ARO-RP/deploy/rp-development.json

188 строки
8.1 KiB
JSON

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterParentDomainName": {
"type": "string"
},
"databaseAccountName": {
"type": "string"
},
"fpServicePrincipalId": {
"type": "string"
},
"rpServicePrincipalId": {
"type": "string"
}
},
"resources": [
{
"properties": {},
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'))]",
"type": "Microsoft.Network/dnsZones",
"location": "global",
"apiVersion": "2018-05-01"
},
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/24"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.0.0.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-nsg')]",
"tags": null
}
},
"name": "rp-subnet"
}
]
},
"name": "rp-vnet",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.4.0/22"
]
},
"subnets": [
{
"properties": {
"addressPrefix": "10.0.4.0/22",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'rp-pe-nsg')]",
"tags": null
},
"privateEndpointNetworkPolicies": "Disabled"
},
"name": "rp-pe-subnet"
}
]
},
"name": "rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"apiVersion": "2019-07-01"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
}
},
"name": "rp-vnet/peering-rp-pe-vnet-001",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]"
],
"location": "[resourceGroup().location]"
},
{
"properties": {
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": true,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"remoteVirtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
}
},
"name": "rp-pe-vnet-001/peering-rp-vnet",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"apiVersion": "2019-07-01",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-pe-vnet-001')]",
"[resourceId('Microsoft.Network/virtualNetworks', 'rp-vnet')]"
],
"location": "[resourceGroup().location]"
},
{
"kind": "GlobalDocumentDB",
"properties": {
"consistencyPolicy": {
"defaultConsistencyLevel": "Strong"
},
"locations": [
{
"locationName": "[resourceGroup().location]"
}
],
"databaseAccountOfferType": "Standard"
},
"name": "[parameters('databaseAccountName')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "Core (SQL)"
},
"apiVersion": "2019-08-01"
},
{
"name": "[guid(resourceGroup().id, parameters('rpServicePrincipalId'), 'RP / Reader')]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"scope": "[resourceGroup().id]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview"
},
{
"name": "[guid(resourceGroup().id, 'FP / Network Contributor')]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"scope": "[resourceGroup().id]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
"principalId": "[parameters('fpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview"
},
{
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), parameters('rpServicePrincipalId'), 'RP / DocumentDB Account Contributor'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
]
},
{
"name": "[concat(resourceGroup().location, '.', parameters('clusterParentDomainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')), 'FP / DNS Zone Contributor'))]",
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
"principalId": "[parameters('fpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Network/dnsZones', concat(resourceGroup().location, '.', parameters('clusterParentDomainName')))]"
]
}
]
}