ARO-RP/deploy/rp-development.json

210 строки
8.2 KiB
JSON

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminObjectId": {
"type": "string"
},
"databaseAccountName": {
"type": "string"
},
"domainName": {
"type": "string"
},
"keyvaultName": {
"type": "string"
},
"rpServicePrincipalId": {
"type": "string"
}
},
"resources": [
{
"properties": {},
"name": "[parameters('domainName')]",
"type": "Microsoft.Network/dnsZones",
"location": "global",
"apiVersion": "2018-05-01"
},
{
"properties": {
"tenantId": "[subscription().tenantId]",
"sku": {
"family": "A",
"name": "standard"
},
"accessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('rpServicePrincipalId')]",
"permissions": {
"secrets": [
"get"
]
}
},
{
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('adminObjectId')]",
"permissions": {
"certificates": [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"recover",
"setissuers",
"update"
]
}
}
]
},
"name": "[parameters('keyvaultName')]",
"type": "Microsoft.KeyVault/vaults",
"location": "[resourceGroup().location]",
"apiVersion": "2016-10-01"
},
{
"kind": "GlobalDocumentDB",
"properties": {
"consistencyPolicy": {
"defaultConsistencyLevel": "Strong"
},
"locations": [
{
"locationName": "[resourceGroup().location]"
}
],
"databaseAccountOfferType": "Standard",
"disableKeyBasedMetadataWriteAccess": true
},
"name": "[parameters('databaseAccountName')]",
"type": "Microsoft.DocumentDB/databaseAccounts",
"location": "[resourceGroup().location]",
"tags": {
"defaultExperience": "Core (SQL)"
},
"apiVersion": "2019-08-01"
},
{
"properties": {
"resource": {
"id": "ARO"
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
]
},
{
"properties": {
"resource": {
"id": "OpenShiftClusters",
"partitionKey": {
"paths": [
"/partitionKey"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": [
{
"paths": [
"/key"
]
}
]
}
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO/OpenShiftClusters')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
]
},
{
"properties": {
"resource": {
"id": "Subscriptions",
"partitionKey": {
"paths": [
"/key"
],
"kind": "Hash"
},
"uniqueKeyPolicy": {
"uniqueKeys": [
{
"paths": [
"/key"
]
}
]
}
},
"options": {}
},
"name": "[concat(parameters('databaseAccountName'), '/ARO/Subscriptions')]",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
"apiVersion": "2019-08-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
]
},
{
"name": "[guid(resourceGroup().id, 'RP / Reader')]",
"type": "Microsoft.Authorization/roleAssignments",
"properties": {
"scope": "[resourceGroup().id]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview"
},
{
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), 'RP / DocumentDB Account Contributor'))]",
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
]
},
{
"name": "[concat(parameters('domainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', parameters('domainName')), 'RP / DNS Zone Contributor'))]",
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
"properties": {
"scope": "[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]",
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
"principalId": "[parameters('rpServicePrincipalId')]",
"principalType": "ServicePrincipal"
},
"apiVersion": "2018-09-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]"
]
}
]
}