Azure
/
data-product-batch
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bicep (#60) 

* * removed arm
* added new devcontainer

* updated workflows

* added bicep templates

* updated bicep template and removed role assignment

* added new parameter for role assignment

* updated readme

* * updated readme
* updated workflow
* fixed typo in template

* updated readme
This commit is contained in:
Marvin Buss 2021-06-04 12:57:12 +02:00 коммит произвёл GitHub
Родитель 69c6c73968
Коммит a0f4460029
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
46 изменённых файлов: 3733 добавлений и 4612 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

712
.ado/workflows/dataDomainDeployment.yml
Просмотреть файл

@ -7,17 +7,7 @@ trigger:
paths:
include:
- code/*
- infra/BigDataPool/*
- infra/CosmosDb/*
- infra/DataFactory/*
- infra/KeyVault/*
- infra/MariaDb/*
- infra/MySql/*
- infra/PostgreSql/*
- infra/SqlDatabase/*
- infra/SqlPool/*
- infra/SqlServer/*
- infra/Synapse/*
- infra/*
- .ado/workflows/dataDomainDeployment.yml
pr:
branches:
@ -26,624 +16,122 @@ pr:
paths:
include:
- code/*
- infra/BigDataPool/*
- infra/CosmosDb/*
- infra/DataFactory/*
- infra/KeyVault/*
- infra/MariaDb/*
- infra/MySql/*
- infra/PostgreSql/*
- infra/SqlDatabase/*
- infra/SqlPool/*
- infra/SqlServer/*
- infra/Synapse/*
- infra/*
- .ado/workflows/dataDomainDeployment.yml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'data-dp-service-connection' # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dd001' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'North Europe' # Update to '{regionName}'
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
stages:
- stage: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of ARM templates"
jobs:
- job: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of ARM templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout code
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_validation
displayName: Deploy Key Vault 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Validation'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy SQL Server 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_server_001_validation
displayName: Deploy SQL Server 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/deploy.sqlServer.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/params.sqlServer001.json'
deploymentMode: 'Validation'
overrideParameters: >
-administratorLoginPassword "$(password)"
# Deploy SQL Database 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_database_001_validation
displayName: Deploy SQL Database 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/deploy.sqlDatabase.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/params.sqlDatabase001.json'
deploymentMode: 'Validation'
overrideParameters: >
-sqlServerAdministratorLoginPassword "$(password)"
# Generate Password 002
- task: PowerShell@2
name: generate_password_002
displayName: Generate Password 002
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Maria DB 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: maria_db_001_validation
displayName: Deploy Maria DB 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MariaDb/deploy.mariaDb.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MariaDb/params.mariaDb001.json'
deploymentMode: 'Validation'
overrideParameters: >
-mariaDbServerAdministratorLoginPassword "$(password)"
# Generate Password 003
- task: PowerShell@2
name: generate_password_003
displayName: Generate Password 003
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy MySQL DB 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: mysql_db_001_validation
displayName: Deploy MySQL DB 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/MySql/deploy.mySql.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MySql/params.mySql001.json'
deploymentMode: 'Validation'
overrideParameters: >
-mySqlServerAdministratorLoginPassword "$(password)"
# Generate Password 004
- task: PowerShell@2
name: generate_password_004
displayName: Generate Password 004
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy PostgreSQL DB 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: postgresql_db_001_validation
displayName: Deploy PostgreSQL DB 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/PostgreSql/deploy.postgreSql.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PostgreSql/params.postgreSql001.json'
deploymentMode: 'Validation'
overrideParameters: >
-postgreSqlServerAdministratorLoginPassword "$(password)"
# Deploy Cosmos DB 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: cosmos_db_001_validation
displayName: Deploy Cosmos DB 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/deploy.cosmosDb.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/params.cosmosDb001.json'
deploymentMode: 'Validation'
# Deploy Data Factory 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_factory_001_validation
displayName: Deploy Data Factory 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
deploymentMode: 'Validation'
# Generate Password 005
- task: PowerShell@2
name: generate_password_005
displayName: Generate Password 005
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_validation
displayName: Deploy Synapse 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Validation'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# Deploy SQL Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_pool_001_validation
displayName: Deploy SQL Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
deploymentMode: 'Validation'
# Deploy Big Data Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_validation
displayName: Deploy Big Data Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Validation'
# Checkout code
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Domain - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_domain_validation
displayName: Deploy Data Domain - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Validation"
overrideParameters: >
-administratorPassword "$(password)"
- stage: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of ARM templates"
dependsOn: Validation
# condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of ARM templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout repository
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_deployment
displayName: Deploy Key Vault 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Incremental'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy SQL Server 001
- task: AzureResourceManagerTemplateDeployment@3
name: sql_server_001_deployment
displayName: Deploy SQL Server 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/deploy.sqlServer.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/params.sqlServer001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-administratorLoginPassword "$(password)"
# # Deploy SQL Database 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: sql_database_001_deployment
# displayName: Deploy SQL Database 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/deploy.sqlDatabase.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/params.sqlDatabase001.json'
# deploymentMode: 'Incremental'
# overrideParameters: >
# -sqlServerAdministratorLoginPassword "$(password)"
# # Generate Password 002
# - task: PowerShell@2
# name: generate_password_002
# displayName: Generate Password 002
# enabled: true
# continueOnError: false
# inputs:
# targetType: 'filePath'
# filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
# errorActionPreference: 'stop'
# failOnStderr: false
# ignoreLASTEXITCODE: false
# pwsh: true
# # Deploy Maria DB 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: maria_db_001_deployment
# displayName: Deploy Maria DB 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MariaDb/deploy.mariaDb.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MariaDb/params.mariaDb001.json'
# deploymentMode: 'Incremental'
# overrideParameters: >
# -mariaDbServerAdministratorLoginPassword "$(password)"
# # Generate Password 003
# - task: PowerShell@2
# name: generate_password_003
# displayName: Generate Password 003
# enabled: true
# continueOnError: false
# inputs:
# targetType: 'filePath'
# filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
# errorActionPreference: 'stop'
# failOnStderr: false
# ignoreLASTEXITCODE: false
# pwsh: true
# # Deploy MySQL DB 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: mysql_db_001_deployment
# displayName: Deploy MySQL DB 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/MySql/deploy.mySql.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/MySql/params.mySql001.json'
# deploymentMode: 'Incremental'
# overrideParameters: >
# -mySqlServerAdministratorLoginPassword "$(password)"
# # Generate Password 004
# - task: PowerShell@2
# name: generate_password_004
# displayName: Generate Password 004
# enabled: true
# continueOnError: false
# inputs:
# targetType: 'filePath'
# filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
# errorActionPreference: 'stop'
# failOnStderr: false
# ignoreLASTEXITCODE: false
# pwsh: true
# # Deploy PostgreSQL DB 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: postgresql_db_001_deployment
# displayName: Deploy PostgreSQL DB 001
# enabled: true
# continueOnError: false
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/PostgreSql/deploy.postgreSql.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/PostgreSql/params.postgreSql001.json'
# deploymentMode: 'Incremental'
# overrideParameters: >
# -postgreSqlServerAdministratorLoginPassword "$(password)"
# Deploy Cosmos DB 001
- task: AzureResourceManagerTemplateDeployment@3
name: cosmos_db_001_deployment
displayName: Deploy Cosmos DB 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/deploy.cosmosDb.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/params.cosmosDb001.json'
deploymentMode: 'Incremental'
# Deploy Data Factory 001
- task: AzureResourceManagerTemplateDeployment@3
name: data_factory_001_deployment
displayName: Deploy Data Factory 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/deploy.dataFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/DataFactory/params.dataFactory001.json'
deploymentMode: 'Incremental'
# Generate Password 005
- task: PowerShell@2
name: generate_password_005
displayName: Generate Password 005
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_deployment
displayName: Deploy Synapse 001
enabled: true
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# # Deploy SQL Pool 001
# - task: AzureResourceManagerTemplateDeployment@3
# name: sql_pool_001_deployment
# displayName: Deploy SQL Pool 001
# enabled: false
# continueOnError: true
# inputs:
# deploymentScope: 'Resource Group'
# azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
# subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
# action: 'Create Or Update Resource Group'
# resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
# location: ${{ variables.AZURE_LOCATION }}
# templateLocation: 'Linked artifact'
# csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
# csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
# deploymentMode: 'Incremental'
# Deploy Big Data Pool 001
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_deployment
displayName: Deploy Big Data Pool 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Incremental'
# Checkout repository
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Domain
- task: AzureResourceManagerTemplateDeployment@3
name: data_domain_deployment
displayName: Deploy Data Domain
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Incremental"
overrideParameters: >
-administratorPassword "$(password)"

24
.devcontainer/Dockerfile
Просмотреть файл

@ -1,19 +1,13 @@
FROM mcr.microsoft.com/powershell:lts-debian-11
# [Choice] .NET Core version: 3.1, 2.1
ARG VARIANT=3.1
FROM mcr.microsoft.com/vscode/devcontainers/dotnet:0-${VARIANT}
# [Option] Install zsh
ARG INSTALL_ZSH="true"
# [Option] Upgrade OS packages to their latest versions
ARG UPGRADE_PACKAGES="true"
COPY library-scripts/azcli-debian.sh /tmp/library-scripts/
RUN bash /tmp/library-scripts/azcli-debian.sh \
&& curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
&& chmod +x /usr/local/bin/bicep \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
COPY library-scripts/*.sh /tmp/library-scripts/
RUN apt-get update \
&& /bin/bash /tmp/library-scripts/common-debian.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" "true" "false" \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# [Optional] Uncomment this section to install additional packages.
# [Optional] Uncomment this section to install additional OS packages.
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
# && apt-get -y install --no-install-recommends <your-package-list-here>

21
.devcontainer/devcontainer.json
Просмотреть файл

@ -1,28 +1,27 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
// https://github.com/microsoft/vscode-dev-containers/tree/v0.169.0/containers/powershell
// https://github.com/microsoft/vscode-dev-containers/tree/v0.181.0/containers/azure-bicep
{
"name": "PowerShell",
"name": "Azure Bicep (Community)",
"dockerFile": "Dockerfile",
// Set *default* container specific settings.json values on container create.
"settings": {
"settings": {
"terminal.integrated.shell.linux": "/bin/bash"
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-vscode.azure-account",
"ms-vscode.powershell",
"ms-vscode.azurecli",
"ms-vscode.powershell",
"ms-dotnettools.vscode-dotnet-runtime",
"ms-azuretools.vscode-bicep",
"msazurermtools.azurerm-vscode-tools"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Uncomment the next line to run commands after the container is created. This gets run in bash which is why we call `pwsh`.
// "postCreateCommand": "pwsh -c '$PSVersionTable'",
// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

34
.devcontainer/library-scripts/azcli-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,34 @@
#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/azcli.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./azcli-debian.sh
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, lsb-release, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates lsb-release > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates lsb-release gnupg2
fi
# Install the Azure CLI
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list
curl -sL https://packages.microsoft.com/keys/microsoft.asc | (OUT=$(apt-key add - 2>&1) || echo $OUT)
apt-get update
apt-get install -y azure-cli
echo "Done!"

76
.devcontainer/library-scripts/common-debian.sh
Просмотреть файл

@ -4,7 +4,7 @@
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/common.md
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./common-debian.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] [Add non-free packages]
@ -110,15 +110,16 @@ if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then
man-db \
strace \
manpages \
manpages-dev "
manpages-dev \
init-system-helpers"
# Needed for adding manpages-posix and manpages-posix-dev which are non-free packages in Debian
if [ "${ADD_NON_FREE_PACKAGES}" = "true" ]; then
CODENAME="$(cat /etc/os-release | grep -oE '^VERSION_CODENAME=.+$' | cut -d'=' -f2)"
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main contrib non-free/" /etc/apt/sources.list
@ -213,7 +214,7 @@ if [ -z "${USER}" ]; then export USER=$(whoami); fi
if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi
# Display optional first run image specific notice if configured and terminal is interactive
if [ -t 1 ] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then
cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt"
elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then
@ -248,6 +249,18 @@ fi
EOF
chmod +x /usr/local/bin/code
# systemctl shim - tells people to use 'service' if systemd is not running
cat << 'EOF' > /usr/local/bin/systemctl
#!/bin/sh
set -e
if [ -d "/run/systemd/system" ]; then
exec /bin/systemctl/systemctl "$@"
else
echo '\n"systemd" is not running in this container due to its overhead.\nUse the "service" command to start services intead. e.g.: \n\nservice --status-all'
fi
EOF
chmod +x /usr/local/bin/systemctl
# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme
CODESPACES_BASH="$(cat \
<<'EOF'
@ -287,8 +300,9 @@ __zsh_prompt() {
else
prompt_username="%n"
fi
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )"
PROMPT+='%{$fg_bold[blue]%}%~%{$reset_color%} $(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}'
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow
PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd
PROMPT+='$(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}' # Git status
unset -f __zsh_prompt
}
ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}"
@ -321,8 +335,10 @@ EOF
if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then
echo "${RC_SNIPPET}" >> /etc/bash.bashrc
echo "${CODESPACES_BASH}" >> "${USER_RC_PATH}/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "${USER_RC_PATH}/.bashrc"
if [ "${USERNAME}" != "root" ]; then
echo "${CODESPACES_BASH}" >> "/root/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "/root/.bashrc"
fi
chown ${USERNAME}:${USERNAME} "${USER_RC_PATH}/.bashrc"
RC_SNIPPET_ALREADY_ADDED="true"
@ -354,7 +370,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
# Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for offical script.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script.
OH_MY_INSTALL_DIR="${USER_RC_PATH}/.oh-my-zsh"
if [ ! -d "${OH_MY_INSTALL_DIR}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then
TEMPLATE_PATH="${OH_MY_INSTALL_DIR}/templates/zshrc.zsh-template"
@ -370,6 +386,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
"https://github.com/ohmyzsh/ohmyzsh" "${OH_MY_INSTALL_DIR}" 2>&1
echo -e "$(cat "${TEMPLATE_PATH}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${USER_RC_FILE}
sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${USER_RC_FILE}
mkdir -p ${OH_MY_INSTALL_DIR}/custom/themes
echo "${CODESPACES_ZSH}" > "${OH_MY_INSTALL_DIR}/custom/themes/codespaces.zsh-theme"
# Shrink git while still enabling updates
@ -383,6 +400,45 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
fi
# Persist image metadata info, script if meta.env found in same directory
META_INFO_SCRIPT="$(cat << 'EOF'
#!/bin/sh
. /usr/local/etc/vscode-dev-containers/meta.env
# Minimal output
if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then
echo "${VERSION}"
exit 0
elif [ "$1" = "release" ]; then
echo "${GIT_REPOSITORY_RELEASE}"
exit 0
elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then
echo "${CONTENTS_URL}"
exit 0
fi
#Full output
echo
echo "Development container image information"
echo
if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi
if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi
if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi
if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi
if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi
if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi
if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi
echo
EOF
)"
SCRIPT_DIR="$(cd $(dirname $0) && pwd)"
if [ -f "${SCRIPT_DIR}/meta.env" ]; then
mkdir -p /usr/local/etc/vscode-dev-containers/
cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env
echo "${META_INFO_SCRIPT}" > /usr/local/bin/devcontainer-info
chmod +x /usr/local/bin/devcontainer-info
fi
# Write marker file
mkdir -p "$(dirname "${MARKER_FILE}")"
echo -e "\

122
.devcontainer/library-scripts/node-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,122 @@
#!/bin/bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/node.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./node-debian.sh [directory to install nvm] [node version to install (use "none" to skip)] [non-root user] [Update rc files flag]
export NVM_DIR=${1:-"/usr/local/share/nvm"}
export NODE_VERSION=${2:-"lts/*"}
USERNAME=${3:-"automatic"}
UPDATE_RC=${4:-"true"}
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
# Ensure that login shells get the correct path if the user updated the PATH using ENV.
rm -f /etc/profile.d/00-restore-env.sh
echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
chmod +x /etc/profile.d/00-restore-env.sh
# Determine the appropriate non-root user
if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
USERNAME=""
POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
for CURRENT_USER in ${POSSIBLE_USERS[@]}; do
if id -u ${CURRENT_USER} > /dev/null 2>&1; then
USERNAME=${CURRENT_USER}
break
fi
done
if [ "${USERNAME}" = "" ]; then
USERNAME=root
fi
elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then
USERNAME=root
fi
if [ "${NODE_VERSION}" = "none" ]; then
export NODE_VERSION=
fi
function updaterc() {
if [ "${UPDATE_RC}" = "true" ]; then
echo "Updating /etc/bash.bashrc and /etc/zsh/zshrc..."
echo -e "$1" >> /etc/bash.bashrc
if [ -f "/etc/zsh/zshrc" ]; then
echo -e "$1" >> /etc/zsh/zshrc
fi
fi
}
# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, tar, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates tar > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates tar gnupg2
fi
# Install yarn
if type yarn > /dev/null 2>&1; then
echo "Yarn already installed."
else
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | (OUT=$(apt-key add - 2>&1) || echo $OUT)
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update
apt-get -y install --no-install-recommends yarn
fi
# Install the specified node version if NVM directory already exists, then exit
if [ -d "${NVM_DIR}" ]; then
echo "NVM already installed."
if [ "${NODE_VERSION}" != "" ]; then
su ${USERNAME} -c ". $NVM_DIR/nvm.sh && nvm install ${NODE_VERSION} && nvm clear-cache"
fi
exit 0
fi
# Create nvm group, nvm dir, and set sticky bit
if ! cat /etc/group | grep -e "^nvm:" > /dev/null 2>&1; then
groupadd -r nvm
fi
umask 0002
usermod -a -G nvm ${USERNAME}
mkdir -p ${NVM_DIR}
chown :nvm ${NVM_DIR}
chmod g+s ${NVM_DIR}
su ${USERNAME} -c "$(cat << EOF
set -e
umask 0002
# Do not update profile - we'll do this manually
export PROFILE=/dev/null
curl -so- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
source ${NVM_DIR}/nvm.sh
if [ "${NODE_VERSION}" != "" ]; then
nvm alias default ${NODE_VERSION}
fi
nvm clear-cache
EOF
)" 2>&1
# Update rc files
if [ "${UPDATE_RC}" = "true" ]; then
updaterc "$(cat <<EOF
export NVM_DIR="${NVM_DIR}"
[ -s "\$NVM_DIR/nvm.sh" ] && . "\$NVM_DIR/nvm.sh"
[ -s "\$NVM_DIR/bash_completion" ] && . "\$NVM_DIR/bash_completion"
EOF
)"
fi
echo "Done!"

563
.github/workflows/dataDomainDeployment.yml поставляемый
Просмотреть файл

@ -2,479 +2,118 @@ name: Data Domain Deployment
on:
push:
branches: [ main ]
branches: [main]
paths:
- 'code/**'
- 'infra/BigDataPool/**'
- 'infra/CosmosDb/**'
- 'infra/DataFactory/**'
- 'infra/KeyVault/**'
- 'infra/MariaDb/**'
- 'infra/MySql/**'
- 'infra/PostgreSql/**'
- 'infra/SqlDatabase/**'
- 'infra/SqlPool/**'
- 'infra/SqlServer/**'
- 'infra/Synapse/**'
- '.github/workflows/dataDomainDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataDomainDeployment.yml"
pull_request:
branches: [ main ]
branches: [main]
paths:
- 'code/**'
- 'infra/BigDataPool/**'
- 'infra/CosmosDb/**'
- 'infra/DataFactory/**'
- 'infra/KeyVault/**'
- 'infra/MariaDb/**'
- 'infra/MySql/**'
- 'infra/PostgreSql/**'
- 'infra/SqlDatabase/**'
- 'infra/SqlPool/**'
- 'infra/SqlServer/**'
- 'infra/Synapse/**'
- '.github/workflows/dataDomainDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataDomainDeployment.yml"
env:
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dd001' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'northeurope' # Update to '{regionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
jobs:
prerequisite:
runs-on: ubuntu-latest
steps:
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Validate existence of resource group
- name: Validating existence of resource group
id: resource_group_storage
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Validating existence of resource group ${{ env.AZURE_RESOURCE_GROUP_NAME }}"
az group exists --name ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
validation:
needs: [ prerequisite ]
name: "Validation of IaC templates"
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001 - validation
- name: Deploy Key Vault 001 - validation
id: key_vault_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Validate
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SQL Server 001 - validation
- name: Deploy SQL Server 001 - validation
id: sql_server_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlServer/deploy.sqlServer.json
parameters: ${{ github.workspace }}/infra/SqlServer/params.sqlServer001.json administratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# Deploy SQL Database 001 - validation
- name: Deploy SQL Database 001 - validation
id: sql_database_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlDatabase/deploy.sqlDatabase.json
parameters: ${{ github.workspace }}/infra/SqlDatabase/params.sqlDatabase001.json sqlServerAdministratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# Generate Password 002
- name: Generate Password 002
id: generate_password_002
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Maria DB 001 - validation
- name: Deploy Maria DB 001 - validation
id: maria_db_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MariaDb/deploy.mariaDb.json
parameters: ${{ github.workspace }}/infra/MariaDb/params.mariaDb001.json mariaDbServerAdministratorLoginPassword="${{ steps.generate_password_002.outputs.password }}"
deploymentMode: Validate
# Generate Password 003
- name: Generate Password 003
id: generate_password_003
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy MySQL DB 001 - validation
- name: Deploy MySQL DB 001 - validation
id: mysql_db_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/MySql/deploy.mySql.json
parameters: ${{ github.workspace }}/infra/MySql/params.mySql001.json mySqlServerAdministratorLoginPassword="${{ steps.generate_password_003.outputs.password }}"
deploymentMode: Validate
# Generate Password 004
- name: Generate Password 004
id: generate_password_004
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy PostgreSQL DB 001 - validation
- name: Deploy PostgreSQL DB 001 - validation
id: postgresql_db_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/PostgreSql/deploy.postgreSql.json
parameters: ${{ github.workspace }}/infra/PostgreSql/params.postgreSql001.json postgreSqlServerAdministratorLoginPassword="${{ steps.generate_password_004.outputs.password }}"
deploymentMode: Validate
# Deploy Cosmos DB 001 - validation
- name: Deploy Cosmos DB 001 - validation
id: cosmos_db_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CosmosDb/deploy.cosmosDb.json
parameters: ${{ github.workspace }}/infra/CosmosDb/params.cosmosDb001.json
deploymentMode: Validate
# Deploy Data Factory 001 - validation
- name: Deploy Data Factory 001 - validation
id: data_factory_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
deploymentMode: Validate
# Generate Password 005
- name: Generate Password 005
id: generate_password_005
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001 - validation
- name: Deploy Synapse 001 - validation
id: synapse_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_005.outputs.password }}"
deploymentMode: Validate
# Deploy Sql Pool 001 - validation
- name: Deploy Sql Pool 001 - validation
id: sql_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
deploymentMode: Validate
# Deploy Big Data Pool 001 - validation
- name: Deploy Big Data Pool 001 - validation
id: big_data_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Validate
continue-on-error: false
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Domain - validation
- name: Deploy Data Domain - validation
id: data_domain_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
deployment:
needs: [ prerequisite, validation ]
name: "Deployment of IaC templates"
needs: [validation]
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001
- name: Deploy Key Vault 001
id: key_vault_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Incremental
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SQL Server 001
- name: Deploy SQL Server 001
id: sql_server_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlServer/deploy.sqlServer.json
parameters: ${{ github.workspace }}/infra/SqlServer/params.sqlServer001.json administratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
# # Deploy SQL Database 001
# - name: Deploy SQL Database 001
# id: sql_database_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/SqlDatabase/deploy.sqlDatabase.json
# parameters: ${{ github.workspace }}/infra/SqlDatabase/params.sqlDatabase001.json sqlServerAdministratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
# deploymentMode: Incremental
# # Generate Password 002
# - name: Generate Password 002
# id: generate_password_002
# run: |
# echo "Generating Password"
# pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# # Deploy Maria DB 001
# - name: Deploy Maria DB 001
# id: maria_db_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MariaDb/deploy.mariaDb.json
# parameters: ${{ github.workspace }}/infra/MariaDb/params.mariaDb001.json mariaDbServerAdministratorLoginPassword="${{ steps.generate_password_002.outputs.password }}"
# deploymentMode: Incremental
# # Generate Password 003
# - name: Generate Password 003
# id: generate_password_003
# run: |
# echo "Generating Password"
# pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# # Deploy MySQL DB 001
# - name: Deploy MySQL DB 001
# id: mysql_db_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/MySql/deploy.mySql.json
# parameters: ${{ github.workspace }}/infra/MySql/params.mySql001.json mySqlServerAdministratorLoginPassword="${{ steps.generate_password_003.outputs.password }}"
# deploymentMode: Incremental
# # Generate Password 004
# - name: Generate Password 004
# id: generate_password_004
# run: |
# echo "Generating Password"
# pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# # Deploy PostgreSQL DB 001
# - name: Deploy PostgreSQL DB 001
# id: postgresql_db_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/PostgreSql/deploy.postgreSql.json
# parameters: ${{ github.workspace }}/infra/PostgreSql/params.postgreSql001.json postgreSqlServerAdministratorLoginPassword="${{ steps.generate_password_004.outputs.password }}"
# deploymentMode: Incremental
# Deploy Cosmos DB 001
- name: Deploy Cosmos DB 001
id: cosmos_db_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CosmosDb/deploy.cosmosDb.json
parameters: ${{ github.workspace }}/infra/CosmosDb/params.cosmosDb001.json
deploymentMode: Incremental
# Deploy Data Factory 001
- name: Deploy Data Factory 001
id: data_factory_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/DataFactory/deploy.dataFactory.json
parameters: ${{ github.workspace }}/infra/DataFactory/params.dataFactory001.json
deploymentMode: Incremental
# Generate Password 005
- name: Generate Password 005
id: generate_password_005
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001
- name: Deploy Synapse 001
id: synapse_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_005.outputs.password }}"
deploymentMode: Incremental
# # Deploy Sql Pool 001
# - name: Deploy Sql Pool 001
# id: sql_pool_001_deployment
# uses: azure/arm-deploy@v1
# with:
# scope: resourcegroup
# subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
# resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# region: ${{ env.AZURE_LOCATION }}
# template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
# parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
# deploymentMode: Incremental
# Deploy Big Data Pool 001
- name: Deploy Big Data Pool 001
id: big_data_pool_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Incremental
continue-on-error: false
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Domain
- name: Deploy Data Domain
id: data_domain_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout

131
.github/workflows/updateParameters.yml поставляемый
Просмотреть файл

@ -1,131 +0,0 @@
name: Update Parameter Files
on:
push:
branches: [main]
paths:
- 'configs/**'
- '.github/workflows/updateParameters.yml'
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_DOMAIN_NAME: '{dataDomainName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}'
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}'
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}'
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}'
jobs:
renaming:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Install Required Packages
- name: Install Required Modules
id: install_modules
run: |
echo "Install Modules"
pwsh -Command "Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted"
pwsh -Command "Install-Module -Name powershell-yaml"
# Update Parameters
- name: Update Parameters
id: update_parameters
run: |
echo "Updating Parameters"
pwsh $GITHUB_WORKSPACE/configs/UpdateParameters.ps1 \
-ConfigurationFilePath 'configs/config.json' \
-GlobalDnsResourceGroupId '${{ env.GLOBAL_DNS_RESOURCE_GROUP_ID }}' \
-DataLandingZoneSubscriptionId '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID }}' \
-DataLandingZoneName '${{ env.DATA_DOMAIN_NAME }}' \
-Location '${{ env.LOCATION }}' \
-PurviewId '${{ env.PURVIEW_ID }}' \
-SubnetId '${{ env.SUBNET_ID }}' \
-SynapseStorageAccountName '${{ env.SYNAPSE_STORAGE_ACCOUNT_NAME }}' \
-SynapseStorageAccountFileSystemName '${{ env.SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME }}' \
-AzureResourceManagerConnectionName '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
# Define Pull Request Body
- name: Define Pull Request Body
id: define_pull_request_body
run: |
body="**Great work!** Just two more steps to start the deployment into your environment.
## 1. Create Resource Group and grant access
[Create a resource group](https://ms.portal.azure.com/#create/Microsoft.ResourceGroup) with the name \`${{ steps.update_parameters.outputs.landingZoneName }}-rg\` in the subscription \`${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}\` in the region \`${{ env.LOCATION }}\`.
Now, grant the service principal from earlier access to the resource group with the following commands (either with Azure CLI or with Powershell):
**For Azure CLI**
\`\`\`Shell
# Get Service Principal Object ID
az ad sp list --display-name \"{servicePrincipalName}\" --query \"[].{objectId:objectId}\" --output tsv
# Add role assignment
az role assignment create \\
--assignee \"{servicePrincipalObjectId}\" \\
--role \"Contributor\" \\
--resource-group \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
**For Powershell**
\`\`\`Powershell
# Get Service Principal Object ID
\$spObjectId = (Get-AzADServicePrincipal -DisplayName \"{servicePrincipalName}\").id
# Add role assignment
New-AzRoleAssignment \`
-ObjectId \$spObjectId \`
-RoleDefinitionName \"Contributor\" \`
-ResourceGroupName \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
## 2. Update Parameters in the workflow
**For GitHub Actions**
Go to \`/.github/workflows/dataDomainDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
env:
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
**For Azure DevOps**
Go to \`/.ado/workflows/dataDomainDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
Now, merge the pull request into your \`main\` branch."
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo "::set-output name=body::$body"
# Create Pull Request
- name: Create Pull Request
id: create_pull_request
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'Updated Parameters'
branch: 'parameter_update_${{ github.run_id }}'
title: 'Updated Parameters with GitHub Workflow Run ID ${{ github.run_id }}'
body: ${{ steps.define_pull_request_body.outputs.body }}

121
README.md
Просмотреть файл

@ -95,7 +95,7 @@ If you don't have an Azure subscription, [create your Azure free account today](
A service principal with *Contributor* role needs to be generated for authentication and authorization from GitHub or Azure DevOps to your Azure **Data Landing Zone** subscription, where the data-domain-batch services will be deployed. Just go to the Azure Portal to find the ID of your subscription. Then start the Cloud Shell or Azure CLI, login to Azure, set the Azure context and execute the following commands to generate the required credentials:
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data domain. The **Network Contributor** role assignment is required as well in this repository in order to assign the resources to the dedicated subnet.
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data domain. The **Network Contributor** role assignment is required as well in this repository in order to add the private endpoint of resources to the dedicated subnet.
#### Azure CLI
@ -103,8 +103,9 @@ A service principal with *Contributor* role needs to be generated for authentica
# Replace {service-principal-name} and {subscription-id} with your
# Azure subscription id and any name for your service principal.
az ad sp create-for-rbac \
--name "{service-principal-name}" \
--skip-assignment \
--name {service-principal-name} \
--role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
--sdk-auth
```
@ -126,9 +127,8 @@ Now that the new Service Principal is created, as mentioned, role assignments a
| Role Name | Description | Scope |
|:----------|:------------|:------|
| [Private DNS Zone Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#private-dns-zone-contributor) | We expect you to deploy all Private DNS Zones for all data services into a single subscription and resource group. Therefor, the service principal needs to be Private DNS Zone Contributor on the global dns resource group which was created during the Data Management Zone deployment. This is required to deploy A-records for the respective private endpoints. | (Resource Group Scope) <div style="width: 36ch">`/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) | We expect you to deploy all data-domain-streaming services into a single resource group within the Data Landing Zone subscription. The service principal requires a **Contributor** role-assignment on that resource group. | (Resource Group Scope) <div style="width: 36ch">`/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Network Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#network-contributor) | In order to deploy Private Endpoints to the specified privatelink-subnet which was created during the Data Landing Zone deployment, the service principal requires **Network Contributor** access on that specific subnet. | (Child-Resource Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName} /providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}"` |
| [Private DNS Zone Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#private-dns-zone-contributor) | We expect you to deploy all Private DNS Zones for all data services into a single subscription and resource group. Therefore, the service principal needs to be Private DNS Zone Contributor on the global dns resource group which was created during the Data Management Zone deployment. This is required to deploy A-records for the respective private endpoints. | (Resource Group Scope) <div style="width: 36ch">`/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Network Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#network-contributor) | In order to deploy Private Endpoints to the specified subnet which was created during the Data Landing Zone deployment, the service principal requires **Network Contributor** access on that specific subnet. | (Child-Resource Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName} /providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}"` |
To add these role assignments, you can use the [Azure Portal](https://portal.azure.com/) or run the following commands using Azure CLI/Azure Powershell:
@ -228,63 +228,79 @@ If you want to use Azure DevOps Pipelines for deploying the resources, you need
More information can be found [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal).
### 4. Parameter Update Process
### 4. Parameter Updates
> **Note:** This section applies for both **Azure DevOps** and **GitHub** Deployment
In order to deploy the ARM templates in this repository to the desired Azure subscription, you will need to modify some parameters in the forked repository, which will be used for updating the files which will be used during the deployment. Therefor, **this step should not be skipped for neither Azure DevOps/GitHub options**. As updating each parameter file manually is a time-consuming and potentially error-prone process, we have simplified the task with a GitHub Action workflow. You can update your deployment parameters by completing three steps:
In order to deploy the Infrastructure as Code (IaC) templates to the desired Azure subscription, you will need to modify some parameters in the forked repository. Therefore, **this step should not be skipped for neither Azure DevOps/GitHub options**. There are two files that require updates:
#### Configure the `updateParameters` workflow
- `.github/workflows/dataDomainDeployment.yml` for GitHub Actions,
- `.ado/workflows/dataDomainDeployment.yml` for Azure DevOps and
- `infra/params.dev.json`.
> **Note:** There is only one 'updateParameters.yml', which can be found under the '.github' folder and this one will be used also for setting up the Azure DevOps Deployment
Update these files in a seperate branch and then merge via Pull Request to trigger the initial deployment.
To begin, please open the [.github/workflows/updateParameters.yml](/.github/workflows/updateParameters.yml). In this file you need to update the environment variables. Just click on [.github/workflows/updateParameters.yml](/.github/workflows/updateParameters.yml) and edit the following section:
#### Configure `dataDomainDeployment.yml`
##### For GitHub Actions
To begin, please open the [.github/workflows/dataDomainDeployment.yml](/.github/workflows/dataDomainDeployment.yml). In this file you need to update the environment variables section. Just click on [.github/workflows/dataDomainDeployment.yml](/.github/workflows/dataDomainDeployment.yml) and edit the following section:
```yaml
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_DOMAIN_NAME: '{dataDomainName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}' # Resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**.
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}' # Choose a storage account which was previously deployed in the Data Landing Zone.
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}' # Choose the name of the container inside the Storage Account which was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable.
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}' # This is needed just for ADO Deployments.
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
```
Further details about these parameters are provided in a table below.
##### For Azure DevOps
To begin, please open the [.ado/workflows/dataDomainDeployment.yml](/.ado/workflows/dataDomainDeployment.yml). In this file you need to update the variables section. Just click on [.ado/workflows/dataDomainDeployment.yml](/.ado/workflows/dataDomainDeployment.yml) and edit the following section:
```yaml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd001" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
```
The following table explains each of the parameters:
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| **GLOBAL_DNS_RESOURCE_GROUP_ID** | Specifies the global DNS resource group resource ID which gets deployed with the [Data Management Landing Zone](https://github.com/Azure/data-management-zone) | <div style="width: 36ch">`/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group`</div> |
| **DATA_LANDING_ZONE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Landing Zone where all the resources will be deployed | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **DATA_DOMAIN_NAME** | Specifies the name of your Data Domain. The value should consist of alphanumeric characters (A-Z, a-z, 0-9) and should not contain any special characters like `-`, `_`, `.`, etc. Special characters will be removed in the renaming process. | `mydomain01` |
| **LOCATION** | Specifies the region where you want the resources to be deployed. Please use the same region as for your Data Landing Zone. Otherwise the deployment will fail, since the Vnet and the Private Endpoints have to be in the same region. Also Check [Supported Regions](#supported-regions) | `northeurope` |
| **SUBNET_ID** | Specifies the resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**. The subnet is already configured with `privateEndpointNetworkPolicies` and `privateLinkServiceNetworkPolicies` set to `Disabled`, as mentioned in the *Prerequisites* | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet/subnets/{my}-privatelink-subnet` |
|**SYNAPSE_STORAGE_ACCOUNT_NAME**| Specifies the name of the Azure Synapse Storage Account, which was previously deployed in the Data Landing Zone. Go to the `{DataLandingZoneName}-storage` resource group in your Data Landing Zone and copy the resource name (`{DataLandingZoneName}worksa`). | `mydlzworksa` |
|**SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME**| Specifies the name of the Synapse Account filesystem, which is the name of the container inside the Storage Account that was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable. | `data`|
| **PURVIEW_ID** | Specifies the resource ID of the Purview account to which the Synapse workspaces and Data Factories should connect to share data lineage and other metadata. In case you do not have a Purview account deployed at this stage, leave it empty string. | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-governance-rg/providers/Microsoft.Purview/accounts/my-purview` |
| **AZURE_RESOURCE_MANAGER_CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
| **AZURE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Management Zone where all the resources will be deployed | <div style="width: 36ch">`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`</div> |
| **AZURE_LOCATION** | Specifies the region where you want the resources to be deployed. Please check [Supported Regions](#supported-regions) | `northeurope` |
| **AZURE_RESOURCE_GROUP_NAME** | Specifies the name of an existing resource group in your data landing zone, where the resources will be deployed. | `my-rg-name` |
| **AZURE_RESOURCE_MANAGER _CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
#### Execute the `updateParameters` workflow
#### Configure `params.dev.json`
After updating the values, please commit the updated version to the `main` branch of your repository. This will kick off a GitHub Action workflow, which will appear under the **Actions** tab of the main page of the repository. The `Update Parameter Files` workflow will update all parameters in your repository according to a pre-defined naming convention.
To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In this file you need to update the variable values. Just click on [infra/params.dev.json](/infra/params.dev.json) and edit the values. An explanation of the values is given in the table below:
#### Configure the deployment pipeline
The workflow above will make changes to all of the ARM config files. These changes will be stored in a new branch. Once the process has finished, it will open a new pull request in your repository where you can review the changes made by the workflow. The pull request will also provide the values you need to use to configure the deployment pipeline. Please follow the instructions in the pull request to complete the parameter update process.
The instructions will guide towards the following steps:
- create a new `resource group` where all the resources specific to this Data Domain Streaming will be deployed;
- add the required role assignments for the Service Principal created at step [2. Setting up the required Service Principal](#2-setting-up-the-required-service-principal) ;
- change the environment variables in the deployment workflow file
> **Note:** We are not renaming the environment variables in the workflow files because this could lead to an infinite loop of workflow runs being started.
#### Merge these changes back to the `main` branch of your repo
After following the instructions in the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository.
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| location | Specifies the location for all resources. | `northeurope` |
| environment | Specifies the environment of the deployment. | `dev`, `test` or `prod` |
| prefix | Specifies the prefix for all resources created in this deployment. | `prefi` |
| sqlFlavour | Specifies the sql flavour that will be deployed. | `sql`, `mysql`, `maria` or `postgre` |
| administratorPassword | Specifies the administrator password of the sql servers. Will be automatically set in the workflow. **Leave this value as is.** | `<your-secure-password>` |
| synapseDefaultStorageAccountFileSystemId | Specifies the resource ID of the default storage account file system for synapse. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Storage/storageAccounts/{storage-name}/blobServices/default/containers/{container-name}` |
| subnetId | Specifies the resource ID of the subnet to which all services will connect. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/{subnet-name}` |
| purviewId | Specifies the resource ID of the central purview instance. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Purview/accounts/{purview-name}` |
| enableRoleAssignments | Specifies whether role assignments should be enabled. **Leave this value as is.** | `true` or `false` |
| privateDnsZoneIdKeyVault | Specifies the resource ID of the private DNS zone for KeyVault. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
| privateDnsZoneIdSynapseDev | Specifies the resource ID of the private DNS zone for Synapse Dev. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net` |
| privateDnsZoneIdSynapseSql | Specifies the resource ID of the private DNS zone for Synapse Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net` |
| privateDnsZoneIdDataFactory | Specifies the resource ID of the private DNS zone for Data Factory. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net` |
| privateDnsZoneIdDataFactoryPortal | Specifies the resource ID of the private DNS zone for Data Factory Portal. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com` |
| privateDnsZoneIdCosmosdbSql | Specifies the resource ID of the private DNS zone for Cosmos Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com` |
| privateDnsZoneIdSqlServer | Specifies the resource ID of the private DNS zone for Sql Server. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net` |
| privateDnsZoneIdMySqlServer | Specifies the resource ID of the private DNS zone for MySql Server. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com` |
| privateDnsZoneIdMariaDb | Specifies the resource ID of the private DNS zone for MariaDB. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.mariadb.database.azure.com` |
| privateDnsZoneIdPostgreSql | Specifies the resource ID of the private DNS zone for PostgreSql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com` |
### 5. (not applicable for GH Actions) Reference pipeline from GitHub repository in Azure DevOps Pipelines
@ -326,13 +342,17 @@ As a last step, you need to create an Azure DevOps pipeline in your project base
1. Click on **Continue** and then on **Run**.
### 6. Follow the workflow deployment
### 6. Merge these changes back to the `main` branch of your repo
After following the instructions and updating the parameters and variables in your repository in a separate branch and opening the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository. By doing this, you trigger the deployment workflow.
### 7. Follow the workflow deployment
**Congratulations!** You have successfully executed all steps to deploy the template into your environment through GitHub Actions or Azure DevOps.
If you are using GitHub Actions, you can navigate to the **Actions** tab of the main page of the repository where you will see a workflow with the name `Data Domain Deployment` running. Click on it to see how it deploys one service after another. If you run into any issues, please open an issue [here](https://github.com/Azure/data-landing-zone/issues).
If you are using GitHub Actions, you can navigate to the **Actions** tab of the main page of the repository where you will see a workflow with the name `Data Domain Deployment` running. Click on it to see how it deploys one service after another. If you run into any issues, please open an issue [here](https://github.com/Azure/data-domain-batch/issues).
If you are using Azure DevOps Pipelines, you can navigate to the pipeline that you have created as part of step 6 and monitor it as each service is deployed. If you run into any issues, please open an issue [here](https://github.com/Azure/data-landing-zone/issues).
If you are using Azure DevOps Pipelines, you can navigate to the pipeline that you have created as part of step 6 and monitor it as each service is deployed. If you run into any issues, please open an issue [here](https://github.com/Azure/data-domain-batch/issues).
### Documentation
@ -341,11 +361,10 @@ If you are using Azure DevOps Pipelines, you can navigate to the pipeline that y
| File/folder | Description |
| ----------------------------- | ------------------------------------------ |
| `.ado/workflows` | Folder for ADO workflows. The `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `updateParameters.yml` workflow is used for the parameter update process, while the `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `code` | Sample password generation script that will be run in the deployment workflow for resources that require a password during the deployment. |
| `configs` | Folder containing a script and configuration file that is used for the parameter update process. |
| `docs` | Resources for this README. |
| `infra` | Folder containing all the ARM templates for each of the resources that will be deployed (`deploy.{resource}.json`) together with their parameter files (`params.{resource}.json`). |
| `infra` | Folder containing all the ARM and Bicep templates for each of the resources that will be deployed. |
| `CODE_OF_CONDUCT.md` | Microsoft Open Source Code of Conduct. |
| `LICENSE` | The license for the sample. |
| `README.md` | This README file. |

144
configs/UpdateParameters.ps1
Просмотреть файл

@ -1,144 +0,0 @@
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$ConfigurationFilePath,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$GlobalDnsResourceGroupId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneSubscriptionId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$Location,
[Parameter(Mandatory=$true)]
[AllowEmptyString()]
[string]
$PurviewId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountFileSystemName,
[Parameter(Mandatory=$false)]
[string]
$AzureResourceManagerConnectionName
)
function SetValue($Object, $Key, $Value) {
$p1, $p2 = $Key.Split(".")
if ($p2) {
SetValue -object $Object.$p1 -key $p2 -Value $Value
}
else {
$Object.$p1 = $Value
}
}
function Remove-SpecialCharsAndWhitespaces($InputString) {
$SpecialChars = '[#?!`"#$%&*+,-./:;<=>?@^_``|~\{\[\(\)\]\}]'
$Replacement = ''
return ($InputString -replace $SpecialChars,$Replacement) -replace "\s", ""
}
# Replace Special Characters
Write-Host "Replacing Special Characters"
$DataLandingZoneName = Remove-SpecialCharsAndWhitespaces -InputString $DataLandingZoneName
# Reduce Length of DataLandingZoneName
Write-Host "Reduce Length of DataLandingZoneName to max 11 Characters"
$DataLandingZoneName = -join $DataLandingZoneName[0..10]
# Convert DataLandingZoneName to lowercase
Write-Host "Converting DataLandingZoneName to lowercase"
$DataLandingZoneName = $DataLandingZoneName.ToLower()
# Loading Configuration File for Parameter Updates
Write-Host "Loading Configuration File for Parameter Updates"
$configs = Get-Content -Path $ConfigurationFilePath -Raw | Out-String | ConvertFrom-Json
foreach ($config in $configs) {
# Get Replacement Key-Value Pairs
Write-Host "Getting Replacement Key-Value Pairs"
$parameterReplacements = @{}
$config.parameters.psobject.properties | ForEach-Object { $parameterReplacements[$_.Name] = $_.Value }
if ($config.fileType.ToLower() -eq "json") {
# Load ARM Parameter File
Write-Host "Loading ARM Parameter File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Json
# Replace Parameter Values
Write-Host "Replacing Parameter Values"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Json -Depth 100 | Set-Content -Path $config.filePath
}
elseif (($config.fileType.ToLower() -eq "yaml") -or ($config.fileType.ToLower() -eq "yml")) {
# Load YAML Deployment File
Write-Host "Loading YAML Deployment File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Yaml -Ordered
# Replace Variables
Write-Host "Replacing Variables"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Yaml | Set-Content -Path $config.filePath
}
else {
Write-Error "File Type not Supported"
throw "File Type not Supported"
}
}
# Set output
Write-Output "Setting output"
Write-Output "::set-output name=landingZoneName::${DataLandingZoneName}"

118
configs/config.json
Просмотреть файл

@ -1,118 +0,0 @@
[
{
"filePath": "infra/BigDataPool/params.bigDataPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/CosmosDb/params.cosmosDb001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.cosmosAccountName.value": "${DataLandingZoneName}-cosmos001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
}
},
{
"filePath": "infra/DataFactory/params.dataFactory001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.dataFactoryName.value": "${DataLandingZoneName}-datafactory001",
"parameters.purviewId.value": "${PurviewId}",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdDataFactory.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net",
"parameters.privateDnsZoneIdPortal.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
}
},
{
"filePath": "infra/KeyVault/params.keyVault001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
},
{
"filePath": "infra/MariaDb/params.mariaDb001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mariaDbServerName.value": "${DataLandingZoneName}-mariadbserver001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.mariadb.database.azure.com"
}
},
{
"filePath": "infra/MySql/params.mySql001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.mySqlServerName.value": "${DataLandingZoneName}-mysqlserver001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com"
}
},
{
"filePath": "infra/PostgreSql/params.postgreSql001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.postgreSqlServerName.value": "${DataLandingZoneName}-postgresqlserver001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com"
}
},
{
"filePath": "infra/SqlDatabase/params.sqlDatabase001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.sqlServerId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Sql/servers/${DataLandingZoneName}-sqlserver001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001"
}
},
{
"filePath": "infra/SqlPool/params.sqlPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/SqlServer/params.sqlServer001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.sqlServerName.value": "${DataLandingZoneName}-sqlserver001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
}
},
{
"filePath": "infra/Synapse/params.synapse001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceName.value": "${DataLandingZoneName}-synapse001",
"parameters.synapseDefaultStorageAccountName.value": "${SynapseStorageAccountName}",
"parameters.synapseDefaultStorageAccountFileSystem.value": "${SynapseStorageAccountFileSystemName}",
"parameters.purviewId.value": "${PurviewId}",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdSql.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net",
"parameters.privateDnsZoneIdDev.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
}
]

108
infra/BigDataPool/deploy.bigDataPool.json
Просмотреть файл

@ -1,108 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"bigDataPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the big data pool."
}
},
"bigDataPoolNodeSize": {
"type": "string",
"defaultValue": "Medium",
"allowedValues": [
"Small",
"Medium",
"Large",
"XLarge",
"XXLarge",
"XXXLarge"
],
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMinNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 3,
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMaxNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 10,
"metadata": {
"description": "Specifies the maximum node count of the big data pool."
}
},
"bigDataPoolAutopauseDelay": {
"type": "int",
"minValue": 1,
"defaultValue": 15,
"metadata": {
"description": "Specifies the autopause delay of the big data pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the big data pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"bigDataPoolName": "[parameters('bigDataPoolName')]",
"bigDataPoolNodeSize": "[parameters('bigDataPoolNodeSize')]",
"bigDataPoolMinNodes": "[parameters('bigDataPoolMinNodes')]",
"bigDataPoolMaxNodes": "[parameters('bigDataPoolMaxNodes')]",
"bigDataPoolAutopauseDelay": "[parameters('bigDataPoolAutopauseDelay')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/bigDataPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('bigDataPoolName'))]",
"location": "[variables('location')]",
"properties": {
"autoPause": {
"enabled": true,
"delayInMinutes": "[variables('bigDataPoolAutopauseDelay')]"
},
"autoScale": {
"enabled": true,
"minNodeCount": "[variables('bigDataPoolMinNodes')]",
"maxNodeCount": "[variables('bigDataPoolMaxNodes')]"
},
"defaultSparkLogFolder": "logs/",
// "libraryRequirements": {
// "content": "",
// "filename": "requirements.txt"
// },
"nodeSize": "[variables('bigDataPoolNodeSize')]",
"nodeSizeFamily": "MemoryOptimized",
"provisioningState": "Succeeded",
"sparkEventsFolder": "events/",
"sparkVersion": "2.4",
"sessionLevelPackagesEnabled": false,
"isComputeIsolationEnabled": false,
"sparkConfigProperties": {}
}
}
],
"outputs": {}
}

27
infra/BigDataPool/params.bigDataPool001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"bigDataPoolName": {
"value": "bigdatapool001"
},
"bigDataPoolNodeSize": {
"value": "Medium"
},
"bigDataPoolMinNodes": {
"value": 3
},
"bigDataPoolMaxNodes": {
"value": 10
},
"bigDataPoolAutopauseDelay": {
"value": 15
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.Synapse/workspaces/dn001-dd001-synapse001"
}
}
}

179
infra/CosmosDb/deploy.cosmosDb.json
Просмотреть файл

@ -1,179 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location of all deployed resources."
}
},
"cosmosAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the Cosmos DB account name (max length 44 characters)."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"cosmosAccountName": "[parameters('cosmosAccountName')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('cosmosAccountName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-06-01-preview",
"name": "[variables('cosmosAccountName')]",
"kind": "GlobalDocumentDB",
"location": "[variables('location')]",
"properties": {
"consistencyPolicy": {
"defaultConsistencyLevel": "BoundedStaleness",
"maxIntervalInSeconds": 10,
"maxStalenessPrefix": 200
},
"locations": [
{
"locationName": "[variables('location')]",
"failoverPriority": 0,
"isZoneRedundant": true
}
],
"databaseAccountOfferType": "Standard",
"ipRules": [],
"isVirtualNetworkFilterEnabled": true,
"enableAutomaticFailover": true,
"virtualNetworkRules": [
],
"enableMultipleWriteLocations": false,
"enableCassandraConnector": false,
"publicNetworkAccess": "Disabled",
"capabilities": [
],
"disableKeyBasedMetadataWriteAccess": true,
"enableAnalyticalStorage": false,
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 240,
"backupRetentionIntervalInHours": 8
}
},
"cors": [],
"createMode": "Default"
// "apiProperties": { // Only supported for Mongo DB
// "serverVersion": "3.6"
// }
// "connectorOffer": "Small" // Only required for Cassandra
},
"resources": [
// {
// "type": "sqlDatabases",
// "name": "[variables('cosmosDatabaseName')]",
// "apiVersion": "2020-04-01",
// "dependsOn": [
// "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
// ],
// "properties": {
// "resource": {
// "id": "[variables('cosmosDatabaseName')]"
// },
// "options": {
// // "throughput": "[variables('cosmosDatabaseThroughput')]" // use autoscale instead of fixed throughput
// "autoscaleSettings": {
// "maxThroughput": "[variables('cosmosDatabaseThroughput')]"
// }
// }
// }
// }
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]",
"groupIds": [
"sql"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/cosmosConnectionString')]",
"apiVersion": "2019-09-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
],
"properties": {
"contentType": "text/plain",
"value": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName')), '2020-04-01').connectionStrings[0].connectionString]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}

21
infra/CosmosDb/params.cosmosDb001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"cosmosAccountName": {
"value": "dn001-dd001-cosmos001"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
}
}
}

338
infra/DataFactory/deploy.dataFactory.json
Просмотреть файл

@ -1,338 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"dataFactoryName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the data factory."
}
},
"dataFactoryGitAccount": {
"type": "string",
"metadata": {
"description": "Specifies the account name for the repository connection."
}
},
"dataFactoryGitRepo": {
"type": "string",
"metadata": {
"description": "Specifies the repo name for the repository connection."
}
},
"dataFactoryGitCollaborationBranch": {
"type": "string",
"metadata": {
"description": "Specifies the collaboration branch name for the repository connection."
}
},
"dataFactoryGitRootFolder": {
"type": "string",
"metadata": {
"description": "Specifies the root folder in the branch for the repository connection."
}
},
"dataFactoryGitType": {
"type": "string",
"allowedValues": [
"FactoryGitHubConfiguration",
"FactoryVSTSConfiguration"
],
"metadata": {
"description": "Specifies the type of git connection."
}
},
"purviewId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the purview data catalog that should be linked to the data factory."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the keyvault that should be linked to the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdDataFactory": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory."
}
},
"privateDnsZoneIdPortal": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for data factory portal."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"dataFactoryName": "[parameters('dataFactoryName')]",
"defaultManagedVnetIntegrationRuntimeName": "AutoResolveIntegrationRuntime",
"dataFactoryGitAccount": "[parameters('dataFactoryGitAccount')]",
"dataFactoryGitRepo": "[parameters('dataFactoryGitRepo')]",
"dataFactoryGitCollaborationBranch": "[parameters('dataFactoryGitCollaborationBranch')]",
"dataFactoryGitRootFolder": "[parameters('dataFactoryGitRootFolder')]",
"dataFactoryGitType": "[parameters('dataFactoryGitType')]",
"purviewId": "[parameters('purviewId')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdDataFactory": "[parameters('privateDnsZoneIdDataFactory')]",
"privateDnsZoneIdPortal": "[parameters('privateDnsZoneIdPortal')]",
"privateEndpointNameDataFactory": "[concat(variables('dataFactoryName'), '-datafactory-private-endpoint')]",
"privateEndpointNamePortal": "[concat(variables('dataFactoryName'), '-portal-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[variables('dataFactoryName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
// "repoConfiguration": {
// "accountName": "[variables('dataFactoryGitAccount')]",
// "repositoryName": "[variables('dataFactoryGitRepo')]",
// "collaborationBranch": "[variables('dataFactoryGitCollaborationBranch')]",
// "rootFolder": "[variables('dataFactoryGitRootFolder')]",
// "type": "[variables('dataFactoryGitType')]"
// },
"globalParameters": {
},
"publicNetworkAccess": "Disabled",
"purviewConfiguration": {
"purviewResourceId": "[variables('purviewId')]"
}
},
"resources": [
{
"type": "managedVirtualNetworks",
"apiVersion": "2018-06-01",
"name": "default",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"properties": {}
},
{
"type": "integrationRuntimes",
"apiVersion": "2018-06-01",
"name": "[variables('defaultManagedVnetIntegrationRuntimeName')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]"
],
"properties": {
"type": "Managed",
"managedVirtualNetwork": {
"type": "ManagedVirtualNetworkReference",
"referenceName": "default"
},
"typeProperties": {
"computeProperties": {
"location": "AutoResolve"
}
}
}
},
{
"condition": "[not(empty(variables('keyVaultId')))]",
"type": "managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"name": "[concat('default/', replace(variables('keyVaultName'), '-', ''))]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]",
"[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('defaultManagedVnetIntegrationRuntimeName'))]"
],
"properties": {
"privateLinkResourceId": "[variables('keyVaultId')]",
"groupId": "vault"
}
},
{
"condition": "[not(empty(variables('keyVaultId')))]",
"type": "linkedservices",
"apiVersion": "2018-06-01",
"name": "[replace(variables('keyVaultName'), '-', '')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', variables('dataFactoryName'), 'default')]",
"[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', variables('dataFactoryName'), variables('defaultManagedVnetIntegrationRuntimeName'))]",
"[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints', variables('dataFactoryName'), 'default', replace(variables('keyVaultName'), '-', ''))]"
],
"properties": {
"type": "AzureKeyVault",
"annotations": [],
"additionalProperties": {},
"connectVia": {
"type": "IntegrationRuntimeReference",
"referenceName": "[variables('defaultManagedVnetIntegrationRuntimeName')]"
},
"description": "Key Vault for data product",
"parameters": {},
"typeProperties": {
"baseUrl": "[concat('https://', variables('keyVaultName'), '.vault.azure.net/')]"
}
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDataFactory')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDataFactory')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"dataFactory"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDataFactory'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDataFactory'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDataFactory'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDataFactory')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNamePortal')]",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNamePortal')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]",
"groupIds": [
"portal"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNamePortal'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNamePortal'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNamePortal'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdPortal')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "AccessPolicyDeployment",
"dependsOn": [
"[resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[concat(variables('keyVaultName'), '/add')]",
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[reference(resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName')), '2018-06-01', 'Full').identity.tenantId]",
"objectId": "[reference(resourceId('Microsoft.DataFactory/factories', variables('dataFactoryName')), '2018-06-01', 'Full').identity.principalId]",
"permissions": {
"secrets": [
"list",
"get"
]
}
}
]
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {}
}

42
infra/DataFactory/params.dataFactory001.json
Просмотреть файл

@ -1,42 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"dataFactoryName": {
"value": "dn001-dd001-datafactory001"
},
"dataFactoryGitAccount": {
"value": ""
},
"dataFactoryGitRepo": {
"value": ""
},
"dataFactoryGitCollaborationBranch": {
"value": ""
},
"dataFactoryGitRootFolder": {
"value": ""
},
"dataFactoryGitType": {
"value": "FactoryGitHubConfiguration"
},
"purviewId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-governance/providers/Microsoft.Purview/accounts/dh-purview001"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdPortal": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
}
}
}

152
infra/KeyVault/deploy.keyVault.json
Просмотреть файл

@ -1,152 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the key vault."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
},
"resourceExists": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether this is the first deployment of this resource or whether the resource already exists."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"keyVaultName": "[parameters('keyVaultName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"resourceExists": "[parameters('resourceExists')]",
"privateEndpointName": "[concat(variables('keyVaultName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[concat(variables('keyVaultName'), 'Deployment')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[variables('keyVaultName')]",
"location": "[variables('location')]",
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enablePurgeProtection": true,
"enableSoftDelete": true,
"enableRbacAuthorization": false,
"tenantId": "[subscription().tenantId]",
"createMode": "default",
"accessPolicies": "[if(variables('resourceExists'), reference(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '2016-10-01').accessPolicies, createArray())]",
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroup": "[resourceGroup().name]"
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[concat(variables('keyVaultName'), 'Deployment')]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"groupIds": [
"vault"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"keyVaultId": {
"type": "string",
"value": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
}
}
}

21
infra/KeyVault/params.keyVault001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"resourceExists": {
"value": false
}
}
}

279
infra/MariaDb/deploy.mariaDb.json
Просмотреть файл

@ -1,279 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mariaDbServerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the MariaDB server."
}
},
"mariaDbDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the MariaDB database."
}
},
"mariaDbSkuName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the MariaDB server."
}
},
"mariaDbSkuTier": {
"type": "string",
"metadata": {
"description": "Specifies the tier of the sku of the MariaDB server."
}
},
"mariaDbSkuCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity of the sku of the MariaDB server."
}
},
"mariaDbSkuSize": {
"type": "int",
"metadata": {
"description": "Specifies the size in MB of the MariaDB server."
}
},
"mariaDbSkuFamily": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the MariaDB server."
}
},
"mariaDbServerAdministratorLogin": {
"type": "string",
"defaultValue": "sqladminuser",
"metadata": {
"description": "Specifies the login account name for the MariaDB server."
}
},
"mariaDbServerAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the MariaDB server."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mariaDbServerName": "[parameters('mariaDbServerName')]",
"mariaDbDatabaseName": "[parameters('mariaDbDatabaseName')]",
"mariaDbSkuName": "[parameters('mariaDbSkuName')]",
"mariaDbSkuTier": "[parameters('mariaDbSkuTier')]",
"mariaDbSkuCapacity": "[parameters('mariaDbSkuCapacity')]",
"mariaDbSkuSize": "[parameters('mariaDbSkuSize')]",
"mariaDbSkuFamily": "[parameters('mariaDbSkuFamily')]",
"mariaDbServerAdministratorLogin": "[parameters('mariaDbServerAdministratorLogin')]",
"mariaDbServerAdministratorLoginPassword": "[parameters('mariaDbServerAdministratorLoginPassword')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"connectionStringSecretName": "[concat(variables('mariaDbServerName'), 'ConnectionString')]",
"usernameSecretName": "[concat(variables('mariaDbServerName'), 'Username')]",
"passwordSecretName": "[concat(variables('mariaDbServerName'), 'Password')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('mariaDbServerName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DBforMariaDB/servers",
"apiVersion": "2018-06-01-preview",
"name": "[variables('mariaDbServerName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('mariaDbSkuName')]",
"tier": "[variables('mariaDbSkuTier')]",
"capacity": "[variables('mariaDbSkuCapacity')]",
"size": "[variables('mariaDbSkuSize')]",
"family": "[variables('mariaDbSkuFamily')]"
},
"properties": {
"createMode": "Default",
"version": "10.3",
"sslEnforcement": "Enabled",
"minimalTlsVersion": "TLS1_2",
"infrastructureEncryption": "Disabled",
"publicNetworkAccess": "Disabled",
"storageProfile": {
"backupRetentionDays": 7,
"geoRedundantBackup": "Enabled",
"storageAutogrow": "Enabled",
"storageMB": "[variables('mariaDbSkuSize')]"
},
"administratorLogin": "[variables('mariaDbServerAdministratorLogin')]",
"administratorLoginPassword": "[variables('mariaDbServerAdministratorLoginPassword')]",
"previewFeature": ""
}
},
{
"type": "Microsoft.DBforMariaDB/servers/databases",
"apiVersion": "2018-06-01-preview",
"name": "[concat(variables('mariaDbServerName'), '/', variables('mariaDbDatabaseName'))]",
"dependsOn": [
"[resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName'))]"
],
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName'))]",
"groupIds": [
"mariadbServer"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"name": "MariaDbSecretDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('connectionStringSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[concat('String url =\"jdbc:mariadb://', variables('mariaDbServerName'), '.mysql.database.azure.com:3306/', variables('mariaDbDatabaseName'), '?useSSL=true\"; myDbConn = DriverManager.getConnection(url, \"', reference(resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName')), '2018-06-01-preview').administratorLogin, '@', variables('mariaDbServerName'), '\", ', variables('mariaDbServerAdministratorLoginPassword'), ');')]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('usernameSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.DBforMariaDB/servers', variables('mariaDbServerName')), '2018-06-01-preview').administratorLogin]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('passwordSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[variables('mariaDbServerAdministratorLoginPassword')]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"mariaDbDatabaseId": {
"type": "string",
"value": "[resourceId('Microsoft.DBforMySQL/servers/databases', variables('mariaDbServerName'), variables('mariaDbDatabaseName'))]"
},
"connectionStringSecretName": {
"type": "string",
"value": "[variables('connectionStringSecretName')]"
},
"usernameSecretName": {
"type": "string",
"value": "[variables('usernameSecretName')]"
},
"passwordSecretName": {
"type": "string",
"value": "[variables('passwordSecretName')]"
}
}
}

45
infra/MariaDb/params.mariaDb001.json
Просмотреть файл

@ -1,45 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mariaDbServerName": {
"value": "dn001-dd001-mariadbserver001"
},
"mariaDbDatabaseName": {
"value": "DataDomain001"
},
"mariaDbSkuName": {
"value": "GP_Gen5_2"
},
"mariaDbSkuTier": {
"value": "GeneralPurpose"
},
"mariaDbSkuCapacity": {
"value": 2
},
"mariaDbSkuSize": {
"value": 5120
},
"mariaDbSkuFamily": {
"value": "Gen5"
},
"mariaDbServerAdministratorLogin": {
"value": "ServerMainUser"
},
"mariaDbServerAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mariadb.database.azure.com"
}
}
}

308
infra/MySql/deploy.mySql.json
Просмотреть файл

@ -1,308 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"mySqlServerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the MySQL server."
}
},
"mySqlDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the MySQL database."
}
},
"mySqlSkuName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the MySQL server."
}
},
"mySqlSkuTier": {
"type": "string",
"metadata": {
"description": "Specifies the tier of the sku of the MySQL server."
}
},
"mySqlSkuCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity of the sku of the MySQL server."
}
},
"mySqlSkuSize": {
"type": "int",
"metadata": {
"description": "Specifies the size in MB of the MySQL server."
}
},
"mySqlSkuFamily": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the MySQL server."
}
},
"mySqlServerAdministratorLogin": {
"type": "string",
"defaultValue": "sqladminuser",
"metadata": {
"description": "Specifies the login account name for the MySQL server."
}
},
"mySqlServerAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the MySQL server."
}
},
"mySqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the MySQL admin group."
}
},
"mySqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the MySQL admin group."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"mySqlServerName": "[parameters('mySqlServerName')]",
"mySqlDatabaseName": "[parameters('mySqlDatabaseName')]",
"mySqlSkuName": "[parameters('mySqlSkuName')]",
"mySqlSkuTier": "[parameters('mySqlSkuTier')]",
"mySqlSkuCapacity": "[parameters('mySqlSkuCapacity')]",
"mySqlSkuSize": "[parameters('mySqlSkuSize')]",
"mySqlSkuFamily": "[parameters('mySqlSkuFamily')]",
"mySqlServerAdministratorLogin": "[parameters('mySqlServerAdministratorLogin')]",
"mySqlServerAdministratorLoginPassword": "[parameters('mySqlServerAdministratorLoginPassword')]",
"mySqlAdminGroupName": "[parameters('mySqlAdminGroupName')]",
"mySqlAdminGroupObjectID": "[parameters('mySqlAdminGroupObjectID')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"connectionStringSecretName": "[concat(variables('mySqlServerName'), 'ConnectionString')]",
"usernameSecretName": "[concat(variables('mySqlServerName'), 'Username')]",
"passwordSecretName": "[concat(variables('mySqlServerName'), 'Password')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('mySqlServerName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DBForMySQL/servers",
"apiVersion": "2017-12-01-preview",
"name": "[variables('mySqlServerName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('mySqlSkuName')]",
"tier": "[variables('mySqlSkuTier')]",
"capacity": "[variables('mySqlSkuCapacity')]",
"size": "[variables('mySqlSkuSize')]",
"family": "[variables('mySqlSkuFamily')]"
},
"properties": {
"createMode": "Default",
"version": "5.7",
"sslEnforcement": "Enabled",
"minimalTlsVersion": "TLS1_2",
"infrastructureEncryption": "Disabled",
"publicNetworkAccess": "Disabled",
"storageProfile": {
"backupRetentionDays": 7,
"geoRedundantBackup": "Enabled",
"storageAutogrow": "Enabled",
"storageMB": "[variables('mySqlSkuSize')]"
},
"administratorLogin": "[variables('mySqlServerAdministratorLogin')]",
"administratorLoginPassword": "[variables('mySqlServerAdministratorLoginPassword')]",
"previewFeature": ""
}
},
{
"type": "Microsoft.DBforMySQL/servers/databases",
"apiVersion": "2017-12-01-preview",
"name": "[concat(variables('mySqlServerName'), '/', variables('mySqlDatabaseName'))]",
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', variables('mySqlServerName'))]"
],
"properties": {
"charset": "utf8",
"collation": "utf8_general_ci"
}
},
{
"condition": "[and(not(empty(variables('mySqlAdminGroupName'))), not(empty(variables('mySqlAdminGroupObjectID'))))]",
"type": "Microsoft.DBForMySQL/servers/Administrators",
"apiVersion": "2017-12-01-preview",
"name": "[concat(variables('mySqlServerName'), '/ActiveDirectory')]",
"dependsOn": [
"[resourceId('Microsoft.DBforMySQL/servers', variables('mySqlServerName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('mySqlAdminGroupName')]",
"sid": "[variables('mySqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.DBForMySQL/servers', variables('mySqlServerName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DBForMySQL/servers', variables('mySqlServerName'))]",
"groupIds": [
"mysqlServer"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"name": "MySqlSecretDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.DBForMySQL/servers', variables('mySqlServerName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('connectionStringSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[concat('String url =\"jdbc:mysql://', variables('mySqlServerName'), '.mysql.database.azure.com:3306/', variables('mySqlDatabaseName'), '?useSSL=true&requireSSL=false\"; myDbConn = DriverManager.getConnection(url, \"', reference(resourceId('Microsoft.DBForMySQL/servers', variables('mySqlServerName')), '2017-12-01-preview').administratorLogin, '@', variables('mySqlServerName'), '\", ', variables('mySqlServerAdministratorLoginPassword'), ');')]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('usernameSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.DBForMySQL/servers', variables('mySqlServerName')), '2017-12-01-preview').administratorLogin]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('passwordSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[variables('mySqlServerAdministratorLoginPassword')]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"mySqlDatabaseId": {
"type": "string",
"value": "[resourceId('Microsoft.DBforMySQL/servers/databases', variables('mySqlServerName'), variables('mySqlDatabaseName'))]"
},
"connectionStringSecretName": {
"type": "string",
"value": "[variables('connectionStringSecretName')]"
},
"usernameSecretName": {
"type": "string",
"value": "[variables('usernameSecretName')]"
},
"passwordSecretName": {
"type": "string",
"value": "[variables('passwordSecretName')]"
}
}
}

51
infra/MySql/params.mySql001.json
Просмотреть файл

@ -1,51 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"mySqlServerName": {
"value": "dn001-dd001-mysqlserver001"
},
"mySqlDatabaseName": {
"value": "DataDomain001"
},
"mySqlSkuName": {
"value": "GP_Gen5_2"
},
"mySqlSkuTier": {
"value": "GeneralPurpose"
},
"mySqlSkuCapacity": {
"value": 2
},
"mySqlSkuSize": {
"value": 5120
},
"mySqlSkuFamily": {
"value": "Gen5"
},
"mySqlServerAdministratorLogin": {
"value": "ServerMainUser"
},
"mySqlServerAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"mySqlAdminGroupName": {
"value": ""
},
"mySqlAdminGroupObjectID": {
"value": ""
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com"
}
}
}

308
infra/PostgreSql/deploy.postgreSql.json
Просмотреть файл

@ -1,308 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"postgreSqlServerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the PostgreSQL server."
}
},
"postgreSqlDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the PostgreSQL database."
}
},
"postgreSqlSkuName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the PostgreSQL server."
}
},
"postgreSqlSkuTier": {
"type": "string",
"metadata": {
"description": "Specifies the tier of the sku of the PostgreSQL server."
}
},
"postgreSqlSkuCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity of the sku of the PostgreSQL server."
}
},
"postgreSqlSkuSize": {
"type": "int",
"metadata": {
"description": "Specifies the size in MB of the PostgreSQL server."
}
},
"postgreSqlSkuFamily": {
"type": "string",
"metadata": {
"description": "Specifies the name of the sku of the PostgreSQL server."
}
},
"postgreSqlServerAdministratorLogin": {
"type": "string",
"defaultValue": "sqladminuser",
"metadata": {
"description": "Specifies the login account name for the PostgreSQL server."
}
},
"postgreSqlServerAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the PostgreSQL server."
}
},
"postgreSqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the PostgreSQL admin group."
}
},
"postgreSqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the PostgreSQL admin group."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"postgreSqlServerName": "[parameters('postgreSqlServerName')]",
"postgreSqlDatabaseName": "[parameters('postgreSqlDatabaseName')]",
"postgreSqlSkuName": "[parameters('postgreSqlSkuName')]",
"postgreSqlSkuTier": "[parameters('postgreSqlSkuTier')]",
"postgreSqlSkuCapacity": "[parameters('postgreSqlSkuCapacity')]",
"postgreSqlSkuSize": "[parameters('postgreSqlSkuSize')]",
"postgreSqlSkuFamily": "[parameters('postgreSqlSkuFamily')]",
"postgreSqlServerAdministratorLogin": "[parameters('postgreSqlServerAdministratorLogin')]",
"postgreSqlServerAdministratorLoginPassword": "[parameters('postgreSqlServerAdministratorLoginPassword')]",
"postgreSqlAdminGroupName": "[parameters('postgreSqlAdminGroupName')]",
"postgreSqlAdminGroupObjectID": "[parameters('postgreSqlAdminGroupObjectID')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"connectionStringSecretName": "[concat(variables('postgreSqlServerName'), 'ConnectionString')]",
"usernameSecretName": "[concat(variables('postgreSqlServerName'), 'Username')]",
"passwordSecretName": "[concat(variables('postgreSqlServerName'), 'Password')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('postgreSqlServerName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DBForPostgreSQL/servers",
"apiVersion": "2017-12-01-preview",
"name": "[variables('postgreSqlServerName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[variables('postgreSqlSkuName')]",
"tier": "[variables('postgreSqlSkuTier')]",
"capacity": "[variables('postgreSqlSkuCapacity')]",
"size": "[variables('postgreSqlSkuSize')]",
"family": "[variables('postgreSqlSkuFamily')]"
},
"properties": {
"createMode": "Default",
"version": "11",
"sslEnforcement": "Enabled",
"minimalTlsVersion": "TLS1_2",
"infrastructureEncryption": "Disabled",
"publicNetworkAccess": "Disabled",
"storageProfile": {
"backupRetentionDays": 7,
"geoRedundantBackup": "Enabled",
"storageAutogrow": "Enabled",
"storageMB": "[variables('postgreSqlSkuSize')]"
},
"administratorLogin": "[variables('postgreSqlServerAdministratorLogin')]",
"administratorLoginPassword": "[variables('postgreSqlServerAdministratorLoginPassword')]",
"previewFeature": ""
}
},
{
"type": "Microsoft.DBForPostgreSQL/servers/databases",
"apiVersion": "2017-12-01-preview",
"name": "[concat(variables('postgreSqlServerName'), '/', variables('postgreSqlDatabaseName'))]",
"dependsOn": [
"[resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName'))]"
],
"properties": {
"charset": "utf8",
"collation": "English_United States.1252"
}
},
{
"condition": "[and(not(empty(variables('postgreSqlAdminGroupName'))), not(empty(variables('postgreSqlAdminGroupObjectID'))))]",
"type": "Microsoft.DBForPostgreSQL/servers/Administrators",
"apiVersion": "2017-12-01-preview",
"name": "[concat(variables('postgreSqlServerName'), '/ActiveDirectory')]",
"dependsOn": [
"[resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('postgreSqlAdminGroupName')]",
"sid": "[variables('postgreSqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName'))]",
"groupIds": [
"postgresqlServer"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"name": "PostgreSqlSecretDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('connectionStringSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[concat('String url =\"jdbc:postgresql://', variables('postgreSqlServerName'), '.postgresql.database.azure.com:5432/', variables('postgreSqlDatabaseName'), '?user=', reference(resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName')), '2017-12-01-preview').administratorLogin, '@', variables('postgreSqlServerName'), '&password=', variables('postgreSqlServerAdministratorLoginPassword'), '&sslmode=require')]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('usernameSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.DBForPostgreSQL/servers', variables('postgreSqlServerName')), '2017-12-01-preview').administratorLogin]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('passwordSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[variables('postgreSqlServerAdministratorLoginPassword')]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"postgreSqlDatabaseId": {
"type": "string",
"value": "[resourceId('Microsoft.DBforMySQL/servers/databases', variables('postgreSqlServerName'), variables('postgreSqlDatabaseName'))]"
},
"connectionStringSecretName": {
"type": "string",
"value": "[variables('connectionStringSecretName')]"
},
"usernameSecretName": {
"type": "string",
"value": "[variables('usernameSecretName')]"
},
"passwordSecretName": {
"type": "string",
"value": "[variables('passwordSecretName')]"
}
}
}

51
infra/PostgreSql/params.postgreSql001.json
Просмотреть файл

@ -1,51 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"postgreSqlServerName": {
"value": "dn001-dd001-postgresqlserver001"
},
"postgreSqlDatabaseName": {
"value": "DataDomain001"
},
"postgreSqlSkuName": {
"value": "GP_Gen5_2"
},
"postgreSqlSkuTier": {
"value": "GeneralPurpose"
},
"postgreSqlSkuCapacity": {
"value": 2
},
"postgreSqlSkuSize": {
"value": 5120
},
"postgreSqlSkuFamily": {
"value": "Gen5"
},
"postgreSqlServerAdministratorLogin": {
"value": "ServerMainUser"
},
"postgreSqlServerAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"postgreSqlAdminGroupName": {
"value": ""
},
"postgreSqlAdminGroupObjectID": {
"value": ""
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com"
}
}
}

244
infra/SqlDatabase/deploy.sqlDatabase.json
Просмотреть файл

@ -1,244 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlServerId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the SQL server to which the database will be deployed."
}
},
"sqlServerAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin passwort of the SQL server to which the database will be deployed."
}
},
"sqlDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL database."
}
},
"sqlDatabaseSku": {
"type": "string",
"defaultValue": "GP_Gen5",
"metadata": {
"description": "Specifies the SKU of the SQL database which is typically a letter + number code (e.g. 'GP_S_Gen5_1')."
}
},
"sqlDatabaseTier": {
"type": "string",
"defaultValue": "GeneralPurpose",
"metadata": {
"description": "Specifies the or edition of the database SKU (e.g. 'GeneralPurpose', etc.)."
}
},
"sqlDatabaseCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity in DTUs or vCores of the SQL database."
}
},
"sqlDatabaseMaxSizeInBytes": {
"type": "int",
"defaultValue": 34359738368,
"metadata": {
"description": "Specifies the maximum size of the database expressed in bytes."
}
},
"sqlDatabaseZoneRedundant": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the database should be zone redundant which means the replicas of this database will be spread across multiple availability zones."
}
},
"sqlDatabaseLicenseType": {
"type": "string",
"defaultValue": "LicenseIncluded",
"allowedValues": [
"LicenseIncluded",
"BasePrice"
],
"metadata": {
"description": "Specifies the license type to apply for this database (if you bring your own license, then select 'BasePrice')."
}
},
"sqlDatabaseReadReplicaCount": {
"type": "int",
"defaultValue": 0,
"minValue": 0,
"metadata": {
"description": "Specifies the number of readonly secondary replicas associated with the database."
}
},
"sqlDatabaseMinCapacity": {
"type": "string",
"defaultValue": "0.5",
"metadata": {
"description": "Specifies the minimal capacity that database will always have allocated, if not paused (only applies to serverless tier)."
}
},
"sqlDatabaseStorageAccountType": {
"type": "string",
"defaultValue": "GRS",
"allowedValues": [
"GRS",
"LRS",
"ZRS"
],
"metadata": {
"description": "Specifies the storage account type used to store backups for this database."
}
},
"sqlDatabaseAutoPauseDelay": {
"type": "int",
"defaultValue": -1,
"minValue": -1,
"metadata": {
"description": "Specifies the time in minutes after which database is automatically paused (only applies to serverless tier)."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlServerId": "[parameters('sqlServerId')]",
"sqlServerName": "[last(split(variables('sqlServerId'), '/'))]",
"sqlServerAdministratorLoginPassword": "[parameters('sqlServerAdministratorLoginPassword')]",
"sqlDatabaseSku": "[parameters('sqlDatabaseSku')]",
"sqlDatabaseTier": "[parameters('sqlDatabaseTier')]",
"sqlDatabaseName": "[parameters('sqlDatabaseName')]",
"sqlDatabaseMaxSizeInBytes": "[parameters('sqlDatabaseMaxSizeInBytes')]",
"sqlDatabaseZoneRedundant": "[parameters('sqlDatabaseZoneRedundant')]",
"sqlDatabaseLicenseType": "[parameters('sqlDatabaseLicenseType')]",
"sqlDatabaseReadReplicaCount": "[parameters('sqlDatabaseReadReplicaCount')]",
"sqlDatabaseMinCapacity": "[parameters('sqlDatabaseMinCapacity')]",
"sqlDatabaseCapacity": "[parameters('sqlDatabaseCapacity')]",
"sqlDatabaseStorageAccountType": "[parameters('sqlDatabaseStorageAccountType')]",
"sqlDatabaseAutoPauseDelay": "[parameters('sqlDatabaseAutoPauseDelay')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"connectionStringSecretName": "[concat(variables('sqlDatabaseName'), 'ConnectionString')]",
"usernameSecretName": "[concat(variables('sqlDatabaseName'), 'Username')]",
"passwordSecretName": "[concat(variables('sqlDatabaseName'), 'Password')]"
},
"resources": [
{
"apiVersion": "2019-06-01-preview",
"type": "Microsoft.Sql/servers/databases",
"name": "[concat(variables('sqlServerName'), '/', variables('sqlDatabaseName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlDatabaseSku')]",
"tier": "[variables('sqlDatabaseTier')]",
"capacity": "[variables('sqlDatabaseCapacity')]"
},
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"maxSizeBytes": "[variables('sqlDatabaseMaxSizeInBytes')]",
"catalogCollation": "DATABASE_DEFAULT",
"zoneRedundant": "[variables('sqlDatabaseZoneRedundant')]",
"licenseType": "[variables('sqlDatabaseLicenseType')]",
"readScale": "[if(greater(variables('sqlDatabaseReadReplicaCount'), 0), 'Enabled', 'Disabled')]",
"readReplicaCount": "[variables('sqlDatabaseReadReplicaCount')]",
"autoPauseDelay": "[variables('sqlDatabaseAutoPauseDelay')]",
"storageAccountType": "[variables('sqlDatabaseStorageAccountType')]",
"minCapacity": "[variables('sqlDatabaseMinCapacity')]"
}
},
{
"name": "SqlDbSecretDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('connectionStringSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[concat('Server=tcp:', reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlDatabaseName'), ';Persist Security Info=False;User ID=', reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').administratorLogin, ';Password=', variables('sqlServerAdministratorLoginPassword'), ';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('usernameSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').administratorLogin]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('passwordSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[variables('sqlServerAdministratorLoginPassword')]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"sqlDatabaseId": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]"
},
"connectionStringSecretName": {
"type": "string",
"value": "[variables('connectionStringSecretName')]"
},
"usernameSecretName": {
"type": "string",
"value": "[variables('usernameSecretName')]"
},
"passwordSecretName": {
"type": "string",
"value": "[variables('passwordSecretName')]"
}
}
}

51
infra/SqlDatabase/params.sqlDatabase001.json
Просмотреть файл

@ -1,51 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlServerId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.Sql/servers/dn001-dd001-sqlserver001"
},
"sqlServerAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"sqlDatabaseName": {
"value": "DataDomain001"
},
"sqlDatabaseSku": {
"value": "Basic"
},
"sqlDatabaseTier": {
"value": "Basic"
},
"sqlDatabaseCapacity": {
"value": 5
},
"sqlDatabaseMaxSizeInBytes": {
"value": 524288000
},
"sqlDatabaseZoneRedundant": {
"value": false
},
"sqlDatabaseLicenseType": {
"value": "LicenseIncluded"
},
"sqlDatabaseReadReplicaCount": {
"value": 0
},
"sqlDatabaseMinCapacity": {
"value": "0.5"
},
"sqlDatabaseStorageAccountType": {
"value": "GRS"
},
"sqlDatabaseAutoPauseDelay": {
"value": -1
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.KeyVault/vaults/dn001-dd001-keyvault001"
}
}
}

185
infra/SqlElasticPool/deploy.sqlElasticPool.json
Просмотреть файл

@ -1,185 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlServerId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the SQL server to which the database will be deployed."
}
},
"sqlElasticPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL elastic pool to which the database will be deployed."
}
},
"sqlElasticPoolSku": {
"type": "string",
"defaultValue": "BasicPool",
"metadata": {
"description": "Specifies the SKU of the SQL elastic pool which is typically a letter + number code (e.g. 'GP_S_Gen5_1')."
}
},
"sqlElasticPoolTier": {
"type": "string",
"defaultValue": "Basic",
"metadata": {
"description": "Specifies the or edition of the elastic pool SKU (e.g. 'GeneralPurpose', etc.)."
}
},
"sqlElasticPoolCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity in eDTUs or vCores of the SQL elastic pool."
}
},
"sqlElasticPoolMinCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the minimum capacity for each database in the elastic pool."
}
},
"sqlElasticPoolMaxCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the maximum capacity for each database in the elastic pool."
}
},
"sqlElasticPoolMaxSizeInBytes": {
"type": "int",
"defaultValue": 34359738368,
"metadata": {
"description": "Specifies the maximum size of the elastic pool expressed in bytes."
}
},
"sqlElasticPoolZoneRedundant": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the elastic pool should be zone redundant which means the replicas of this database will be spread across multiple availability zones."
}
},
"sqlElasticPoolLicenseType": {
"type": "string",
"defaultValue": "LicenseIncluded",
"allowedValues": [
"LicenseIncluded",
"BasePrice"
],
"metadata": {
"description": "Specifies the license type to apply for the elastic pool (if you bring your own license, then select 'BasePrice')."
}
},
"sqlDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL database."
}
},
"sqlDatabaseReadReplicaCount": {
"type": "int",
"defaultValue": 0,
"minValue": 0,
"metadata": {
"description": "Specifies the number of readonly secondary replicas associated with the database."
}
},
"sqlDatabaseMinCapacity": {
"type": "string",
"defaultValue": "0.5",
"metadata": {
"description": "Specifies the minimal capacity that database will always have allocated, if not paused (only applies to serverless tier)."
}
},
"sqlDatabaseStorageAccountType": {
"type": "string",
"defaultValue": "GRS",
"allowedValues": [
"GRS",
"LRS",
"ZRS"
],
"metadata": {
"description": "Specifies the storage account type used to store backups for this database."
}
},
"sqlDatabaseAutoPauseDelay": {
"type": "int",
"defaultValue": -1,
"minValue": -1,
"metadata": {
"description": "Specifies the time in minutes after which database is automatically paused (only applies to serverless tier)."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlServerId": "[parameters('sqlServerId')]",
"sqlServerName": "[last(split(variables('sqlServerId'), '/'))]",
"sqlElasticPoolName": "[parameters('sqlElasticPoolName')]",
"sqlElasticPoolSku": "[parameters('sqlElasticPoolSku')]",
"sqlElasticPoolTier": "[parameters('sqlElasticPoolTier')]",
"sqlElasticPoolCapacity": "[parameters('sqlElasticPoolCapacity')]",
"sqlElasticPoolMaxSizeInBytes": "[parameters('sqlElasticPoolMaxSizeInBytes')]",
"sqlElasticPoolZoneRedundant": "[parameters('sqlElasticPoolZoneRedundant')]",
"sqlElasticPoolLicenseType": "[parameters('sqlElasticPoolLicenseType')]",
"sqlDatabaseName": "[parameters('sqlDatabaseName')]",
"sqlDatabaseReadReplicaCount": "[parameters('sqlDatabaseReadReplicaCount')]",
"sqlDatabaseMinCapacity": "[parameters('sqlDatabaseMinCapacity')]",
"sqlDatabaseStorageAccountType": "[parameters('sqlDatabaseStorageAccountType')]",
"sqlDatabaseAutoPauseDelay": "[parameters('sqlDatabaseAutoPauseDelay')]",
"sqlElasticPoolMinCapacity": "[parameters('sqlElasticPoolMinCapacity')]",
"sqlElasticPoolMaxCapacity": "[parameters('sqlElasticPoolMaxCapacity')]"
},
"resources": [
{
"type": "Microsoft.Sql/servers/elasticpools",
"apiVersion": "2017-10-01-preview",
"name": "[concat(variables('sqlServerName'), '/', variables('sqlElasticPoolName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlElasticPoolSku')]",
"tier": "[variables('sqlElasticPoolTier')]",
"capacity": "[variables('sqlElasticPoolCapacity')]"
},
"properties": {
"perDatabaseSettings": {
"minCapacity": "[variables('sqlElasticPoolMinCapacity')]",
"maxCapacity": "[variables('sqlElasticPoolMaxCapacity')]"
},
"maxSizeBytes": "[variables('sqlElasticPoolMaxSizeInBytes')]",
"zoneRedundant": "[variables('sqlElasticPoolZoneRedundant')]",
"licenseType": "[variables('sqlElasticPoolLicenseType')]"
}
},
{
"type": "Microsoft.Sql/servers/databases",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('sqlServerName'), '/', variables('sqlDatabaseName'))]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers/elasticpools', variables('sqlServerName') , variables('sqlElasticPoolName'))]"
],
"location": "[variables('location')]",
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"catalogCollation": "DATABASE_DEFAULT",
"readScale": "[if(greater(variables('sqlDatabaseReadReplicaCount'), 0), 'Enabled', 'Disabled')]",
"readReplicaCount": "[variables('sqlDatabaseReadReplicaCount')]",
"autoPauseDelay": "[variables('sqlDatabaseAutoPauseDelay')]",
"storageAccountType": "[variables('sqlDatabaseStorageAccountType')]",
"minCapacity": "[variables('sqlDatabaseMinCapacity')]",
"elasticPoolId": "[resourceId('Microsoft.Sql/servers/elasticpools', variables('sqlServerName') , variables('sqlElasticPoolName'))]"
}
}
],
"outputs": {}
}

74
infra/SqlPool/deploy.sqlPool.json
Просмотреть файл

@ -1,74 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL pool."
}
},
"sqlPoolCapacity": {
"type": "string",
"defaultValue": "DW100c",
"allowedValues": [
"DW100c",
"DW200c",
"DW300c",
"DW400c",
"DW500c",
"DW1000c",
"DW1500c",
"DW2000c",
"DW2500c",
"DW3000c",
"DW5000c",
"DW6000c",
"DW7500c",
"DW10000c",
"DW15000c",
"DW30000c"
],
"metadata": {
"description": "Specifies the capacity in DWs of the SQL pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the sql pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlPoolName": "[parameters('sqlPoolName')]",
"sqlPoolCapacity": "[parameters('sqlPoolCapacity')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/sqlPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('sqlPoolName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlPoolCapacity')]"
},
"properties": {
"createMode": "Default",
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
],
"outputs": {}
}

18
infra/SqlPool/params.sqlPool001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlPoolName": {
"value": "sqlpool001"
},
"sqlPoolCapacity": {
"value": "DW100c"
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd001/providers/Microsoft.Synapse/workspaces/dn001-dd001-synapse001"
}
}
}

155
infra/SqlServer/deploy.sqlServer.json
Просмотреть файл

@ -1,155 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlServerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL server."
}
},
"administratorLogin": {
"type": "string",
"defaultValue": "sqladminuser",
"metadata": {
"description": "Specifies the login account name for the SQL server."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the SQL server."
}
},
"sqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the SQL admin group."
}
},
"sqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the SQL admin group."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"sqlServerName": "[parameters('sqlServerName')]",
"sqlAdminGroupName": "[parameters('sqlAdminGroupName')]",
"sqlAdminGroupObjectID": "[parameters('sqlAdminGroupObjectID')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('sqlServerName'), '-private-endpoint')]"
},
"resources": [
{
"apiVersion": "2019-06-01-preview",
"type": "Microsoft.Sql/servers",
"name": "[variables('sqlServerName')]",
"location": "[variables('location')]",
"properties": {
"administratorLogin": "[variables('administratorLogin')]",
"administratorLoginPassword": "[variables('administratorLoginPassword')]",
"version": "12.0",
"minimalTlsVersion": "1.2",
"publicNetworkAccess": "Disabled"
},
"identity": {
"type": "SystemAssigned"
},
"resources": [
{
"condition": "[and(not(empty(variables('sqlAdminGroupObjectID'))), not(empty(variables('sqlAdminGroupObjectID'))))]",
"type": "administrators",
"apiVersion": "2019-06-01-preview",
"name": "ActiveDirectory",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', variables('sqlServerName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('sqlAdminGroupName')]",
"sid": "[variables('sqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]",
"groupIds": [
"sqlServer"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"sqlServerId": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]"
}
}
}

30
infra/SqlServer/params.sqlServer001.json
Просмотреть файл

@ -1,30 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlServerName": {
"value": "dn001-dd001-sqlserver001"
},
"administratorLogin": {
"value": "ServerMainUser"
},
"administratorLoginPassword": {
"value": "<your-secure-password>"
},
"sqlAdminGroupName": {
"value": ""
},
"sqlAdminGroupObjectID": {
"value": ""
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
}
}
}

323
infra/Synapse/deploy.synapse.json
Просмотреть файл

@ -1,323 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"synapseWorkspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseDefaultStorageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the default storage account of the synapse workspace."
}
},
"synapseDefaultStorageAccountFileSystem": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseSqlAdministratorLogin": {
"type": "string",
"metadata": {
"description": "Specifies the login account name for the SQL DW of the synapse workspace."
}
},
"synapseSqlAdministratorPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the SQL DW of the synapse workspace."
}
},
"synapseDatalakeAnalyticsResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseComputeSubnetResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseSqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the SQL admin group."
}
},
"synapseSqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the SQL admin group."
}
},
"purviewId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the purview data catalog that should be linked to the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdSql": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for sql pools."
}
},
"privateDnsZoneIdDev": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for dev."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"synapseWorkspaceName": "[parameters('synapseWorkspaceName')]",
"synapseDefaultStorageAccountUrl": "[concat('https://', parameters('synapseDefaultStorageAccountName'), '.dfs.core.windows.net')]",
"synapseDefaultStorageAccountFileSystem": "[parameters('synapseDefaultStorageAccountFileSystem')]",
"synapseSqlAdministratorLogin": "[parameters('synapseSqlAdministratorLogin')]",
"synapseSqlAdministratorPassword": "[parameters('synapseSqlAdministratorPassword')]",
"synapseDatalakeAnalyticsResourceId": "[parameters('synapseDatalakeAnalyticsResourceId')]",
"synapseComputeSubnetResourceId": "[parameters('synapseComputeSubnetResourceId')]",
"synapseSqlAdminGroupName": "[parameters('synapseSqlAdminGroupName')]",
"synapseSqlAdminGroupObjectID": "[parameters('synapseSqlAdminGroupObjectID')]",
"purviewId": "[parameters('purviewId')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdSql": "[parameters('privateDnsZoneIdSql')]",
"privateDnsZoneIdDev": "[parameters('privateDnsZoneIdDev')]",
"privateEndpointNameSql": "[concat(variables('synapseWorkspaceName'), '-sql-private-endpoint')]",
"privateEndpointNameSqlOnDemand": "[concat(variables('synapseWorkspaceName'), '-sqlondemand-private-endpoint')]",
"privateEndpointNameDev": "[concat(variables('synapseWorkspaceName'), '-dev-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2019-06-01-preview",
"name": "[variables('synapseWorkspaceName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"defaultDataLakeStorage": {
"accountUrl": "[variables('synapseDefaultStorageAccountUrl')]",
"filesystem": "[variables('synapseDefaultStorageAccountFileSystem')]"
},
"sqlAdministratorLogin": "[variables('synapseSqlAdministratorLogin')]",
"sqlAdministratorLoginPassword": "[variables('synapseSqlAdministratorPassword')]",
"adlaResourceId": "[variables('synapseDatalakeAnalyticsResourceId')]",
"managedVirtualNetwork": "default",
"virtualNetworkProfile": {
"computeSubnetId": "[variables('synapseComputeSubnetResourceId')]"
},
"managedResourceGroupName": "[variables('synapseWorkspaceName')]",
"managedVirtualNetworkSettings": {
"allowedAadTenantIdsForLinking": [
"[subscription().tenantId]"
],
"linkedAccessCheckOnTargetResource": true,
"preventDataExfiltration": true
},
"connectivityEndpoints": {},
"purviewConfiguration": {
"purviewResourceId": "[variables('purviewId')]"
}
},
"resources": [
{
"type": "managedIdentitySqlControlSettings",
"apiVersion": "2019-06-01-preview",
"name": "default",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"grantSqlControlToManagedIdentity": {
"desiredState": "Enabled"
}
}
},
{
"condition": "[and(not(empty(variables('synapseSqlAdminGroupName'))), not(empty(variables('synapseSqlAdminGroupObjectID'))))]",
"type": "administrators",
"apiVersion": "2019-06-01-preview",
"name": "activeDirectory",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('synapseSqlAdminGroupName')]",
"sid": "[variables('synapseSqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSql')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSql')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Sql"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSql'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSql'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSql'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"SqlOnDemand"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSqlOnDemand'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDev')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDev')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Dev"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDev'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDev'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDev'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDev')]"
}
}
]
}
}
],
"outputs": {
"synapseWorkspaceId": {
"type": "string",
"value": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
}
}
}

48
infra/Synapse/params.synapse001.json
Просмотреть файл

@ -1,48 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"synapseWorkspaceName": {
"value": "dn001-dd001-synapse001"
},
"synapseDefaultStorageAccountName": {
"value": "dn001workspacesa"
},
"synapseDefaultStorageAccountFileSystem": {
"value": "dd001"
},
"synapseSqlAdministratorLogin": {
"value": "ServerMainUser"
},
"synapseSqlAdministratorPassword": {
"value": "<your-secure-password>"
},
"synapseDatalakeAnalyticsResourceId": {
"value": ""
},
"synapseComputeSubnetResourceId": {
"value": ""
},
"synapseSqlAdminGroupName": {
"value": ""
},
"synapseSqlAdminGroupObjectID": {
"value": ""
},
"purviewId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-governance/providers/Microsoft.Purview/accounts/dh-purview001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd001-privatelink-subnet"
},
"privateDnsZoneIdSql": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDev": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
}
}

34
infra/auxiliary/synapseRoleAssignmentStorage.bicep Normal file
Просмотреть файл

@ -0,0 +1,34 @@
// The module contains a template to create a role assignment of the Synase MSI to a file system.
targetScope = 'resourceGroup'
// Parameters
param storageAccountFileSystemId string
param synapseId string
// Variables
var storageAccountFileSystemName = last(split(storageAccountFileSystemId, '/'))
var storageAccountName = split(storageAccountFileSystemId, '/')[8]
var synapseSubscriptionId = split(synapseId, '/')[2]
var synapseResourceGroupName = split(synapseId, '/')[4]
var synapseName = last(split(synapseId, '/'))
// Resources
resource storageAccountFileSystem 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' existing = {
name: '${storageAccountName}/default/${storageAccountFileSystemName}'
}
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' existing = {
name: synapseName
scope: resourceGroup(synapseSubscriptionId, synapseResourceGroupName)
}
resource synapseRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(uniqueString(storageAccountFileSystem.id, synapse.id))
scope: storageAccountFileSystem
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
principalId: synapse.identity.principalId
}
}
// Outputs

199
infra/main.bicep Normal file
Просмотреть файл

@ -0,0 +1,199 @@
targetScope = 'resourceGroup'
// General parameters
@description('Specifies the location for all resources.')
param location string
@allowed([
'dev'
'test'
'prod'
])
@description('Specifies the environment of the deployment.')
param environment string
@minLength(2)
@maxLength(5)
@description('Specifies the prefix for all resources created in this deployment.')
param prefix string
// Resource parameters
@allowed([
'sql'
'mysql'
'maria'
'postgre'
])
@description('Specifies the sql flavour that will be deployed.')
param sqlFlavour string
@secure()
@description('Specifies the administrator password of the sql servers.')
param administratorPassword string
@description('Specifies the resource ID of the default storage account file system for synapse.')
param synapseDefaultStorageAccountFileSystemId string
@description('Specifies the resource ID of the central purview instance.')
param purviewId string
@description('Specifies whether role assignments should be enabled.')
param enableRoleAssignments bool
// Network parameters
@description('Specifies the resource ID of the subnet to which all services will connect.')
param subnetId string
// Private DNS Zone parameters
@description('Specifies the resource ID of the private DNS zone for KeyVault.')
param privateDnsZoneIdKeyVault string
@description('Specifies the resource ID of the private DNS zone for Synapse Dev.')
param privateDnsZoneIdSynapseDev string
@description('Specifies the resource ID of the private DNS zone for Synapse Sql.')
param privateDnsZoneIdSynapseSql string
@description('Specifies the resource ID of the private DNS zone for Data Factory.')
param privateDnsZoneIdDataFactory string
@description('Specifies the resource ID of the private DNS zone for Data Factory Portal.')
param privateDnsZoneIdDataFactoryPortal string
@description('Specifies the resource ID of the private DNS zone for Cosmos Sql.')
param privateDnsZoneIdCosmosdbSql string
@description('Specifies the resource ID of the private DNS zone for Sql Server.')
param privateDnsZoneIdSqlServer string
@description('Specifies the resource ID of the private DNS zone for MySql Server.')
param privateDnsZoneIdMySqlServer string
@description('Specifies the resource ID of the private DNS zone for MariaDB.')
param privateDnsZoneIdMariaDb string
@description('Specifies the resource ID of the private DNS zone for PostgreSql.')
param privateDnsZoneIdPostgreSql string
// Variables
var name = toLower('${prefix}-${environment}')
var tags = {
Owner: 'Enterprise Scale Analytics'
Project: 'Enterprise Scale Analytics'
Environment: environment
Toolkit: 'bicep'
Name: name
}
var synapseDefaultStorageAccountSubscriptionId = split(synapseDefaultStorageAccountFileSystemId, '/')[2]
var synapseDefaultStorageAccountResourceGroupName = split(synapseDefaultStorageAccountFileSystemId, '/')[4]
// Resources
module keyvault001 'services/keyvault.bicep' = {
name: 'keyvault001'
scope: resourceGroup()
params: {
location: location
keyvaultName: '${prefix}-vault001'
tags: tags
privateDnsZoneIdKeyVault: privateDnsZoneIdKeyVault
subnetId: subnetId
}
}
module synapse001 'services/synapse.bicep' = {
name: 'synapse001'
scope: resourceGroup()
params: {
location: location
synapseName: '${prefix}-synapse001'
tags: tags
administratorPassword: administratorPassword
synapseSqlAdminGroupName: ''
synapseSqlAdminGroupObjectID: ''
privateDnsZoneIdSynapseDev: privateDnsZoneIdSynapseDev
privateDnsZoneIdSynapseSql: privateDnsZoneIdSynapseSql
purviewId: purviewId
subnetId: subnetId
synapseComputeSubnetId: ''
synapseDefaultStorageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
}
}
module synapse001RoleAssignmentStorage 'auxiliary/synapseRoleAssignmentStorage.bicep' = if (enableRoleAssignments) {
name: 'synapse001RoleAssignmentStorage'
scope: resourceGroup(synapseDefaultStorageAccountSubscriptionId, synapseDefaultStorageAccountResourceGroupName)
params: {
storageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
synapseId: synapse001.outputs.synapseId
}
}
module datafactory001 'services/datafactory.bicep' = {
name: 'datafactory001'
scope: resourceGroup()
params: {
location: location
datafactoryName: '${prefix}-datafactory001'
tags: tags
keyvaultId: keyvault001.outputs.keyvaultId
privateDnsZoneIdDataFactory: privateDnsZoneIdDataFactory
privateDnsZoneIdDataFactoryPortal: privateDnsZoneIdDataFactoryPortal
purviewId: purviewId
subnetId: subnetId
}
}
module cosmosdb001 'services/cosmosdb.bicep' = {
name: 'cosmos001'
scope: resourceGroup()
params: {
location: location
cosmosdbName: '${prefix}-cosmos001'
tags: tags
privateDnsZoneIdCosmosdbSql: privateDnsZoneIdCosmosdbSql
subnetId: subnetId
}
}
module sql001 'services/sql.bicep' = if (sqlFlavour == 'sql') {
name: 'sql001'
scope: resourceGroup()
params: {
location: location
sqlserverName: '${prefix}-sqlserver001'
tags: tags
administratorPassword: administratorPassword
privateDnsZoneIdSqlServer: privateDnsZoneIdSqlServer
sqlserverAdminGroupName: ''
sqlserverAdminGroupObjectID: ''
subnetId: subnetId
}
}
module mysql001 'services/mysql.bicep' = if (sqlFlavour == 'mysql') {
name: 'mysql001'
scope: resourceGroup()
params: {
location: location
mysqlserverName: '${prefix}-mysql001'
tags: tags
administratorPassword: administratorPassword
privateDnsZoneIdMySqlServer: privateDnsZoneIdMySqlServer
mysqlserverAdminGroupName: ''
mysqlserverAdminGroupObjectID: ''
subnetId: subnetId
}
}
module mariadb001 'services/mariadb.bicep' = if (sqlFlavour == 'maria') {
name: 'mariadb001'
scope: resourceGroup()
params: {
location: location
mariadbName: '${prefix}-mariadb001'
tags: tags
administratorPassword: administratorPassword
privateDnsZoneIdMariaDb: privateDnsZoneIdMariaDb
subnetId: subnetId
}
}
module potsgresql001 'services/postgresql.bicep' = if (sqlFlavour == 'postgre') {
name: 'postgresql001'
scope: resourceGroup()
params: {
location: location
postgresqlName: '${prefix}-postgresql001'
tags: tags
administratorPassword: administratorPassword
postgresqlAdminGroupName: ''
postgresqlAdminGroupObjectID: ''
privateDnsZoneIdPostgreSql: privateDnsZoneIdPostgreSql
subnetId: subnetId
}
}

1859
infra/main.json Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

63
infra/params.dev.json Normal file
Просмотреть файл

@ -0,0 +1,63 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "dev"
},
"prefix": {
"value": "dom01"
},
"sqlFlavour": {
"value": "sql"
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-storage/providers/Microsoft.Storage/storageAccounts/dlz01devwork/blobServices/default/containers/dp001"
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-network/providers/Microsoft.Network/virtualNetworks/dlz01-dev-vnet/subnets/DataDomain001Subnet"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-governance/providers/Microsoft.Purview/accounts/dmz-dev-purview001"
},
"enableRoleAssignments": {
"value": false
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDataFactory": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
},
"privateDnsZoneIdDataFactoryPortal": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com"
},
"privateDnsZoneIdCosmosdbSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
},
"privateDnsZoneIdSqlServer": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
},
"privateDnsZoneIdMySqlServer": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com"
},
"privateDnsZoneIdMariaDb": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mariadb.database.azure.com"
},
"privateDnsZoneIdPostgreSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com"
}
}
}

115
infra/services/cosmosdb.bicep Normal file
Просмотреть файл

@ -0,0 +1,115 @@
// This template is used to create a Cosmos Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param cosmosdbName string
param privateDnsZoneIdCosmosdbSql string
// Variables
var cosmosdbPrivateEndpointName = '${cosmosdb.name}-private-endpoint'
// Resources
resource cosmosdb 'Microsoft.DocumentDB/databaseAccounts@2021-03-15' = {
name: cosmosdbName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
kind: 'GlobalDocumentDB'
properties: {
// apiProperties: { // For Mongo DB
// serverVersion: '4.0'
// }
backupPolicy: {
type: 'Continuous'
}
capabilities: []
// connectorOffer: 'Small' // For Cassandra DB
consistencyPolicy: {
defaultConsistencyLevel: 'Eventual'
maxStalenessPrefix: 1
maxIntervalInSeconds: 5
}
cors: []
databaseAccountOfferType: 'Standard'
disableKeyBasedMetadataWriteAccess: true
enableAnalyticalStorage: false
enableAutomaticFailover: true
enableCassandraConnector: false
enableFreeTier: false
enableMultipleWriteLocations: false
ipRules: []
networkAclBypass: 'None'
networkAclBypassResourceIds: []
publicNetworkAccess: 'Disabled'
virtualNetworkRules: []
isVirtualNetworkFilterEnabled: true
locations: [
{
locationName: location
failoverPriority: 0
isZoneRedundant: true
}
]
}
}
// resource cosmosdbSqlDatabase001 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-03-15' = { // Uncomment to deploy SQL database to the cosmos account
// parent: cosmosdb
// name: 'Database001'
// properties: {
// options: {
// autoscaleSettings: {
// maxThroughput: 10
// }
// }
// resource: {
// id: 'Database001'
// }
// }
// }
resource cosmosdbPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: cosmosdbPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: cosmosdbPrivateEndpointName
properties: {
groupIds: [
'sql'
]
privateLinkServiceId: cosmosdb.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource cosmosdbPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: cosmosdbPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${cosmosdbPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdCosmosdbSql
}
}
]
}
}
// Outputs

167
infra/services/datafactory.bicep Normal file
Просмотреть файл

@ -0,0 +1,167 @@
// This template is used to create a Data Factory.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param datafactoryName string
param purviewId string
param keyvaultId string
param privateDnsZoneIdDataFactory string
param privateDnsZoneIdDataFactoryPortal string
// Variables
var keyvaultName = last(split(keyvaultId, '/'))
var datafactoryDefaultManagedVnetIntegrationRuntimeName = 'AutoResolveIntegrationRuntime'
var datafactoryPrivateEndpointNameDatafactory = '${datafactory.name}-datafactory-private-endpoint'
var datafactoryPrivateEndpointNamePortal = '${datafactory.name}-portal-private-endpoint'
// Resources
resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' = {
name: datafactoryName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
globalParameters: {}
publicNetworkAccess: 'Disabled'
purviewConfiguration: {
purviewResourceId: purviewId
}
}
}
resource datafactoryManagedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNetworks@2018-06-01' = {
parent: datafactory
name: 'default'
properties: {}
}
resource datafactoryManagedIntegrationRuntime001 'Microsoft.DataFactory/factories/integrationRuntimes@2018-06-01' = {
parent: datafactory
name: datafactoryDefaultManagedVnetIntegrationRuntimeName
properties: {
type: 'Managed'
managedVirtualNetwork: {
type: 'ManagedVirtualNetworkReference'
referenceName: datafactoryManagedVirtualNetwork.name
}
typeProperties: {
computeProperties: {
location: 'AutoResolve'
}
}
}
}
resource datafactoryKeyVault001ManagedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {
parent: datafactoryManagedVirtualNetwork
name: replace(keyvaultName, '-', '')
properties: {
fqdns: []
groupId: 'vault'
privateLinkResourceId: keyvaultId
}
}
resource datafactoryKeyVault001LinkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
parent: datafactory
name: replace(keyvaultName, '-', '')
properties: {
type: 'AzureKeyVault'
annotations: []
connectVia: {
type: 'IntegrationRuntimeReference'
referenceName: datafactoryManagedIntegrationRuntime001.name
parameters: {}
}
description: 'Key Vault for storing secrets'
parameters: {}
typeProperties: {
baseUrl: 'https://${keyvaultName}${environment().suffixes.keyvaultDns}/'
}
}
}
resource datafactoryPrivateEndpointDatafactory 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: datafactoryPrivateEndpointNameDatafactory
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: datafactoryPrivateEndpointNameDatafactory
properties: {
groupIds: [
'dataFactory'
]
privateLinkServiceId: datafactory.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource datafactoryPrivateEndpointDatafactoryARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: datafactoryPrivateEndpointDatafactory
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${datafactoryPrivateEndpointDatafactory.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdDataFactory
}
}
]
}
}
resource datafactoryPrivateEndpointPortal 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: datafactoryPrivateEndpointNamePortal
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: datafactoryPrivateEndpointNamePortal
properties: {
groupIds: [
'portal'
]
privateLinkServiceId: datafactory.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource datafactoryPrivateEndpointPortalARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: datafactoryPrivateEndpointPortal
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${datafactoryPrivateEndpointPortal.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdDataFactoryPortal
}
}
]
}
}
// Outputs

83
infra/services/keyvault.bicep Normal file
Просмотреть файл

@ -0,0 +1,83 @@
// This template is used to create a KeyVault.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param keyvaultName string
param privateDnsZoneIdKeyVault string
// Variables
var keyVaultPrivateEndpointName = '${keyVault.name}-private-endpoint'
// Resources
resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = {
name: keyvaultName
location: location
tags: tags
properties: {
accessPolicies: []
createMode: 'default'
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: false
enablePurgeProtection: true
enableRbacAuthorization: true
enableSoftDelete: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
sku: {
family: 'A'
name: 'standard'
}
softDeleteRetentionInDays: 7
tenantId: subscription().tenantId
}
}
resource keyVaultPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: keyVaultPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: keyVaultPrivateEndpointName
properties: {
groupIds: [
'vault'
]
privateLinkServiceId: keyVault.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource keyVaultPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: keyVaultPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${keyVaultPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdKeyVault
}
}
]
}
}
// Outputs
output keyvaultId string = keyVault.id

95
infra/services/mariadb.bicep Normal file
Просмотреть файл

@ -0,0 +1,95 @@
// This template is used to create a MariaDb Server and Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param mariadbName string
@secure()
param administratorPassword string
param privateDnsZoneIdMariaDb string
// Variables
var administratorUsername = 'SqlServerMainUser'
var mariadbPrivateEndpointName = '${mariadb.name}-private-endpoint'
// Resources
resource mariadb 'Microsoft.DBForMariaDB/servers@2018-06-01' = {
name: mariadbName
location: location
tags: tags
sku: {
name: 'GP_Gen5_2'
family: 'Gen5'
tier: 'GeneralPurpose'
capacity: 2
size: '5120'
}
properties: {
createMode: 'Default'
administratorLogin: administratorUsername
administratorLoginPassword: administratorPassword
infrastructureEncryption: 'Disabled'
minimalTlsVersion: 'TLS1_2'
publicNetworkAccess: 'Disabled'
sslEnforcement: 'Enabled'
storageProfile: {
backupRetentionDays: 7
geoRedundantBackup: 'Enabled'
storageAutogrow: 'Enabled'
storageMB: 5120
}
version: '10.3'
}
}
resource mariadbDatabase001 'Microsoft.DBForMariaDB/servers/databases@2018-06-01' = {
parent: mariadb
name: 'Database001'
properties: {
charset: 'utf8'
collation: 'utf8_general_ci'
}
}
resource mariadbPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: mariadbPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: mariadbPrivateEndpointName
properties: {
groupIds: [
'mariadbServer'
]
privateLinkServiceId: mariadb.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource mariadbPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: mariadbPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${mariadbPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdMariaDb
}
}
]
}
}
// Outputs

111
infra/services/mysql.bicep Normal file
Просмотреть файл

@ -0,0 +1,111 @@
// This template is used to create a MySQL Server and Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param mysqlserverName string
@secure()
param administratorPassword string
param mysqlserverAdminGroupName string
param mysqlserverAdminGroupObjectID string
param privateDnsZoneIdMySqlServer string
// Variables
var administratorUsername = 'SqlServerMainUser'
var mysqlserverPrivateEndpointName = '${mysqlserver.name}-private-endpoint'
// Resources
resource mysqlserver 'Microsoft.DBForMySQL/servers@2017-12-01' = {
name: mysqlserverName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'GP_Gen5_2'
tier: 'GeneralPurpose'
family: 'Gen5'
capacity: 2
size: '5120'
}
properties: {
administratorLogin: administratorUsername
administratorLoginPassword: administratorPassword
createMode: 'Default'
infrastructureEncryption: 'Disabled'
minimalTlsVersion: 'TLS1_2'
publicNetworkAccess: 'Disabled'
sslEnforcement: 'Enabled'
storageProfile: {
backupRetentionDays: 7
geoRedundantBackup: 'Enabled'
storageAutogrow: 'Enabled'
storageMB: 5120
}
version: '5.7'
}
}
resource mysqlserverAdministrators 'Microsoft.DBForMySQL/servers/administrators@2017-12-01' = if (mysqlserverAdminGroupName != '' && mysqlserverAdminGroupObjectID != '') {
parent: mysqlserver
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: mysqlserverAdminGroupName
sid: mysqlserverAdminGroupObjectID
tenantId: subscription().tenantId
}
}
resource mysqlserverDatabase001 'Microsoft.DBForMySQL/servers/databases@2017-12-01' = {
parent: mysqlserver
name: 'Database001'
properties: {
charset: 'latin1'
collation: 'latin1_swedish_ci'
}
}
resource mysqlserverPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: mysqlserverPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: mysqlserverPrivateEndpointName
properties: {
groupIds: [
'mysqlServer'
]
privateLinkServiceId: mysqlserver.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource mysqlserverPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: mysqlserverPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${mysqlserverPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdMySqlServer
}
}
]
}
}
// Outputs

111
infra/services/postgresql.bicep Normal file
Просмотреть файл

@ -0,0 +1,111 @@
// This template is used to create a PostgreSql Server and Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param postgresqlName string
@secure()
param administratorPassword string
param postgresqlAdminGroupName string
param postgresqlAdminGroupObjectID string
param privateDnsZoneIdPostgreSql string
// Variables
var administratorUsername = 'SqlServerMainUser'
var postgresqlPrivateEndpointName = '${postgresql.name}-private-endpoint'
// Resources
resource postgresql 'Microsoft.DBForPostgreSQL/servers@2017-12-01' = {
name: postgresqlName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'GP_Gen5_2'
family: 'Gen5'
tier: 'GeneralPurpose'
capacity: 2
size: '5120'
}
properties: {
createMode: 'Default'
administratorLogin: administratorUsername
administratorLoginPassword: administratorPassword
infrastructureEncryption: 'Disabled'
minimalTlsVersion: 'TLS1_2'
publicNetworkAccess: 'Disabled'
sslEnforcement: 'Enabled'
storageProfile: {
backupRetentionDays: 7
geoRedundantBackup: 'Enabled'
storageAutogrow: 'Enabled'
storageMB: 5120
}
version: '11'
}
}
resource postgresqlAdministrators 'Microsoft.DBForPostgreSQL/servers/administrators@2017-12-01' = if (postgresqlAdminGroupName != '' && postgresqlAdminGroupObjectID != '') {
parent: postgresql
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: postgresqlAdminGroupName
sid: postgresqlAdminGroupObjectID
tenantId: subscription().tenantId
}
}
resource postgresqlDatabase001 'Microsoft.DBForPostgreSQL/servers/databases@2017-12-01' = {
parent: postgresql
name: 'Database001'
properties: {
charset: 'utf8'
collation: 'utf8_general_ci'
}
}
resource postgresqlPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: postgresqlPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: postgresqlPrivateEndpointName
properties: {
groupIds: [
'postgresqlServer'
]
privateLinkServiceId: postgresql.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource postgresqlPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: postgresqlPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${postgresqlPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdPostgreSql
}
}
]
}
}
// Outputs

134
infra/services/sql.bicep Normal file
Просмотреть файл

@ -0,0 +1,134 @@
// This template is used to create a SQL Server and Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param sqlserverName string
@secure()
param administratorPassword string
param sqlserverAdminGroupName string
param sqlserverAdminGroupObjectID string
param privateDnsZoneIdSqlServer string
// Variables
var administratorUsername = 'SqlServerMainUser'
var sqlserverPrivateEndpointName = '${sqlserver.name}-private-endpoint'
// Resources
resource sqlserver 'Microsoft.Sql/servers@2020-11-01-preview' = {
name: sqlserverName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
administratorLogin: administratorUsername
administratorLoginPassword: administratorPassword
administrators: {}
minimalTlsVersion: '1.2'
publicNetworkAccess: 'Disabled'
version: '12.0'
}
}
resource sqlserverAdministrators 'Microsoft.Sql/servers/administrators@2020-11-01-preview' = if (sqlserverAdminGroupName != '' && sqlserverAdminGroupObjectID != '') {
parent: sqlserver
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: sqlserverAdminGroupName
sid: sqlserverAdminGroupObjectID
tenantId: subscription().tenantId
}
}
// resource sqlserverElasticPool001 'Microsoft.Sql/servers/elasticPools@2020-11-01-preview' = { // Uncomment, if you want to deploy an elastic pool
// parent: sqlserver
// name: 'elasticPool001'
// location: location
// tags: tags
// sku: {
// name: 'Basic'
// tier: 'Basic'
// capacity: 5
// }
// properties: {
// licenseType: 'LicenseIncluded'
// maxSizeBytes: 524288000
// perDatabaseSettings: {
// minCapacity: 524288000
// maxCapacity: 524288000
// }
// zoneRedundant: true
// }
// }
resource sqlserverDatabase001 'Microsoft.Sql/servers/databases@2020-11-01-preview' = {
parent: sqlserver
name: 'Database001'
location: location
tags: tags
sku: {
name: 'Basic'
tier: 'Basic'
capacity: 5
}
properties: {
autoPauseDelay: -1
catalogCollation: 'DATABASE_DEFAULT'
collation: 'SQL_Latin1_General_CP1_CI_AS'
createMode: 'Default'
readScale: 'Disabled'
highAvailabilityReplicaCount: 0
licenseType: 'LicenseIncluded'
maxSizeBytes: 524288000
minCapacity: 1
requestedBackupStorageRedundancy: 'Geo'
zoneRedundant: false
// elasticPoolId: sqlserverElasticPool001.id // Uncomment, if you want to deploy to an elastic pool. Do not forget to remove some properties from the database
}
}
resource sqlserverPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: sqlserverPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: sqlserverPrivateEndpointName
properties: {
groupIds: [
'sqlServer'
]
privateLinkServiceId: sqlserver.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource sqlserverPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: sqlserverPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${sqlserverPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSqlServer
}
}
]
}
}
// Outputs

250
infra/services/synapse.bicep Normal file
Просмотреть файл

@ -0,0 +1,250 @@
// This template is used to create a Synapse workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param synapseName string
@secure()
param administratorPassword string
param synapseSqlAdminGroupName string
param synapseSqlAdminGroupObjectID string
param synapseDefaultStorageAccountFileSystemId string
param synapseComputeSubnetId string
param privateDnsZoneIdSynapseSql string
param privateDnsZoneIdSynapseDev string
param purviewId string
// Variables
var synapseDefaultStorageAccountFileSystemName = last(split(synapseDefaultStorageAccountFileSystemId, '/'))
var synapseDefaultStorageAccountName = split(synapseDefaultStorageAccountFileSystemId, '/')[7]
var synapsePrivateEndpointNameSql = '${synapse.name}-sql-private-endpoint'
var synapsePrivateEndpointNameSqlOnDemand = '${synapse.name}-sqlondemand-private-endpoint'
var synapsePrivateEndpointNameDev = '${synapse.name}-dev-private-endpoint'
// Resources
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' = {
name: synapseName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
defaultDataLakeStorage: {
accountUrl: 'https://${synapseDefaultStorageAccountName}.dfs.${environment().suffixes.storage}'
filesystem: synapseDefaultStorageAccountFileSystemName
}
managedResourceGroupName: synapseName
managedVirtualNetwork: 'default'
managedVirtualNetworkSettings: {
allowedAadTenantIdsForLinking: []
linkedAccessCheckOnTargetResource: true
preventDataExfiltration: true
}
publicNetworkAccess: 'Disabled'
purviewConfiguration: {
purviewResourceId: purviewId
}
sqlAdministratorLogin: 'SqlServerMainUser'
sqlAdministratorLoginPassword: administratorPassword
virtualNetworkProfile: {
computeSubnetId: synapseComputeSubnetId
}
}
}
resource synapseSqlPool001 'Microsoft.Synapse/workspaces/sqlPools@2021-03-01' = {
parent: synapse
name: 'sqlPool001'
location: location
tags: tags
sku: {
name: 'DW100c'
}
properties: {
collation: 'SQL_Latin1_General_CP1_CI_AS'
createMode: 'Default'
storageAccountType: 'GRS'
}
}
resource synapseBigDataPool001 'Microsoft.Synapse/workspaces/bigDataPools@2021-03-01' = {
parent: synapse
name: 'bigDataPool001'
location: location
tags: tags
properties: {
autoPause: {
enabled: true
delayInMinutes: 15
}
autoScale: {
enabled: true
maxNodeCount: 10
minNodeCount: 3
}
// cacheSize: 100 // Uncomment to set a specific cache size
customLibraries: []
defaultSparkLogFolder: 'logs/'
dynamicExecutorAllocation: {
enabled: true
}
// isComputeIsolationEnabled: true // Uncomment to enable compute isolation (only available in selective regions)
// libraryRequirements: { // Uncomment to install pip dependencies on the Spark cluster
// content: ''
// filename: 'requirements.txt'
// }
nodeSize: 'Small'
nodeSizeFamily: 'MemoryOptimized'
sessionLevelPackagesEnabled: true
// sparkConfigProperties: { // Uncomment to set spark conf on the Spark cluster
// content: ''
// filename: 'spark.conf'
// }
sparkEventsFolder: 'events/'
sparkVersion: '3.0'
}
}
resource synapseManagedIdentitySqlControlSettings 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings@2021-03-01' = {
parent: synapse
name: 'default'
properties: {
grantSqlControlToManagedIdentity: {
desiredState: 'Enabled'
}
}
}
resource synapseAadAdministrators 'Microsoft.Synapse/workspaces/administrators@2021-03-01' = if (synapseSqlAdminGroupName != '' && synapseSqlAdminGroupObjectID != '') {
parent: synapse
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: synapseSqlAdminGroupName
sid: synapseSqlAdminGroupObjectID
tenantId: subscription().tenantId
}
}
resource synapsePrivateEndpointSql 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSql
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSql
properties: {
groupIds: [
'Sql'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSql
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSql.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointSqlOnDemand 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSqlOnDemand
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSqlOnDemand
properties: {
groupIds: [
'SqlOnDemand'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlOnDemandARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSqlOnDemand
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSqlOnDemand.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointDev 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameDev
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameDev
properties: {
groupIds: [
'Dev'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointDevARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointDev
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointDev.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseDev
}
}
]
}
}
// Outputs
output synapseId string = synapse.id