зеркало из https://github.com/Azure/ARO-RP.git
210 строки
8.2 KiB
JSON
210 строки
8.2 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"adminObjectId": {
|
|
"type": "string"
|
|
},
|
|
"databaseAccountName": {
|
|
"type": "string"
|
|
},
|
|
"domainName": {
|
|
"type": "string"
|
|
},
|
|
"keyvaultName": {
|
|
"type": "string"
|
|
},
|
|
"rpServicePrincipalId": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"properties": {},
|
|
"name": "[parameters('domainName')]",
|
|
"type": "Microsoft.Network/dnsZones",
|
|
"location": "global",
|
|
"apiVersion": "2018-05-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"tenantId": "[subscription().tenantId]",
|
|
"sku": {
|
|
"family": "A",
|
|
"name": "standard"
|
|
},
|
|
"accessPolicies": [
|
|
{
|
|
"tenantId": "[subscription().tenantId]",
|
|
"objectId": "[parameters('rpServicePrincipalId')]",
|
|
"permissions": {
|
|
"secrets": [
|
|
"get"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"tenantId": "[subscription().tenantId]",
|
|
"objectId": "[parameters('adminObjectId')]",
|
|
"permissions": {
|
|
"certificates": [
|
|
"create",
|
|
"delete",
|
|
"deleteissuers",
|
|
"get",
|
|
"getissuers",
|
|
"import",
|
|
"list",
|
|
"listissuers",
|
|
"managecontacts",
|
|
"manageissuers",
|
|
"purge",
|
|
"recover",
|
|
"setissuers",
|
|
"update"
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"name": "[parameters('keyvaultName')]",
|
|
"type": "Microsoft.KeyVault/vaults",
|
|
"location": "[resourceGroup().location]",
|
|
"apiVersion": "2016-10-01"
|
|
},
|
|
{
|
|
"kind": "GlobalDocumentDB",
|
|
"properties": {
|
|
"consistencyPolicy": {
|
|
"defaultConsistencyLevel": "Strong"
|
|
},
|
|
"locations": [
|
|
{
|
|
"locationName": "[resourceGroup().location]"
|
|
}
|
|
],
|
|
"databaseAccountOfferType": "Standard",
|
|
"disableKeyBasedMetadataWriteAccess": true
|
|
},
|
|
"name": "[parameters('databaseAccountName')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts",
|
|
"location": "[resourceGroup().location]",
|
|
"tags": {
|
|
"defaultExperience": "Core (SQL)"
|
|
},
|
|
"apiVersion": "2019-08-01"
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "ARO"
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/ARO')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "OpenShiftClusters",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/partitionKey"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"uniqueKeyPolicy": {
|
|
"uniqueKeys": [
|
|
{
|
|
"paths": [
|
|
"/key"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/ARO/OpenShiftClusters')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
|
|
]
|
|
},
|
|
{
|
|
"properties": {
|
|
"resource": {
|
|
"id": "Subscriptions",
|
|
"partitionKey": {
|
|
"paths": [
|
|
"/key"
|
|
],
|
|
"kind": "Hash"
|
|
},
|
|
"uniqueKeyPolicy": {
|
|
"uniqueKeys": [
|
|
{
|
|
"paths": [
|
|
"/key"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"options": {}
|
|
},
|
|
"name": "[concat(parameters('databaseAccountName'), '/ARO/Subscriptions')]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers",
|
|
"apiVersion": "2019-08-01",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', parameters('databaseAccountName'), 'ARO')]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[guid(resourceGroup().id, 'RP / Reader')]",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceGroup().id]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview"
|
|
},
|
|
{
|
|
"name": "[concat(parameters('databaseAccountName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName')), 'RP / DocumentDB Account Contributor'))]",
|
|
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('databaseAccountName'))]"
|
|
]
|
|
},
|
|
{
|
|
"name": "[concat(parameters('domainName'), '/Microsoft.Authorization/', guid(resourceId('Microsoft.Network/dnsZones', parameters('domainName')), 'RP / DNS Zone Contributor'))]",
|
|
"type": "Microsoft.Network/dnsZones/providers/roleAssignments",
|
|
"properties": {
|
|
"scope": "[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]",
|
|
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
|
|
"principalId": "[parameters('rpServicePrincipalId')]",
|
|
"principalType": "ServicePrincipal"
|
|
},
|
|
"apiVersion": "2018-09-01-preview",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.Network/dnsZones', parameters('domainName'))]"
|
|
]
|
|
}
|
|
]
|
|
}
|