{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "adminObjectId": { "type": "string" }, "databaseAccountName": { "type": "string" }, "domainName": { "type": "string" }, "keyvaultName": { "type": "string" }, "rpServicePrincipalId": { "type": "string" } }, "resources": [ { "properties": {}, "name": "[parameters('domainName')]", "type": "Microsoft.Network/dnsZones", "location": "global", "apiVersion": "2018-05-01" }, { "properties": { "tenantId": "[subscription().tenantId]", "sku": { "family": "A", "name": "standard" }, "accessPolicies": [ { "tenantId": "[subscription().tenantId]", "objectId": "[parameters('rpServicePrincipalId')]", "permissions": { "secrets": [ "get" ] } }, { "tenantId": "[subscription().tenantId]", "objectId": "[parameters('adminObjectId')]", "permissions": { "certificates": [ "create", "delete", "deleteissuers", "get", "getissuers", "import", "list", "listissuers", "managecontacts", "manageissuers", "purge", "recover", "setissuers", "update" ] } } ] }, "name": "[parameters('keyvaultName')]", "type": "Microsoft.KeyVault/vaults", "location": "[resourceGroup().location]", "apiVersion": "2016-10-01" }, { "kind": "GlobalDocumentDB", "properties": { "consistencyPolicy": { "defaultConsistencyLevel": "Strong" }, "locations": [ { "locationName": "[resourceGroup().location]" } ], "databaseAccountOfferType": "Standard", "disableKeyBasedMetadataWriteAccess": true }, "name": "[parameters('databaseAccountName')]", "type": "Microsoft.DocumentDB/databaseAccounts", "location": "[resourceGroup().location]", "tags": { "defaultExperience": "Core (SQL)" }, "apiVersion": "2019-08-01" }, { "properties": { "resource": { "id": "ARO" }, "options": {} }, "name": "[concat(parameters('databaseAccountName'), '/ARO')]", "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases", "apiVersion": "2019-08-01", "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]" ] }, { "properties": { "resource": { "id": "OpenShiftClusters", "partitionKey": { "paths": [ "/partitionKey" ], "kind": "Hash" }, "uniqueKeyPolicy": { "uniqueKeys": [ { "paths": [ "/key" ] } ] } }, "options": {} }, "name": "[concat(parameters('databaseAccountName'), '/ARO/OpenShiftClusters')]", "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers", "apiVersion": "2019-08-01", "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]" ] }, { "properties": { "resource": { "id": "Subscriptions", "partitionKey": { "paths": [ "/key" ], "kind": "Hash" }, "uniqueKeyPolicy": { "uniqueKeys": [ { "paths": [ "/key" ] } ] } }, "options": {} }, "name": "[concat(parameters('databaseAccountName'), '/ARO/Subscriptions')]", "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers", "apiVersion": "2019-08-01", "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]" ] }, { "name": "[guid(resourceGroup().id, 'RP / Reader')]", "type": "Microsoft.Authorization/roleAssignments", "properties": { "scope": "[resourceGroup().id]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "principalId": "[parameters('rpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview" }, { "name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), 'RP / DocumentDB Account Contributor'))]", "type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments", "properties": { "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", "principalId": "[parameters('rpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview", "dependsOn": [ "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]" ] }, { "name": "[concat(parameters('domainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', parameters('domainName')), 'RP / DNS Zone Contributor'))]", "type": "Microsoft.Network/dnsZones/providers/roleAssignments", "properties": { "scope": "[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]", "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", "principalId": "[parameters('rpServicePrincipalId')]", "principalType": "ServicePrincipal" }, "apiVersion": "2018-09-01-preview", "dependsOn": [ "[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]" ] } ] }