Azure
/
data-product-analytics
зеркало из https://github.com/Azure/data-product-analytics.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bicep (#41) 

* added first bicep templates

* updated workflows

* updated dev container

* removed arm

* removed update parameter process

* added bicep templates

* added linting

* updated params

* updated machine learning deployment

* * updated docs
* added parameter files

* linting
This commit is contained in:
Marvin Buss 2021-06-09 15:12:23 +02:00 коммит произвёл GitHub
Родитель 5d86200b84
Коммит e0b63f0975
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
66 изменённых файлов: 4949 добавлений и 5578 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

812
.ado/workflows/dataProductDeployment.yml
Просмотреть файл

@ -6,23 +6,8 @@ trigger:
- main
paths:
include:
- infra/ApplicationInsights/*
- infra/BigDataPool/*
- infra/CognitiveServices/*
- infra/ContainerRegistry/*
- infra/DataFactory/*
- infra/KeyVault/*
- infra/LogicApps/*
- infra/MachineLearning/*
- infra/MachineLearningAks/*
- infra/MachineLearningCluster/*
- infra/MachineLearningComputeInstance/*
- infra/MachineLearningDatabricks/*
- infra/MachineLearningSynapse/*
- infra/Search/*
- infra/SqlPool/*
- infra/Storage/*
- infra/Synapse/*
- code/*
- infra/*
- .ado/workflows/dataProductDeployment.yml
pr:
branches:
@ -30,714 +15,123 @@ pr:
- main
paths:
include:
- infra/ApplicationInsights/*
- infra/BigDataPool/*
- infra/CognitiveServices/*
- infra/ContainerRegistry/*
- infra/DataFactory/*
- infra/KeyVault/*
- infra/LogicApps/*
- infra/MachineLearning/*
- infra/MachineLearningAks/*
- infra/MachineLearningCluster/*
- infra/MachineLearningComputeInstance/*
- infra/MachineLearningDatabricks/*
- infra/MachineLearningSynapse/*
- infra/Search/*
- infra/SqlPool/*
- infra/Storage/*
- infra/Synapse/*
- code/*
- infra/*
- .ado/workflows/dataProductDeployment.yml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'data-dp-service-connection' # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dp001' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'North Europe' # Update to '{regionName}'
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dp001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
stages:
- stage: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of IaC templates"
jobs:
- job: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of IaC templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout code
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_validation
displayName: Deploy Key Vault 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Validation'
# Deploy Key Vault 002 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_002_validation
displayName: Deploy Key Vault 002 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault002.json'
deploymentMode: 'Validation'
# Deploy Storage Account 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_validation
displayName: Deploy Storage Account 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Validation'
# Deploy Application Insights 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: application_insights_001_validation
displayName: Deploy Application Insights 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ApplicationInsights/deploy.applicationInsights.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ApplicationInsights/params.applicationInsights001.json'
deploymentMode: 'Validation'
# Deploy Container Registry 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: container_registry_001_validation
displayName: Deploy Container Registry 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ContainerRegistry/deploy.containerRegistry.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ContainerRegistry/params.containerRegistry001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_001_validation
displayName: Deploy Machine Learning 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearning/deploy.machineLearning.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearning/params.machineLearning001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning Cluster 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_cluster_001_validation
displayName: Deploy Machine Learning Cluster 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningCluster/deploy.machineLearningCluster.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningCluster/params.machineLearningCluster001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning Compute Instance 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_compute_instance_001_validation
displayName: Deploy Machine Learning Compute Instance 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning Databricks 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_databricks_001_validation
displayName: Deploy Machine Learning Databricks 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningDatabricks/deploy.machineLearningDatabricks.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning AKS 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_aks_001_validation
displayName: Deploy Machine Learning AKS 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningAks/deploy.machineLearningAks.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningAks/params.machineLearningAks001.json'
deploymentMode: 'Validation'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_validation
displayName: Deploy Synapse 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Validation'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# Deploy SQL Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_pool_001_validation
displayName: Deploy SQL Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
deploymentMode: 'Validation'
# Deploy Big Data Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_validation
displayName: Deploy Big Data Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Validation'
# Deploy Machine Learning Synapse 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_synapse_001_validation
displayName: Deploy Machine Learning Synapse 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningSynapse/deploy.machineLearningSynapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningSynapse/params.machineLearningSynapse001.json'
deploymentMode: 'Validation'
# Deploy Cognitive Services 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: cogitive_services_001_validation
displayName: Deploy Cognitive Services 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CognitiveServices/deploy.cognitiveService.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CognitiveServices/params.cognitiveService001.json'
deploymentMode: 'Validation'
# Deploy Search 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: search_001_validation
displayName: Deploy Search 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Search/deploy.search.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Search/params.search001.json'
deploymentMode: 'Validation'
# Deploy Data Factory 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_factory_001_validation
displayName: Deploy Data Factory 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
deploymentMode: 'Validation'
# Checkout code
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Product - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_product_validation
displayName: Deploy Data Product - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Validation"
overrideParameters: >
-administratorPassword "$(password)"
- stage: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of IaC templates"
dependsOn: Validation
# condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of IaC templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout repository
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_deployment
displayName: Deploy Key Vault 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Incremental'
# Deploy Key Vault 002
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_002_deployment
displayName: Deploy Key Vault 002
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault002.json'
deploymentMode: 'Incremental'
# Deploy Storage Account 001
- task: AzureResourceManagerTemplateDeployment@3
name: storage_account_001_deployment
displayName: Deploy Storage Account 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Storage/deploy.storage.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Storage/params.storage001.json'
deploymentMode: 'Incremental'
# Deploy Application Insights 001
- task: AzureResourceManagerTemplateDeployment@3
name: application_insights_001_deployment
displayName: Deploy Application Insights 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ApplicationInsights/deploy.applicationInsights.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ApplicationInsights/params.applicationInsights001.json'
deploymentMode: 'Incremental'
# Deploy Container Registry 001
- task: AzureResourceManagerTemplateDeployment@3
name: container_registry_001_deployment
displayName: Deploy Container Registry 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/ContainerRegistry/deploy.containerRegistry.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/ContainerRegistry/params.containerRegistry001.json'
deploymentMode: 'Incremental'
# Deploy Machine Learning 001
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_001_deployment
displayName: Deploy Machine Learning 001
enabled: true
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearning/deploy.machineLearning.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearning/params.machineLearning001.json'
deploymentMode: 'Incremental'
# Deploy Machine Learning Cluster 001
- task: AzureResourceManagerTemplateDeployment@3
name: machine_learning_cluster_001_deployment
displayName: Deploy Machine Learning Cluster 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningCluster/deploy.machineLearningCluster.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningCluster/params.machineLearningCluster001.json'
deploymentMode: 'Incremental'
# # Deploy Machine Learning Compute Instance 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: machine_learning_compute_instance_001_deployment
# displayName: Deploy Machine Learning Compute Instance 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json'
# deploymentMode: 'Incremental'
# # Deploy Machine Learning Databricks 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: machine_learning_databricks_001_deployment
# displayName: Deploy Machine Learning Databricks 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningDatabricks/deploy.machineLearningDatabricks.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json'
# deploymentMode: 'Incremental'
# # Deploy Machine Learning AKS 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: machine_learning_aks_001_deployment
# displayName: Deploy Machine Learning AKS 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningAks/deploy.machineLearningAks.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningAks/params.machineLearningAks001.json'
# deploymentMode: 'Incremental'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_deployment
displayName: Deploy Synapse 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# # Deploy SQL Pool 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: sql_pool_001_deployment
# displayName: Deploy SQL Pool 001
# enabled: false
# continueOnError: true
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
# deploymentMode: 'Incremental'
# Deploy Big Data Pool 001
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_deployment
displayName: Deploy Big Data Pool 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Incremental'
# # Deploy Machine Learning Synapse 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: machine_learning_synapse_001_deployment
# displayName: Deploy Machine Learning Synapse 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningSynapse/deploy.machineLearningSynapse.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MachineLearningSynapse/params.machineLearningSynapse001.json'
# deploymentMode: 'Incremental'
# Deploy Cognitive Services 001
- task: AzureResourceManagerTemplateDeployment@3
name: cogitive_services_001_deployment
displayName: Deploy Cognitive Services 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CognitiveServices/deploy.cognitiveService.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CognitiveServices/params.cognitiveService001.json'
deploymentMode: 'Incremental'
# Deploy Search 001
- task: AzureResourceManagerTemplateDeployment@3
name: search_001_deployment
displayName: Deploy Search 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Search/deploy.search.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Search/params.search001.json'
deploymentMode: 'Incremental'
# # Deploy Data Factory 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: data_factory_001_deployment
# displayName: Deploy Data Factory 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
# deploymentMode: 'Incremental'
# Checkout repository
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Product
- task: AzureResourceManagerTemplateDeployment@3
name: data_product_deployment
displayName: Deploy Data Product
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Incremental"
overrideParameters: >
-administratorPassword "$(password)"

24
.devcontainer/Dockerfile
Просмотреть файл

@ -1,19 +1,13 @@
FROM mcr.microsoft.com/powershell:lts-debian-11
# [Choice] .NET Core version: 3.1, 2.1
ARG VARIANT=3.1
FROM mcr.microsoft.com/vscode/devcontainers/dotnet:0-${VARIANT}
# [Option] Install zsh
ARG INSTALL_ZSH="true"
# [Option] Upgrade OS packages to their latest versions
ARG UPGRADE_PACKAGES="true"
COPY library-scripts/azcli-debian.sh /tmp/library-scripts/
RUN bash /tmp/library-scripts/azcli-debian.sh \
&& curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
&& chmod +x /usr/local/bin/bicep \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
COPY library-scripts/*.sh /tmp/library-scripts/
RUN apt-get update \
&& /bin/bash /tmp/library-scripts/common-debian.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" "true" "false" \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# [Optional] Uncomment this section to install additional packages.
# [Optional] Uncomment this section to install additional OS packages.
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
# && apt-get -y install --no-install-recommends <your-package-list-here>

21
.devcontainer/devcontainer.json
Просмотреть файл

@ -1,28 +1,27 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
// https://github.com/microsoft/vscode-dev-containers/tree/v0.169.0/containers/powershell
// https://github.com/microsoft/vscode-dev-containers/tree/v0.181.0/containers/azure-bicep
{
"name": "PowerShell",
"name": "Azure Bicep (Community)",
"dockerFile": "Dockerfile",
// Set *default* container specific settings.json values on container create.
"settings": {
"settings": {
"terminal.integrated.shell.linux": "/bin/bash"
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-vscode.azure-account",
"ms-vscode.powershell",
"ms-vscode.azurecli",
"ms-vscode.powershell",
"ms-dotnettools.vscode-dotnet-runtime",
"ms-azuretools.vscode-bicep",
"msazurermtools.azurerm-vscode-tools"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Uncomment the next line to run commands after the container is created. This gets run in bash which is why we call `pwsh`.
// "postCreateCommand": "pwsh -c '$PSVersionTable'",
// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

34
.devcontainer/library-scripts/azcli-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,34 @@
#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/azcli.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./azcli-debian.sh
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, lsb-release, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates lsb-release > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates lsb-release gnupg2
fi
# Install the Azure CLI
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list
curl -sL https://packages.microsoft.com/keys/microsoft.asc | (OUT=$(apt-key add - 2>&1) || echo $OUT)
apt-get update
apt-get install -y azure-cli
echo "Done!"

76
.devcontainer/library-scripts/common-debian.sh
Просмотреть файл

@ -4,7 +4,7 @@
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/common.md
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./common-debian.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] [Add non-free packages]
@ -110,15 +110,16 @@ if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then
man-db \
strace \
manpages \
manpages-dev "
manpages-dev \
init-system-helpers"
# Needed for adding manpages-posix and manpages-posix-dev which are non-free packages in Debian
if [ "${ADD_NON_FREE_PACKAGES}" = "true" ]; then
CODENAME="$(cat /etc/os-release | grep -oE '^VERSION_CODENAME=.+$' | cut -d'=' -f2)"
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main contrib non-free/" /etc/apt/sources.list
@ -213,7 +214,7 @@ if [ -z "${USER}" ]; then export USER=$(whoami); fi
if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi
# Display optional first run image specific notice if configured and terminal is interactive
if [ -t 1 ] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then
cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt"
elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then
@ -248,6 +249,18 @@ fi
EOF
chmod +x /usr/local/bin/code
# systemctl shim - tells people to use 'service' if systemd is not running
cat << 'EOF' > /usr/local/bin/systemctl
#!/bin/sh
set -e
if [ -d "/run/systemd/system" ]; then
exec /bin/systemctl/systemctl "$@"
else
echo '\n"systemd" is not running in this container due to its overhead.\nUse the "service" command to start services intead. e.g.: \n\nservice --status-all'
fi
EOF
chmod +x /usr/local/bin/systemctl
# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme
CODESPACES_BASH="$(cat \
<<'EOF'
@ -287,8 +300,9 @@ __zsh_prompt() {
else
prompt_username="%n"
fi
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )"
PROMPT+='%{$fg_bold[blue]%}%~%{$reset_color%} $(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}'
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow
PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd
PROMPT+='$(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}' # Git status
unset -f __zsh_prompt
}
ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}"
@ -321,8 +335,10 @@ EOF
if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then
echo "${RC_SNIPPET}" >> /etc/bash.bashrc
echo "${CODESPACES_BASH}" >> "${USER_RC_PATH}/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "${USER_RC_PATH}/.bashrc"
if [ "${USERNAME}" != "root" ]; then
echo "${CODESPACES_BASH}" >> "/root/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "/root/.bashrc"
fi
chown ${USERNAME}:${USERNAME} "${USER_RC_PATH}/.bashrc"
RC_SNIPPET_ALREADY_ADDED="true"
@ -354,7 +370,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
# Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for offical script.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script.
OH_MY_INSTALL_DIR="${USER_RC_PATH}/.oh-my-zsh"
if [ ! -d "${OH_MY_INSTALL_DIR}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then
TEMPLATE_PATH="${OH_MY_INSTALL_DIR}/templates/zshrc.zsh-template"
@ -370,6 +386,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
"https://github.com/ohmyzsh/ohmyzsh" "${OH_MY_INSTALL_DIR}" 2>&1
echo -e "$(cat "${TEMPLATE_PATH}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${USER_RC_FILE}
sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${USER_RC_FILE}
mkdir -p ${OH_MY_INSTALL_DIR}/custom/themes
echo "${CODESPACES_ZSH}" > "${OH_MY_INSTALL_DIR}/custom/themes/codespaces.zsh-theme"
# Shrink git while still enabling updates
@ -383,6 +400,45 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
fi
# Persist image metadata info, script if meta.env found in same directory
META_INFO_SCRIPT="$(cat << 'EOF'
#!/bin/sh
. /usr/local/etc/vscode-dev-containers/meta.env
# Minimal output
if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then
echo "${VERSION}"
exit 0
elif [ "$1" = "release" ]; then
echo "${GIT_REPOSITORY_RELEASE}"
exit 0
elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then
echo "${CONTENTS_URL}"
exit 0
fi
#Full output
echo
echo "Development container image information"
echo
if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi
if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi
if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi
if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi
if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi
if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi
if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi
echo
EOF
)"
SCRIPT_DIR="$(cd $(dirname $0) && pwd)"
if [ -f "${SCRIPT_DIR}/meta.env" ]; then
mkdir -p /usr/local/etc/vscode-dev-containers/
cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env
echo "${META_INFO_SCRIPT}" > /usr/local/bin/devcontainer-info
chmod +x /usr/local/bin/devcontainer-info
fi
# Write marker file
mkdir -p "$(dirname "${MARKER_FILE}")"
echo -e "\

122
.devcontainer/library-scripts/node-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,122 @@
#!/bin/bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/node.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./node-debian.sh [directory to install nvm] [node version to install (use "none" to skip)] [non-root user] [Update rc files flag]
export NVM_DIR=${1:-"/usr/local/share/nvm"}
export NODE_VERSION=${2:-"lts/*"}
USERNAME=${3:-"automatic"}
UPDATE_RC=${4:-"true"}
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
# Ensure that login shells get the correct path if the user updated the PATH using ENV.
rm -f /etc/profile.d/00-restore-env.sh
echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
chmod +x /etc/profile.d/00-restore-env.sh
# Determine the appropriate non-root user
if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
USERNAME=""
POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
for CURRENT_USER in ${POSSIBLE_USERS[@]}; do
if id -u ${CURRENT_USER} > /dev/null 2>&1; then
USERNAME=${CURRENT_USER}
break
fi
done
if [ "${USERNAME}" = "" ]; then
USERNAME=root
fi
elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then
USERNAME=root
fi
if [ "${NODE_VERSION}" = "none" ]; then
export NODE_VERSION=
fi
function updaterc() {
if [ "${UPDATE_RC}" = "true" ]; then
echo "Updating /etc/bash.bashrc and /etc/zsh/zshrc..."
echo -e "$1" >> /etc/bash.bashrc
if [ -f "/etc/zsh/zshrc" ]; then
echo -e "$1" >> /etc/zsh/zshrc
fi
fi
}
# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, tar, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates tar > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates tar gnupg2
fi
# Install yarn
if type yarn > /dev/null 2>&1; then
echo "Yarn already installed."
else
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | (OUT=$(apt-key add - 2>&1) || echo $OUT)
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update
apt-get -y install --no-install-recommends yarn
fi
# Install the specified node version if NVM directory already exists, then exit
if [ -d "${NVM_DIR}" ]; then
echo "NVM already installed."
if [ "${NODE_VERSION}" != "" ]; then
su ${USERNAME} -c ". $NVM_DIR/nvm.sh && nvm install ${NODE_VERSION} && nvm clear-cache"
fi
exit 0
fi
# Create nvm group, nvm dir, and set sticky bit
if ! cat /etc/group | grep -e "^nvm:" > /dev/null 2>&1; then
groupadd -r nvm
fi
umask 0002
usermod -a -G nvm ${USERNAME}
mkdir -p ${NVM_DIR}
chown :nvm ${NVM_DIR}
chmod g+s ${NVM_DIR}
su ${USERNAME} -c "$(cat << EOF
set -e
umask 0002
# Do not update profile - we'll do this manually
export PROFILE=/dev/null
curl -so- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
source ${NVM_DIR}/nvm.sh
if [ "${NODE_VERSION}" != "" ]; then
nvm alias default ${NODE_VERSION}
fi
nvm clear-cache
EOF
)" 2>&1
# Update rc files
if [ "${UPDATE_RC}" = "true" ]; then
updaterc "$(cat <<EOF
export NVM_DIR="${NVM_DIR}"
[ -s "\$NVM_DIR/nvm.sh" ] && . "\$NVM_DIR/nvm.sh"
[ -s "\$NVM_DIR/bash_completion" ] && . "\$NVM_DIR/bash_completion"
EOF
)"
fi
echo "Done!"

13
.github/linters/.arm-ttk.psd1 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,13 @@
# Documentation:
# - Test Parameters: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters
# - Test Cases: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-cases
@{
# Test = @( )
Skip = @(
'Template Should Not Contain Blanks',
'DeploymentTemplate Must Not Contain Hardcoded Uri'
'DependsOn Best Practices',
'Outputs Must Not Contain Secrets',
'IDs Should Be Derived From ResourceIDs'
)
}

104
.github/linters/.dockerfilelintrc поставляемый Normal file
Просмотреть файл

@ -0,0 +1,104 @@
---
###########################
###########################
## Dockerfile Lint rules ##
###########################
###########################
#################################
# Default is 'on' for all rules #
# You can disable as needed. #
#################################
# Additional Info can be found at:
# https://github.com/replicatedhq/dockerfilelint
# Set the rules
rules:
# All commands in a Dockerfile require at least 1 argument
required_params: on
# For clarity and readability, all instructions in
# a Dockerfile should be uppercase
uppercase_commands: on
# The first instruction in a Dockerfile must specify
# the base image using a FROM
from_first: on
# This line is not a valid Dockerfile line
invalid_line: on
# Use of sudo is not allowed in a Dockerfile
sudo_usage: on
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_missing_param: on
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_recommends: on
# Use of `apt-get upgrade` is not allowed in a Dockerfile
apt-get-upgrade: on
# Use of `apt-get dist-upgrade` is not allowed in a Dockerfile
apt-get-dist-upgrade: on
# All instances of `apt-get update` should have the `apt-get install`
# commands on the same line to reduce image size
apt-get-update_require_install: off
# Consider using a `--no-cache` (supported in alpine linux >= 3.3) or
# `--update` followed by the command `rm -rf /var/cache/apk/*`
# when `apk` adding packages. This will result in a smaller image size
apkadd-missing_nocache_or_updaterm: on
# Consider using a `--virtual` or `-t` switch to group multiple packages
# for easy cleanup. This will help ensure future authors will continue
# to clean up build dependencies and other temporary packages
apkadd-missing-virtual: on
# Exposing ports should only be valid port numbers
invalid_port: on
# Only valid commands are allowed in a Dockerfile
invalid_command: on
# Expose Only Container Port
expose_host_port: on
# Using LABEL should be in key=value format
label_invalid: on
# Base images should specify a tag to use
missing_tag: on
# Base images should not use the latest tag
latest_tag: on
# This command has extra arguments and will be ignored
extra_args: on
# This command requires additional arguments
missing_args: on
# All files referenced in an ADD command should
# be part of the Docker build context
add_src_invalid: on
# When adding multiple files, the destination should be a directory
add_dest_invalid: on
# Using a WORKDIR parameter that has spaces should be escaped
invalid_workdir: on
# The arguments to this command are invalid
invalid_format: on
# Use of apt-get update should be paired with
# rm -rf /var/lib/apt/lists/* in the same layer
apt-get_missing_rm: on
# This INSTRUCTION is deprecated as of Docker 1.13
deprecated_in_1.13: on

36
.github/linters/.markdown-lint.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,36 @@
---
###########################
###########################
## Markdown Linter rules ##
###########################
###########################
# Linter rules doc:
# - https://github.com/DavidAnson/markdownlint
#
# Note:
# To comment out a single error:
# <!-- markdownlint-disable -->
# any violations you want
# <!-- markdownlint-restore -->
#
###############
# Rules by id #
###############
MD004: false # Unordered list style
MD007:
indent: 2 # Unordered list indentation
MD013:
line_length: 10000 # Line length 80 is far to short
MD026:
punctuation: ".,;:!。,;:" # List of not allowed
MD029: false # Ordered list item prefix
MD033: false # Allow inline HTML
MD036: false # Emphasis used instead of a heading
MD041: false
#################
# Rules by tags #
#################
blank_lines: false # Error on blank lines

19
.github/linters/.powershell-psscriptanalyzer.psd1 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,19 @@
#Documentation: https://github.com/PowerShell/PSScriptAnalyzer/blob/master/docs/markdown/Invoke-ScriptAnalyzer.md#-settings
@{
#CustomRulePath='path\to\CustomRuleModule.psm1'
#RecurseCustomRulePath='path\of\customrules'
#Severity = @(
# 'Error'
# 'Warning'
#)
#IncludeDefaultRules=${true}
ExcludeRules = @(
'PSUseShouldProcessForStateChangingFunctions',
'PSReviewUnusedParameter'
'PSAvoidGlobalVars'
'PSAvoidUsingPlainTextForPassword'
'PSAvoidUsingConvertToSecureStringWithPlainText'
'PSPossibleIncorrectUsageOfAssignmentOperator'
)
#IncludeRules = @( )
}

666
.github/workflows/dataProductDeployment.yml поставляемый
Просмотреть файл

@ -2,586 +2,116 @@ name: Data Product Deployment
on:
push:
branches: [ main ]
branches: [main]
paths:
- 'infra/ApplicationInsights/**'
- 'infra/BigDataPool/**'
- 'infra/CognitiveServices/**'
- 'infra/ContainerRegistry/**'
- 'infra/DataFactory/**'
- 'infra/KeyVault/**'
- 'infra/LogicApps/**'
- 'infra/MachineLearning/**'
- 'infra/MachineLearningAks/**'
- 'infra/MachineLearningCluster/**'
- 'infra/MachineLearningComputeInstance/**'
- 'infra/MachineLearningDatabricks/**'
- 'infra/MachineLearningSynapse/**'
- 'infra/Search/**'
- 'infra/SqlPool/**'
- 'infra/Storage/**'
- 'infra/Synapse/**'
- '.github/workflows/dataProductDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataProductDeployment.yml"
pull_request:
branches: [ main ]
branches: [main]
paths:
- 'infra/ApplicationInsights/**'
- 'infra/BigDataPool/**'
- 'infra/CognitiveServices/**'
- 'infra/ContainerRegistry/**'
- 'infra/DataFactory/**'
- 'infra/KeyVault/**'
- 'infra/LogicApps/**'
- 'infra/MachineLearning/**'
- 'infra/MachineLearningAks/**'
- 'infra/MachineLearningCluster/**'
- 'infra/MachineLearningComputeInstance/**'
- 'infra/MachineLearningDatabricks/**'
- 'infra/MachineLearningSynapse/**'
- 'infra/Search/**'
- 'infra/SqlPool/**'
- 'infra/Storage/**'
- 'infra/Synapse/**'
- '.github/workflows/dataProductDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataProductDeployment.yml"
env:
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dp001' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'northeurope' # Update to '{regionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dp001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
jobs:
create-resource-group:
runs-on: ubuntu-latest
steps:
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Create resource group
- name: Create resource group
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
echo "Validating existence of resource group ${{ env.AZURE_RESOURCE_GROUP_NAME }}"
az group exists --name ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# Log out from Azure
- name: Log out from Azure
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
az logout
validation:
needs: [ create-resource-group ]
name: "Validation of IaC templates"
runs-on: ubuntu-latest
continue-on-error: false
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001 - validation
- name: Deploy Key Vault 001 - validation
id: key_vault_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Validate
# Deploy Key Vault 002 - validation
- name: Deploy Key Vault 002 - validation
id: key_vault_002_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault002.json
deploymentMode: Validate
# Deploy Storage Account 001 - validation
- name: Deploy Storage Account 001 - validation
id: storage_account_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Validate
# Deploy Application Insights 001 - validation
- name: Deploy Application Insights 001 - validation
id: application_insights_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ApplicationInsights/deploy.applicationInsights.json
parameters: ${{ github.workspace }}/infra/ApplicationInsights/params.applicationInsights001.json
deploymentMode: Validate
# Deploy Container Registry 001 - validation
- name: Deploy Container Registry 001 - validation
id: container_registry_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ContainerRegistry/deploy.containerRegistry.json
parameters: ${{ github.workspace }}/infra/ContainerRegistry/params.containerRegistry001.json
deploymentMode: Validate
# Deploy Machine Learning 001 - validation
- name: Deploy Machine Learning 001 - validation
id: machine_learning_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearning/deploy.machineLearning.json
parameters: ${{ github.workspace }}/infra/MachineLearning/params.machineLearning001.json
deploymentMode: Validate
# Deploy Machine Learning Cluster 001 - validation
- name: Deploy Machine Learning Cluster 001 - validation
id: machine_learning_cluster_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningCluster/deploy.machineLearningCluster.json
parameters: ${{ github.workspace }}/infra/MachineLearningCluster/params.machineLearningCluster001.json
deploymentMode: Validate
# Deploy Machine Learning Compute Instance 001 - validation
- name: Deploy Machine Learning Compute Instance 001 - validation
id: machine_learning_compute_instance_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json
parameters: ${{ github.workspace }}/infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json
deploymentMode: Validate
# Deploy Machine Learning Databricks 001 - validation
- name: Deploy Machine Learning Databricks 001 - validation
id: machine_learning_databricks_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningDatabricks/deploy.machineLearningDatabricks.json
parameters: ${{ github.workspace }}/infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json
deploymentMode: Validate
# Deploy Machine Learning AKS 001 - validation
- name: Deploy Machine Learning AKS 001 - validation
id: machine_learning_aks_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningAks/deploy.machineLearningAks.json
parameters: ${{ github.workspace }}/infra/MachineLearningAks/params.machineLearningAks001.json
deploymentMode: Validate
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001 - validation
- name: Deploy Synapse 001 - validation
id: synapse_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# Deploy Sql Pool 001 - validation
- name: Deploy Sql Pool 001 - validation
id: sql_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
deploymentMode: Validate
# Deploy Big Data Pool 001 - validation
- name: Deploy Big Data Pool 001 - validation
id: big_data_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Validate
# Deploy Machine Learning Synapse 001 - validation
- name: Deploy Machine Learning Synapse 001 - validation
id: machine_learning_synapse_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningSynapse/deploy.machineLearningSynapse.json
parameters: ${{ github.workspace }}/infra/MachineLearningSynapse/params.machineLearningSynapse001.json
deploymentMode: Validate
# Deploy Cognitive Services 001 - validation
- name: Deploy Cognitive Services 001 - validation
id: cogitive_services_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CognitiveServices/deploy.cognitiveService.json
parameters: ${{ github.workspace }}/infra/CognitiveServices/params.cognitiveService001.json
deploymentMode: Validate
# Deploy Search 001 - validation
- name: Deploy Search 001 - validation
id: search_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Search/deploy.search.json
parameters: ${{ github.workspace }}/infra/Search/params.search001.json
deploymentMode: Validate
# Deploy Data Factory 001 - validation
- name: Deploy Data Factory 001 - validation
id: data_factory_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
deploymentMode: Validate
# Log out from Azure
- name: Log out from Azure
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Product - validation
- name: Deploy Data Product - validation
id: data_product_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
deployment:
needs: [ create-resource-group, validation ]
needs: [create-resource-group, validation]
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001
- name: Deploy Key Vault 001
id: key_vault_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Incremental
# Deploy Key Vault 002
- name: Deploy Key Vault 002
id: key_vault_002_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault002.json
deploymentMode: Incremental
# Deploy Storage Account 001
- name: Deploy Storage Account 001
id: storage_account_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Storage/deploy.storage.json
parameters: ${{ github.workspace }}/infra/Storage/params.storage001.json
deploymentMode: Incremental
# Deploy Application Insights 001
- name: Deploy Application Insights 001
id: application_insights_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ApplicationInsights/deploy.applicationInsights.json
parameters: ${{ github.workspace }}/infra/ApplicationInsights/params.applicationInsights001.json
deploymentMode: Incremental
# Deploy Container Registry 001
- name: Deploy Container Registry 001
id: container_registry_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/ContainerRegistry/deploy.containerRegistry.json
parameters: ${{ github.workspace }}/infra/ContainerRegistry/params.containerRegistry001.json
deploymentMode: Incremental
# Deploy Machine Learning 001
- name: Deploy Machine Learning 001
id: machine_learning_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearning/deploy.machineLearning.json
parameters: ${{ github.workspace }}/infra/MachineLearning/params.machineLearning001.json
deploymentMode: Incremental
continue-on-error: true
# Deploy Machine Learning Cluster 001
- name: Deploy Machine Learning Cluster 001
id: machine_learning_cluster_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MachineLearningCluster/deploy.machineLearningCluster.json
parameters: ${{ github.workspace }}/infra/MachineLearningCluster/params.machineLearningCluster001.json
deploymentMode: Incremental
# # Deploy Machine Learning Compute Instance 001
# - name: Deploy Machine Learning Compute Instance 001
# id: machine_learning_compute_instance_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json
# parameters: ${{ github.workspace }}/infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json
# deploymentMode: Incremental
# # Deploy Machine Learning Databricks 001
# - name: Deploy Machine Learning Databricks 001
# id: machine_learning_databricks_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MachineLearningDatabricks/deploy.machineLearningDatabricks.json
# parameters: ${{ github.workspace }}/infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json
# deploymentMode: Incremental
# # Deploy Machine Learning AKS 001
# - name: Deploy Machine Learning AKS 001
# id: machine_learning_aks_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MachineLearningAks/deploy.machineLearningAks.json
# parameters: ${{ github.workspace }}/infra/MachineLearningAks/params.machineLearningAks001.json
# deploymentMode: Incremental
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001
- name: Deploy Synapse 001
id: synapse_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
# # Deploy Sql Pool 001
# - name: Deploy Sql Pool 001
# id: sql_pool_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
# parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
# deploymentMode: Incremental
# Deploy Big Data Pool 001
- name: Deploy Big Data Pool 001
id: big_data_pool_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Incremental
# # Deploy Machine Learning Synapse 001
# - name: Deploy Machine Learning Synapse 001
# id: machine_learning_synapse_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MachineLearningSynapse/deploy.machineLearningSynapse.json
# parameters: ${{ github.workspace }}/infra/MachineLearningSynapse/params.machineLearningSynapse001.json
# deploymentMode: Incremental
# Deploy Cognitive Services 001
- name: Deploy Cognitive Services 001
id: cogitive_services_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CognitiveServices/deploy.cognitiveService.json
parameters: ${{ github.workspace }}/infra/CognitiveServices/params.cognitiveService001.json
deploymentMode: Incremental
# Deploy Search 001
- name: Deploy Search 001
id: search_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Search/deploy.search.json
parameters: ${{ github.workspace }}/infra/Search/params.search001.json
deploymentMode: Incremental
# # Deploy Data Factory 001
# - name: Deploy Data Factory 001
# id: data_factory_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
# parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
# deploymentMode: Incremental
# Log out from Azure
- name: Log out from Azure
uses: azure/CLI@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Domain
- name: Deploy Data Domain
id: data_domain_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout

30
.github/workflows/lint.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,30 @@
name: Lint Code Base
on:
push:
branches-ignore: [master]
pull_request:
branches: [main]
jobs:
build:
name: Lint Code Base
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Lint ARM templates
- name: Lint
id: arm_lint
uses: github/super-linter@v3
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_JSCPD: false
VALIDATE_JSON: false
FILTER_REGEX_EXCLUDE: (/.devcontainer/|/reference/)

135
.github/workflows/updateParameters.yml поставляемый
Просмотреть файл

@ -1,135 +0,0 @@
name: Update Parameter Files
on:
push:
branches: [main]
paths:
- 'configs/**'
- '.github/workflows/updateParameters.yml'
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_PRODUCT_NAME: '{dataProductName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}'
ML_COMPUTE_INSTANCE_USER_OBJECT_ID: '{mlComputeInstanceObjectId}'
DATABRICKS_WORKSPACE_ID: '{databricksWorkspaceId}'
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}'
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}'
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}'
jobs:
renaming:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Install Required Packages
- name: Install Required Modules
id: install_modules
run: |
echo "Install Modules"
pwsh -Command "Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted"
pwsh -Command "Install-Module -Name powershell-yaml"
# Update Parameters
- name: Update Parameters
id: update_parameters
run: |
echo "Updating Parameters"
pwsh $GITHUB_WORKSPACE/configs/UpdateParameters.ps1 \
-ConfigurationFilePath 'configs/config.json' \
-GlobalDnsResourceGroupId '${{ env.GLOBAL_DNS_RESOURCE_GROUP_ID }}' \
-DataLandingZoneSubscriptionId '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID }}' \
-DataLandingZoneName '${{ env.DATA_PRODUCT_NAME }}' \
-Location '${{ env.LOCATION }}' \
-PurviewId '${{ env.PURVIEW_ID }}' \
-SubnetId '${{ env.SUBNET_ID }}' \
-MlComputeInstanceUserObjectId '${{ env.ML_COMPUTE_INSTANCE_USER_OBJECT_ID }}' \
-DatabricksWorkspaceId '${{ env.DATABRICKS_WORKSPACE_ID }}' \
-SynapseStorageAccountName '${{ env.SYNAPSE_STORAGE_ACCOUNT_NAME }}' \
-SynapseStorageAccountFileSystemName '${{ env.SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME }}' \
-AzureResourceManagerConnectionName '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
# Define Pull Request Body
- name: Define Pull Request Body
id: define_pull_request_body
run: |
body="**Great work!** Just two more steps to start the deployment into your environment.
## 1. Create Resource Group and grant access
[Create a resource group](https://ms.portal.azure.com/#create/Microsoft.ResourceGroup) with the name \`${{ steps.update_parameters.outputs.landingZoneName }}-rg\` in the subscription \`${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}\` in the region \`${{ env.LOCATION }}\`.
Now, grant the service principal from earlier access to the resource group with the following commands (either with Azure CLI or with Powershell):
**For Azure CLI**
\`\`\`Shell
# Get Service Principal Object ID
az ad sp list --display-name \"{servicePrincipalName}\" --query \"[].{objectId:objectId}\" --output tsv
# Add role assignment
az role assignment create \\
--assignee \"{servicePrincipalObjectId}\" \\
--role \"Contributor\" \\
--resource-group \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
**For Powershell**
\`\`\`Powershell
# Get Service Principal Object ID
\$spObjectId = (Get-AzADServicePrincipal -DisplayName \"{servicePrincipalName}\").id
# Add role assignment
New-AzRoleAssignment \`
-ObjectId \$spObjectId \`
-RoleDefinitionName \"Contributor\" \`
-ResourceGroupName \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
## 2. Update Parameters in the workflow
**For GitHub Actions**
Go to \`/.github/workflows/dataProductDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
env:
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
**For Azure DevOps**
Go to \`/.ado/workflows/dataProductDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
Now, merge the pull request into your \`main\` branch."
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo "::set-output name=body::$body"
# Create Pull Request
- name: Create Pull Request
id: create_pull_request
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'Updated Parameters'
branch: 'parameter_update_${{ github.run_id }}'
title: 'Updated Parameters with GitHub Workflow Run ID ${{ github.run_id }}'
body: ${{ steps.define_pull_request_body.outputs.body }}

137
README.md
Просмотреть файл

@ -40,7 +40,7 @@ You have two options for deploying this reference architecture:
## Prerequisites
> **Note:** Please make sure you have successfully deployed a [Data Management Landing Zone](https://github.com/Azure/data-management-zone) and a [Data Landing Zone](https://github.com/Azure/data-landing-zone). The Data Product relies on the Private DNS Zones that are deployed in the Data Management Template. If you have Private DNS Zones deployed elsewhere, you can also point to these. If you do not have the Private DNS Zones deployed for the respective services, this template deployment will fail. Also, this template requires subnets as specified in the prerequisites. The Data Landing Zone already creates a few subnets, which can be used for this Data Product.
> **Note:** Please make sure you have successfully deployed a [Data Management Landing Zone](https://github.com/Azure/data-management-zone) and a [Data Landing Zone](https://github.com/Azure/data-landing-zone). The Data Product relies on the Private DNS Zones that are deployed in the Data Management Template. If you have Private DNS Zones deployed elsewhere, you can also point to these. If you do not have the Private DNS Zones deployed for the respective services, this template deployment will fail. Also, this template requires subnets as specified in the prerequisites. The Data Landing Zone already creates a few subnets, which can be used for this Data Product.
The following prerequisites are required to make this repository work:
@ -94,17 +94,17 @@ The following prerequisites are required to make this repository work:
A service principal with *Contributor* role needs to be generated for authentication and authorization from GitHub or Azure DevOps to your Azure **Data Landing Zone** subscription, where the data-product-analytics services will be deployed. Just go to the Azure Portal to find the ID of your subscription. Then start the Cloud Shell or Azure CLI, login to Azure, set the Azure context and execute the following commands to generate the required credentials:
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data product. The **Network Contributor** role assignment is required as well in this repository in order to assign the resources to the dedicated subnet.
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data product. The **Network Contributor** role assignment is required as well in this repository in order to add the private endpoint of resources to the dedicated subnet.
#### Azure CLI
```sh
# Replace {service-principal-name} and {subscription-id} with your
# Replace {service-principal-name} and {subscription-id} and {resource-group} with your
# Azure subscription id and any name for your service principal.
az ad sp create-for-rbac \
--name "{service-principal-name}" \
--role "Contributor" \
--scopes "/subscriptions/{subscription-id}" \
--name {service-principal-name} \
--role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
--sdk-auth
```
@ -127,7 +127,6 @@ Now that the new Service Principal is created, as mentioned, role assignments a
| Role Name | Description | Scope |
|:----------|:------------|:------|
| [Private DNS Zone Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#private-dns-zone-contributor) | We expect you to deploy all Private DNS Zones for all data services into a single subscription and resource group. Therefor, the service principal needs to be Private DNS Zone Contributor on the global dns resource group which was created during the Data Management Zone deployment. This is required to deploy A-records for the respective private endpoints.| <div style="width: 36ch">(Resource Group Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) | We expect you to deploy all data-product-analytics services into a single resource group within the Data Landing Zone subscription. The service principal requires a **Contributor** role-assignment on that resource group.| <div style="width: 36ch">(Resource Group Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Network Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#network-contributor) | In order to deploy Private Endpoints to the specified privatelink-subnet which was created during the Data Landing Zone deployment, the service principal requires **Network Contributor** access on that specific subnet.| <div style="width: 36ch">(Child-Resource Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName} /providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}"`</div> |
To add these role assignments, you can use the [Azure Portal](https://portal.azure.com/) or run the following commands using Azure CLI/Azure Powershell:
@ -150,9 +149,6 @@ az role assignment create \
--assignee "{servicePrincipalObjectId}" \
--role "{roleName}" \
--resource-group "{resourceGroupName}"
# For Child-Resource Scope level assignment
# TBD
```
#### Azure Powershell - Add role assignments
@ -231,73 +227,85 @@ If you want to use Azure DevOps Pipelines for deploying the resources, you need
More information can be found [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal).
### 4. Parameter Update Process
### 4. Parameter Updates
> **Note:** This section applies for both **Azure DevOps** and **GitHub** Deployment
In order to deploy the ARM templates in this repository to the desired Azure subscription, you will need to modify some parameters in the forked repository, which will be used for updating the files which will be used during the deployment. Therefor, **this step should not be skipped for neither Azure DevOps/GitHub options**. As updating each parameter file manually is a time-consuming and potentially error-prone process, we have simplified the task with a GitHub Action workflow. You can update your deployment parameters by completing three steps:
In order to deploy the Infrastructure as Code (IaC) templates to the desired Azure subscription, you will need to modify some parameters in the forked repository. Therefore, **this step should not be skipped for neither Azure DevOps/GitHub options**. There are two files that require updates:
1. Configure the `updateParameters` workflow
1. Execute the `updateParameters` workflow
1. Configure the deployment pipeline
1. Merge these changes back to the `main` branch of your repo
- `.github/workflows/dataProductDeployment.yml` for GitHub Actions,
- `.ado/workflows/dataProductDeployment.yml` for Azure DevOps and
- `infra/params.dev.json`.
#### Configure the `updateParameters` workflow
Update these files in a seperate branch and then merge via Pull Request to trigger the initial deployment.
#### Configure `dataProductDeployment.yml`
> **Note:** There is only one 'updateParameters.yml', which can be found under the '.github' folder and this one will be used also for setting up the Azure DevOps Deployment
##### For GitHub Actions
To begin, please open [.github/workflows/updateParameters.yml](/.github/workflows/updateParameters.yml) and update the following environment variables:
To begin, please open the [.github/workflows/dataProductDeployment.yml](/.github/workflows/dataProductDeployment.yml). In this file you need to update the environment variables section. Just click on [.github/workflows/dataProductDeployment.yml](/.github/workflows/dataProductDeployment.yml) and edit the following section:
```yaml
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_PRODUCT_NAME: '{dataProductName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}' # Resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**.
ML_COMPUTE_INSTANCE_USER_OBJECT_ID: '{mlComputeInstanceObjectId}'
DATABRICKS_WORKSPACE_ID: '{databricksWorkspaceId}'
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}' # Choose a storage account which was previously deployed in the Data Landing Zone.
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}' # Choose the name of the container inside the Storage Account which was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable.
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}' # This is needed just for ADO Deployments.
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dp001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
```
Further details about these parameters are provided in a table below.
##### For Azure DevOps
To begin, please open the [.ado/workflows/dataProductDeployment.yml](/.ado/workflows/dataProductDeployment.yml). In this file you need to update the variables section. Just click on [.ado/workflows/dataProductDeployment.yml](/.ado/workflows/dataProductDeployment.yml) and edit the following section:
```yaml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dp001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
```
The following table explains each of the parameters:
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| **GLOBAL_DNS_RESOURCE_GROUP_ID** | Specifies the global DNS resource group resource ID which gets deployed with the [Data Management Landing Zone](https://github.com/Azure/data-management-zone)| <div style="width: 36ch">`/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group`</div> |
| **DATA_LANDING_ZONE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Landing Zone where all the resources will be deployed | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **DATA_PRODUCT_NAME** | Specifies the name of your Data Product. The value should consist of alphanumeric characters (A-Z, a-z, 0-9) and should not contain any special characters like `-`, `_`, `.`, etc. Special characters will be removed in the renaming process. | `myproduct01` |
| **LOCATION** | Specifies the region where you want the resources to be deployed. Please use the same region as for your Data Landing Zone. Otherwise the deployment will fail, since the Vnet and the Private Endpoints have to be in the same region. Also Check [Supported Regions](#supported-regions) | `northeurope` |
| **SUBNET_ID** | Specifies the resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**. The subnet is already configured with `privateEndpointNetworkPolicies` and `privateLinkServiceNetworkPolicies` set to `Disabled`, as mentioned in the *Prerequisites* | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet/subnets/{my}-privatelink-subnet` |
|**ML_COMPUTE_INSTANCE_USER_OBJECT_ID** | Specifies the [object ID of a user account](https://docs.microsoft.com/en-us/azure/marketplace/find-tenant-object-id#find-user-object-id) for which an Azure Machine Learning Compute Instance should be created (on-behalf CI creation). The deployment of a compute instance is disabled by default. If you don't have a user object ID, then please leave this parameter as is. | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
|**DATABRICKS_WORKSPACE_ID** | Specifies the resource ID of a Databricks workspace to which your Azure Machine Learning workspace should be connected to. The deployment of this connection is disabled by default. Leave this parameter as is, if you don' have a Databricks workspace that you want to connect to the Machine Learning workspace. In general, we are recommending to use the shared Databricks workspace with the name `{my-prefix}-databricks002-processing` that gets deployed into the resource group `{myprefix}-shared-product` as part of the Data Landing Zone deployment. | <div style="width: 36ch">`/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myrgname/providers/Microsoft.Databricks/workspaces/mydatabricksworkspace`</div> |
|**SYNAPSE_STORAGE_ACCOUNT_NAME**| Specifies the name of the Azure Synapse Storage Account, which was previously deployed in the Data Landing Zone. Go to the `{DataLandingZoneName}-storage` resource group in your Data Landing Zone and copy the resource name (`{DataLandingZoneName}worksa`). | `mydlzworksa` |
|**SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME**| Specifies the name of the Synapse Account filesystem, which is the name of the container inside the Storage Account that was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable. | `data`|
| **PURVIEW_ID** | Specifies the resource ID of the Purview account to which the Synapse workspaces and Data Factories should connect to share data lineage and other metadata. In case you do not have a Purview account deployed at this stage, leave it empty string. | <div style="width: 36ch">`/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-governance-rg/providers/Microsoft.Purview/accounts/my-purview`</div> |
| **AZURE_RESOURCE_MANAGER_CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
| **AZURE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Management Zone where all the resources will be deployed | <div style="width: 36ch">`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`</div> |
| **AZURE_LOCATION** | Specifies the region where you want the resources to be deployed. Please check [Supported Regions](#supported-regions) | `northeurope` |
| **AZURE_RESOURCE_GROUP_NAME** | Specifies the name of an existing resource group in your data landing zone, where the resources will be deployed. | `my-rg-name` |
| **AZURE_RESOURCE_MANAGER _CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
#### Execute the `updateParameters` workflow
#### Configure `params.dev.json`
After updating the values, please commit the updated version to the `main` branch of your repository. This will kick off a GitHub Action workflow, which will appear under the **Actions** tab of the main page of the repository. The `Update Parameter Files` workflow will update all parameters in your repository according to a pre-defined naming convention.
To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In this file you need to update the variable values. Just click on [infra/params.dev.json](/infra/params.dev.json) and edit the values. An explanation of the values is given in the table below:
#### Configure the deployment pipeline
The workflow above will make changes to all of the ARM config files. These changes will be stored in a new branch. Once the process has finished, it will open a new pull request in your repository where you can review the changes made by the workflow. The pull request will also provide the values you need to use to configure the deployment pipeline. Please follow the instructions in the pull request to complete the parameter update process.
If you are using GitHub Actions for your deployment, you will need to modify the `.github/workflows/dataProductDeployment.yml` file. If you are using Azure Pipelines, you only need to modify the `.ado/workflows/dataProductDeployment.yml` file. **You only need to modify one of these files. You do not need to modify both of them.**
Please follow the instructions in the pull request to complete the parameter update process. The instructions will guide towards the following steps:
- create a new `resource group` where all the resources specific to this Data Product Analytics template will be deployed;
- add the required role assignments for the Service Principal created at step [2. Setting up the required Service Principal and access](#2-setting-up-the-required-service-principal-and-access)
- change the environment variables in the deployment workflow file
> **Note:** We are not renaming the environment variables in the workflow files because this could lead to an infinite loop of workflow runs being started.
#### Merge these changes back to the `main` branch of your repo
After following the instructions in the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository.
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| location | Specifies the location for all resources. | `northeurope` |
| environment | Specifies the environment of the deployment. | `dev`, `test` or `prod` |
| prefix | Specifies the prefix for all resources created in this deployment. | `prefi` |
| aksId | Specifies the object ID of the user who gets assigned to compute instance 001 in the Machine Learning Workspace. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.ContainerService/managedClusters/{aks-name}` |
| machineLearningComputeInstance001AdministratorObjectId | Specifies the object ID of the user who gets assigned to compute instance 001 in the Machine Learning Workspace. | `my-aad--user-object-id` |
| machineLearningComputeInstance001AdministratorPublicSshKey | Specifies the public ssh key for compute instance 001 in the Machine Learning Workspace. Use a secret for this parameter and overwrite as part of the deployment pipelines. | `my-aad--user-object-id` |
| administratorPassword | Specifies the administrator password of the sql servers. Will be automatically set in the workflow. **Leave this value as is.** | `<your-secure-password>` |
| synapseDefaultStorageAccountFileSystemId | Specifies the resource ID of the default storage account file system for synapse. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Storage/storageAccounts/{storage-name}/blobServices/default/containers/{container-name}` |
| subnetId | Specifies the resource ID of the subnet to which all services will connect. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/{subnet-name}` |
| purviewId | Specifies the resource ID of the central purview instance. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Purview/accounts/{purview-name}` |
| databricksWorkspaceId | Specifies the resource ID of the Databricks workspace that will be connected to the Machine Learning Workspace. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Databricks/workspaces/{databricks-name}` |
| databricksWorkspaceUrl | Specifies the workspace URL of the Databricks workspace that will be connected to the Machine Learning Workspace. | `adb-{databricks-workspace-id}.azuredatabricks.net` |
| databricksAccessToken | Specifies the access token of the Databricks workspace that will be connected to the Machine Learning Workspace. Use a secret for this parameter and overwrite as part of the deployment pipelines. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Purview/accounts/{purview-name}` |
| enableRoleAssignments | Specifies whether role assignments should be enabled. **Leave this value as is.** | `true` or `false` |
| privateDnsZoneIdKeyVault | Specifies the resource ID of the private DNS zone for KeyVault. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
| privateDnsZoneIdSynapseDev | Specifies the resource ID of the private DNS zone for Synapse Dev. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net` |
| privateDnsZoneIdSynapseSql | Specifies the resource ID of the private DNS zone for Synapse Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net` |
| privateDnsZoneIdDataFactory | Specifies the resource ID of the private DNS zone for Data Factory. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net` |
| privateDnsZoneIdDataFactoryPortal | Specifies the resource ID of the private DNS zone for Data Factory Portal. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com` |
| privateDnsZoneIdCognitiveService | Specifies the resource ID of the private DNS zone for Cognitive Services. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com` |
| privateDnsZoneIdContainerRegistry | Specifies the resource ID of the private DNS zone for Container Registry. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io` |
| privateDnsZoneIdSearch | Specifies the resource ID of the private DNS zone for Azure Search. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net` |
| privateDnsZoneIdBlob | Specifies the resource ID of the private DNS zone for Blob Storage. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net` |
| privateDnsZoneIdFile | Specifies the resource ID of the private DNS zone for File Storage. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net` |
| privateDnsZoneIdMachineLearningApi | Specifies the resource ID of the private DNS zone for Machine Learning API. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms` |
| privateDnsZoneIdMachineLearningNotebooks | Specifies the resource ID of the private DNS zone for Machine Learning Notebooks. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net` |
### 5. (not applicable for GH Actions) Reference pipeline from GitHub repository in Azure DevOps Pipelines
@ -339,7 +347,11 @@ As a last step, you need to create an Azure DevOps pipeline in your project base
1. Click on **Continue** and then on **Run**.
### 6. Follow the workflow deployment
### 6. Merge these changes back to the `main` branch of your repo
After following the instructions and updating the parameters and variables in your repository in a separate branch and opening the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository. By doing this, you trigger the deployment workflow.
### 7. Follow the workflow deployment
**Congratulations!** You have successfully executed all steps to deploy the template into your environment through GitHub Actions or Azure DevOps.
@ -354,11 +366,10 @@ If you are using Azure DevOps Pipelines, you can navigate to the pipeline that y
| File/folder | Description |
| ----------------------------- | ------------------------------------------ |
| `.ado/workflows` | Folder for ADO workflows. The `dataProductDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `updateParameters.yml` workflow is used for the parameter update process, while the `dataProductDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `dataProductDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `code` | Sample password generation script that will be run in the deployment workflow for resources that require a password during the deployment. |
| `configs` | Folder containing a script and configuration file that is used for the parameter update process. |
| `docs` | Resources for this README. |
| `infra` | Folder containing all the ARM templates for each of the resources that will be deployed (`deploy.{resource}.json`) together with their parameter files (`params.{resource}.json`). |
| `infra` | Folder containing all the ARM and Bicep templates for each of the resources that will be deployed. |
| `CODE_OF_CONDUCT.md` | Microsoft Open Source Code of Conduct. |
| `LICENSE` | The license for the sample. |
| `README.md` | This README file. |

154
configs/UpdateParameters.ps1
Просмотреть файл

@ -1,154 +0,0 @@
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$ConfigurationFilePath,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$GlobalDnsResourceGroupId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneSubscriptionId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$Location,
[Parameter(Mandatory=$true)]
[AllowEmptyString()]
[string]
$PurviewId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$MlComputeInstanceUserObjectId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DatabricksWorkspaceId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountFileSystemName,
[Parameter(Mandatory=$false)]
[string]
$AzureResourceManagerConnectionName
)
function SetValue($Object, $Key, $Value) {
$p1, $p2 = $Key.Split(".")
if ($p2) {
SetValue -object $Object.$p1 -key $p2 -Value $Value
}
else {
$Object.$p1 = $Value
}
}
function Remove-SpecialCharsAndWhitespaces($InputString) {
$SpecialChars = '[#?!`"#$%&*+,-./:;<=>?@^_``|~\{\[\(\)\]\}]'
$Replacement = ''
return ($InputString -replace $SpecialChars,$Replacement) -replace "\s", ""
}
# Replace Special Characters
Write-Host "Replacing Special Characters"
$DataLandingZoneName = Remove-SpecialCharsAndWhitespaces -InputString $DataLandingZoneName
# Reduce Length of DataLandingZoneName
Write-Host "Reduce Length of DataLandingZoneName to max 11 Characters"
$DataLandingZoneName = -join $DataLandingZoneName[0..10]
# Convert DataLandingZoneName to lowercase
Write-Host "Converting DataLandingZoneName to lowercase"
$DataLandingZoneName = $DataLandingZoneName.ToLower()
# Loading Configuration File for Parameter Updates
Write-Host "Loading Configuration File for Parameter Updates"
$configs = Get-Content -Path $ConfigurationFilePath -Raw | Out-String | ConvertFrom-Json
foreach ($config in $configs) {
# Get Replacement Key-Value Pairs
Write-Host "Getting Replacement Key-Value Pairs"
$parameterReplacements = @{}
$config.parameters.psobject.properties | ForEach-Object { $parameterReplacements[$_.Name] = $_.Value }
if ($config.fileType.ToLower() -eq "json") {
# Load ARM Parameter File
Write-Host "Loading ARM Parameter File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Json
# Replace Parameter Values
Write-Host "Replacing Parameter Values"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Json -Depth 100 | Set-Content -Path $config.filePath
}
elseif (($config.fileType.ToLower() -eq "yaml") -or ($config.fileType.ToLower() -eq "yml")) {
# Load YAML Deployment File
Write-Host "Loading YAML Deployment File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Yaml -Ordered
# Replace Variables
Write-Host "Replacing Variables"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Yaml | Set-Content -Path $config.filePath
}
else {
Write-Error "File Type not Supported"
throw "File Type not Supported"
}
}
# Set output
Write-Output "Setting output"
Write-Output "::set-output name=landingZoneName::${DataLandingZoneName}"

176
configs/config.json
Просмотреть файл

@ -1,176 +0,0 @@
[
{
"filePath": "infra/ApplicationInsights/params.applicationInsights001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.applicationInsightsName.value": "${DataLandingZoneName}-appinsight001"
}
},
{
"filePath": "infra/BigDataPool/params.bigDataPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/CognitiveServices/params.cognitiveService001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.cognitiveServiceName.value": "${DataLandingZoneName}-cognitiveservice001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com"
}
},
{
"filePath": "infra/ContainerRegistry/params.containerRegistry001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.containerRegistryName.value": "${DataLandingZoneName}containerregistry001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
}
},
{
"filePath": "infra/DataFactory/params.dataFactory001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.dataFactoryName.value": "${DataLandingZoneName}-datafactory001",
"parameters.purviewId.value": "${PurviewId}",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdDataFactory.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net",
"parameters.privateDnsZoneIdPortal.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
}
},
{
"filePath": "infra/KeyVault/params.keyVault001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
},
{
"filePath": "infra/KeyVault/params.keyVault002.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-keyvault002",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
},
{
"filePath": "infra/MachineLearning/params.machineLearning001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceName.value": "${DataLandingZoneName}-machinelearning001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault002",
"parameters.applicationInsightsId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Insights/components/${DataLandingZoneName}-appinsight001",
"parameters.storageAccountId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Storage/storageAccounts/${DataLandingZoneName}storage001",
"parameters.containerRegistryId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.ContainerRegistry/registries/${DataLandingZoneName}containerregistry001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdApi.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms",
"parameters.privateDnsZoneIdNotebooks.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
}
},
{
"filePath": "infra/MachineLearningAks/params.machineLearningAks001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.MachineLearningServices/workspaces/${DataLandingZoneName}-machinelearning001",
"parameters.mlAksId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.ContainerService/managedClusters//${DataLandingZoneName}-aks001"
}
},
{
"filePath": "infra/MachineLearningCluster/params.machineLearningCluster001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.MachineLearningServices/workspaces/${DataLandingZoneName}-machinelearning001",
"parameters.subnetId.value": "${SubnetId}"
}
},
{
"filePath": "infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.MachineLearningServices/workspaces/${DataLandingZoneName}-machinelearning001",
"parameters.mlComputeInstanceUserObjectId.value": "${MlComputeInstanceUserObjectId}",
"parameters.subnetId.value": "${SubnetId}"
}
},
{
"filePath": "infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.MachineLearningServices/workspaces/${DataLandingZoneName}-machinelearning001",
"parameters.databricksWorkspaceId.value": "${DatabricksWorkspaceId}"
}
},
{
"filePath": "infra/MachineLearningSynapse/params.machineLearningSynapse001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mlWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.MachineLearningServices/workspaces/${DataLandingZoneName}-machinelearning001",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001",
"parameters.synapseBigDataPoolId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001/bigDataPools/bigdatapool001"
}
},
{
"filePath": "infra/Search/params.search001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.searchName.value": "${DataLandingZoneName}-search001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net"
}
},
{
"filePath": "infra/SqlPool/params.sqlPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/Storage/params.storage001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.storageAccountName.value": "${DataLandingZoneName}storage001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdBlob.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net",
"parameters.privateDnsZoneIdFile.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"
}
},
{
"filePath": "infra/Synapse/params.synapse001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceName.value": "${DataLandingZoneName}-synapse001",
"parameters.synapseDefaultStorageAccountName.value": "${SynapseStorageAccountName}",
"parameters.synapseDefaultStorageAccountFileSystem.value": "${SynapseStorageAccountFileSystemName}",
"parameters.purviewId.value": "${PurviewId}",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdSql.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net",
"parameters.privateDnsZoneIdDev.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
}
]

708
docs/reference/deploy.dataProduct.json
Просмотреть файл

@ -1,708 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enterpriseScaleAnalyticsCompanyPrefix": {
"type": "string",
"maxLength": 5,
"metadata": {
"description": "Provide the prefix (max 5 characters) for all services that will be created"
}
},
"dataNodeName": {
"type": "string",
"defaultValue": "dn001",
"maxLength": 5,
"metadata": {
"description": "Name of the data node."
}
},
"dataProductName": {
"type": "string",
"defaultValue": "dp001",
"maxLength": 5,
"metadata": {
"description": "Name of the data product."
}
},
"privateDnsZoneResourceGroupId": {
"type": "string",
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<your-rg-name>",
"metadata": {
"description": "Specifies the resource ID of the resource group of the private dns zones."
}
},
"purviewId": {
"type": "string",
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<your-rg-name>/providers/Microsoft.Purview/accounts/<your-purview-name>",
"metadata": {
"description": "Specifies the ID of the purview account."
}
},
"subnetId": {
"type": "string",
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<your-rg-name>/providers/Microsoft.Network/virtualNetworks/<your-vnet-name>/subnets/<your-subnet-name>",
"metadata": {
"description": "Specifies the resource ID of the subnet for the data product services."
}
},
"databaseAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin password of the database servers."
}
},
"userObjectId": {
"type": "string",
"metadata": {
"description": "Specifies the object ID of the user for which the Machine Learning Compute Instance gets created."
}
},
"synapseDefaultStorageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the storage account that should be used as default for the synapse workspace."
}
},
"synapseDefaultStorageAccountFileSystem": {
"type": "string",
"metadata": {
"description": "Specifies the name of the file system in the storage account that should be used as default for the synapse workspace."
}
}
},
"functions": [],
"variables": {
"enterpriseScaleAnalyticsCompanyPrefix": "[parameters('enterpriseScaleAnalyticsCompanyPrefix')]",
"dataNodeName": "[parameters('dataNodeName')]",
"dataProductName": "[parameters('dataProductName')]",
"location": "[resourceGroup().location]",
"privateDnsZoneResourceGroupId": "[parameters('privateDnsZoneResourceGroupId')]",
"purviewId": "[parameters('purviewId')]",
"subnetId": "[parameters('subnetId')]",
"subnetName": "[last(split(variables('subnetId'), '/'))]",
"vnetName": "[split(variables('subnetId'), '/')[8]]",
"vnetSubscriptionId": "[split(variables('subnetId'), '/')[2]]",
"vnetResourceGroupName": "[split(variables('subnetId'), '/')[4]]",
"databaseAdministratorLoginPassword": "[parameters('databaseAdministratorLoginPassword')]",
"userObjectId": "[parameters('userObjectId')]",
"synapseDefaultStorageAccountName": "[parameters('synapseDefaultStorageAccountName')]",
"synapseDefaultStorageAccountFileSystem": "[parameters('synapseDefaultStorageAccountFileSystem')]",
"applicationInsightsTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/ApplicationInsights/deploy.applicationInsights.json",
"bigDataPoolTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/BigDataPool/deploy.bigDataPool.json",
"cognitiveServiceTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/CognitiveServices/deploy.cognitiveService.json",
"containerRegistryTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/ContainerRegistry/deploy.containerRegistry.json",
"dataFactoryTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/DataFactory/deploy.dataFactory.json",
"keyVaultTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/KeyVault/deploy.keyVault.json",
"machineLearningTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/MachineLearning/deploy.machineLearning.json",
"machineLearningClusterTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/MachineLearningCluster/deploy.machineLearningCluster.json",
"machineLearningComputeInstanceTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json",
"machineLearningSynapseTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/MachineLearningSynapse/deploy.machineLearningSynapse.json",
"searchTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/Search/deploy.search.json",
"sqlPoolTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/SqlPool/deploy.sqlPool.json",
"storageAccountTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/Storage/deploy.storage.json",
"synapseTemplateLink": "https://raw.githubusercontent.com/Azure/data-product-analytics/main/infra/Synapse/deploy.synapse.json"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "subnetUpdateDeployment",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2019-09-01",
"name": "[concat(variables('vnetName'), '/', variables('subnetName'))]",
"id": "[variables('subnetId')]",
"properties": {
"addressPrefix": "[reference(variables('subnetId'), '2020-07-01').addressPrefix]",
"networkSecurityGroup": {
"id": "[reference(variables('subnetId'), '2020-07-01').networkSecurityGroup.id]"
},
"routeTable": {
"id": "[reference(variables('subnetId'), '2020-07-01').routeTable.id]"
},
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Disabled"
}
}
]
}
},
"subscriptionId": "[variables('vnetSubscriptionId')]",
"resourceGroup": "[variables('vnetResourceGroupName')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "keyVault001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"keyVaultName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-kv001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "keyVault002Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('keyVaultTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"keyVaultName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-kv002', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "storageAccount001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('storageAccountTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"storageAccountName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), variables('dataNodeName'), variables('dataProductName'), 'storage001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 24)]"
},
"storageAccountType": {
"value": "Standard_ZRS"
},
"enableHns": {
"value": false
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneIdBlob": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net')]"
},
"privateDnsZoneIdFile": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "applicationInsights001Deployment",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('applicationInsightsTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"applicationInsightsName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-appinsight001'), 260)]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "containerRegistry001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('containerRegistryTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"containerRegistryName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), variables('dataNodeName'), variables('dataProductName'), 'containerregistry001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 50)]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "machineLearning001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"keyVault002Deployment",
"storageAccount001Deployment",
"applicationInsights001Deployment",
"containerRegistry001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('machineLearningTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"mlWorkspaceName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-machinelearning001'), 33)]"
},
"keyVaultId": {
"value": "[reference('keyVault001Deployment').outputs.keyVaultId.value]"
},
"applicationInsightsId": {
"value": "[reference('applicationInsights001Deployment').outputs.applicationInsightsId.value]"
},
"storageAccountId": {
"value": "[reference('storageAccount001Deployment').outputs.storageAccountId.value]"
},
"containerRegistryId": {
"value": "[reference('containerRegistry001Deployment').outputs.containerRegistryId.value]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneIdApi": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms')]"
},
"privateDnsZoneIdNotebooks": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "machineLearningCluster001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"machineLearning001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('machineLearningClusterTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"mlClusterName": {
"value": "mlcluster001"
},
"mlWorkspaceId": {
"value": "[reference('machineLearning001Deployment').outputs.mlWorkspaceId.value]"
},
"mlClusterMaxNodeCount": {
"value": 4
},
"mlClusterVmPriority": {
"value": "Dedicated"
},
"mlClusterVmSize": {
"value": "Standard_DS3_v2"
},
"subnetId": {
"value": "[variables('subnetId')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "machineLearningComputeInstance001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"machineLearning001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('machineLearningComputeInstanceTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"mlComputeInstanceName": {
"value": "ci001"
},
"mlWorkspaceId": {
"value": "[reference('machineLearning001Deployment').outputs.mlWorkspaceId.value]"
},
"mlComputeInstanceUserObjectId": {
"value": "[variables('userObjectId')]"
},
"mlComputeInstanceSshKey": {
"value": ""
},
"mlComputeInstanceVmSize": {
"value": "Standard_DS3_v2"
},
"subnetId": {
"value": "[variables('subnetId')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "dataFactory001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"keyVault001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('dataFactoryTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"dataFactoryName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-datafactory001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 63)]"
},
"dataFactoryGitAccount": {
"value": ""
},
"dataFactoryGitRepo": {
"value": ""
},
"dataFactoryGitCollaborationBranch": {
"value": ""
},
"dataFactoryGitRootFolder": {
"value": ""
},
"dataFactoryGitType": {
"value": "FactoryGitHubConfiguration"
},
"purviewId": {
"value": "[variables('purviewId')]"
},
"keyVaultId": {
"value": "[reference('keyVault001Deployment').outputs.keyVaultId.value]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneIdDataFactory": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net')]"
},
"privateDnsZoneIdPortal": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "synapse001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('synapseTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"synapseWorkspaceName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-synapse001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 50)]"
},
"synapseDefaultStorageAccountName": {
"value": "[variables('synapseDefaultStorageAccountName')]"
},
"synapseDefaultStorageAccountFileSystem": {
"value": "[variables('synapseDefaultStorageAccountFileSystem')]"
},
"synapseSqlAdministratorLogin": {
"value": "ServerMainUser"
},
"synapseSqlAdministratorPassword": {
"value": "[variables('databaseAdministratorLoginPassword')]"
},
"synapseDatalakeAnalyticsResourceId": {
"value": ""
},
"synapseComputeSubnetResourceId": {
"value": ""
},
"synapseSqlAdminGroupName": {
"value": ""
},
"synapseSqlAdminGroupObjectID": {
"value": ""
},
"purviewId": {
"value": "[variables('purviewId')]"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneIdSql": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net')]"
},
"privateDnsZoneIdDev": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "sqlPool001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"synapse001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('sqlPoolTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"sqlPoolName": {
"value": "sqlpool001"
},
"sqlPoolCapacity": {
"value": "DW100c"
},
"synapseWorkspaceId": {
"value": "[reference('synapse001Deployment').outputs.synapseWorkspaceId.value]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "bigDataPool001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"synapse001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('bigDataPoolTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"bigDataPoolName": {
"value": "bigdatapool001"
},
"bigDataPoolNodeSize": {
"value": "Medium"
},
"bigDataPoolMinNodes": {
"value": 3
},
"bigDataPoolMaxNodes": {
"value": 10
},
"bigDataPoolAutopauseDelay": {
"value": 15
},
"synapseWorkspaceId": {
"value": "[reference('synapse001Deployment').outputs.synapseWorkspaceId.value]"
}
}
}
},
{
"condition": false,
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "machineLearningSynapse001Deployment",
"dependsOn": [
"subnetUpdateDeployment",
"synapse001Deployment",
"machineLearning001Deployment",
"bigDataPool001Deployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('machineLearningSynapseTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"mlBigDataPoolName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-bigdatapool001'), 16)]"
},
"mlWorkspaceId": {
"value": "[reference('machineLearning001Deployment').outputs.mlWorkspaceId.value]"
},
"synapseWorkspaceId": {
"value": "[reference('synapse001Deployment').outputs.synapseWorkspaceId.value]"
},
"synapseBigDataPoolId": {
"value": "[reference('bigDataPool001Deployment').outputs.bigDataPoolId.value]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "cognitiveServices001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('cognitiveServiceTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"cognitiveServiceName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-cognitiveservice001'), 64)]"
},
"cognitiveServiceSku": {
"value": "S0"
},
"cognitiveServiceKind": {
"value": "FormRecognizer"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com')]"
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "search001Deployment",
"dependsOn": [
"subnetUpdateDeployment"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[variables('searchTemplateLink')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"location": {
"value": "[variables('location')]"
},
"searchName": {
"value": "[take(concat(variables('enterpriseScaleAnalyticsCompanyPrefix'), '-', variables('dataNodeName'), '-', variables('dataProductName'), '-search001', uniqueString(subscription().subscriptionId, resourceGroup().id)), 60)]"
},
"searchSku": {
"value": "standard"
},
"searchReplicaCount": {
"value": 1
},
"searchPartitionCount": {
"value": 1
},
"searchHostingMode": {
"value": "default"
},
"subnetId": {
"value": "[variables('subnetId')]"
},
"privateDnsZoneId": {
"value": "[concat(variables('privateDnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net')]"
}
}
}
}
],
"outputs": {}
}

33
docs/reference/params.dataProduct001.json
Просмотреть файл

@ -1,33 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enterpriseScaleAnalyticsCompanyPrefix": {
"value": "esa"
},
"dataNodeName": {
"value": "dn001"
},
"dataProductName": {
"value": "dp001"
},
"privateDnsZoneResourceGroupId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"databaseAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"userObjectId": {
"value": ""
},
"synapseDefaultStorageAccountName": {
"value": "dn001workspacesa"
},
"synapseDefaultStorageAccountFileSystem": {
"value": "data"
}
}
}

49
infra/ApplicationInsights/deploy.applicationInsights.json
Просмотреть файл

@ -1,49 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"applicationInsightsName": {
"type": "string",
"metadata": {
"description": "Specifies the name of application insights."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"applicationInsightsName": "[parameters('applicationInsightsName')]"
},
"resources": [
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02-preview",
"name": "[variables('applicationInsightsName')]",
"location": "[variables('location')]",
"kind": "web",
"properties": {
"Application_Type": "web",
"Flow_Type": "Bluefield",
"Request_Source": "rest",
"DisableIpMasking": false,
"ImmediatePurgeDataOn30Days": false,
"publicNetworkAccessForIngestion": "Enabled",
"publicNetworkAccessForQuery": "Disabled"
// "WorkspaceResourceId": "[variables('logAnalyticsWorkspaceResourceId')]"
}
}
],
"outputs": {
"applicationInsightsId": {
"type": "string",
"value": "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]"
}
}
}

12
infra/ApplicationInsights/params.applicationInsights001.json
Просмотреть файл

@ -1,12 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"applicationInsightsName": {
"value": "dn001-dp001-appinsight001"
}
}
}

113
infra/BigDataPool/deploy.bigDataPool.json
Просмотреть файл

@ -1,113 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"bigDataPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the big data pool."
}
},
"bigDataPoolNodeSize": {
"type": "string",
"defaultValue": "Medium",
"allowedValues": [
"Small",
"Medium",
"Large",
"XLarge",
"XXLarge",
"XXXLarge"
],
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMinNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 3,
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMaxNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 10,
"metadata": {
"description": "Specifies the maximum node count of the big data pool."
}
},
"bigDataPoolAutopauseDelay": {
"type": "int",
"minValue": 1,
"defaultValue": 15,
"metadata": {
"description": "Specifies the autopause delay of the big data pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the big data pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"bigDataPoolName": "[parameters('bigDataPoolName')]",
"bigDataPoolNodeSize": "[parameters('bigDataPoolNodeSize')]",
"bigDataPoolMinNodes": "[parameters('bigDataPoolMinNodes')]",
"bigDataPoolMaxNodes": "[parameters('bigDataPoolMaxNodes')]",
"bigDataPoolAutopauseDelay": "[parameters('bigDataPoolAutopauseDelay')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/bigDataPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('bigDataPoolName'))]",
"location": "[variables('location')]",
"properties": {
"autoPause": {
"enabled": true,
"delayInMinutes": "[variables('bigDataPoolAutopauseDelay')]"
},
"autoScale": {
"enabled": true,
"minNodeCount": "[variables('bigDataPoolMinNodes')]",
"maxNodeCount": "[variables('bigDataPoolMaxNodes')]"
},
"defaultSparkLogFolder": "logs/",
// "libraryRequirements": {
// "content": "",
// "filename": "requirements.txt"
// },
"nodeSize": "[variables('bigDataPoolNodeSize')]",
"nodeSizeFamily": "MemoryOptimized",
"provisioningState": "Succeeded",
"sparkEventsFolder": "events/",
"sparkVersion": "2.4",
"sessionLevelPackagesEnabled": false,
"isComputeIsolationEnabled": false,
"sparkConfigProperties": {}
}
}
],
"outputs": {
"bigDataPoolId": {
"type": "string",
"value": "[resourceId('Microsoft.Synapse/workspaces/bigDataPools', variables('synapseWorkspaceName'), variables('bigDataPoolName'))]"
}
}
}

27
infra/BigDataPool/params.bigDataPool001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"bigDataPoolName": {
"value": "bigdatapool001"
},
"bigDataPoolNodeSize": {
"value": "Medium"
},
"bigDataPoolMinNodes": {
"value": 3
},
"bigDataPoolMaxNodes": {
"value": 10
},
"bigDataPoolAutopauseDelay": {
"value": 15
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Synapse/workspaces/dn001-dp001-synapse001"
}
}
}

145
infra/CognitiveServices/deploy.cognitiveService.json
Просмотреть файл

@ -1,145 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"cognitiveServiceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the cognitive service."
}
},
"cognitiveServiceSku": {
"type": "string",
"metadata": {
"description": "Specifies the sku of the cognitive service."
}
},
"cognitiveServiceKind": {
"type": "string",
"defaultValue": "CognitiveServices",
"allowedValues": [
"AnomalyDetector",
"ComputerVision",
"ContentModerator",
"CustomVision.Training",
"CustomVision.Prediction",
"Face",
"FormRecognizer",
"ImmersiveReader",
"LUIS",
"Personalizer",
"SpeechServices",
"TextAnalytics",
"QnAMaker",
"TranslatorText"
],
"metadata": {
"description": "Specifies the name of the cognitive service."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"cognitiveServiceName": "[parameters('cognitiveServiceName')]",
"cognitiveServiceSku": "[parameters('cognitiveServiceSku')]",
"cognitiveServiceKind": "[parameters('cognitiveServiceKind')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('cognitiveServiceName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.CognitiveServices/accounts",
"apiVersion": "2017-04-18",
"name": "[variables('cognitiveServiceName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('cognitiveServiceSku')]"
},
"kind": "[variables('cognitiveServiceKind')]",
"properties": {
"customSubDomainName": "[variables('cognitiveServiceName')]",
"encryption": {
"keySource": "Microsoft.CognitiveServices"
},
"networkAcls": {
"defaultAction": "Deny",
"ipRules": [],
"virtualNetworkRules": []
},
"publicNetworkAccess": "Disabled"
// "userOwnedStorage": []
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', variables('cognitiveServiceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.CognitiveServices/accounts', variables('cognitiveServiceName'))]",
"groupIds": [
"account"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {}
}

24
infra/CognitiveServices/params.cognitiveService001.json
Просмотреть файл

@ -1,24 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"cognitiveServiceName": {
"value": "dn001-dp001-cognitiveservice001"
},
"cognitiveServiceSku": {
"value": "S0"
},
"cognitiveServiceKind": {
"value": "FormRecognizer"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com"
}
}
}

130
infra/ContainerRegistry/deploy.containerRegistry.json
Просмотреть файл

@ -1,130 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"containerRegistryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Container Registry."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"containerRegistryName": "[parameters('containerRegistryName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('containerRegistryName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2019-12-01-preview",
"name": "[variables('containerRegistryName')]",
"location": "[variables('location')]",
"sku": {
"name": "Premium"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"adminUserEnabled": true,
"networkRuleSet": {
"defaultAction": "Deny",
"virtualNetworkRules": [
],
"ipRules": [
]
},
"policies": {
"quarantinePolicy": {
"status": "disabled"
},
"trustPolicy": {
"status": "disabled",
"type": "Notary"
},
"retentionPolicy": {
"status": "disabled",
"days": 7
}
},
"dataEndpointEnabled": false,
"publicNetworkAccess": "Disabled"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]",
"groupIds": [
"registry"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"containerRegistryId": {
"type": "string",
"value": "[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
}
}
}

18
infra/ContainerRegistry/params.containerRegistry001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"containerRegistryName": {
"value": "dn001dp001containerregistry001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
}
}
}

338
infra/DataFactory/deploy.dataFactory.json
Просмотреть файл

@ -1,338 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"dataFactoryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the data factory."
}
},
"dataFactoryGitAccount": {
"type": "string",
"metadata": {
"description": "Specifies the account name for the repository connection."
}
},
"dataFactoryGitRepo": {
"type": "string",
"metadata": {
"description": "Specifies the repo name for the repository connection."
}
},
"dataFactoryGitCollaborationBranch": {
"type": "string",
"metadata": {
"description": "Specifies the collaboration branch name for the repository connection."
}
},
"dataFactoryGitRootFolder": {
"type": "string",
"metadata": {
"description": "Specifies the root folder in the branch for the repository connection."
}
},
"dataFactoryGitType": {
"type": "string",
"allowedValues": [
"FactoryGitHubConfiguration",
"FactoryVSTSConfiguration"
],
"metadata": {
"description": "Specifies the type of git connection."
}
},
"purviewId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the purview data catalog that should be linked to the data factory."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the keyvault that should be linked to the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdDataFactory": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory."
}
},
"privateDnsZoneIdPortal": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory portal."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"dataFactoryName": "[parameters('dataFactoryName')]",
"defaultManagedVnetIntegrationRuntimeName": "AutoResolveIntegrationRuntime",
"dataFactoryGitAccount": "[parameters('dataFactoryGitAccount')]",
"dataFactoryGitRepo": "[parameters('dataFactoryGitRepo')]",
"dataFactoryGitCollaborationBranch": "[parameters('dataFactoryGitCollaborationBranch')]",
"dataFactoryGitRootFolder": "[parameters('dataFactoryGitRootFolder')]",
"dataFactoryGitType": "[parameters('dataFactoryGitType')]",
"purviewId": "[parameters('purviewId')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdDataFactory": "[parameters('privateDnsZoneIdDataFactory')]",
"privateDnsZoneIdPortal": "[parameters('privateDnsZoneIdPortal')]",
"privateEndpointNameDataFactory": "[concat(variables('dataFactoryName'), '-datafactory-private-endpoint')]",
"privateEndpointNamePortal": "[concat(variables('dataFactoryName'), '-portal-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[variables('dataFactoryName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
// "repoConfiguration": {
// "accountName": "[variables('dataFactoryGitAccount')]",
// "repositoryName": "[variables('dataFactoryGitRepo')]",
// "collaborationBranch": "[variables('dataFactoryGitCollaborationBranch')]",
// "rootFolder": "[variables('dataFactoryGitRootFolder')]",
// "type": "[variables('dataFactoryGitType')]"
// },
"globalParameters": {
},
"publicNetworkAccess": "Disabled",
"purviewConfiguration": {
"purviewResourceId": "[variables('purviewId')]"
}
},
"resources": [
{
"type": "managedVirtualNetworks",
"apiVersion": "2018-06-01",
"name": "default",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"properties": {}
},
{
"type": "integrationRuntimes",
"apiVersion": "2018-06-01",
"name": "[variables('defaultManagedVnetIntegrationRuntimeName')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]"
],
"properties": {
"type": "Managed",
"managedVirtualNetwork": {
"type": "ManagedVirtualNetworkReference",
"referenceName": "default"
},
"typeProperties": {
"computeProperties": {
"location": "AutoResolve"
}
}
}
},
{
"condition": "[not(empty(variables('keyVaultId')))]",
"type": "managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"name": "[concat('default/', replace(variables('keyVaultName'), '-', ''))]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]",
"[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('defaultManagedVnetIntegrationRuntimeName'))]"
],
"properties": {
"privateLinkResourceId": "[variables('keyVaultId')]",
"groupId": "vault"
}
},
{
"condition": "[not(empty(variables('keyVaultId')))]",
"type": "linkedservices",
"apiVersion": "2018-06-01",
"name": "[replace(variables('keyVaultName'), '-', '')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]",
"[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('defaultManagedVnetIntegrationRuntimeName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints', variables('dataFactoryName'), 'default', replace(variables('keyVaultName'), '-', ''))]"
],
"properties": {
"type": "AzureKeyVault",
"annotations": [],
"additionalProperties": {},
"connectVia": {
"type": "IntegrationRuntimeReference",
"referenceName": "[variables('defaultManagedVnetIntegrationRuntimeName')]"
},
"description": "Key Vault for data product",
"parameters": {},
"typeProperties": {
"baseUrl": "[concat('https://', variables('keyVaultName'), '.vault.azure.net/')]"
}
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDataFactory')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDataFactory')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"dataFactory"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDataFactory'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDataFactory'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDataFactory'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDataFactory')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNamePortal')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNamePortal')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"portal"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNamePortal'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNamePortal'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNamePortal'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdPortal')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "AccessPolicyDeployment",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(variables('keyVaultName'), '/add')]",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[reference(resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName')), '2018-06-01', 'Full').identity.tenantId]",
"objectId": "[reference(resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName')), '2018-06-01', 'Full').identity.principalId]",
"permissions": {
"secrets": [
"list",
"get"
]
}
}
]
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {}
}

42
infra/DataFactory/params.dataFactory001.json
Просмотреть файл

@ -1,42 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"dataFactoryName": {
"value": "dn001-dp001-datafactory001"
},
"dataFactoryGitAccount": {
"value": ""
},
"dataFactoryGitRepo": {
"value": ""
},
"dataFactoryGitCollaborationBranch": {
"value": ""
},
"dataFactoryGitRootFolder": {
"value": ""
},
"dataFactoryGitType": {
"value": "FactoryGitHubConfiguration"
},
"purviewId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-governance/providers/Microsoft.Purview/accounts/dh-purview001"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.KeyVault/vaults/dn001-dp001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdPortal": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
}
}
}

152
infra/KeyVault/deploy.keyVault.json
Просмотреть файл

@ -1,152 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the key vault."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
},
"resourceExists": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether this is the first deployment of this resource or whether the resource already exists."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"keyVaultName": "[parameters('keyVaultName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"resourceExists": "[parameters('resourceExists')]",
"privateEndpointName": "[concat(variables('keyVaultName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[concat(variables('keyVaultName'), 'Deployment')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[variables('keyVaultName')]",
"location": "[variables('location')]",
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enablePurgeProtection": true,
"enableSoftDelete": true,
"enableRbacAuthorization": false,
"tenantId": "[subscription().tenantId]",
"createMode": "default",
"accessPolicies": "[if(variables('resourceExists'), reference(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '2016-10-01').accessPolicies, createArray())]",
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroup": "[resourceGroup().name]"
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[concat(variables('keyVaultName'), 'Deployment')]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"groupIds": [
"vault"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"keyVaultId": {
"type": "string",
"value": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
}
}
}

21
infra/KeyVault/params.keyVault001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dn001-dp001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"resourceExists": {
"value": false
}
}
}

21
infra/KeyVault/params.keyVault002.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dn001-dp001-keyvault002"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"resourceExists": {
"value": false
}
}
}

157
infra/MachineLearning/deploy.machineLearning.json
Просмотреть файл

@ -1,157 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlWorkspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning workspace."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Key Vault that should be connected to Azure Machine Learning."
}
},
"applicationInsightsId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Application Insights that should be connected to Azure Machine Learning."
}
},
"storageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Storage Account that should be connected to Azure Machine Learning."
}
},
"containerRegistryId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Container Registry that should be connected to Azure Machine Learning."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdApi": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the private dns zone for the AML APIs."
}
},
"privateDnsZoneIdNotebooks": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the private dns zone for the AML Notebooks."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlWorkspaceName": "[parameters('mlWorkspaceName')]",
"keyVaultId": "[parameters('keyVaultId')]",
"applicationInsightsId": "[parameters('applicationInsightsId')]",
"storageAccountId": "[parameters('storageAccountId')]",
"containerRegistryId": "[parameters('containerRegistryId')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdApi": "[parameters('privateDnsZoneIdApi')]",
"privateDnsZoneIdNotebooks": "[parameters('privateDnsZoneIdNotebooks')]",
"privateEndpointName": "[concat(variables('mlWorkspaceName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2020-09-01-preview",
"name": "[variables('mlWorkspaceName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"tier": "Basic",
"name": "Basic"
},
"properties": {
"friendlyName": "[variables('mlWorkspaceName')]",
"description": "[variables('mlWorkspaceName')]",
"keyVault": "[variables('keyVaultId')]",
"applicationInsights": "[variables('applicationInsightsId')]",
"storageAccount": "[variables('storageAccountId')]",
"containerRegistry": "[variables('containerRegistryId')]",
"hbiWorkspace": true,
"allowPublicAccessWhenBehindVnet": false
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', variables('mlWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('mlWorkspaceName'))]",
"groupIds": [
"amlworkspace"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-api-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdApi')]"
}
},
{
"name": "[concat(variables('privateEndpointName'), '-notebooks-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdNotebooks')]"
}
}
]
}
}
],
"outputs": {
"mlWorkspaceId": {
"type": "string",
"value": "[resourceId('Microsoft.MachineLearningServices/workspaces', variables('mlWorkspaceName'))]"
}
}
}

33
infra/MachineLearning/params.machineLearning001.json
Просмотреть файл

@ -1,33 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlWorkspaceName": {
"value": "dn001-dp001-machinelearning001"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.KeyVault/vaults/dn001-dp001-keyvault002"
},
"applicationInsightsId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Insights/components/dn001-dp001-appinsight001"
},
"storageAccountId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Storage/storageAccounts/dn001dp001storage001"
},
"containerRegistryId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.ContainerRegistry/registries/dn001dp001containerregistry001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneIdApi": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
},
"privateDnsZoneIdNotebooks": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
}
}
}

60
infra/MachineLearningAks/deploy.machineLearningAks.json
Просмотреть файл

@ -1,60 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlAksName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning AKS."
}
},
"mlWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the Azure Machine Learning workspace."
}
},
"mlAksId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the AKS cluster."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlAksName": "[parameters('mlAksName')]",
"mlWorkspaceId": "[parameters('mlWorkspaceId')]",
"mlWorkspaceName": "[last(split(variables('mlWorkspaceId'), '/'))]",
"mlAksId": "[parameters('mlAksId')]"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/', variables('mlAksName'))]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Basic",
"tier": "Basic"
},
"properties": {
"computeLocation": "[variables('location')]",
"computeType": "AKS",
"resourceId": "[variables('mlAksId')]"
}
}
],
"outputs": {}
}

18
infra/MachineLearningAks/params.machineLearningAks001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlAksName": {
"value": "aks001"
},
"mlWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.MachineLearningServices/workspaces/dn001-dp001-machinelearning001"
},
"mlAksId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-aks/providers/Microsoft.ContainerService/managedClusters/dn001-aks001"
}
}
}

188
infra/MachineLearningCluster/deploy.machineLearningCluster.json
Просмотреть файл

@ -1,188 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlClusterName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning compute cluster."
}
},
"mlWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the Azure Machine Learning workspace."
}
},
"mlClusterMaxNodeCount": {
"type": "int",
"minValue": 0,
"metadata": {
"description": "Specifies the maximum node count of the Azure Machine Learning compute cluster."
}
},
"mlClusterVmPriority": {
"type": "string",
"allowedValues": [
"Dedicated",
"LowPrority"
],
"metadata": {
"description": "Specifies the priority of the Azure Machine Learning compute cluster."
}
},
"mlClusterVmSize": {
"type": "string",
"allowedValues": [
"Standard_D1_v2",
"Standard_D2_v2",
"Standard_D3_v2",
"Standard_D4_v2",
"Standard_D11_v2",
"Standard_D12_v2",
"Standard_D13_v2",
"Standard_D14_v2",
"Standard_DS1_v2",
"Standard_DS2_v2",
"Standard_DS3_v2",
"Standard_DS4_v2",
"Standard_DS5_v2",
"Standard_DS11_v2",
"Standard_DS12_v2",
"Standard_DS13_v2",
"Standard_DS14_v2",
"Standard_M8-2ms",
"Standard_M8-4ms",
"Standard_M8ms",
"Standard_M16-4ms",
"Standard_M16-8ms",
"Standard_M16ms",
"Standard_M32-8ms",
"Standard_M32-16ms",
"Standard_M32ls",
"Standard_M32ms",
"Standard_M32ts",
"Standard_M64-16ms",
"Standard_M64-32ms",
"Standard_M64ls",
"Standard_M64ms",
"Standard_M64s",
"Standard_M128-32ms",
"Standard_M128-64ms",
"Standard_M128ms",
"Standard_M128s",
"Standard_M64",
"Standard_M64m",
"Standard_M128",
"Standard_M128m",
"Standard_D1",
"Standard_D2",
"Standard_D3",
"Standard_D4",
"Standard_D11",
"Standard_D12",
"Standard_D13",
"Standard_D14",
"Standard_DS15_v2",
"Standard_NV6",
"Standard_NV12",
"Standard_NV24",
"Standard_F2s_v2",
"Standard_F4s_v2",
"Standard_F8s_v2",
"Standard_F16s_v2",
"Standard_F32s_v2",
"Standard_F64s_v2",
"Standard_F72s_v2",
"Standard_NC6s_v3",
"Standard_NC12s_v3",
"Standard_NC24rs_v3",
"Standard_NC24s_v3",
"Standard_NC6",
"Standard_NC12",
"Standard_NC24",
"Standard_NC24r",
"Standard_ND6s",
"Standard_ND12s",
"Standard_ND24rs",
"Standard_ND24s",
"Standard_NC6s_v2",
"Standard_NC12s_v2",
"Standard_NC24rs_v2",
"Standard_NC24s_v2",
"Standard_ND40rs_v2",
"Standard_NV12s_v3",
"Standard_NV24s_v3",
"Standard_NV48s_v3"
],
"metadata": {
"description": "Specifies the SKU of the Azure Machine Learning compute cluster."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the subnet which the cluster uses."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlClusterName": "[parameters('mlClusterName')]",
"mlWorkspaceId": "[parameters('mlWorkspaceId')]",
"mlWorkspaceName": "[last(split(variables('mlWorkspaceId'), '/'))]",
"mlClusterMaxNodeCount": "[parameters('mlClusterMaxNodeCount')]",
"mlClusterVmPriority": "[parameters('mlClusterVmPriority')]",
"mlClusterVmSize": "[parameters('mlClusterVmSize')]",
"subnetId": "[parameters('subnetId')]"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/', variables('mlClusterName'))]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Basic",
"tier": "Basic"
},
"properties": {
"computeLocation": "[variables('location')]",
"computeType": "AmlCompute",
"description": "[variables('mlClusterName')]",
"properties": {
"remoteLoginPortPublicAccess": "Disabled",
"scaleSettings": {
"minNodeCount": 0,
"maxNodeCount": "[variables('mlClusterMaxNodeCount')]",
"nodeIdleTimeBeforeScaleDown": "PT120S"
},
"subnet": {
"id": "[variables('subnetId')]"
},
"vmPriority": "[variables('mlClusterVmPriority')]",
"vmSize": "[variables('mlClusterVmSize')]",
"osType": "Linux",
// "virtualMachineImage": {
// "id": ""
// }
"isolatedNetwork": true,
"enableNodePublicIp": false
}
}
}
],
"outputs": {}
}

27
infra/MachineLearningCluster/params.machineLearningCluster001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlClusterName": {
"value": "mlcluster001"
},
"mlWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.MachineLearningServices/workspaces/dn001-dp001-machinelearning001"
},
"mlClusterMaxNodeCount": {
"value": 4
},
"mlClusterVmPriority": {
"value": "Dedicated"
},
"mlClusterVmSize": {
"value": "Standard_DS3_v2"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
}
}
}

194
infra/MachineLearningComputeInstance/deploy.machineLearningComputeInstance.json
Просмотреть файл

@ -1,194 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlComputeInstanceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning compute instance."
}
},
"mlWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the Azure Machine Learning workspace."
}
},
"mlComputeInstanceUserObjectId": {
"type": "string",
"metadata": {
"description": "Specifies the User Object ID owning of the Azure Machine Learning compute instance."
}
},
"mlComputeInstanceSshKey": {
"type": "securestring",
"metadata": {
"description": "Specifies the SSH key of the Azure Machine Learning compute instance."
}
},
"mlComputeInstanceVmSize": {
"type": "string",
"allowedValues": [
"Standard_D1_v2",
"Standard_D2_v2",
"Standard_D3_v2",
"Standard_D4_v2",
"Standard_D11_v2",
"Standard_D12_v2",
"Standard_D13_v2",
"Standard_D14_v2",
"Standard_DS1_v2",
"Standard_DS2_v2",
"Standard_DS3_v2",
"Standard_DS4_v2",
"Standard_DS5_v2",
"Standard_DS11_v2",
"Standard_DS12_v2",
"Standard_DS13_v2",
"Standard_DS14_v2",
"Standard_M8-2ms",
"Standard_M8-4ms",
"Standard_M8ms",
"Standard_M16-4ms",
"Standard_M16-8ms",
"Standard_M16ms",
"Standard_M32-8ms",
"Standard_M32-16ms",
"Standard_M32ls",
"Standard_M32ms",
"Standard_M32ts",
"Standard_M64-16ms",
"Standard_M64-32ms",
"Standard_M64ls",
"Standard_M64ms",
"Standard_M64s",
"Standard_M128-32ms",
"Standard_M128-64ms",
"Standard_M128ms",
"Standard_M128s",
"Standard_M64",
"Standard_M64m",
"Standard_M128",
"Standard_M128m",
"Standard_D1",
"Standard_D2",
"Standard_D3",
"Standard_D4",
"Standard_D11",
"Standard_D12",
"Standard_D13",
"Standard_D14",
"Standard_DS15_v2",
"Standard_NV6",
"Standard_NV12",
"Standard_NV24",
"Standard_F2s_v2",
"Standard_F4s_v2",
"Standard_F8s_v2",
"Standard_F16s_v2",
"Standard_F32s_v2",
"Standard_F64s_v2",
"Standard_F72s_v2",
"Standard_NC6s_v3",
"Standard_NC12s_v3",
"Standard_NC24rs_v3",
"Standard_NC24s_v3",
"Standard_NC6",
"Standard_NC12",
"Standard_NC24",
"Standard_NC24r",
"Standard_ND6s",
"Standard_ND12s",
"Standard_ND24rs",
"Standard_ND24s",
"Standard_NC6s_v2",
"Standard_NC12s_v2",
"Standard_NC24rs_v2",
"Standard_NC24s_v2",
"Standard_ND40rs_v2",
"Standard_NV12s_v3",
"Standard_NV24s_v3",
"Standard_NV48s_v3"
],
"metadata": {
"description": "Specifies the SKU of the Azure Machine Learning compute instance."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the subnet which the instance uses."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlComputeInstanceName": "[parameters('mlComputeInstanceName')]",
"mlWorkspaceId": "[parameters('mlWorkspaceId')]",
"mlWorkspaceName": "[last(split(variables('mlWorkspaceId'), '/'))]",
"mlComputeInstanceUserObjectId": "[parameters('mlComputeInstanceUserObjectId')]",
"mlComputeInstanceSshKey": "[parameters('mlComputeInstanceSshKey')]",
"mlComputeInstanceVmSize": "[parameters('mlComputeInstanceVmSize')]",
"subnetId": "[parameters('subnetId')]",
"sshKeyName": "[concat(variables('mlComputeInstanceName'), '-sshkey')]"
},
"resources": [
{
"condition": "[not(empty(variables('mlComputeInstanceSshKey')))]",
"type": "Microsoft.Compute/sshPublicKeys",
"apiVersion": "2020-06-01",
"name": "[variables('sshKeyName')]",
"location": "[variables('location')]",
"properties": {
"publicKey": "[variables('mlComputeInstanceSshKey')]"
}
},
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/', variables('mlComputeInstanceName'))]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Basic",
"tier": "Basic"
},
"properties": {
"computeLocation": "[variables('location')]",
"computeType": "ComputeInstance",
"description": "[variables('mlComputeInstanceName')]",
"properties": {
"subnet": {
"id": "[variables('subnetId')]"
},
"vmSize": "[variables('mlComputeInstanceVmSize')]",
"applicationSharingPolicy": "Personal",
"computeInstanceAuthorizationType": "personal",
"personalComputeInstanceSettings": {
"assignedUser": {
"objectId": "[variables('mlComputeInstanceUserObjectId')]",
"tenantId": "[subscription().tenantId]"
}
},
"sshSettings": {
"sshPublicAccess": "[if(empty(variables('mlComputeInstanceSshKey')), 'Disabled', 'Enabled')]",
"adminPublicKey": "[if(empty(variables('mlComputeInstanceSshKey')), '', reference(resourceId('Microsoft.Compute/sshPublicKeys', variables('sshKeyName')), '2020-06-01').publicKey)]"
},
"isolatedNetwork": true,
"enableNodePublicIp": false
}
}
}
],
"outputs": {}
}

27
infra/MachineLearningComputeInstance/params.machineLearningComputeInstance001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlComputeInstanceName": {
"value": "ci001"
},
"mlWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.MachineLearningServices/workspaces/dn001-dp001-machinelearning001"
},
"mlComputeInstanceUserObjectId": {
"value": ""
},
"mlComputeInstanceSshKey": {
"value": ""
},
"mlComputeInstanceVmSize": {
"value": "Standard_DS3_v2"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
}
}
}

71
infra/MachineLearningDatabricks/deploy.machineLearningDatabricks.json
Просмотреть файл

@ -1,71 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlDatabricksConnectionName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning Databricks connection."
}
},
"mlWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the Azure Machine Learning workspace."
}
},
"databricksWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the Databricks workpsace resource ID that should be connected to the Azure Machine Learning workspace."
}
},
"databricksAccessToken": {
"type": "securestring",
"metadata": {
"description": "Specifies the Databricks access token that should be used for connecting to teh Databricks workspace from the Azure Machine Learning workspace."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlDatabricksConnectionName": "[parameters('mlDatabricksConnectionName')]",
"mlWorkspaceId": "[parameters('mlWorkspaceId')]",
"mlWorkspaceName": "[last(split(variables('mlWorkspaceId'), '/'))]",
"databricksWorkspaceId": "[parameters('databricksWorkspaceId')]",
"databricksAccessToken": "[parameters('databricksAccessToken')]"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/', variables('mlDatabricksConnectionName'))]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Basic",
"tier": "Basic"
},
"properties": {
"computeLocation": "[variables('location')]",
"computeType": "Databricks",
"description": "Data Node Databricks Workspace",
"resourceId": "[variables('databricksWorkspaceId')]",
"properties": {
"databricksAccessToken": "[variables('databricksAccessToken')]"
}
}
}
],
"outputs": {}
}

21
infra/MachineLearningDatabricks/params.machineLearningDatabricks001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlDatabricksConnectionName": {
"value": "databricks001"
},
"mlWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.MachineLearningServices/workspaces/dn001-dp001-machinelearning001"
},
"databricksWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-processing-product/providers/Microsoft.Databricks/workspaces/dn001-databricks002-processing"
},
"databricksAccessToken": {
"value": "<your-secure-databricks-access-token>"
}
}
}

79
infra/MachineLearningSynapse/deploy.machineLearningSynapse.json
Просмотреть файл

@ -1,79 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mlBigDataPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Machine Learning Big Data Pool."
}
},
"mlWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the Azure Machine Learning workspace."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace."
}
},
"synapseBigDataPoolId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse Big Data Pool."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mlBigDataPoolName": "[parameters('mlBigDataPoolName')]",
"mlWorkspaceId": "[parameters('mlWorkspaceId')]",
"mlWorkspaceName": "[last(split(variables('mlWorkspaceId'), '/'))]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseBigDataPoolId": "[parameters('synapseBigDataPoolId')]"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces/linkedServices",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/-synapse')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"linkedServiceResourceId": "[variables('synapseWorkspaceId')]"
}
},
{
"type": "Microsoft.MachineLearningServices/workspaces/computes",
"apiVersion": "2020-09-01-preview",
"name": "[concat(variables('mlWorkspaceName'), '/', variables('mlBigDataPoolName'))]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "Basic",
"tier": "Basic"
},
"properties": {
"computeLocation": "[variables('location')]",
"computeType": "SynapseSpark",
"resourceId": "[variables('synapseBigDataPoolId')]"
}
}
],
"outputs": {}
}

21
infra/MachineLearningSynapse/params.machineLearningSynapse001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mlBigDataPoolName": {
"value": "bigdatapool001"
},
"mlWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.MachineLearningServices/workspaces/dn001-dp001-machinelearning001"
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Synapse/workspaces/dn001-dp001-synapse001"
},
"synapseBigDataPoolId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Synapse/workspaces/dn001-dp001-synapse001/bigDataPools/bigdatapool001"
}
}
}

163
infra/Search/deploy.search.json
Просмотреть файл

@ -1,163 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"searchName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the search service."
}
},
"searchSku": {
"type": "string",
"defaultValue": "standard",
"allowedValues": [
"basic",
"standard",
"standard2",
"standard3",
"storage_optimized_l1",
"storage_optimized_l2"
],
"metadata": {
"description": "Specifies the pricing tier of the search service you want to create (for example, basic or standard)."
}
},
"searchReplicaCount": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"maxValue": 12,
"metadata": {
"description": "Specifies the number of replicas to distribute search workloads across the service. You need at least two replicas to support high availability of query workloads (not applicable to the free tier)."
}
},
"searchPartitionCount": {
"type": "int",
"defaultValue": 1,
"allowedValues": [
1,
2,
3,
4,
6,
12
],
"metadata": {
"description": "Specifies number of partitions to allow for scaling of document count as well as faster indexing by sharding your index over multiple search units."
}
},
"searchHostingMode": {
"type": "string",
"defaultValue": "default",
"allowedValues": [
"default",
"highDensity"
],
"metadata": {
"description": "Applicable only for SKUs set to standard3. You can set this property to enable a single, high density partition that allows up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"searchName": "[parameters('searchName')]",
"searchSku": "[parameters('searchSku')]",
"searchReplicaCount": "[parameters('searchReplicaCount')]",
"searchPartitionCount": "[parameters('searchPartitionCount')]",
"searchHostingMode": "[parameters('searchHostingMode')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('searchName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Search/searchServices",
"apiVersion": "2020-08-01-preview",
"name": "[variables('searchName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('searchSku')]"
},
"properties": {
"hostingMode": "[variables('searchHostingMode')]",
"partitionCount": "[variables('searchPartitionCount')]",
"replicaCount": "[variables('searchReplicaCount')]",
"publicNetworkAccess": "disabled",
"networkRuleSet": {
"ipRules": []
}
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Search/searchServices', variables('searchName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Search/searchServices', variables('searchName'))]",
"groupIds": [
"searchService"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {}
}

30
infra/Search/params.search001.json
Просмотреть файл

@ -1,30 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"searchName": {
"value": "dn001-dp001-search001"
},
"searchSku": {
"value": "standard"
},
"searchReplicaCount": {
"value": 1
},
"searchPartitionCount": {
"value": 1
},
"searchHostingMode": {
"value": "default"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net"
}
}
}

74
infra/SqlPool/deploy.sqlPool.json
Просмотреть файл

@ -1,74 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL pool."
}
},
"sqlPoolCapacity": {
"type": "string",
"defaultValue": "DW100c",
"allowedValues": [
"DW100c",
"DW200c",
"DW300c",
"DW400c",
"DW500c",
"DW1000c",
"DW1500c",
"DW2000c",
"DW2500c",
"DW3000c",
"DW5000c",
"DW6000c",
"DW7500c",
"DW10000c",
"DW15000c",
"DW30000c"
],
"metadata": {
"description": "Specifies the capacity in DWs of the SQL pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the sql pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlPoolName": "[parameters('sqlPoolName')]",
"sqlPoolCapacity": "[parameters('sqlPoolCapacity')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/sqlPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('sqlPoolName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlPoolCapacity')]"
},
"properties": {
"createMode": "Default",
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
],
"outputs": {}
}

18
infra/SqlPool/params.sqlPool001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlPoolName": {
"value": "sqlpool001"
},
"sqlPoolCapacity": {
"value": "DW100c"
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dp001/providers/Microsoft.Synapse/workspaces/dn001-dp001-synapse001"
}
}
}

325
infra/Storage/deploy.storage.json
Просмотреть файл

@ -1,325 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the storage account."
}
},
"enableHns": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies the name of the storage account."
}
},
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_ZRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS",
"Premium_ZRS",
"Standard_GZRS",
"Standard_RAGZRS"
],
"metadata": {
"description": "Specifies the SKU of the storage account."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdBlob": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the private dns zone for Blob."
}
},
"privateDnsZoneIdFile": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the private dns zone for File."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountType": "[parameters('storageAccountType')]",
"enableHns": "[parameters('enableHns')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdBlob": "[parameters('privateDnsZoneIdBlob')]",
"privateDnsZoneIdFile": "[parameters('privateDnsZoneIdFile')]",
"privateEndpointNameBlob": "[concat(variables('storageAccountName'), '-blob-private-endpoint')]",
"privateEndpointNameFile": "[concat(variables('storageAccountName'), '-file-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2020-08-01-preview",
"name": "[variables('storageAccountName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"tags": {
},
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
},
"table": {
"enabled": true,
"keyType": "Service"
},
"queue": {
"enabled": true,
"keyType": "Service"
}
},
"keySource": "Microsoft.Storage"
},
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "[subscription().tenantId]",
"resourceId": "/subscriptions/*/resourceGroups/*/providers/Microsoft.Purview/Accounts/*"
}
],
"bypass": "Metrics",
"virtualNetworkRules": [
],
"ipRules": [
],
"defaultAction": "Deny"
},
"accessTier": "Hot",
"allowSharedKeyAccess": true,
"supportsHttpsTrafficOnly": true,
"isHnsEnabled": "[variables('enableHns')]",
"largeFileSharesState": "Disabled",
"minimumTlsVersion": "TLS1_2",
"allowBlobPublicAccess": false
// "routingPreference": {
// "routingChoice": "MicrosoftRouting",
// "publishMicrosoftEndpoints": false,
// "publishInternetEndpoints": false
// }
},
"resources": [
{
"type": "managementPolicies",
"apiVersion": "2020-08-01-preview",
"name": "default",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
"policy": {
"rules": [
{
"enabled": true,
"name": "default",
"type": "Lifecycle",
"definition": {
"actions": {
"baseBlob": {
"tierToCool": {
"daysAfterModificationGreaterThan": 90
}
// "tierToArchive": {
// "daysAfterModificationGreaterThan": 365
// }
}
// "snapshot": {
// "delete": {
// "daysAfterCreationGreaterThan": 90
// }
// }
},
"filters": {
"prefixMatch": [
],
"blobTypes": [
"blockBlob"
]
}
}
}
]
}
}
},
{
"type": "blobServices",
"apiVersion": "2020-08-01-preview",
"name": "default",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
// "deleteRetentionPolicy": {
// "enabled": true,
// "days": 7
// }
// "isVersioningEnabled": true,
// "automaticSnapshotPolicyEnabled": true,
// "changeFeed": {
// "enabled": true
// },
// "defaultServiceVersion": "",
// "restorePolicy": {
// "enabled": true,
// "days": 7
// },
// "containerDeleteRetentionPolicy": { // Opt-in to preview if you want to use this feature: https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-container-overview?tabs=powershell#register-for-the-preview
// "enabled": true,
// "days": 7
// },
"cors": {
"corsRules": []
}
}
},
{
"type": "blobServices/containers",
"apiVersion": "2020-08-01-preview",
"name": "[concat('default/', 'data')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
"publicAccess": "None",
"metadata": {}
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameFile')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameFile')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"groupIds": [
"file"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameFile'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameFile'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameFile'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdFile')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameBlob')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameBlob')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"groupIds": [
"blob"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameBlob'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameBlob'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameBlob'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdBlob')]"
}
}
]
}
}
],
"outputs": {
"storageAccountId": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
}
}
}

27
infra/Storage/params.storage001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"storageAccountName": {
"value": "dn001dp001storage001"
},
"storageAccountType": {
"value": "Standard_LRS"
},
"enableHns": {
"value": false
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneIdBlob": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
},
"privateDnsZoneIdFile": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"
}
}
}

323
infra/Synapse/deploy.synapse.json
Просмотреть файл

@ -1,323 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"synapseWorkspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseDefaultStorageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the default storage account of the synapse workspace."
}
},
"synapseDefaultStorageAccountFileSystem": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseSqlAdministratorLogin": {
"type": "string",
"metadata": {
"description": "Specifies the login account name for the SQL DW of the synapse workspace."
}
},
"synapseSqlAdministratorPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the SQL DW of the synapse workspace."
}
},
"synapseDatalakeAnalyticsResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseComputeSubnetResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseSqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the SQL admin group."
}
},
"synapseSqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the SQL admin group."
}
},
"purviewId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the purview data catalog that should be linked to the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdSql": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for sql pools."
}
},
"privateDnsZoneIdDev": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for dev."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"synapseWorkspaceName": "[parameters('synapseWorkspaceName')]",
"synapseDefaultStorageAccountUrl": "[concat('https://', parameters('synapseDefaultStorageAccountName'), '.dfs.core.windows.net')]",
"synapseDefaultStorageAccountFileSystem": "[parameters('synapseDefaultStorageAccountFileSystem')]",
"synapseSqlAdministratorLogin": "[parameters('synapseSqlAdministratorLogin')]",
"synapseSqlAdministratorPassword": "[parameters('synapseSqlAdministratorPassword')]",
"synapseDatalakeAnalyticsResourceId": "[parameters('synapseDatalakeAnalyticsResourceId')]",
"synapseComputeSubnetResourceId": "[parameters('synapseComputeSubnetResourceId')]",
"synapseSqlAdminGroupName": "[parameters('synapseSqlAdminGroupName')]",
"synapseSqlAdminGroupObjectID": "[parameters('synapseSqlAdminGroupObjectID')]",
"purviewId": "[parameters('purviewId')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdSql": "[parameters('privateDnsZoneIdSql')]",
"privateDnsZoneIdDev": "[parameters('privateDnsZoneIdDev')]",
"privateEndpointNameSql": "[concat(variables('synapseWorkspaceName'), '-sql-private-endpoint')]",
"privateEndpointNameSqlOnDemand": "[concat(variables('synapseWorkspaceName'), '-sqlondemand-private-endpoint')]",
"privateEndpointNameDev": "[concat(variables('synapseWorkspaceName'), '-dev-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2019-06-01-preview",
"name": "[variables('synapseWorkspaceName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"defaultDataLakeStorage": {
"accountUrl": "[variables('synapseDefaultStorageAccountUrl')]",
"filesystem": "[variables('synapseDefaultStorageAccountFileSystem')]"
},
"sqlAdministratorLogin": "[variables('synapseSqlAdministratorLogin')]",
"sqlAdministratorLoginPassword": "[variables('synapseSqlAdministratorPassword')]",
"adlaResourceId": "[variables('synapseDatalakeAnalyticsResourceId')]",
"managedVirtualNetwork": "default",
"virtualNetworkProfile": {
"computeSubnetId": "[variables('synapseComputeSubnetResourceId')]"
},
"managedResourceGroupName": "[variables('synapseWorkspaceName')]",
"managedVirtualNetworkSettings": {
"allowedAadTenantIdsForLinking": [
"[subscription().tenantId]"
],
"linkedAccessCheckOnTargetResource": true,
"preventDataExfiltration": true
},
"connectivityEndpoints": {},
"purviewConfiguration": {
"purviewResourceId": "[variables('purviewId')]"
}
},
"resources": [
{
"type": "managedIdentitySqlControlSettings",
"apiVersion": "2019-06-01-preview",
"name": "default",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"grantSqlControlToManagedIdentity": {
"desiredState": "Enabled"
}
}
},
{
"condition": "[and(not(empty(variables('synapseSqlAdminGroupName'))), not(empty(variables('synapseSqlAdminGroupObjectID'))))]",
"type": "administrators",
"apiVersion": "2019-06-01-preview",
"name": "activeDirectory",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('synapseSqlAdminGroupName')]",
"sid": "[variables('synapseSqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSql')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSql')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Sql"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSql'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSql'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSql'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"SqlOnDemand"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSqlOnDemand'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDev')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDev')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Dev"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDev'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDev'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDev'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDev')]"
}
}
]
}
}
],
"outputs": {
"synapseWorkspaceId": {
"type": "string",
"value": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
}
}
}

48
infra/Synapse/params.synapse001.json
Просмотреть файл

@ -1,48 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"synapseWorkspaceName": {
"value": "dn001-dp001-synapse001"
},
"synapseDefaultStorageAccountName": {
"value": "dn001workspacesa"
},
"synapseDefaultStorageAccountFileSystem": {
"value": "dd001"
},
"synapseSqlAdministratorLogin": {
"value": "ServerMainUser"
},
"synapseSqlAdministratorPassword": {
"value": "<your-secure-password>"
},
"synapseDatalakeAnalyticsResourceId": {
"value": ""
},
"synapseComputeSubnetResourceId": {
"value": ""
},
"synapseSqlAdminGroupName": {
"value": ""
},
"synapseSqlAdminGroupObjectID": {
"value": ""
},
"purviewId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-governance/providers/Microsoft.Purview/accounts/dh-purview001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dp001-privatelink-subnet"
},
"privateDnsZoneIdSql": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDev": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
}
}

235
infra/main.bicep Normal file
Просмотреть файл

@ -0,0 +1,235 @@
targetScope = 'resourceGroup'
// General parameters
@description('Specifies the location for all resources.')
param location string
@allowed([
'dev'
'test'
'prod'
])
@description('Specifies the environment of the deployment.')
param environment string
@minLength(2)
@maxLength(5)
@description('Specifies the prefix for all resources created in this deployment.')
param prefix string
// Resource parameters
@description('Specifies the resource ID of a shared AKS cluster.')
param aksId string
@description('Specifies the object ID of the user who gets assigned to compute instance 001 in the Machine Learning Workspace.')
param machineLearningComputeInstance001AdministratorObjectId string
@secure()
@description('Specifies the public ssh key for compute instance 001 in the Machine Learning Workspace.')
param machineLearningComputeInstance001AdministratorPublicSshKey string
@secure()
@description('Specifies the administrator password of the sql servers.')
param administratorPassword string
@description('Specifies the resource ID of the default storage account file system for synapse.')
param synapseDefaultStorageAccountFileSystemId string
@description('Specifies the resource ID of the central purview instance.')
param purviewId string
@description('Specifies the resource ID of the Databricks workspace that will be connected to the Machine Learning Workspace.')
param databricksWorkspaceId string
@description('Specifies the workspace URL of the Databricks workspace that will be connected to the Machine Learning Workspace.')
param databricksWorkspaceUrl string
@secure()
@description('Specifies the access token of the Databricks workspace that will be connected to the Machine Learning Workspace.')
param databricksAccessToken string
@description('Specifies whether role assignments should be enabled.')
param enableRoleAssignments bool = false
// Network parameters
@description('Specifies the resource ID of the subnet to which all services will connect.')
param subnetId string
// Private DNS Zone parameters
@description('Specifies the resource ID of the private DNS zone for KeyVault.')
param privateDnsZoneIdKeyVault string
@description('Specifies the resource ID of the private DNS zone for Synapse Dev.')
param privateDnsZoneIdSynapseDev string
@description('Specifies the resource ID of the private DNS zone for Synapse Sql.')
param privateDnsZoneIdSynapseSql string
@description('Specifies the resource ID of the private DNS zone for Data Factory.')
param privateDnsZoneIdDataFactory string
@description('Specifies the resource ID of the private DNS zone for Data Factory Portal.')
param privateDnsZoneIdDataFactoryPortal string
@description('Specifies the resource ID of the private DNS zone for Cognitive Services.')
param privateDnsZoneIdCognitiveService string
@description('Specifies the resource ID of the private DNS zone for Container Registry.')
param privateDnsZoneIdContainerRegistry string
@description('Specifies the resource ID of the private DNS zone for Azure Search.')
param privateDnsZoneIdSearch string
@description('Specifies the resource ID of the private DNS zone for Blob Storage.')
param privateDnsZoneIdBlob string
@description('Specifies the resource ID of the private DNS zone for File Storage.')
param privateDnsZoneIdFile string
@description('Specifies the resource ID of the private DNS zone for Machine Learning API.')
param privateDnsZoneIdMachineLearningApi string
@description('Specifies the resource ID of the private DNS zone for Machine Learning Notebooks.')
param privateDnsZoneIdMachineLearningNotebooks string
// Variables
var name = toLower('${prefix}-${environment}')
var tags = {
Owner: 'Enterprise Scale Analytics'
Project: 'Enterprise Scale Analytics'
Environment: environment
Toolkit: 'bicep'
Name: name
}
var synapseDefaultStorageAccountSubscriptionId = split(synapseDefaultStorageAccountFileSystemId, '/')[2]
var synapseDefaultStorageAccountResourceGroupName = split(synapseDefaultStorageAccountFileSystemId, '/')[4]
// Resources
module keyvault001 'modules/services/keyvault.bicep' = {
name: 'keyvault001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
keyvaultName: '${name}-vault001'
privateDnsZoneIdKeyVault: privateDnsZoneIdKeyVault
}
}
module synapse001 'modules/services/synapse.bicep' = {
name: 'synapse001'
scope: resourceGroup()
params: {
location: location
synapseName: '${name}-synapse001'
tags: tags
subnetId: subnetId
administratorPassword: administratorPassword
synapseSqlAdminGroupName: ''
synapseSqlAdminGroupObjectID: ''
privateDnsZoneIdSynapseDev: privateDnsZoneIdSynapseDev
privateDnsZoneIdSynapseSql: privateDnsZoneIdSynapseSql
purviewId: purviewId
synapseComputeSubnetId: ''
synapseDefaultStorageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
}
}
module synapse001RoleAssignmentStorage 'modules/auxiliary/synapseRoleAssignmentStorage.bicep' = if (enableRoleAssignments) {
name: 'synapse001RoleAssignmentStorage'
scope: resourceGroup(synapseDefaultStorageAccountSubscriptionId, synapseDefaultStorageAccountResourceGroupName)
params: {
storageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
synapseId: synapse001.outputs.synapseId
}
}
module datafactory001 'modules/services/datafactory.bicep' = {
name: 'datafactory001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
datafactoryName: '${name}-datafactory001'
keyVault001Id: keyvault001.outputs.keyvaultId
privateDnsZoneIdDataFactory: privateDnsZoneIdDataFactory
privateDnsZoneIdDataFactoryPortal: privateDnsZoneIdDataFactoryPortal
purviewId: purviewId
}
}
module cognitiveservice001 'modules/services/cognitiveservices.bicep' = {
name: 'cognitiveservice001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
cognitiveServiceName: '${name}-cognitiveservice001'
cognitiveServiceKind: 'FormRecognizer'
cognitiveServiceSkuName: 'S0'
privateDnsZoneIdCognitiveService: privateDnsZoneIdCognitiveService
}
}
module search001 'modules/services/search.bicep' = {
name: 'search001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
searchName: '${name}-search001'
searchHostingMode: 'default'
searchPartitionCount: 1
searchReplicaCount: 1
searchSkuName: 'standard'
privateDnsZoneIdSearch: privateDnsZoneIdSearch
}
}
module applicationInsights001 'modules/services/applicationinsights.bicep' = {
name: 'applicationInsights001'
scope: resourceGroup()
params: {
location: location
tags: tags
applicationInsightsName: '${name}-insights001'
logAnalyticsWorkspaceId: ''
}
}
module containerRegistry001 'modules/services/containerregistry.bicep' = {
name: 'containerRegistry001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
containerRegistryName: '${name}-containerregistry001'
privateDnsZoneIdContainerRegistry: privateDnsZoneIdContainerRegistry
}
}
module storage001 'modules/services/storage.bicep' = {
name: 'storage001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
storageName: '${name}-storage001'
storageContainerNames: [
'default'
]
storageSkuName: 'Standard_LRS'
privateDnsZoneIdBlob: privateDnsZoneIdBlob
privateDnsZoneIdFile: privateDnsZoneIdFile
}
}
module machineLearning001 'modules/services/machinelearning.bicep' = {
name: 'machineLearning001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
machineLearningName: '${name}-machinelearning001'
applicationInsightsId: applicationInsights001.outputs.applicationInsightsId
containerRegistryId: containerRegistry001.outputs.containerRegistryId
keyVaultId: keyvault001.outputs.keyvaultId
storageAccountId: storage001.outputs.storageId
aksId: aksId
databricksAccessToken: databricksAccessToken
databricksWorkspaceId: databricksWorkspaceId
databricksWorkspaceUrl: databricksWorkspaceUrl
synapseId: synapse001.outputs.synapseId
synapseBigDataPoolId: synapse001.outputs.synapseBigDataPool001Id
machineLearningComputeInstance001AdministratorObjectId: machineLearningComputeInstance001AdministratorObjectId
machineLearningComputeInstance001AdministratorPublicSshKey: machineLearningComputeInstance001AdministratorPublicSshKey
privateDnsZoneIdMachineLearningApi: privateDnsZoneIdMachineLearningApi
privateDnsZoneIdMachineLearningNotebooks: privateDnsZoneIdMachineLearningNotebooks
enableRoleAssignments: enableRoleAssignments
}
}

2344
infra/main.json Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

34
infra/modules/auxiliary/synapseRoleAssignmentStorage.bicep Normal file
Просмотреть файл

@ -0,0 +1,34 @@
// The module contains a template to create a role assignment of the Synase MSI to a file system.
targetScope = 'resourceGroup'
// Parameters
param storageAccountFileSystemId string
param synapseId string
// Variables
var storageAccountFileSystemName = last(split(storageAccountFileSystemId, '/'))
var storageAccountName = split(storageAccountFileSystemId, '/')[8]
var synapseSubscriptionId = split(synapseId, '/')[2]
var synapseResourceGroupName = split(synapseId, '/')[4]
var synapseName = last(split(synapseId, '/'))
// Resources
resource storageAccountFileSystem 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' existing = {
name: '${storageAccountName}/default/${storageAccountFileSystemName}'
}
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' existing = {
name: synapseName
scope: resourceGroup(synapseSubscriptionId, synapseResourceGroupName)
}
resource synapseRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(uniqueString(storageAccountFileSystem.id, synapse.id))
scope: storageAccountFileSystem
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
principalId: synapse.identity.principalId
}
}
// Outputs

35
infra/modules/services/applicationinsights.bicep Normal file
Просмотреть файл

@ -0,0 +1,35 @@
// This template is used to create Application Insights.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param applicationInsightsName string
param logAnalyticsWorkspaceId string
// Variables
// Resources
resource applicationInsights 'Microsoft.Insights/components@2020-02-02-preview' = {
name: applicationInsightsName
location: location
tags: tags
kind: 'web'
properties: {
Application_Type: 'web'
DisableIpMasking: false
DisableLocalAuth: false
Flow_Type: 'Bluefield'
ForceCustomerStorageForProfiler: false
ImmediatePurgeDataOn30Days: true
IngestionMode: 'ApplicationInsights'
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Disabled'
Request_Source: 'rest'
// SamplingPercentage: 50 // Uncomment, if you want to define the sampling percentage that should be used for the telemetry.
// WorkspaceResourceId: logAnalyticsWorkspaceId // Uncomment, if you want to connect your application insights to the central log analytics workspace.
}
}
// Outputs
output applicationInsightsId string = applicationInsights.id

103
infra/modules/services/cognitiveservices.bicep Normal file
Просмотреть файл

@ -0,0 +1,103 @@
// This template is used to create a Cognitive Service.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param cognitiveServiceName string
param cognitiveServiceSkuName string = 'S0'
@allowed([
'AnomalyDetector'
'ComputerVision'
'CognitiveServices'
'ContentModerator'
'CustomVision.Training'
'CustomVision.Prediction'
'Face'
'FormRecognizer'
'ImmersiveReader'
'LUIS'
'Personalizer'
'SpeechServices'
'TextAnalytics'
'QnAMaker'
'TranslatorText'
])
param cognitiveServiceKind string
param privateDnsZoneIdCognitiveService string
// Variables
var cognitiveServicePrivateEndpointName = '${cognitiveService.name}-private-endpoint'
// Resources
resource cognitiveService 'Microsoft.CognitiveServices/accounts@2021-04-30' = {
name: cognitiveServiceName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: cognitiveServiceSkuName
}
kind: cognitiveServiceKind
properties: {
allowedFqdnList: []
apiProperties: {}
customSubDomainName: cognitiveServiceName
disableLocalAuth: true
encryption: {
keySource: 'Microsoft.CognitiveServices'
}
networkAcls: {
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
publicNetworkAccess: 'Disabled'
restrictOutboundNetworkAccess: true
// userOwnedStorage: [] // Uncomment if you want to enable user owned storage. Only available for select set of cognitive service kinds.
}
}
resource cognitiveServicePrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: cognitiveServicePrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: cognitiveServicePrivateEndpointName
properties: {
groupIds: [
'account'
]
privateLinkServiceId: cognitiveService.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource cognitiveServicePrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: cognitiveServicePrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${cognitiveServicePrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdCognitiveService
}
}
]
}
}
// Outputs

94
infra/modules/services/containerregistry.bicep Normal file
Просмотреть файл

@ -0,0 +1,94 @@
// This template is used to create a Container Registry.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param containerRegistryName string
param privateDnsZoneIdContainerRegistry string
// Variables
var containerRegistryNameCleaned = replace(containerRegistryName, '-', '')
var containerRegistryPrivateEndpointName = '${containerRegistry.name}-private-endpoint'
// Resources
resource containerRegistry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = {
name: containerRegistryNameCleaned
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'Premium'
}
properties: {
adminUserEnabled: true
anonymousPullEnabled: false
dataEndpointEnabled: false
networkRuleBypassOptions: 'None'
networkRuleSet: {
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
policies: {
quarantinePolicy: {
status: 'enabled'
}
retentionPolicy: {
status: 'enabled'
days: 7
}
trustPolicy: {
status: 'disabled'
type: 'Notary'
}
}
publicNetworkAccess: 'Disabled'
zoneRedundancy: 'Enabled'
}
}
resource containerRegistryPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: containerRegistryPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: containerRegistryPrivateEndpointName
properties: {
groupIds: [
'registry'
]
privateLinkServiceId: containerRegistry.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource containerRegistryPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: containerRegistryPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${containerRegistryPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdContainerRegistry
}
}
]
}
}
// Outputs
output containerRegistryId string = containerRegistry.id

168
infra/modules/services/datafactory.bicep Normal file
Просмотреть файл

@ -0,0 +1,168 @@
// This template is used to create a Databricks workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param datafactoryName string
param purviewId string
param keyVault001Id string
param privateDnsZoneIdDataFactory string
param privateDnsZoneIdDataFactoryPortal string
// Variables
var keyVault001Name = last(split(keyVault001Id, '/'))
var datafactoryDefaultManagedVnetIntegrationRuntimeName = 'AutoResolveIntegrationRuntime'
var datafactoryPrivateEndpointNameDatafactory = '${datafactory.name}-datafactory-private-endpoint'
var datafactoryPrivateEndpointNamePortal = '${datafactory.name}-portal-private-endpoint'
// Resources
resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' = {
name: datafactoryName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
globalParameters: {}
publicNetworkAccess: 'Disabled'
purviewConfiguration: {
purviewResourceId: purviewId
}
}
}
resource datafactoryPrivateEndpointDatafactory 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: datafactoryPrivateEndpointNameDatafactory
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: datafactoryPrivateEndpointNameDatafactory
properties: {
groupIds: [
'dataFactory'
]
privateLinkServiceId: datafactory.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource datafactoryPrivateEndpointDatafactoryARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: datafactoryPrivateEndpointDatafactory
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${datafactoryPrivateEndpointDatafactory.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdDataFactory
}
}
]
}
}
resource datafactoryPrivateEndpointPortal 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: datafactoryPrivateEndpointNamePortal
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: datafactoryPrivateEndpointNamePortal
properties: {
groupIds: [
'portal'
]
privateLinkServiceId: datafactory.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource datafactoryPrivateEndpointPortalARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: datafactoryPrivateEndpointPortal
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${datafactoryPrivateEndpointPortal.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdDataFactoryPortal
}
}
]
}
}
resource datafactoryManagedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNetworks@2018-06-01' = {
parent: datafactory
name: 'default'
properties: {}
}
resource datafactoryManagedIntegrationRuntime001 'Microsoft.DataFactory/factories/integrationRuntimes@2018-06-01' = {
parent: datafactory
name: datafactoryDefaultManagedVnetIntegrationRuntimeName
properties: {
type: 'Managed'
managedVirtualNetwork: {
type: 'ManagedVirtualNetworkReference'
referenceName: datafactoryManagedVirtualNetwork.name
}
typeProperties: {
computeProperties: {
location: 'AutoResolve'
}
}
}
}
resource datafactoryKeyVault001ManagedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {
parent: datafactoryManagedVirtualNetwork
name: replace(keyVault001Name, '-', '')
properties: {
fqdns: []
groupId: 'vault'
privateLinkResourceId: keyVault001Id
}
}
resource datafactoryKeyVault001LinkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
parent: datafactory
name: replace(keyVault001Name, '-', '')
properties: {
type: 'AzureKeyVault'
annotations: []
connectVia: {
type: 'IntegrationRuntimeReference'
referenceName: datafactoryManagedIntegrationRuntime001.name
parameters: {}
}
description: 'Key Vault for storing secrets'
parameters: {}
typeProperties: {
baseUrl: 'https://${keyVault001Name}${environment().suffixes.keyvaultDns}/'
}
}
}
// Outputs
output datafactoryId string = datafactory.id

83
infra/modules/services/keyvault.bicep Normal file
Просмотреть файл

@ -0,0 +1,83 @@
// This template is used to create a KeyVault.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param keyvaultName string
param privateDnsZoneIdKeyVault string
// Variables
var keyVaultPrivateEndpointName = '${keyVault.name}-private-endpoint'
// Resources
resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = {
name: keyvaultName
location: location
tags: tags
properties: {
accessPolicies: []
createMode: 'default'
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: false
enablePurgeProtection: true
enableRbacAuthorization: true
enableSoftDelete: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
sku: {
family: 'A'
name: 'standard'
}
softDeleteRetentionInDays: 7
tenantId: subscription().tenantId
}
}
resource keyVaultPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: keyVaultPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: keyVaultPrivateEndpointName
properties: {
groupIds: [
'vault'
]
privateLinkServiceId: keyVault.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource keyVaultPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: keyVaultPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${keyVaultPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdKeyVault
}
}
]
}
}
// Outputs
output keyvaultId string = keyVault.id

253
infra/modules/services/machinelearning.bicep Normal file
Просмотреть файл

@ -0,0 +1,253 @@
// This template is used to create a KeyVault.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param machineLearningName string
param applicationInsightsId string
param containerRegistryId string
param keyVaultId string
param storageAccountId string
param aksId string
param synapseId string
param synapseBigDataPoolId string
param databricksWorkspaceId string
param databricksWorkspaceUrl string
@secure()
param databricksAccessToken string
param machineLearningComputeInstance001AdministratorObjectId string
@secure()
param machineLearningComputeInstance001AdministratorPublicSshKey string
param privateDnsZoneIdMachineLearningApi string
param privateDnsZoneIdMachineLearningNotebooks string
param enableRoleAssignments bool
// Variables
var machineLearningPrivateEndpointName = '${machineLearning.name}-private-endpoint'
// Resources
resource machineLearning 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = {
name: machineLearningName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
allowPublicAccessWhenBehindVnet: false
description: machineLearningName
encryption: {
status: 'Disabled'
}
friendlyName: machineLearningName
hbiWorkspace: true
imageBuildCompute: 'cluster001'
primaryUserAssignedIdentity: ''
serviceManagedResourcesSettings: {
cosmosDb: {
collectionsThroughput: 400
}
}
applicationInsights: applicationInsightsId
containerRegistry: containerRegistryId
keyVault: keyVaultId
storageAccount: storageAccountId
}
}
resource machineLearningKubernetes001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (!empty(aksId)) {
parent: machineLearning
name: 'kubernetes001'
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
computeType: 'AKS'
resourceId: aksId
}
}
resource machineLearningDatabricks001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (enableRoleAssignments && !empty(databricksWorkspaceId) && !empty(databricksWorkspaceUrl) && !empty(databricksAccessToken)) {
parent: machineLearning
name: 'databricks001'
location: location
tags: tags
properties: {
computeType: 'Databricks'
computeLocation: location
description: 'Databricks workspace connection'
disableLocalAuth: true
properties: {
databricksAccessToken: databricksAccessToken
workspaceUrl: databricksWorkspaceUrl
}
resourceId: databricksWorkspaceId
}
}
resource machineLearningSynapse001 'Microsoft.MachineLearningServices/workspaces/linkedServices@2020-09-01-preview' = if (enableRoleAssignments && !empty(synapseId)) {
parent: machineLearning
name: 'synapse001'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
linkedServiceResourceId: synapseId
linkType: 'Synapse'
}
}
resource machineLearningSynapse001BigDataPool001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (enableRoleAssignments && !empty(synapseId) && !empty(synapseBigDataPoolId)) {
parent: machineLearning
name: 'bigdatapool001'
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
dependsOn: [
machineLearningSynapse001
]
properties: {
computeType: 'SynapseSpark'
computeLocation: location
description: 'Synapse workspace - Spark Pool'
disableLocalAuth: true
resourceId: synapseBigDataPoolId
}
}
resource machineLearningCluster001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = {
parent: machineLearning
name: 'cluster001'
dependsOn: [
machineLearningPrivateEndpoint
machineLearningPrivateEndpointARecord
]
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
computeType: 'AmlCompute'
computeLocation: location
description: 'Machine Learning cluster 001'
disableLocalAuth: true
properties: {
enableNodePublicIp: false
isolatedNetwork: false
osType: 'Linux'
remoteLoginPortPublicAccess: 'Disabled'
scaleSettings: {
minNodeCount: 0
maxNodeCount: 4
nodeIdleTimeBeforeScaleDown: 'PT120S'
}
subnet: {
id: subnetId
}
vmPriority: 'Dedicated'
vmSize: 'Standard_DS3_v2'
}
}
}
resource machineLearningComputeInstance001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (!empty(machineLearningComputeInstance001AdministratorObjectId)) {
parent: machineLearning
name: 'computeinstance001'
dependsOn: [
machineLearningPrivateEndpoint
machineLearningPrivateEndpointARecord
]
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
computeType: 'ComputeInstance'
computeLocation: location
description: 'Machine Learning compute instance 001'
disableLocalAuth: true
properties: {
applicationSharingPolicy: 'Personal'
computeInstanceAuthorizationType: 'personal'
enableNodePublicIp: false
isolatedNetwork: false
personalComputeInstanceSettings: {
assignedUser: {
objectId: machineLearningComputeInstance001AdministratorObjectId
tenantId: subscription().tenantId
}
}
setupScripts: {
scripts: {
creationScript: {}
startupScript: {}
}
}
sshSettings: {
adminPublicKey: machineLearningComputeInstance001AdministratorPublicSshKey
sshPublicAccess: empty(machineLearningComputeInstance001AdministratorPublicSshKey) ? 'Disabled' : 'Enabled'
}
subnet: {
id: subnetId
}
vmSize: 'Standard_DS3_v2'
}
}
}
resource machineLearningPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: machineLearningPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: machineLearningPrivateEndpointName
properties: {
groupIds: [
'amlworkspace'
]
privateLinkServiceId: machineLearning.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource machineLearningPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: machineLearningPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${machineLearningPrivateEndpoint.name}-api-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdMachineLearningApi
}
}
{
name: '${machineLearningPrivateEndpoint.name}-notebooks-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdMachineLearningNotebooks
}
}
]
}
}
// Outputs

101
infra/modules/services/search.bicep Normal file
Просмотреть файл

@ -0,0 +1,101 @@
// This template is used to create Azure Search.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param searchName string
@allowed([
'basic'
'standard'
'standard2'
'standard2'
'storage_optimized_l1'
'storage_optimized_l2'
])
param searchSkuName string = 'standard'
@allowed([
'default'
'highDensity'
])
param searchHostingMode string = 'default'
@allowed([
1
2
3
4
6
12
])
param searchPartitionCount int = 1
@minValue(1)
@maxValue(12)
param searchReplicaCount int = 1
param privateDnsZoneIdSearch string
// Variables
var searchPrivateEndpointName = '${search.name}-private-endpoint'
// Resources
resource search 'Microsoft.Search/searchServices@2020-08-01' = {
name: searchName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: searchSkuName
}
properties: {
hostingMode: searchHostingMode
networkRuleSet: {
ipRules: []
}
partitionCount: searchPartitionCount
publicNetworkAccess: 'disabled'
replicaCount: searchReplicaCount
}
}
resource searchPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: searchPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: searchPrivateEndpointName
properties: {
groupIds: [
'searchService'
]
privateLinkServiceId: search.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource searchPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: searchPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${searchPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSearch
}
}
]
}
}
// Outputs

278
infra/modules/services/storage.bicep Normal file
Просмотреть файл

@ -0,0 +1,278 @@
// This template is used to create a KeyVault.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param storageName string
@allowed([
'Standard_LRS'
'Standard_ZRS'
'Standard_GRS'
'Standard_GZRS'
'Standard_RAGRS'
'Standard_RAGZRS'
'Premium_LRS'
'Premium_ZRS'
])
param storageSkuName string = 'Standard_LRS'
param storageContainerNames array
param privateDnsZoneIdBlob string
param privateDnsZoneIdFile string
// Variables
var storageNameCleaned = replace(storageName, '-', '')
var storagePrivateEndpointNameBlob = '${storage.name}-blob-private-endpoint'
var storagePrivateEndpointNameFile = '${storage.name}-file-private-endpoint'
// Resources
resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageNameCleaned
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: storageSkuName
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
allowCrossTenantReplication: false
allowSharedKeyAccess: true
encryption: {
keySource: 'Microsoft.Storage'
requireInfrastructureEncryption: false
services: {
blob: {
enabled: true
keyType: 'Account'
}
file: {
enabled: true
keyType: 'Account'
}
queue: {
enabled: true
keyType: 'Service'
}
table: {
enabled: true
keyType: 'Service'
}
}
}
isHnsEnabled: false
isNfsV3Enabled: false
keyPolicy: {
keyExpirationPeriodInDays: 7
}
largeFileSharesState: 'Disabled'
minimumTlsVersion: 'TLS1_2'
networkAcls: {
bypass: 'Metrics'
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
routingPreference: {
routingChoice: 'MicrosoftRouting'
publishInternetEndpoints: false
publishMicrosoftEndpoints: false
}
supportsHttpsTrafficOnly: true
}
}
resource storageManagementPolicies 'Microsoft.Storage/storageAccounts/managementPolicies@2021-02-01' = {
parent: storage
name: 'default'
properties: {
policy: {
rules: [
{
enabled: true
name: 'default'
type: 'Lifecycle'
definition: {
actions: {
baseBlob: {
// enableAutoTierToHotFromCool: true // Not available for this configuration
tierToCool: {
// daysAfterLastAccessTimeGreaterThan: 90 // Not available for HNS storage yet
daysAfterModificationGreaterThan: 90
}
// tierToArchive: { // Uncomment, if you want to move data to the archive tier
// // daysAfterLastAccessTimeGreaterThan: 365
// daysAfterModificationGreaterThan: 365
// }
// delete: { // Uncomment, if you also want to delete assets after a certain timeframe
// // daysAfterLastAccessTimeGreaterThan: 730
// daysAfterModificationGreaterThan: 730
// }
}
snapshot: {
tierToCool: {
daysAfterCreationGreaterThan: 90
}
// tierToArchive: { // Not available for HNS storage yet
// daysAfterCreationGreaterThan: 365
// }
// delete: { // Uncomment, if you also want to delete assets after a certain timeframe
// daysAfterCreationGreaterThan: 730
// }
}
version: {
tierToCool: {
daysAfterCreationGreaterThan: 90
}
// tierToArchive: { // Uncomment, if you want to move data to the archive tier
// daysAfterCreationGreaterThan: 365
// }
// delete: { // Uncomment, if you also want to delete assets after a certain timeframe
// daysAfterCreationGreaterThan: 730
// }
}
}
filters: {
blobTypes: [
'blockBlob'
]
prefixMatch: []
}
}
}
]
}
}
}
resource storageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-02-01' = {
parent: storage
name: 'default'
properties: {
containerDeleteRetentionPolicy: {
enabled: true
days: 7
}
cors: {
corsRules: []
}
// automaticSnapshotPolicyEnabled: true // Uncomment, if you want to enable addition features on the storage account
// changeFeed: {
// enabled: true
// retentionInDays: 7
// }
// defaultServiceVersion: ''
// deleteRetentionPolicy: {
// enabled: true
// days: 7
// }
// isVersioningEnabled: true
// lastAccessTimeTrackingPolicy: {
// name: 'AccessTimeTracking'
// enable: true
// blobType: [
// 'blockBlob'
// ]
// trackingGranularityInDays: 1
// }
// restorePolicy: {
// enabled: true
// days: 7
// }
}
}
resource storageContainers 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' = [for storageContainerName in storageContainerNames: {
parent: storageBlobServices
name: storageContainerName
properties: {
publicAccess: 'None'
metadata: {}
}
}]
resource storagePrivateEndpointBlob 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: storagePrivateEndpointNameBlob
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: storagePrivateEndpointNameBlob
properties: {
groupIds: [
'blob'
]
privateLinkServiceId: storage.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource storagePrivateEndpointBlobARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: storagePrivateEndpointBlob
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${storagePrivateEndpointBlob.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdBlob
}
}
]
}
}
resource storagePrivateEndpointFile 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: storagePrivateEndpointNameFile
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: storagePrivateEndpointNameFile
properties: {
groupIds: [
'file'
]
privateLinkServiceId: storage.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource storagePrivateEndpointFileARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: storagePrivateEndpointFile
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${storagePrivateEndpointFile.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdFile
}
}
]
}
}
// Outputs
output storageId string = storage.id

251
infra/modules/services/synapse.bicep Normal file
Просмотреть файл

@ -0,0 +1,251 @@
// This template is used to create a Synapse workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param synapseName string
@secure()
param administratorPassword string
param synapseSqlAdminGroupName string
param synapseSqlAdminGroupObjectID string
param synapseDefaultStorageAccountFileSystemId string
param synapseComputeSubnetId string
param privateDnsZoneIdSynapseSql string
param privateDnsZoneIdSynapseDev string
param purviewId string
// Variables
var synapseDefaultStorageAccountFileSystemName = last(split(synapseDefaultStorageAccountFileSystemId, '/'))
var synapseDefaultStorageAccountName = split(synapseDefaultStorageAccountFileSystemId, '/')[7]
var synapsePrivateEndpointNameSql = '${synapse.name}-sql-private-endpoint'
var synapsePrivateEndpointNameSqlOnDemand = '${synapse.name}-sqlondemand-private-endpoint'
var synapsePrivateEndpointNameDev = '${synapse.name}-dev-private-endpoint'
// Resources
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' = {
name: synapseName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
defaultDataLakeStorage: {
accountUrl: 'https://${synapseDefaultStorageAccountName}.dfs.${environment().suffixes.storage}'
filesystem: synapseDefaultStorageAccountFileSystemName
}
managedResourceGroupName: synapseName
managedVirtualNetwork: 'default'
managedVirtualNetworkSettings: {
allowedAadTenantIdsForLinking: []
linkedAccessCheckOnTargetResource: true
preventDataExfiltration: true
}
publicNetworkAccess: 'Disabled'
purviewConfiguration: {
purviewResourceId: purviewId
}
sqlAdministratorLogin: 'SqlServerMainUser'
sqlAdministratorLoginPassword: administratorPassword
virtualNetworkProfile: {
computeSubnetId: synapseComputeSubnetId
}
}
}
resource synapseSqlPool001 'Microsoft.Synapse/workspaces/sqlPools@2021-03-01' = {
parent: synapse
name: 'sqlPool001'
location: location
tags: tags
sku: {
name: 'DW100c'
}
properties: {
collation: 'SQL_Latin1_General_CP1_CI_AS'
createMode: 'Default'
storageAccountType: 'GRS'
}
}
resource synapseBigDataPool001 'Microsoft.Synapse/workspaces/bigDataPools@2021-03-01' = {
parent: synapse
name: 'bigDataPool001'
location: location
tags: tags
properties: {
autoPause: {
enabled: true
delayInMinutes: 15
}
autoScale: {
enabled: true
maxNodeCount: 10
minNodeCount: 3
}
// cacheSize: 100 // Uncomment to set a specific cache size
customLibraries: []
defaultSparkLogFolder: 'logs/'
dynamicExecutorAllocation: {
enabled: true
}
// isComputeIsolationEnabled: true // Uncomment to enable compute isolation (only available in selective regions)
// libraryRequirements: { // Uncomment to install pip dependencies on the Spark cluster
// content: ''
// filename: 'requirements.txt'
// }
nodeSize: 'Small'
nodeSizeFamily: 'MemoryOptimized'
sessionLevelPackagesEnabled: true
// sparkConfigProperties: { // Uncomment to set spark conf on the Spark cluster
// content: ''
// filename: 'spark.conf'
// }
sparkEventsFolder: 'events/'
sparkVersion: '3.0'
}
}
resource synapseManagedIdentitySqlControlSettings 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings@2021-03-01' = {
parent: synapse
name: 'default'
properties: {
grantSqlControlToManagedIdentity: {
desiredState: 'Enabled'
}
}
}
resource synapseAadAdministrators 'Microsoft.Synapse/workspaces/administrators@2021-03-01' = if (synapseSqlAdminGroupName != '' && synapseSqlAdminGroupObjectID != '') {
parent: synapse
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: synapseSqlAdminGroupName
sid: synapseSqlAdminGroupObjectID
tenantId: subscription().tenantId
}
}
resource synapsePrivateEndpointSql 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSql
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSql
properties: {
groupIds: [
'Sql'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSql
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSql.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointSqlOnDemand 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSqlOnDemand
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSqlOnDemand
properties: {
groupIds: [
'SqlOnDemand'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlOnDemandARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSqlOnDemand
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSqlOnDemand.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointDev 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameDev
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameDev
properties: {
groupIds: [
'Dev'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointDevARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointDev
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointDev.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseDev
}
}
]
}
}
// Outputs
output synapseId string = synapse.id
output synapseBigDataPool001Id string = synapseBigDataPool001.id

84
infra/params.dev.json Normal file
Просмотреть файл

@ -0,0 +1,84 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "dev"
},
"prefix": {
"value": "pro01"
},
"aksId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorObjectId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorPublicSshKey": {
"value": ""
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-storage/providers/Microsoft.Storage/storageAccounts/dlz01devwork/blobServices/default/containers/dp001"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-governance/providers/Microsoft.Purview/accounts/dmz-dev-purview001"
},
"databricksWorkspaceId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-shared-product/providers/Microsoft.Databricks/workspaces/dlz01-dev-product-databricks001"
},
"databricksWorkspaceUrl": {
"value": "adb-7034657454293931.11.azuredatabricks.net"
},
"databricksAccessToken": {
"value": ""
},
"enableRoleAssignments": {
"value": false
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-network/providers/Microsoft.Network/virtualNetworks/dlz01-dev-vnet/subnets/DataProduct001Subnet"
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdDataFactoryPortal": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
},
"privateDnsZoneIdCognitiveService": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com"
},
"privateDnsZoneIdContainerRegistry": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
},
"privateDnsZoneIdSearch": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net"
},
"privateDnsZoneIdBlob": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
},
"privateDnsZoneIdFile": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"
},
"privateDnsZoneIdMachineLearningApi": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
},
"privateDnsZoneIdMachineLearningNotebooks": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
}
}
}

84
infra/params.prod.json Normal file
Просмотреть файл

@ -0,0 +1,84 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "prod"
},
"prefix": {
"value": "pro01"
},
"aksId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorObjectId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorPublicSshKey": {
"value": ""
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-storage/providers/Microsoft.Storage/storageAccounts/dlz01prodwork/blobServices/default/containers/dp001"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-governance/providers/Microsoft.Purview/accounts/dmz-prod-purview001"
},
"databricksWorkspaceId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-shared-product/providers/Microsoft.Databricks/workspaces/dlz01-prod-product-databricks001"
},
"databricksWorkspaceUrl": {
"value": "adb-7034657454293931.11.azuredatabricks.net"
},
"databricksAccessToken": {
"value": ""
},
"enableRoleAssignments": {
"value": false
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-network/providers/Microsoft.Network/virtualNetworks/dlz01-prod-vnet/subnets/DataProduct001Subnet"
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdDataFactoryPortal": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
},
"privateDnsZoneIdCognitiveService": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com"
},
"privateDnsZoneIdContainerRegistry": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
},
"privateDnsZoneIdSearch": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net"
},
"privateDnsZoneIdBlob": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
},
"privateDnsZoneIdFile": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"
},
"privateDnsZoneIdMachineLearningApi": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
},
"privateDnsZoneIdMachineLearningNotebooks": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
}
}
}

84
infra/params.test.json Normal file
Просмотреть файл

@ -0,0 +1,84 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "test"
},
"prefix": {
"value": "pro01"
},
"aksId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorObjectId": {
"value": ""
},
"machineLearningComputeInstance001AdministratorPublicSshKey": {
"value": ""
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-storage/providers/Microsoft.Storage/storageAccounts/dlz01testwork/blobServices/default/containers/dp001"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-governance/providers/Microsoft.Purview/accounts/dmz-test-purview001"
},
"databricksWorkspaceId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-shared-product/providers/Microsoft.Databricks/workspaces/dlz01-test-product-databricks001"
},
"databricksWorkspaceUrl": {
"value": "adb-7034657454293931.11.azuredatabricks.net"
},
"databricksAccessToken": {
"value": ""
},
"enableRoleAssignments": {
"value": false
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-network/providers/Microsoft.Network/virtualNetworks/dlz01-test-vnet/subnets/DataProduct001Subnet"
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdDataFactoryPortal": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
},
"privateDnsZoneIdCognitiveService": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com"
},
"privateDnsZoneIdContainerRegistry": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io"
},
"privateDnsZoneIdSearch": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net"
},
"privateDnsZoneIdBlob": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net"
},
"privateDnsZoneIdFile": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"
},
"privateDnsZoneIdMachineLearningApi": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
},
"privateDnsZoneIdMachineLearningNotebooks": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
}
}
}