Nell/eShopOnWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Azdev-ify changes for latest /bicep/core

Browse Source
This commit is contained in:
zedy
2022-11-18 10:25:09 +08:00
parent c783174933
commit 88a27783a1
45 changed files with 762 additions and 633 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
infra/core/database/cosmos/cosmos-account.bicep Normal file
View File

@@ -0,0 +1,48 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
param keyVaultName string
@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
param kind string
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
name: name
kind: kind
location: location
tags: tags
properties: {
consistencyPolicy: { defaultConsistencyLevel: 'Session' }
locations: [
{
locationName: location
failoverPriority: 0
isZoneRedundant: false
}
]
databaseAccountOfferType: 'Standard'
enableAutomaticFailover: false
enableMultipleWriteLocations: false
apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.0' } : {}
capabilities: [ { name: 'EnableServerless' } ]
}
}
resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: connectionStringKey
properties: {
value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
output connectionStringKey string = connectionStringKey
output endpoint string = cosmos.properties.documentEndpoint
output id string = cosmos.id
output name string = cosmos.name

22
infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep Normal file
View File

@@ -0,0 +1,22 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param keyVaultName string
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
module cosmos '../../cosmos/cosmos-account.bicep' = {
name: 'cosmos-account'
params: {
name: name
location: location
connectionStringKey: connectionStringKey
keyVaultName: keyVaultName
kind: 'MongoDB'
tags: tags
}
}
output connectionStringKey string = cosmos.outputs.connectionStringKey
output endpoint string = cosmos.outputs.endpoint
output id string = cosmos.outputs.id

46
infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep Normal file
View File

@@ -0,0 +1,46 @@
param accountName string
param databaseName string
param location string = resourceGroup().location
param tags object = {}
param collections array = []
param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
param keyVaultName string
module cosmos 'cosmos-mongo-account.bicep' = {
name: 'cosmos-mongo-account'
params: {
name: accountName
location: location
keyVaultName: keyVaultName
tags: tags
connectionStringKey: connectionStringKey
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
name: '${accountName}/${databaseName}'
tags: tags
properties: {
resource: { id: databaseName }
}
resource list 'collections' = [for collection in collections: {
name: collection.name
properties: {
resource: {
id: collection.id
shardKey: { _id: collection.shardKey }
indexes: [ { key: { keys: [ collection.indexKey ] } } ]
}
}
}]
dependsOn: [
cosmos
]
}
output connectionStringKey string = connectionStringKey
output databaseName string = databaseName
output endpoint string = cosmos.outputs.endpoint

21
infra/core/database/cosmos/sql/cosmos-sql-account.bicep Normal file
View File

@@ -0,0 +1,21 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param keyVaultName string
module cosmos '../../cosmos/cosmos-account.bicep' = {
name: 'cosmos-account'
params: {
name: name
location: location
tags: tags
keyVaultName: keyVaultName
kind: 'GlobalDocumentDB'
}
}
output connectionStringKey string = cosmos.outputs.connectionStringKey
output endpoint string = cosmos.outputs.endpoint
output id string = cosmos.outputs.id
output name string = cosmos.outputs.name

73
infra/core/database/cosmos/sql/cosmos-sql-db.bicep Normal file
View File

@@ -0,0 +1,73 @@
param accountName string
param databaseName string
param location string = resourceGroup().location
param tags object = {}
param containers array = []
param keyVaultName string
param principalIds array = []
module cosmos 'cosmos-sql-account.bicep' = {
name: 'cosmos-sql-account'
params: {
name: accountName
location: location
tags: tags
keyVaultName: keyVaultName
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
name: '${accountName}/${databaseName}'
properties: {
resource: { id: databaseName }
}
resource list 'containers' = [for container in containers: {
name: container.name
properties: {
resource: {
id: container.id
partitionKey: { paths: [ container.partitionKey ] }
}
options: {}
}
}]
dependsOn: [
cosmos
]
}
module roleDefintion 'cosmos-sql-role-def.bicep' = {
name: 'cosmos-sql-role-definition'
params: {
accountName: accountName
}
dependsOn: [
cosmos
database
]
}
// We need batchSize(1) here because sql role assignments have to be done sequentially
@batchSize(1)
module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
params: {
accountName: accountName
roleDefinitionId: roleDefintion.outputs.id
principalId: principalId
}
dependsOn: [
cosmos
database
]
}]
output accountId string = cosmos.outputs.id
output accountName string = cosmos.outputs.name
output connectionStringKey string = cosmos.outputs.connectionStringKey
output databaseName string = databaseName
output endpoint string = cosmos.outputs.endpoint
output roleDefinitionId string = roleDefintion.outputs.id

18
infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep Normal file
View File

@@ -0,0 +1,18 @@
param accountName string
param roleDefinitionId string
param principalId string = ''
resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
parent: cosmos
name: guid(roleDefinitionId, principalId, cosmos.id)
properties: {
principalId: principalId
roleDefinitionId: roleDefinitionId
scope: cosmos.id
}
}
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
name: accountName
}

29
infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep Normal file
View File

@@ -0,0 +1,29 @@
param accountName string
resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
parent: cosmos
name: guid(cosmos.id, accountName, 'sql-role')
properties: {
assignableScopes: [
cosmos.id
]
permissions: [
{
dataActions: [
'Microsoft.DocumentDB/databaseAccounts/readMetadata'
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
]
notDataActions: []
}
]
roleName: 'Reader Writer'
type: 'CustomRole'
}
}
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
name: accountName
}
output id string = roleDefinition.id

129
infra/core/database/sqlserver/sqlserver.bicep Normal file
View File

@@ -0,0 +1,129 @@
param name string
param location string = resourceGroup().location
param tags object = {}
param appUser string = 'appUser'
param databaseName string
param keyVaultName string
param sqlAdmin string = 'sqlAdmin'
param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING'
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
name: name
location: location
tags: tags
properties: {
version: '12.0'
minimalTlsVersion: '1.2'
publicNetworkAccess: 'Enabled'
administratorLogin: sqlAdmin
administratorLoginPassword: sqlAdminPassword
}
resource database 'databases' = {
name: databaseName
location: location
}
resource firewall 'firewallRules' = {
name: 'Azure Services'
properties: {
// Allow all clients
// Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
// This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
startIpAddress: '0.0.0.1'
endIpAddress: '255.255.255.254'
}
}
}
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: '${name}-deployment-script'
location: location
kind: 'AzureCLI'
properties: {
azCliVersion: '2.37.0'
retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
timeout: 'PT5M' // Five minutes
cleanupPreference: 'OnSuccess'
environmentVariables: [
{
name: 'APPUSERNAME'
value: appUser
}
{
name: 'APPUSERPASSWORD'
secureValue: appUserPassword
}
{
name: 'DBNAME'
value: databaseName
}
{
name: 'DBSERVER'
value: sqlServer.properties.fullyQualifiedDomainName
}
{
name: 'SQLCMDPASSWORD'
secureValue: sqlAdminPassword
}
{
name: 'SQLADMIN'
value: sqlAdmin
}
]
scriptContent: '''
wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
cat <<SCRIPT_END > ./initDb.sql
drop user ${APPUSERNAME}
go
create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
go
alter role db_owner add member ${APPUSERNAME}
go
SCRIPT_END
./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
'''
}
}
resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'sqlAdminPassword'
properties: {
value: sqlAdminPassword
}
}
resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: 'appUserPassword'
properties: {
value: appUserPassword
}
}
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: connectionStringKey
properties: {
value: '${connectionString}; Password=${appUserPassword}'
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output connectionStringKey string = connectionStringKey
output databaseName string = sqlServer::database.name

30
infra/core/database/sqlserver1.bicep → infra/core/database/sqlserver/sqlserver1.bicep
View File

@@ -1,23 +1,20 @@
param environmentName string
param name string
param location string = resourceGroup().location
param tags object = {}
param appUser string = 'appUser'
param dbName string
param databaseName string
param keyVaultName string
param sqlAdmin string = 'sqlAdmin'
param sqlConnectionStringKey string = 'AZURE-SQL-CATALOG-CONNECTION-STRING'
param connectionStringKey string = 'AZURE-SQL-CATALOG-CONNECTION-STRING'
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
var abbrs = loadJsonContent('../../abbreviations.json')
var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
var tags = { 'azd-env-name': environmentName }
resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
name: '${abbrs.sqlServers}${resourceToken}-Catalog'
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
name: name
location: location
tags: tags
properties: {
@@ -29,7 +26,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
}
resource database 'databases' = {
name: dbName
name: databaseName
location: location
}
@@ -46,7 +43,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
}
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: 'script-${resourceToken}-Catalog'
name: '${name}-deployment-script'
location: location
kind: 'AzureCLI'
properties: {
@@ -65,7 +62,7 @@ resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
}
{
name: 'DBNAME'
value: dbName
value: databaseName
}
{
name: 'DBSERVER'
@@ -117,9 +114,9 @@ resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' =
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: sqlConnectionStringKey
name: connectionStringKey
properties: {
value: '${azureSqlConnectionString}; Password=${appUserPassword}'
value: '${connectionString}; Password=${appUserPassword}'
}
}
@@ -127,5 +124,6 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
var azureSqlConnectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output sqlConnectionStringKey string = sqlConnectionStringKey
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output connectionStringKey string = connectionStringKey
output databaseName string = sqlServer::database.name

30
infra/core/database/sqlserver2.bicep → infra/core/database/sqlserver/sqlserver2.bicep
View File

@@ -1,23 +1,20 @@
param environmentName string
param name string
param location string = resourceGroup().location
param tags object = {}
param appUser string = 'appUser'
param dbName string
param databaseName string
param keyVaultName string
param sqlAdmin string = 'sqlAdmin'
param sqlConnectionStringKey string = 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
param connectionStringKey string = 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
@secure()
param sqlAdminPassword string
@secure()
param appUserPassword string
var abbrs = loadJsonContent('../../abbreviations.json')
var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
var tags = { 'azd-env-name': environmentName }
resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
name: '${abbrs.sqlServers}${resourceToken}-Identity'
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
name: name
location: location
tags: tags
properties: {
@@ -29,7 +26,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
}
resource database 'databases' = {
name: dbName
name: databaseName
location: location
}
@@ -46,7 +43,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-02-01-preview' = {
}
resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: 'script-${resourceToken}-Identity'
name: '${name}-deployment-script'
location: location
kind: 'AzureCLI'
properties: {
@@ -65,7 +62,7 @@ resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
}
{
name: 'DBNAME'
value: dbName
value: databaseName
}
{
name: 'DBSERVER'
@@ -117,9 +114,9 @@ resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' =
resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVault
name: sqlConnectionStringKey
name: connectionStringKey
properties: {
value: '${azureSqlConnectionString}; Password=${appUserPassword}'
value: '${connectionString}; Password=${appUserPassword}'
}
}
@@ -127,5 +124,6 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
var azureSqlConnectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output sqlConnectionStringKey string = sqlConnectionStringKey
var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
output connectionStringKey string = connectionStringKey
output databaseName string = sqlServer::database.name