sure the database name is set here. -var defaultDatabaseName = 'Todo' -var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName - -module sqlServer2 '../core/database/sqlserver/sqlserver-identity.bicep' = { - name: 'sqlServer02' - params: { - name: name - location: location - tags: tags - databaseName: actualDatabaseName - keyVaultName: keyVaultName - sqlAdminPassword: sqlAdminPassword - appUserPassword: appUserPassword - } -} - -output sqlCatalogConnectionStringKey string = sqlServer2.outputs.connectionStringKey -output sqlCatalogDatabase1Name string = sqlServer2.outputs.databaseName diff --git a/infra/app/web.bicep b/infra/app/web.bicep deleted file mode 100644 index f33a276..0000000 --- a/infra/app/web.bicep +++ /dev/null @@ -1,23 +0,0 @@ -param name string -param location string = resourceGroup().location -param tags object = {} -param serviceName string = 'web' -param appCommandLine string = 'pm2 serve /home/site/wwwroot --no-daemon --spa' -param applicationInsightsName string = '' -param appServicePlanId string -param appSettings object = {} - -module web '../core/host/appservice.bicep' = { - name: '${name}-deployment' - params: { - name: name - location: location - appServicePlanId: appServicePlanId - runtimeName: 'dotnetcore' - runtimeVersion: '6.0' - tags: union(tags, { 'azd-service-name': serviceName }) - scmDoBuildDuringDeployment: false - } -} - -output REACT_APP_WEB_BASE_URL string = web.outputs.uri diff --git a/infra/core/database/sqlserver/sqlserver-catalog.bicep b/infra/core/database/sqlserver/sqlserver-catalog.bicep deleted file mode 100644 index 891aa45..0000000 --- a/infra/core/database/sqlserver/sqlserver-catalog.bicep +++ /dev/null @@ -1,129 +0,0 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param appUser string = 'appUser' -param databaseName string -param keyVaultName string -param sqlAdmin string = 'sqlAdmin' -param connectionStringKey string = 'AZURE-SQL-CATALOG-CONNECTION-STRING' - -@secure() -param sqlAdminPassword string -@secure() -param appUserPassword string - -resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = { - name: name - location: location - tags: tags - properties: { - version: '12.0' - minimalTlsVersion: '1.2' - publicNetworkAccess: 'Enabled' - administratorLogin: sqlAdmin - administratorLoginPassword: sqlAdminPassword - } - - resource database 'databases' = { - name: databaseName - location: location - } - - resource firewall 'firewallRules' = { - name: 'Azure Services' - properties: { - // Allow all clients - // Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only". - // This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes. - startIpAddress: '0.0.0.1' - endIpAddress: '255.255.255.254' - } - } -} - -resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: '${name}-deployment-script' - location: location - kind: 'AzureCLI' - properties: { - azCliVersion: '2.37.0' - retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running - timeout: 'PT5M' // Five minutes - cleanupPreference: 'OnSuccess' - environmentVariables: [ - { - name: 'APPUSERNAME' - value: appUser - } - { - name: 'APPUSERPASSWORD' - secureValue: appUserPassword - } - { - name: 'DBNAME' - value: databaseName - } - { - name: 'DBSERVER' - value: sqlServer.properties.fullyQualifiedDomainName - } - { - name: 'SQLCMDPASSWORD' - secureValue: sqlAdminPassword - } - { - name: 'SQLADMIN' - value: sqlAdmin - } - ] - - scriptContent: ''' -wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2 -tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C . - -cat < ./initDb.sql -drop user ${APPUSERNAME} -go -create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}' -go -alter role db_owner add member ${APPUSERNAME} -go -SCRIPT_END - -./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql - ''' - } -} - -resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'sqlAdminPassword' - properties: { - value: sqlAdminPassword - } -} - -resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'appUserPassword' - properties: { - value: appUserPassword - } -} - -resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: connectionStringKey - properties: { - value: '${connectionString}; Password=${appUserPassword}' - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { - name: keyVaultName -} - -var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}' -output connectionStringKey string = connectionStringKey -output databaseName string = sqlServer::database.name diff --git a/infra/core/database/sqlserver/sqlserver-identity.bicep b/infra/core/database/sqlserver/sqlserver-identity.bicep deleted file mode 100644 index 305c97b..0000000 --- a/infra/core/database/sqlserver/sqlserver-identity.bicep +++ /dev/null @@ -1,129 +0,0 @@ -param name string -param location string = resourceGroup().location -param tags object = {} - -param appUser string = 'appUser' -param databaseName string -param keyVaultName string -param sqlAdmin string = 'sqlAdmin' -param connectionStringKey string = 'AZURE-SQL-IDENTITY-CONNECTION-STRING' - -@secure() -param sqlAdminPassword string -@secure() -param appUserPassword string - -resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = { - name: name - location: location - tags: tags - properties: { - version: '12.0' - minimalTlsVersion: '1.2' - publicNetworkAccess: 'Enabled' - administratorLogin: sqlAdmin - administratorLoginPassword: sqlAdminPassword - } - - resource database 'databases' = { - name: databaseName - location: location - } - - resource firewall 'firewallRules' = { - name: 'Azure Services' - properties: { - // Allow all clients - // Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only". - // This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes. - startIpAddress: '0.0.0.1' - endIpAddress: '255.255.255.254' - } - } -} - -resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: '${name}-deployment-script' - location: location - kind: 'AzureCLI' - properties: { - azCliVersion: '2.37.0' - retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running - timeout: 'PT5M' // Five minutes - cleanupPreference: 'OnSuccess' - environmentVariables: [ - { - name: 'APPUSERNAME' - value: appUser - } - { - name: 'APPUSERPASSWORD' - secureValue: appUserPassword - } - { - name: 'DBNAME' - value: databaseName - } - { - name: 'DBSERVER' - value: sqlServer.properties.fullyQualifiedDomainName - } - { - name: 'SQLCMDPASSWORD' - secureValue: sqlAdminPassword - } - { - name: 'SQLADMIN' - value: sqlAdmin - } - ] - - scriptContent: ''' -wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2 -tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C . - -cat < ./initDb.sql -drop user ${APPUSERNAME} -go -create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}' -go -alter role db_owner add member ${APPUSERNAME} -go -SCRIPT_END - -./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql - ''' - } -} - -resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'sqlAdminPassword' - properties: { - value: sqlAdminPassword - } -} - -resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: 'appUserPassword' - properties: { - value: appUserPassword - } -} - -resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: connectionStringKey - properties: { - value: '${connectionString}; Password=${appUserPassword}' - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { - name: keyVaultName -} - -var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}' -output connectionStringKey string = connectionStringKey -output databaseName string = sqlServer::database.name diff --git a/infra/main.bicep b/infra/main.bicep index 55f8ddd..1d8bba8 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -15,9 +15,10 @@ param location string // } param resourceGroupName string = '' param webServiceName string = '' -param sqlServer1Name string = 'sqlServer-catalog-01' -param sqlServer2Name string = 'sqlServer-identity-01' -param sqlDatabaseName string = '' +param catalogDatabaseName string = '' +param catalogDatabaseServerName string = '' +param identityDatabaseName string = '' +param identityDatabaseServerName string = '' param appServicePlanName string = '' param keyVaultName string = '' @@ -44,49 +45,51 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { } // The application frontend -module web './app/web.bicep' = { +module web './core/host/appservice.bicep' = { name: 'web' scope: rg params: { name: !empty(webServiceName) ? webServiceName : '${abbrs.webSitesAppService}web-${resourceToken}' location: location - tags: tags appServicePlanId: appServicePlan.outputs.id + runtimeName: 'dotnetcore' + runtimeVersion: '6.0' + tags: union(tags, { 'azd-service-name': 'web' }) } } // The application database: Catalog -module sqlServer1 './app/catalog-db.bicep' = { +module catalogDb './core/database/sqlserver/sqlserver.bicep' = { name: 'sql-catalog' scope: rg params: { - name: !empty(sqlServer1Name) ? sqlServer1Name : '${abbrs.sqlServers}${resourceToken}' - databaseName: sqlDatabaseName + name: !empty(catalogDatabaseServerName) ? catalogDatabaseServerName : '${abbrs.sqlServers}catalog-${resourceToken}' + databaseName: catalogDatabaseName location: location tags: tags sqlAdminPassword: sqlAdminPassword appUserPassword: appUserPassword keyVaultName: keyVault.outputs.name + connectionStringKey: 'AZURE-SQL-CATALOG-CONNECTION-STRING' } } // The application database: Identity -module sqlServer2 './app/identity-db.bicep' = { +module identityDb './core/database/sqlserver/sqlserver.bicep' = { name: 'sql-identity' scope: rg params: { - name: !empty(sqlServer2Name) ? sqlServer2Name : '${abbrs.sqlServers}${resourceToken}' - databaseName: sqlDatabaseName + name: !empty(identityDatabaseServerName) ? identityDatabaseServerName : '${abbrs.sqlServers}identity-${resourceToken}' + databaseName: identityDatabaseName location: location tags: tags sqlAdminPassword: sqlAdminPassword appUserPassword: appUserPassword keyVaultName: keyVault.outputs.name + connectionStringKey: 'AZURE-SQL-IDENTITY-CONNECTION-STRING' } } - - // Store secrets in a keyvault module keyVault './core/security/keyvault.bicep' = { name: 'keyvault' @@ -99,7 +102,6 @@ module keyVault './core/security/keyvault.bicep' = { } } - // Create an App Service Plan to group applications under the same payment plan and SKU module appServicePlan './core/host/appserviceplan.bicep' = { name: 'appserviceplan'