Azure
/
data-product-streaming
зеркало из https://github.com/Azure/data-product-streaming.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bicep (#39) 

* added bicep templates

* removed arm

* moved bicep templates

* added converted arm and params

* added dev container

* updated deployment workflows

* added linting

* removed update parameter process

* linting

* updated parameter files

* updated docs

* linting

* updated params

* fixed bugs in bicep
This commit is contained in:
Marvin Buss 2021-06-07 21:09:48 +02:00 коммит произвёл GitHub
Родитель 0bc08ec98f
Коммит 7cbbe7a886
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
53 изменённых файлов: 3834 добавлений и 3668 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

620
.ado/workflows/dataDomainDeployment.yml
Просмотреть файл

@ -7,17 +7,7 @@ trigger:
paths:
include:
- code/*
- infra/BigDataPool/*
- infra/CosmosDb/*
- infra/EventHub/*
- infra/IotHub/*
- infra/KeyVault/*
- infra/SqlDatabase/*
- infra/SqlPool/*
- infra/SqlServer/*
- infra/StreamAnalytics/*
- infra/StreamAnalyticsCluster/*
- infra/Synapse/*
- infra/*
- .ado/workflows/dataDomainDeployment.yml
pr:
branches:
@ -26,529 +16,123 @@ pr:
paths:
include:
- code/*
- infra/BigDataPool/*
- infra/CosmosDb/*
- infra/EventHub/*
- infra/IotHub/*
- infra/KeyVault/*
- infra/SqlDatabase/*
- infra/SqlPool/*
- infra/SqlServer/*
- infra/StreamAnalytics/*
- infra/StreamAnalyticsCluster/*
- infra/Synapse/*
- infra/*
- .ado/workflows/dataDomainDeployment.yml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: 'data-dp-service-connection' # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dd002' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'North Europe' # Update to '{regionName}'
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd002" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
stages:
- stage: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of ARM templates"
jobs:
- job: Validation
displayName: 'Validation of ARM templates'
displayName: "Validation of ARM templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout code
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_validation
displayName: Deploy Key Vault 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Validation'
# Deploy IoT Hub 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: iot_hub_001_validation
displayName: Deploy IoT Hub 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/IotHub/deploy.iotHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/IotHub/params.iotHub001.json'
deploymentMode: 'Validation'
# Deploy Event Hub 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: event_hub_001_validation
displayName: Deploy Event Hub 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/EventHub/deploy.eventHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/EventHub/params.eventHub001.json'
deploymentMode: 'Validation'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy SQL Server 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_server_001_validation
displayName: Deploy SQL Server 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/deploy.sqlServer.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/params.sqlServer001.json'
deploymentMode: 'Validation'
overrideParameters: >
-administratorLoginPassword "$(password)"
# Deploy SQL Database 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_database_001_validation
displayName: Deploy SQL Database 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/deploy.sqlDatabase.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/params.sqlDatabase001.json'
deploymentMode: 'Validation'
overrideParameters: >
-sqlServerAdministratorLoginPassword "$(password)"
# Deploy Cosmos DB 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: cosmos_db_001_validation
displayName: Deploy Cosmos DB 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/deploy.cosmosDb.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/params.cosmosDb001.json'
deploymentMode: 'Validation'
# Generate Password 002
- task: PowerShell@2
name: generate_password_002
displayName: Generate Password 002
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_validation
displayName: Deploy Synapse 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Validation'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# Deploy SQL Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: sql_pool_001_validation
displayName: Deploy SQL Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
deploymentMode: 'Validation'
# Deploy Big Data Pool 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_validation
displayName: Deploy Big Data Pool 001 - validation
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Validation'
# Deploy Stream Analytics Cluster 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: stream_analytics_cluster_001_validation
displayName: Deploy Stream Analytics Cluster 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalyticsCluster/deploy.streamAnalyticsCluster.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json'
deploymentMode: 'Validation'
# Deploy Stream Analytics 001 - validation
- task: AzureResourceManagerTemplateDeployment@3
name: stream_analytics_001_validation
displayName: Deploy Stream Analytics 001 - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalytics/deploy.streamAnalytics.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalytics/params.streamAnalytics001.json'
deploymentMode: 'Validation'
# Checkout code
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Domain - validation
- task: AzureResourceManagerTemplateDeployment@3
name: data_domain_validation
displayName: Deploy Data Domain - validation
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Validation"
overrideParameters: >
-administratorPassword "$(password)"
- stage: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of IaC templates"
dependsOn: Validation
# condition: and(succeeded(), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
jobs:
- job: Deployment
displayName: 'Deployment of ARM templates'
displayName: "Deployment of IaC templates"
continueOnError: false
pool:
vmImage: 'ubuntu-latest'
vmImage: "ubuntu-latest"
steps:
# Checkout repository
- checkout: self
name: checkout_repository
displayName: 'Checkout repository'
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Deploy Key Vault 001
- task: AzureResourceManagerTemplateDeployment@3
name: key_vault_001_deployment
displayName: Deploy Key Vault 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/deploy.keyVault.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/KeyVault/params.keyVault001.json'
deploymentMode: 'Incremental'
# Deploy IoT Hub 001
- task: AzureResourceManagerTemplateDeployment@3
name: iot_hub_001_deployment
displayName: Deploy IoT Hub 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/IotHub/deploy.iotHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/IotHub/params.iotHub001.json'
deploymentMode: 'Incremental'
# Deploy Event Hub 001
- task: AzureResourceManagerTemplateDeployment@3
name: event_hub_001_deployment
displayName: Deploy Event Hub 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/EventHub/deploy.eventHub.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/EventHub/params.eventHub001.json'
deploymentMode: 'Incremental'
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy SQL Server 001
- task: AzureResourceManagerTemplateDeployment@3
name: sql_server_001_deployment
displayName: Deploy SQL Server 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/deploy.sqlServer.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlServer/params.sqlServer001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-administratorLoginPassword "$(password)"
# Deploy SQL Database 001
- task: AzureResourceManagerTemplateDeployment@3
name: sql_database_001_deployment
displayName: Deploy SQL Database 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/deploy.sqlDatabase.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlDatabase/params.sqlDatabase001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-sqlServerAdministratorLoginPassword "$(password)"
# Deploy Cosmos DB 001
- task: AzureResourceManagerTemplateDeployment@3
name: cosmos_db_001_deployment
displayName: Deploy Cosmos DB 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/deploy.cosmosDb.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/CosmosDb/params.cosmosDb001.json'
deploymentMode: 'Incremental'
# Generate Password 002
- task: PowerShell@2
name: generate_password_002
displayName: Generate Password 002
enabled: true
continueOnError: false
inputs:
targetType: 'filePath'
filePath: '$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1'
errorActionPreference: 'stop'
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Synapse 001
- task: AzureResourceManagerTemplateDeployment@3
name: synapse_001_deployment
displayName: Deploy Synapse 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/deploy.synapse.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/Synapse/params.synapse001.json'
deploymentMode: 'Incremental'
overrideParameters: >
-synapseSqlAdministratorPassword "$(password)"
# Deploy SQL Pool 001
- task: AzureResourceManagerTemplateDeployment@3
name: sql_pool_001_deployment
displayName: Deploy SQL Pool 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/deploy.sqlPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/SqlPool/params.sqlPool001.json'
deploymentMode: 'Incremental'
# Deploy Big Data Pool 001
- task: AzureResourceManagerTemplateDeployment@3
name: big_data_pool_001_deployment
displayName: Deploy Big Data Pool 001
enabled: false
continueOnError: true
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/deploy.bigDataPool.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/BigDataPool/params.bigDataPool001.json'
deploymentMode: 'Incremental'
# Deploy Stream Analytics Cluster 001
- task: AzureResourceManagerTemplateDeployment@3
name: stream_analytics_cluster_001_deployment
displayName: Deploy Stream Analytics Cluster 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalyticsCluster/deploy.streamAnalyticsCluster.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json'
deploymentMode: 'Incremental'
# Deploy Stream Analytics 001
- task: AzureResourceManagerTemplateDeployment@3
name: stream_analytics_001_deployment
displayName: Deploy Stream Analytics 001
enabled: true
continueOnError: false
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: 'Create Or Update Resource Group'
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalytics/deploy.streamAnalytics.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/infra/StreamAnalytics/params.streamAnalytics001.json'
deploymentMode: 'Incremental'
# Checkout repository
- checkout: self
name: checkout_repository
displayName: "Checkout repository"
submodules: true
lfs: false
clean: true
continueOnError: false
enabled: true
# Generate Password 001
- task: PowerShell@2
name: generate_password_001
displayName: Generate Password 001
enabled: true
continueOnError: false
inputs:
targetType: "filePath"
filePath: "$(System.DefaultWorkingDirectory)/code/GeneratePassword.ps1"
errorActionPreference: "stop"
failOnStderr: false
ignoreLASTEXITCODE: false
pwsh: true
# Deploy Data Domain
- task: AzureResourceManagerTemplateDeployment@3
name: data_domain_deployment
displayName: Deploy Data Domain
enabled: true
continueOnError: false
inputs:
deploymentScope: "Resource Group"
azureResourceManagerConnection: ${{ variables.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}
subscriptionId: ${{ variables.AZURE_SUBSCRIPTION_ID }}
action: "Create Or Update Resource Group"
resourceGroupName: ${{ variables.AZURE_RESOURCE_GROUP_NAME }}
location: ${{ variables.AZURE_LOCATION }}
templateLocation: "Linked artifact"
csmFile: "$(System.DefaultWorkingDirectory)/infra/main.json"
csmParametersFile: "$(System.DefaultWorkingDirectory)/infra/params.dev.json"
deploymentMode: "Incremental"
overrideParameters: >
-administratorPassword "$(password)"

24
.devcontainer/Dockerfile
Просмотреть файл

@ -1,19 +1,13 @@
FROM mcr.microsoft.com/powershell:lts-debian-11
# [Choice] .NET Core version: 3.1, 2.1
ARG VARIANT=3.1
FROM mcr.microsoft.com/vscode/devcontainers/dotnet:0-${VARIANT}
# [Option] Install zsh
ARG INSTALL_ZSH="true"
# [Option] Upgrade OS packages to their latest versions
ARG UPGRADE_PACKAGES="true"
COPY library-scripts/azcli-debian.sh /tmp/library-scripts/
RUN bash /tmp/library-scripts/azcli-debian.sh \
&& curl -Lo /usr/local/bin/bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 \
&& chmod +x /usr/local/bin/bicep \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
COPY library-scripts/*.sh /tmp/library-scripts/
RUN apt-get update \
&& /bin/bash /tmp/library-scripts/common-debian.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" "true" "false" \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
# [Optional] Uncomment this section to install additional packages.
# [Optional] Uncomment this section to install additional OS packages.
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
# && apt-get -y install --no-install-recommends <your-package-list-here>

21
.devcontainer/devcontainer.json
Просмотреть файл

@ -1,28 +1,27 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
// https://github.com/microsoft/vscode-dev-containers/tree/v0.169.0/containers/powershell
// https://github.com/microsoft/vscode-dev-containers/tree/v0.181.0/containers/azure-bicep
{
"name": "PowerShell",
"name": "Azure Bicep (Community)",
"dockerFile": "Dockerfile",
// Set *default* container specific settings.json values on container create.
"settings": {
"settings": {
"terminal.integrated.shell.linux": "/bin/bash"
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-vscode.azure-account",
"ms-vscode.powershell",
"ms-vscode.azurecli",
"ms-vscode.powershell",
"ms-dotnettools.vscode-dotnet-runtime",
"ms-azuretools.vscode-bicep",
"msazurermtools.azurerm-vscode-tools"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Uncomment the next line to run commands after the container is created. This gets run in bash which is why we call `pwsh`.
// "postCreateCommand": "pwsh -c '$PSVersionTable'",
// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

34
.devcontainer/library-scripts/azcli-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,34 @@
#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/azcli.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./azcli-debian.sh
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, lsb-release, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates lsb-release > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates lsb-release gnupg2
fi
# Install the Azure CLI
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list
curl -sL https://packages.microsoft.com/keys/microsoft.asc | (OUT=$(apt-key add - 2>&1) || echo $OUT)
apt-get update
apt-get install -y azure-cli
echo "Done!"

75
.devcontainer/library-scripts/common-debian.sh
Просмотреть файл

@ -4,7 +4,7 @@
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/common.md
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./common-debian.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] [Add non-free packages]
@ -110,15 +110,16 @@ if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then
man-db \
strace \
manpages \
manpages-dev "
manpages-dev \
init-system-helpers"
# Needed for adding manpages-posix and manpages-posix-dev which are non-free packages in Debian
if [ "${ADD_NON_FREE_PACKAGES}" = "true" ]; then
CODENAME="$(cat /etc/os-release | grep -oE '^VERSION_CODENAME=.+$' | cut -d'=' -f2)"
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME} main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httredir)\.debian\.org\/debian ${CODENAME} main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME} main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i -E "s/deb-src http:\/\/(deb|httpredir)\.debian\.org\/debian ${CODENAME}-updates main/deb http:\/\/\1\.debian\.org\/debian ${CODENAME}-updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb-src http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main/deb http:\/\/security\.debian\.org\/debian-security ${CODENAME}\/updates main contrib non-free/" /etc/apt/sources.list
sed -i "s/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main/deb http:\/\/deb\.debian\.org\/debian ${CODENAME}-backports main contrib non-free/" /etc/apt/sources.list
@ -213,7 +214,7 @@ if [ -z "${USER}" ]; then export USER=$(whoami); fi
if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi
# Display optional first run image specific notice if configured and terminal is interactive
if [ -t 1 ] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then
if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then
cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt"
elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then
@ -248,6 +249,18 @@ fi
EOF
chmod +x /usr/local/bin/code
# systemctl shim - tells people to use 'service' if systemd is not running
cat << 'EOF' > /usr/local/bin/systemctl
#!/bin/sh
set -e
if [ -d "/run/systemd/system" ]; then
exec /bin/systemctl/systemctl "$@"
else
echo '\n"systemd" is not running in this container due to its overhead.\nUse the "service" command to start services intead. e.g.: \n\nservice --status-all'
fi
EOF
chmod +x /usr/local/bin/systemctl
# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme
CODESPACES_BASH="$(cat \
<<'EOF'
@ -287,8 +300,9 @@ __zsh_prompt() {
else
prompt_username="%n"
fi
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )"
PROMPT+='%{$fg_bold[blue]%}%~%{$reset_color%} $(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}'
PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow
PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd
PROMPT+='$(git_prompt_info)%{$fg[white]%}$ %{$reset_color%}' # Git status
unset -f __zsh_prompt
}
ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}"
@ -321,8 +335,10 @@ EOF
if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then
echo "${RC_SNIPPET}" >> /etc/bash.bashrc
echo "${CODESPACES_BASH}" >> "${USER_RC_PATH}/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "${USER_RC_PATH}/.bashrc"
if [ "${USERNAME}" != "root" ]; then
echo "${CODESPACES_BASH}" >> "/root/.bashrc"
echo 'export PROMPT_DIRTRIM=4' >> "/root/.bashrc"
fi
chown ${USERNAME}:${USERNAME} "${USER_RC_PATH}/.bashrc"
RC_SNIPPET_ALREADY_ADDED="true"
@ -354,7 +370,7 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
# Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for offical script.
# See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script.
OH_MY_INSTALL_DIR="${USER_RC_PATH}/.oh-my-zsh"
if [ ! -d "${OH_MY_INSTALL_DIR}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then
TEMPLATE_PATH="${OH_MY_INSTALL_DIR}/templates/zshrc.zsh-template"
@ -383,6 +399,45 @@ if [ "${INSTALL_ZSH}" = "true" ]; then
fi
fi
# Persist image metadata info, script if meta.env found in same directory
META_INFO_SCRIPT="$(cat << 'EOF'
#!/bin/sh
. /usr/local/etc/vscode-dev-containers/meta.env
# Minimal output
if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then
echo "${VERSION}"
exit 0
elif [ "$1" = "release" ]; then
echo "${GIT_REPOSITORY_RELEASE}"
exit 0
elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then
echo "${CONTENTS_URL}"
exit 0
fi
#Full output
echo
echo "Development container image information"
echo
if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi
if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi
if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi
if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi
if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi
if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi
if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi
echo
EOF
)"
SCRIPT_DIR="$(cd $(dirname $0) && pwd)"
if [ -f "${SCRIPT_DIR}/meta.env" ]; then
mkdir -p /usr/local/etc/vscode-dev-containers/
cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env
echo "${META_INFO_SCRIPT}" > /usr/local/bin/devcontainer-info
chmod +x /usr/local/bin/devcontainer-info
fi
# Write marker file
mkdir -p "$(dirname "${MARKER_FILE}")"
echo -e "\

122
.devcontainer/library-scripts/node-debian.sh Normal file
Просмотреть файл

@ -0,0 +1,122 @@
#!/bin/bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/node.md
# Maintainer: The VS Code and Codespaces Teams
#
# Syntax: ./node-debian.sh [directory to install nvm] [node version to install (use "none" to skip)] [non-root user] [Update rc files flag]
export NVM_DIR=${1:-"/usr/local/share/nvm"}
export NODE_VERSION=${2:-"lts/*"}
USERNAME=${3:-"automatic"}
UPDATE_RC=${4:-"true"}
set -e
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
# Ensure that login shells get the correct path if the user updated the PATH using ENV.
rm -f /etc/profile.d/00-restore-env.sh
echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
chmod +x /etc/profile.d/00-restore-env.sh
# Determine the appropriate non-root user
if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
USERNAME=""
POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
for CURRENT_USER in ${POSSIBLE_USERS[@]}; do
if id -u ${CURRENT_USER} > /dev/null 2>&1; then
USERNAME=${CURRENT_USER}
break
fi
done
if [ "${USERNAME}" = "" ]; then
USERNAME=root
fi
elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then
USERNAME=root
fi
if [ "${NODE_VERSION}" = "none" ]; then
export NODE_VERSION=
fi
function updaterc() {
if [ "${UPDATE_RC}" = "true" ]; then
echo "Updating /etc/bash.bashrc and /etc/zsh/zshrc..."
echo -e "$1" >> /etc/bash.bashrc
if [ -f "/etc/zsh/zshrc" ]; then
echo -e "$1" >> /etc/zsh/zshrc
fi
fi
}
# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND=noninteractive
# Install curl, apt-transport-https, tar, or gpg if missing
if ! dpkg -s apt-transport-https curl ca-certificates tar > /dev/null 2>&1 || ! type gpg > /dev/null 2>&1; then
if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
apt-get update
fi
apt-get -y install --no-install-recommends apt-transport-https curl ca-certificates tar gnupg2
fi
# Install yarn
if type yarn > /dev/null 2>&1; then
echo "Yarn already installed."
else
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | (OUT=$(apt-key add - 2>&1) || echo $OUT)
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update
apt-get -y install --no-install-recommends yarn
fi
# Install the specified node version if NVM directory already exists, then exit
if [ -d "${NVM_DIR}" ]; then
echo "NVM already installed."
if [ "${NODE_VERSION}" != "" ]; then
su ${USERNAME} -c ". $NVM_DIR/nvm.sh && nvm install ${NODE_VERSION} && nvm clear-cache"
fi
exit 0
fi
# Create nvm group, nvm dir, and set sticky bit
if ! cat /etc/group | grep -e "^nvm:" > /dev/null 2>&1; then
groupadd -r nvm
fi
umask 0002
usermod -a -G nvm ${USERNAME}
mkdir -p ${NVM_DIR}
chown :nvm ${NVM_DIR}
chmod g+s ${NVM_DIR}
su ${USERNAME} -c "$(cat << EOF
set -e
umask 0002
# Do not update profile - we'll do this manually
export PROFILE=/dev/null
curl -so- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
source ${NVM_DIR}/nvm.sh
if [ "${NODE_VERSION}" != "" ]; then
nvm alias default ${NODE_VERSION}
fi
nvm clear-cache
EOF
)" 2>&1
# Update rc files
if [ "${UPDATE_RC}" = "true" ]; then
updaterc "$(cat <<EOF
export NVM_DIR="${NVM_DIR}"
[ -s "\$NVM_DIR/nvm.sh" ] && . "\$NVM_DIR/nvm.sh"
[ -s "\$NVM_DIR/bash_completion" ] && . "\$NVM_DIR/bash_completion"
EOF
)"
fi
echo "Done!"

13
.github/linters/.arm-ttk.psd1 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,13 @@
# Documentation:
# - Test Parameters: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters
# - Test Cases: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-cases
@{
# Test = @( )
Skip = @(
'Template Should Not Contain Blanks',
'DeploymentTemplate Must Not Contain Hardcoded Uri'
'DependsOn Best Practices',
'Outputs Must Not Contain Secrets',
'IDs Should Be Derived From ResourceIDs'
)
}

104
.github/linters/.dockerfilelintrc поставляемый Normal file
Просмотреть файл

@ -0,0 +1,104 @@
---
###########################
###########################
## Dockerfile Lint rules ##
###########################
###########################
#################################
# Default is 'on' for all rules #
# You can disable as needed. #
#################################
# Additional Info can be found at:
# https://github.com/replicatedhq/dockerfilelint
# Set the rules
rules:
# All commands in a Dockerfile require at least 1 argument
required_params: on
# For clarity and readability, all instructions in
# a Dockerfile should be uppercase
uppercase_commands: on
# The first instruction in a Dockerfile must specify
# the base image using a FROM
from_first: on
# This line is not a valid Dockerfile line
invalid_line: on
# Use of sudo is not allowed in a Dockerfile
sudo_usage: on
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_missing_param: on
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_recommends: on
# Use of `apt-get upgrade` is not allowed in a Dockerfile
apt-get-upgrade: on
# Use of `apt-get dist-upgrade` is not allowed in a Dockerfile
apt-get-dist-upgrade: on
# All instances of `apt-get update` should have the `apt-get install`
# commands on the same line to reduce image size
apt-get-update_require_install: off
# Consider using a `--no-cache` (supported in alpine linux >= 3.3) or
# `--update` followed by the command `rm -rf /var/cache/apk/*`
# when `apk` adding packages. This will result in a smaller image size
apkadd-missing_nocache_or_updaterm: on
# Consider using a `--virtual` or `-t` switch to group multiple packages
# for easy cleanup. This will help ensure future authors will continue
# to clean up build dependencies and other temporary packages
apkadd-missing-virtual: on
# Exposing ports should only be valid port numbers
invalid_port: on
# Only valid commands are allowed in a Dockerfile
invalid_command: on
# Expose Only Container Port
expose_host_port: on
# Using LABEL should be in key=value format
label_invalid: on
# Base images should specify a tag to use
missing_tag: on
# Base images should not use the latest tag
latest_tag: on
# This command has extra arguments and will be ignored
extra_args: on
# This command requires additional arguments
missing_args: on
# All files referenced in an ADD command should
# be part of the Docker build context
add_src_invalid: on
# When adding multiple files, the destination should be a directory
add_dest_invalid: on
# Using a WORKDIR parameter that has spaces should be escaped
invalid_workdir: on
# The arguments to this command are invalid
invalid_format: on
# Use of apt-get update should be paired with
# rm -rf /var/lib/apt/lists/* in the same layer
apt-get_missing_rm: on
# This INSTRUCTION is deprecated as of Docker 1.13
deprecated_in_1.13: on

36
.github/linters/.markdown-lint.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,36 @@
---
###########################
###########################
## Markdown Linter rules ##
###########################
###########################
# Linter rules doc:
# - https://github.com/DavidAnson/markdownlint
#
# Note:
# To comment out a single error:
# <!-- markdownlint-disable -->
# any violations you want
# <!-- markdownlint-restore -->
#
###############
# Rules by id #
###############
MD004: false # Unordered list style
MD007:
indent: 2 # Unordered list indentation
MD013:
line_length: 10000 # Line length 80 is far to short
MD026:
punctuation: ".,;:!。,;:" # List of not allowed
MD029: false # Ordered list item prefix
MD033: false # Allow inline HTML
MD036: false # Emphasis used instead of a heading
MD041: false
#################
# Rules by tags #
#################
blank_lines: false # Error on blank lines

19
.github/linters/.powershell-psscriptanalyzer.psd1 поставляемый Normal file
Просмотреть файл

@ -0,0 +1,19 @@
#Documentation: https://github.com/PowerShell/PSScriptAnalyzer/blob/master/docs/markdown/Invoke-ScriptAnalyzer.md#-settings
@{
#CustomRulePath='path\to\CustomRuleModule.psm1'
#RecurseCustomRulePath='path\of\customrules'
#Severity = @(
# 'Error'
# 'Warning'
#)
#IncludeDefaultRules=${true}
ExcludeRules = @(
'PSUseShouldProcessForStateChangingFunctions',
'PSReviewUnusedParameter'
'PSAvoidGlobalVars'
'PSAvoidUsingPlainTextForPassword'
'PSAvoidUsingConvertToSecureStringWithPlainText'
'PSPossibleIncorrectUsageOfAssignmentOperator'
)
#IncludeRules = @( )
}

522
.github/workflows/dataDomainDeployment.yml поставляемый
Просмотреть файл

@ -4,440 +4,116 @@ on:
push:
branches: [ main ]
paths:
- 'code/**'
- 'infra/BigDataPool/**'
- 'infra/CosmosDb/**'
- 'infra/EventHub/**'
- 'infra/IotHub/**'
- 'infra/KeyVault/**'
- 'infra/SqlDatabase/**'
- 'infra/SqlPool/**'
- 'infra/SqlServer/**'
- 'infra/StreamAnalytics/**'
- 'infra/StreamAnalyticsCluster/**'
- 'infra/Synapse/**'
- '.github/workflows/dataDomainDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataDomainDeployment.yml"
pull_request:
branches: [ main ]
paths:
- 'code/**'
- 'infra/BigDataPool/**'
- 'infra/CosmosDb/**'
- 'infra/EventHub/**'
- 'infra/IotHub/**'
- 'infra/KeyVault/**'
- 'infra/SqlDatabase/**'
- 'infra/SqlPool/**'
- 'infra/SqlServer/**'
- 'infra/StreamAnalytics/**'
- 'infra/StreamAnalyticsCluster/**'
- 'infra/Synapse/**'
- '.github/workflows/dataDomainDeployment.yml'
- "code/**"
- "infra/**"
- ".github/workflows/dataDomainDeployment.yml"
env:
AZURE_SUBSCRIPTION_ID: '2f68ca09-59d9-4ab5-ad11-c54872bfa28d' # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: 'dn001-dd002' # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: 'northeurope' # Update to '{regionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd002" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
jobs:
prerequisite:
runs-on: ubuntu-latest
steps:
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Create resource group
- name: Validating existence of resource group
id: resource_group_storage
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
echo "Validating existence of resource group ${{ env.AZURE_RESOURCE_GROUP_NAME }}"
az group exists --name ${{ env.AZURE_RESOURCE_GROUP_NAME }}
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
validation:
needs: [ prerequisite ]
name: "Validation of IaC templates"
runs-on: ubuntu-latest
continue-on-error: false
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001 - validation
- name: Deploy Key Vault 001 - validation
id: key_vault_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Validate
# Deploy IoT Hub 001 - validation
- name: Deploy IoT Hub 001 - validation
id: iot_hub_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/IotHub/deploy.iotHub.json
parameters: ${{ github.workspace }}/infra/IotHub/params.iotHub001.json
deploymentMode: Validate
# Deploy Event Hub 001 - validation
- name: Deploy Event Hub 001 - validation
id: event_hub_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/EventHub/deploy.eventHub.json
parameters: ${{ github.workspace }}/infra/EventHub/params.eventHub001.json
deploymentMode: Validate
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SQL Server 001 - validation
- name: Deploy SQL Server 001 - validation
id: sql_server_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlServer/deploy.sqlServer.json
parameters: ${{ github.workspace }}/infra/SqlServer/params.sqlServer001.json administratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# Deploy SQL Database 001 - validation
- name: Deploy SQL Database 001 - validation
id: sql_database_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlDatabase/deploy.sqlDatabase.json
parameters: ${{ github.workspace }}/infra/SqlDatabase/params.sqlDatabase001.json sqlServerAdministratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
# Deploy Cosmos DB 001 - validation
- name: Deploy Cosmos DB 001 - validation
id: cosmos_db_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CosmosDb/deploy.cosmosDb.json
parameters: ${{ github.workspace }}/infra/CosmosDb/params.cosmosDb001.json
deploymentMode: Validate
# Generate Password 002
- name: Generate Password 002
id: generate_password_002
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001 - validation
- name: Deploy Synapse 001 - validation
id: synapse_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_002.outputs.password }}"
deploymentMode: Validate
# Deploy Sql Pool 001 - validation
- name: Deploy Sql Pool 001 - validation
id: sql_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
deploymentMode: Validate
# Deploy Big Data Pool 001 - validation
- name: Deploy Big Data Pool 001 - validation
id: big_data_pool_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Validate
# Deploy Stream Analytics Cluster 001 - validation
- name: Deploy Stream Analytics Cluster 001 - validation
id: stream_analytics_cluster_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/StreamAnalyticsCluster/deploy.streamAnalyticsCluster.json
parameters: ${{ github.workspace }}/infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json
deploymentMode: Validate
# Deploy Stream Analytics 001 - validation
- name: Deploy Stream Analytics 001 - validation
id: stream_analytics_001_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/StreamAnalytics/deploy.streamAnalytics.json
parameters: ${{ github.workspace }}/infra/StreamAnalytics/params.streamAnalytics001.json
deploymentMode: Validate
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Domain - validation
- name: Deploy Data Domain - validation
id: data_domain_validation
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Validate
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
deployment:
needs: [ prerequisite, validation ]
name: "Deployment of IaC templates"
needs: [validation]
runs-on: ubuntu-latest
if: github.event_name == 'push'
continue-on-error: false
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Deploy Key Vault 001
- name: Deploy Key Vault 001
id: key_vault_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/KeyVault/deploy.keyVault.json
parameters: ${{ github.workspace }}/infra/KeyVault/params.keyVault001.json
deploymentMode: Incremental
# Deploy IoT Hub 001
- name: Deploy IoT Hub 001
id: iot_hub_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/IotHub/deploy.iotHub.json
parameters: ${{ github.workspace }}/infra/IotHub/params.iotHub001.json
deploymentMode: Incremental
# Deploy Event Hub 001
- name: Deploy Event Hub 001
id: event_hub_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/EventHub/deploy.eventHub.json
parameters: ${{ github.workspace }}/infra/EventHub/params.eventHub001.json
deploymentMode: Incremental
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy SQL Server 001
- name: Deploy SQL Server 001
id: sql_server_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlServer/deploy.sqlServer.json
parameters: ${{ github.workspace }}/infra/SqlServer/params.sqlServer001.json administratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
# Deploy SQL Database 001
- name: Deploy SQL Database 001
id: sql_database_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlDatabase/deploy.sqlDatabase.json
parameters: ${{ github.workspace }}/infra/SqlDatabase/params.sqlDatabase001.json sqlServerAdministratorLoginPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
# Deploy Cosmos DB 001
- name: Deploy Cosmos DB 001
id: cosmos_db_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/CosmosDb/deploy.cosmosDb.json
parameters: ${{ github.workspace }}/infra/CosmosDb/params.cosmosDb001.json
deploymentMode: Incremental
# Generate Password 002
- name: Generate Password 002
id: generate_password_002
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Synapse 001
- name: Deploy Synapse 001
id: synapse_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/Synapse/deploy.synapse.json
parameters: ${{ github.workspace }}/infra/Synapse/params.synapse001.json synapseSqlAdministratorPassword="${{ steps.generate_password_002.outputs.password }}"
deploymentMode: Incremental
# Deploy Sql Pool 001
- name: Deploy Sql Pool 001
id: sql_pool_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/SqlPool/deploy.sqlPool.json
parameters: ${{ github.workspace }}/infra/SqlPool/params.sqlPool001.json
deploymentMode: Incremental
# Deploy Big Data Pool 001
- name: Deploy Big Data Pool 001
id: big_data_pool_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/BigDataPool/deploy.bigDataPool.json
parameters: ${{ github.workspace }}/infra/BigDataPool/params.bigDataPool001.json
deploymentMode: Incremental
# Deploy Stream Analytics Cluster 001
- name: Deploy Stream Analytics Cluster 001
id: stream_analytics_cluster_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/StreamAnalyticsCluster/deploy.streamAnalyticsCluster.json
parameters: ${{ github.workspace }}/infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json
deploymentMode: Incremental
# Deploy Stream Analytics 001
- name: Deploy Stream Analytics 001
id: stream_analytics_001_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/StreamAnalytics/deploy.streamAnalytics.json
parameters: ${{ github.workspace }}/infra/StreamAnalytics/params.streamAnalytics001.json
deploymentMode: Incremental
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Login to Azure
- name: Azure Login
id: azure_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate Password 001
- name: Generate Password 001
id: generate_password_001
run: |
echo "Generating Password"
pwsh $GITHUB_WORKSPACE/code/GeneratePassword.ps1 -GitHub
# Deploy Data Domain
- name: Deploy Data Domain
id: data_domain_deployment
uses: azure/arm-deploy@v1
with:
scope: resourcegroup
subscriptionId: ${{ env.AZURE_SUBSCRIPTION_ID }}
resourceGroupName: ${{ env.AZURE_RESOURCE_GROUP_NAME }}
region: ${{ env.AZURE_LOCATION }}
template: ${{ github.workspace }}/infra/main.json
parameters: ${{ github.workspace }}/infra/params.dev.json administratorPassword="${{ steps.generate_password_001.outputs.password }}"
deploymentMode: Incremental
continue-on-error: true
# Log out from Azure
- name: Log out from Azure
id: azure_logout
uses: azure/cli@v1
with:
azcliversion: latest
inlineScript: |
az logout

30
.github/workflows/lint.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,30 @@
name: Lint Code Base
on:
push:
branches-ignore: [master]
pull_request:
branches: [main]
jobs:
build:
name: Lint Code Base
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Lint ARM templates
- name: Lint
id: arm_lint
uses: github/super-linter@v3
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_JSCPD: false
VALIDATE_JSON: false
FILTER_REGEX_EXCLUDE: (/.devcontainer/|/reference/)

131
.github/workflows/updateParameters.yml поставляемый
Просмотреть файл

@ -1,131 +0,0 @@
name: Update Parameter Files
on:
push:
branches: [main]
paths:
- 'configs/**'
- '.github/workflows/updateParameters.yml'
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_DOMAIN_NAME: '{dataDomainName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}'
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}'
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}'
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}'
jobs:
renaming:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Check Out Repository
id: checkout_repository
uses: actions/checkout@v2
# Install Required Packages
- name: Install Required Modules
id: install_modules
run: |
echo "Install Modules"
pwsh -Command "Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted"
pwsh -Command "Install-Module -Name powershell-yaml"
# Update Parameters
- name: Update Parameters
id: update_parameters
run: |
echo "Updating Parameters"
pwsh $GITHUB_WORKSPACE/configs/UpdateParameters.ps1 \
-ConfigurationFilePath 'configs/config.json' \
-GlobalDnsResourceGroupId '${{ env.GLOBAL_DNS_RESOURCE_GROUP_ID }}' \
-DataLandingZoneSubscriptionId '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID }}' \
-DataLandingZoneName '${{ env.DATA_DOMAIN_NAME }}' \
-Location '${{ env.LOCATION }}' \
-PurviewId '${{ env.PURVIEW_ID }}' \
-SubnetId '${{ env.SUBNET_ID }}' \
-SynapseStorageAccountName '${{ env.SYNAPSE_STORAGE_ACCOUNT_NAME }}' \
-SynapseStorageAccountFileSystemName '${{ env.SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME }}' \
-AzureResourceManagerConnectionName '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
# Define Pull Request Body
- name: Define Pull Request Body
id: define_pull_request_body
run: |
body="**Great work!** Just two more steps to start the deployment into your environment.
## 1. Create Resource Group and grant access
[Create a resource group](https://ms.portal.azure.com/#create/Microsoft.ResourceGroup) with the name \`${{ steps.update_parameters.outputs.landingZoneName }}-rg\` in the subscription \`${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}\` in the region \`${{ env.LOCATION }}\`.
Now, grant the service principal from earlier access to the resource group with the following commands (either with Azure CLI or with Powershell):
**For Azure CLI**
\`\`\`Shell
# Get Service Principal Object ID
az ad sp list --display-name \"{servicePrincipalName}\" --query \"[].{objectId:objectId}\" --output tsv
# Add role assignment
az role assignment create \\
--assignee \"{servicePrincipalObjectId}\" \\
--role \"Contributor\" \\
--resource-group \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
**For Powershell**
\`\`\`Powershell
# Get Service Principal Object ID
\$spObjectId = (Get-AzADServicePrincipal -DisplayName \"{servicePrincipalName}\").id
# Add role assignment
New-AzRoleAssignment \`
-ObjectId \$spObjectId \`
-RoleDefinitionName \"Contributor\" \`
-ResourceGroupName \"${{ steps.update_parameters.outputs.landingZoneName }}-rg\"
\`\`\`
## 2. Update Parameters in the workflow
**For GitHub Actions**
Go to \`/.github/workflows/dataDomainDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
env:
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
**For Azure DevOps**
Go to \`/.ado/workflows/dataDomainDeployment.yml\` in the branch \`parameter_update_${{ github.run_id }}\` and update the environment variables to the following:
\`\`\`YAML
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '${{ env.AZURE_RESOURCE_MANAGER_CONNECTION_NAME }}'
AZURE_SUBSCRIPTION_ID: '${{ env.DATA_LANDING_ZONE_SUBSCRIPTION_ID}}'
AZURE_RESOURCE_GROUP_NAME: '${{ steps.update_parameters.outputs.landingZoneName }}-rg'
AZURE_LOCATION: '${{ env.LOCATION }}'
\`\`\`
Now, merge the pull request into your \`main\` branch."
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo "::set-output name=body::$body"
# Create Pull Request
- name: Create Pull Request
id: create_pull_request
uses: peter-evans/create-pull-request@v3
with:
commit-message: 'Updated Parameters'
branch: 'parameter_update_${{ github.run_id }}'
title: 'Updated Parameters with GitHub Workflow Run ID ${{ github.run_id }}'
body: ${{ steps.define_pull_request_body.outputs.body }}

116
README.md
Просмотреть файл

@ -39,7 +39,7 @@ You have two options for deploying this reference architecture:
## Prerequisites
> **Note:** Please make sure you have successfully deployed a [Data Management Landing Zone](https://github.com/Azure/data-management-zone) and a [Data Landing Zone](https://github.com/Azure/data-landing-zone). The Data Domain relies on the Private DNS Zones that are deployed in the Data Management Template. If you have Private DNS Zones deployed elsewhere, you can also point to these. If you do not have the Private DNS Zones deployed for the respective services, this template deployment will fail. Also, this template requires subnets as specified in the prerequisites. The Data Landing Zone already creates a few subnets, which can be used for this Data Domain.
> **Note:** Please make sure you have successfully deployed a [Data Management Landing Zone](https://github.com/Azure/data-management-zone) and a [Data Landing Zone](https://github.com/Azure/data-landing-zone). The Data Domain relies on the Private DNS Zones that are deployed in the Data Management Template. If you have Private DNS Zones deployed elsewhere, you can also point to these. If you do not have the Private DNS Zones deployed for the respective services, this template deployment will fail. Also, this template requires subnets as specified in the prerequisites. The Data Landing Zone already creates a few subnets, which can be used for this Data Domain.
The following prerequisites are required to make this repository work:
@ -94,16 +94,17 @@ If you don't have an Azure subscription, [create your Azure free account today](
A service principal with *Contributor* role needs to be generated for authentication and authorization from GitHub or Azure DevOps to your Azure **Data Landing Zone** subscription, where the data-domain-streaming services will be deployed. Just go to the Azure Portal to find the ID of your subscription. Then start the Cloud Shell or Azure CLI, login to Azure, set the Azure context and execute the following commands to generate the required credentials:
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data domain. The **Network Contributor** role assignment is required as well in this repository in order to assign the resources to the dedicated subnet.
> **Note:** The purpose of this new **Service Principal** is to assign least-privilege rights. Therefore, it requires the **Contributor** role at a resource group scope in order to deploy the resources inside the resource group dedicated to a specific data domain. The **Network Contributor** role assignment is required as well in this repository in order to add the private endpoint of resources to the dedicated subnet.
#### Azure CLI
```sh
# Replace {service-principal-name} and {subscription-id} with your
# Replace {service-principal-name} and {subscription-id} and {resource-group} with your
# Azure subscription id and any name for your service principal.
az ad sp create-for-rbac \
--name "{service-principal-name}" \
--skip-assignment \
--name {service-principal-name} \
--role contributor \
--scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
--sdk-auth
```
@ -126,7 +127,6 @@ Now that the new Service Principal is created, as mentioned, role assignments a
| Role Name | Description | Scope |
|:----------|:------------|:------|
| [Private DNS Zone Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#private-dns-zone-contributor) | We expect you to deploy all Private DNS Zones for all data services into a single subscription and resource group. Therefor, the service principal needs to be Private DNS Zone Contributor on the global dns resource group which was created during the Data Management Zone deployment. This is required to deploy A-records for the respective private endpoints. | (Resource Group Scope) <div style="width: 36ch">`/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#contributor) | We expect you to deploy all data-domain-streaming services into a single resource group within the Data Landing Zone subscription. The service principal requires a **Contributor** role-assignment on that resource group. | (Resource Group Scope) <div style="width: 36ch">`/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`</div> |
| [Network Contributor](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#network-contributor) | In order to deploy Private Endpoints to the specified privatelink-subnet which was created during the Data Landing Zone deployment, the service principal requires **Network Contributor** access on that specific subnet. | (Child-Resource Scope) `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName} /providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}"` |
To add these role assignments, you can use the [Azure Portal](https://portal.azure.com/) or run the following commands using Azure CLI/Azure Powershell:
@ -230,63 +230,76 @@ If you want to use Azure DevOps Pipelines for deploying the resources, you need
More information can be found [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal).
### 4. Parameter Update Process
### 4. Parameter Updates
> **Note:** This section applies for both **Azure DevOps** and **GitHub** Deployment
In order to deploy the ARM templates in this repository to the desired Azure subscription, you will need to modify some parameters in the forked repository, which will be used for updating the files which will be used during the deployment. Therefor, **this step should not be skipped for neither Azure DevOps/GitHub options**. As updating each parameter file manually is a time-consuming and potentially error-prone process, we have simplified the task with a GitHub Action workflow. You can update your deployment parameters by completing three steps:
In order to deploy the Infrastructure as Code (IaC) templates to the desired Azure subscription, you will need to modify some parameters in the forked repository. Therefore, **this step should not be skipped for neither Azure DevOps/GitHub options**. There are two files that require updates:
#### Configure the `updateParameters` workflow
- `.github/workflows/dataDomainDeployment.yml` for GitHub Actions,
- `.ado/workflows/dataDomainDeployment.yml` for Azure DevOps and
- `infra/params.dev.json`.
> **Note:** There is only one 'updateParameters.yml', which can be found under the '.github' folder and this one will be used also for setting up the Azure DevOps Deployment
Update these files in a seperate branch and then merge via Pull Request to trigger the initial deployment.
To begin, please open the [.github/workflows/updateParameters.yml](/.github/workflows/updateParameters.yml). In this file you need to update the environment variables. Just click on [.github/workflows/updateParameters.yml](/.github/workflows/updateParameters.yml) and edit the following section:
#### Configure `dataDomainDeployment.yml`
##### For GitHub Actions
To begin, please open the [.github/workflows/dataDomainDeployment.yml](/.github/workflows/dataDomainDeployment.yml). In this file you need to update the environment variables section. Just click on [.github/workflows/dataDomainDeployment.yml](/.github/workflows/dataDomainDeployment.yml) and edit the following section:
```yaml
env:
GLOBAL_DNS_RESOURCE_GROUP_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'
DATA_LANDING_ZONE_SUBSCRIPTION_ID: '{dataLandingZoneSubscriptionId}'
DATA_DOMAIN_NAME: '{dataDomainName}' # Choose max. 11 characters. They will be used as a prefix for all services. If not unique, deployment can fail for some services.
LOCATION: '{regionName}' # Specifies the region for all services (e.g. 'northeurope', 'eastus', etc.)
SUBNET_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}' # Resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**.
SYNAPSE_STORAGE_ACCOUNT_NAME: '{synapseStorageAccountName}' # Choose a storage account which was previously deployed in the Data Landing Zone.
SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME: '{synapseStorageAccountFileSystemName}' # Choose the name of the container inside the Storage Account which was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable.
PURVIEW_ID: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Purview/accounts/{purviewName}' # If no Purview account is deployed, leave it empty string.
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: '{resourceManagerConnectionName}' # This is needed just for ADO Deployments.
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd002" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "northeurope" # Update to '{regionName}'
```
Further details about these parameters are provided in a table below.
##### For Azure DevOps
To begin, please open the [.ado/workflows/dataDomainDeployment.yml](/.ado/workflows/dataDomainDeployment.yml). In this file you need to update the variables section. Just click on [.ado/workflows/dataDomainDeployment.yml](/.ado/workflows/dataDomainDeployment.yml) and edit the following section:
```yaml
variables:
AZURE_RESOURCE_MANAGER_CONNECTION_NAME: "domain-product-service-connection" # Update to '{resourceManagerConnectionName}'
AZURE_SUBSCRIPTION_ID: "2150d511-458f-43b9-8691-6819ba2e6c7b" # Update to '{dataLandingZoneSubscriptionId}'
AZURE_RESOURCE_GROUP_NAME: "dlz01-dev-dd002" # Update to '{dataLandingZoneName}-rg'
AZURE_LOCATION: "North Europe" # Update to '{regionName}'
```
The following table explains each of the parameters:
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| **GLOBAL_DNS_RESOURCE_GROUP_ID** | Specifies the global DNS resource group resource ID which gets deployed with the [Data Management Landing Zone](https://github.com/Azure/data-management-zone) | <div style="width: 36ch">`/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group`</div> |
| **DATA_LANDING_ZONE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Landing Zone where all the resources will be deployed | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **DATA_DOMAIN_NAME** | Specifies the name of your Data Domain. The value should consist of alphanumeric characters (A-Z, a-z, 0-9) and should not contain any special characters like `-`, `_`, `.`, etc. Special characters will be removed in the renaming process. | `mydomain01` |
| **LOCATION** | Specifies the region where you want the resources to be deployed. Please use the same region as for your Data Landing Zone. Otherwise the deployment will fail, since the Vnet and the Private Endpoints have to be in the same region. Also Check [Supported Regions](#supported-regions) | `northeurope` |
| **SUBNET_ID** | Specifies the resource ID of the dedicated privatelink-subnet which was created during the Data Landing Zone deployment. Choose one which has the suffix **private-link**. The subnet is already configured with `privateEndpointNetworkPolicies` and `privateLinkServiceNetworkPolicies` set to `Disabled`, as mentioned in the *Prerequisites* | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet/subnets/{my}-privatelink-subnet` |
|**SYNAPSE_STORAGE_ACCOUNT_NAME**| Specifies the name of the Azure Synapse Storage Account, which was previously deployed in the Data Landing Zone. Go to the `{DataLandingZoneName}-storage` resource group in your Data Landing Zone and copy the resource name (`{DataLandingZoneName}worksa`). | `mydlzworksa` |
|**SYNAPSE_STORAGE_ACCOUNT_FILE_SYSTEM_NAME**| Specifies the name of the Synapse Account filesystem, which is the name of the container inside the Storage Account that was referenced in the above SYNAPSE_STORAGE_ACCOUNT_NAME variable. | `data`|
| **PURVIEW_ID** | Specifies the resource ID of the Purview account to which the Synapse workspaces and Data Factories should connect to share data lineage and other metadata. In case you do not have a Purview account deployed at this stage, leave it empty string. | `/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-governance-rg/providers/Microsoft.Purview/accounts/my-purview` |
| **AZURE_RESOURCE_MANAGER_CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
| **AZURE_SUBSCRIPTION_ID** | Specifies the subscription ID of the Data Management Zone where all the resources will be deployed | <div style="width: 36ch">`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`</div> |
| **AZURE_LOCATION** | Specifies the region where you want the resources to be deployed. Please check [Supported Regions](#supported-regions) | `northeurope` |
| **AZURE_RESOURCE_GROUP_NAME** | Specifies the name of an existing resource group in your data landing zone, where the resources will be deployed. | `my-rg-name` |
| **AZURE_RESOURCE_MANAGER _CONNECTION_NAME** | Specifies the resource manager connection name in Azure DevOps. You can leave the default value if you want to use GitHub Actions for your deployment. More details on how to create the resource manager connection in Azure DevOps can be found in step 4. b) or [here](https://docs.microsoft.com/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal). | `my-connection-name` |
#### Execute the `updateParameters` workflow
#### Configure `params.dev.json`
After updating the values, please commit the updated version to the `main` branch of your repository. This will kick off a GitHub Action workflow, which will appear under the **Actions** tab of the main page of the repository. The `Update Parameter Files` workflow will update all parameters in your repository according to a pre-defined naming convention.
To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In this file you need to update the variable values. Just click on [infra/params.dev.json](/infra/params.dev.json) and edit the values. An explanation of the values is given in the table below:
#### Configure the deployment pipeline
The workflow above will make changes to all of the ARM config files. These changes will be stored in a new branch. Once the process has finished, it will open a new pull request in your repository where you can review the changes made by the workflow. The pull request will also provide the values you need to use to configure the deployment pipeline. Please follow the instructions in the pull request to complete the parameter update process.
The instructions will guide towards the following steps:
- create a new `resource group` where all the resources specific to this Data Domain Streaming will be deployed;
- add the required role assignments for the Service Principal created at step [2. Setting up the required Service Principal](#2-setting-up-the-required-service-principal) ;
- change the environment variables in the deployment workflow file
> **Note:** We are not renaming the environment variables in the workflow files because this could lead to an infinite loop of workflow runs being started.
#### Merge these changes back to the `main` branch of your repo
After following the instructions in the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository.
| Parameter | Description | Sample value |
|:-----------------------------------------|:-------------|:-------------|
| location | Specifies the location for all resources. | `northeurope` |
| environment | Specifies the environment of the deployment. | `dev`, `test` or `prod` |
| prefix | Specifies the prefix for all resources created in this deployment. | `prefi` |
| administratorPassword | Specifies the administrator password of the sql servers. Will be automatically set in the workflow. **Leave this value as is.** | `<your-secure-password>` |
| synapseDefaultStorageAccountFileSystemId | Specifies the resource ID of the default storage account file system for synapse. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Storage/storageAccounts/{storage-name}/blobServices/default/containers/{container-name}` |
| streamanalyticsDefaultStorageAccountId | Specifies the resource ID of the default storage account for strea analytics. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Storage/storageAccounts/{storage-name}` |
| subnetId | Specifies the resource ID of the subnet to which all services will connect. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/virtualNetworks/{vnet-name}/subnets/{subnet-name}` |
| purviewId | Specifies the resource ID of the central purview instance. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Purview/accounts/{purview-name}` |
| enableRoleAssignments | Specifies whether role assignments should be enabled. **Leave this value as is.** | `true` or `false` |
| privateDnsZoneIdKeyVault | Specifies the resource ID of the private DNS zone for KeyVault. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
| privateDnsZoneIdSynapseDev | Specifies the resource ID of the private DNS zone for Synapse Dev. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net` |
| privateDnsZoneIdSynapseSql | Specifies the resource ID of the private DNS zone for Synapse Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net` |
| privateDnsZoneIdEventhubNamespace | Specifies the resource ID of the private DNS zone for EventHub Namespace. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net` |
| privateDnsZoneIdCosmosdbSql | Specifies the resource ID of the private DNS zone for Cosmos Sql. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com` |
| privateDnsZoneIdSqlServer | Specifies the resource ID of the private DNS zone for Sql Server. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net` |
| privateDnsZoneIdIothub | Specifies the resource ID of the private DNS zone for IoT Hub. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net` |
### 5. (not applicable for GH Actions) Reference pipeline from GitHub repository in Azure DevOps Pipelines
@ -328,13 +341,17 @@ As a last step, you need to create an Azure DevOps pipeline in your project base
1. Click on **Continue** and then on **Run**.
### 6. Follow the workflow deployment
### 6. Merge these changes back to the `main` branch of your repo
After following the instructions and updating the parameters and variables in your repository in a separate branch and opening the pull request, you can merge the pull request back into the `main` branch of your repository by clicking on **Merge pull request**. Finally, you can click on **Delete branch** to clean up your repository. By doing this, you trigger the deployment workflow.
### 7. Follow the workflow deployment
**Congratulations!** You have successfully executed all steps to deploy the template into your environment through GitHub Actions or Azure DevOps.
If you are using GitHub Actions, you can navigate to the **Actions** tab of the main page of the repository where you will see a workflow with the name `Data Domain Deployment` running. Click on it to see how it deploys one service after another. If you run into any issues, please open an issue [here](https://github.com/Azure/data-landing-zone/issues).
If you are using GitHub Actions, you can navigate to the **Actions** tab of the main page of the repository where you will see a workflow with the name `Data Domain Deployment` running. Click on it to see how it deploys one service after another. If you run into any issues, please open an issue [here](https://github.com/Azure/data-domain-streaming/issues).
If you are using Azure DevOps Pipelines, you can navigate to the pipeline that you have created as part of step 6 and monitor it as each service is deployed. If you run into any issues, please open an issue [here](https://github.com/Azure/data-landing-zone/issues).
If you are using Azure DevOps Pipelines, you can navigate to the pipeline that you have created as part of step 6 and monitor it as each service is deployed. If you run into any issues, please open an issue [here](https://github.com/Azure/data-domain-streaming/issues).
### Documentation
@ -343,9 +360,8 @@ If you are using Azure DevOps Pipelines, you can navigate to the pipeline that y
| File/folder | Description |
| ----------------------------- | ------------------------------------------ |
| `.ado/workflows` | Folder for ADO workflows. The `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `updateParameters.yml` workflow is used for the parameter update process, while the `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `.github/workflows` | Folder for GitHub workflows. The `dataDomainDeployment.yml` workflow shows the steps for an end-to-end deployment of the architecture. |
| `code` | Sample password generation script that will be run in the deployment workflow for resources that require a password during the deployment. |
| `configs` | Folder containing a script and configuration file that is used for the parameter update process. |
| `docs` | Resources for this README. |
| `infra` | Folder containing all the ARM templates for each of the resources that will be deployed (`deploy.{resource}.json`) together with their parameter files (`params.{resource}.json`). |
| `CODE_OF_CONDUCT.md` | Microsoft Open Source Code of Conduct. |

70
code/GeneratePassword.ps1
Просмотреть файл

@ -10,15 +10,15 @@ function New-Password {
<#
.SYNOPSIS
Generate pseudo-random passwords based on templates
.PARAMETER Template
The template for the password you want to generate. (Defaults to a totally random 16-20 character password)
This defines which types of characters are generated for each character in the password.
IMPORTANT: the US English alphabet is hardcoded ... (we make no apologies, but thought you should know that)
NOTE: The template has changed somewhat from v1 (to more closely resemble the pattern used by KeePass)
Char | Type | Actual character set
-----|-----------------------------|---------------------
a | Lower-Case Alphanumeric | abcdefghijklmnopqrstuvwxyz 0123456789
@ -40,71 +40,71 @@ function New-Password {
b | Bracket | ()[]{}<>
s | Printable 7-Bit Punctuation | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
S | Printable 7-Bit ASCII | A-Z, a-z, 0-9, !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
\ | Escape (Fixed Char) | Use following character as is.
0-9 | Repeat | Repeat the previous character n times.
Using a number, you can define how many times the previous placeholder should occur:
* d4 is equivalent to dddd
* dH4a is equivalent to dHHHHa
* Hda1dH is equivalent to HdadH
* S16 is equivalent to SSSSSSSSSSSSSSSS (this is the default password pattern)
To define custom character sets, you pass a hashtable to -CustomCharacterSets which maps one character to an array of characters, then you can use that character in your template.
Note you cannot overwrite characters that are already in the character map (as listed above).
.PARAMETER CustomCharacterSet
A hashtable mapping single characters to an array of characters for a custom character set.
For example, to use numbers without zero or 1 (avoiding confusion with the letters O and L), you can define:
-CustomCharacterSet @{ n = "23456789" }
.EXAMPLE
New-Password "zvcvcdd"
Description
-----------
Generates a "pronounceable" 7 character password consisting of alternating consonants and vowels followed by a 2-digit number
.EXAMPLE
New-Password A16
Description
-----------
Generates a 16 character alpha-numeric password
.EXAMPLE
-split "Cvcvcdd " * 8 | New-Password
Description
-----------
Demonstrates that the function can take pipeline input. Passing multiple templates via the pipeline will generate multiple passwords.
In this case, we generate EIGHT "pronounceable" 7 character password consisting of alternating consonants and vowels followed by a 2-digit number
.EXAMPLE
New-Password "zvvcpzvvcdd"
Description
-----------
Generates a password which starts with an upper-case consonant, followed by two lower-case vowels, followed by a punctuation mark, followed by an upper-case consonant, followed by two lower-case vowels, followed by two numbers.
.EXAMPLE
New-Password "Get-zvcvvc"
Description
-----------
Generates a password which looks like a strange PowerShell command, starting with "Get-" and ending with an uppercase consonant, a vowel, a consonant, two vowels, and a final consonant.
.INPUTS
[String]
A string template for a password
.OUTPUTS
[SecureString]
A password, as secure as we can make it
.NOTES
HISTORY
2.0 Change random number generator
@ -118,9 +118,11 @@ function New-Password {
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline = $true, Position = 0)]
[string]$Template = "A16",
[hashtable]$CustomCharacterSet = @{}
[string]
$Template = "A16",
[hashtable]
$CustomCharacterSet = @{}
)
begin {
$CharacterSets = [System.Collections.Generic.Dictionary[char, char[]]]::new()
@ -145,21 +147,21 @@ function New-Password {
[char]'s' = [char[]]"!`#$%&()*+,-./:;<=>?@[\]^_``|~"
[char]'S' = [char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!`#$%&()*+,-./:;<=>?@[\]^_``|~"
}.GetEnumerator().ForEach{ $CharacterSets.Add($_.Key, $_.Value) }
$CustomCharacterSet.GetEnumerator().ForEach{ $CharacterSets.Add($_.Key, $_.Value) }
# This returns a RNGCryptoServiceProvider
$cryptoRNG = [System.Security.Cryptography.RandomNumberGenerator]::Create()
}
process {
# Create the return object
$securePassword = [System.Security.SecureString]::new()
# Expand the template
$Template = [regex]::replace($Template, "(.)(\d+)", { param($match) $match.Groups[1].Value * [int]($match.Groups[2].Value) })
Write-Verbose "Template: $Template"
$b = [byte[]]0
for ($c = 0; $c -lt $Template.Length; $c++) {
$securePassword.AppendChar($(
@ -177,9 +179,9 @@ function New-Password {
$char
}
}
))
)
)
}
return $securePassword
}
}

144
configs/UpdateParameters.ps1
Просмотреть файл

@ -1,144 +0,0 @@
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$ConfigurationFilePath,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$GlobalDnsResourceGroupId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneSubscriptionId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$DataLandingZoneName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$Location,
[Parameter(Mandatory=$true)]
[AllowEmptyString()]
[string]
$PurviewId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SubnetId,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]
$SynapseStorageAccountFileSystemName,
[Parameter(Mandatory=$false)]
[string]
$AzureResourceManagerConnectionName
)
function SetValue($Object, $Key, $Value) {
$p1, $p2 = $Key.Split(".")
if ($p2) {
SetValue -object $Object.$p1 -key $p2 -Value $Value
}
else {
$Object.$p1 = $Value
}
}
function Remove-SpecialCharsAndWhitespaces($InputString) {
$SpecialChars = '[#?!`"#$%&*+,-./:;<=>?@^_``|~\{\[\(\)\]\}]'
$Replacement = ''
return ($InputString -replace $SpecialChars,$Replacement) -replace "\s", ""
}
# Replace Special Characters
Write-Host "Replacing Special Characters"
$DataLandingZoneName = Remove-SpecialCharsAndWhitespaces -InputString $DataLandingZoneName
# Reduce Length of DataLandingZoneName
Write-Host "Reduce Length of DataLandingZoneName to max 11 Characters"
$DataLandingZoneName = -join $DataLandingZoneName[0..10]
# Convert DataLandingZoneName to lowercase
Write-Host "Converting DataLandingZoneName to lowercase"
$DataLandingZoneName = $DataLandingZoneName.ToLower()
# Loading Configuration File for Parameter Updates
Write-Host "Loading Configuration File for Parameter Updates"
$configs = Get-Content -Path $ConfigurationFilePath -Raw | Out-String | ConvertFrom-Json
foreach ($config in $configs) {
# Get Replacement Key-Value Pairs
Write-Host "Getting Replacement Key-Value Pairs"
$parameterReplacements = @{}
$config.parameters.psobject.properties | ForEach-Object { $parameterReplacements[$_.Name] = $_.Value }
if ($config.fileType.ToLower() -eq "json") {
# Load ARM Parameter File
Write-Host "Loading ARM Parameter File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Json
# Replace Parameter Values
Write-Host "Replacing Parameter Values"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Json -Depth 100 | Set-Content -Path $config.filePath
}
elseif (($config.fileType.ToLower() -eq "yaml") -or ($config.fileType.ToLower() -eq "yml")) {
# Load YAML Deployment File
Write-Host "Loading YAML Deployment File"
$parameterFile = Get-Content -Path $config.filePath -Raw | Out-String | ConvertFrom-Yaml -Ordered
# Replace Variables
Write-Host "Replacing Variables"
foreach ( $parameterReplacementPair in $parameterReplacements.GetEnumerator() ) {
$key = $parameterReplacementPair.Key
$value = $parameterReplacementPair.Value
$value = $ExecutionContext.InvokeCommand.ExpandString($value)
# Replace Parameter
Write-Host "Replacing Parameter '${key}' with Value '${value}'"
SetValue -Object $parameterFile -Key $key -Value $value
}
# Set Content of Parameter File
Write-Host "Setting Content of Parameter File"
$parameterFile | ConvertTo-Yaml | Set-Content -Path $config.filePath
}
else {
Write-Error "File Type not Supported"
throw "File Type not Supported"
}
}
# Set output
Write-Output "Setting output"
Write-Output "::set-output name=landingZoneName::${DataLandingZoneName}"

114
configs/config.json
Просмотреть файл

@ -1,114 +0,0 @@
[
{
"filePath": "infra/BigDataPool/params.bigDataPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/CosmosDb/params.cosmosDb001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.cosmosAccountName.value": "${DataLandingZoneName}-cosmos001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
}
},
{
"filePath": "infra/EventHub/params.eventHub001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.eventHubName.value": "${DataLandingZoneName}-eventhub001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
}
},
{
"filePath": "infra/IotHub/params.iotHub001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.iotHubName.value": "${DataLandingZoneName}-iothub001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdIotHub.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net",
"parameters.privateDnsZoneIdEventHub.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
}
},
{
"filePath": "infra/KeyVault/params.keyVault001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.keyVaultName.value": "${DataLandingZoneName}-keyvault001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
}
},
{
"filePath": "infra/SqlDatabase/params.sqlDatabase001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.sqlServerId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Sql/servers/${DataLandingZoneName}-sqlserver001",
"parameters.keyVaultId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.KeyVault/vaults/${DataLandingZoneName}-keyvault001"
}
},
{
"filePath": "infra/SqlPool/params.sqlPool001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Synapse/workspaces/${DataLandingZoneName}-synapse001"
}
},
{
"filePath": "infra/SqlServer/params.sqlServer001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.sqlServerName.value": "${DataLandingZoneName}-sqlserver001",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneId.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
}
},
{
"filePath": "infra/Synapse/params.synapse001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.synapseWorkspaceName.value": "${DataLandingZoneName}-synapse001",
"parameters.synapseDefaultStorageAccountName.value": "${SynapseStorageAccountName}",
"parameters.synapseDefaultStorageAccountFileSystem.value": "${SynapseStorageAccountFileSystemName}",
"parameters.purviewId.value": "${PurviewId}",
"parameters.subnetId.value": "${SubnetId}",
"parameters.privateDnsZoneIdSql.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net",
"parameters.privateDnsZoneIdDev.value": "${GlobalDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
},
{
"filePath": "infra/StreamAnalytics/params.streamAnalytics001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.streamAnalyticsName.value": "${DataLandingZoneName}-streamanalytics001",
"parameters.streamAnalyticsClusterId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.StreamAnalytics/clusters/${DataLandingZoneName}-streamanalyticscluster001"
}
},
{
"filePath": "infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json",
"fileType": "json",
"parameters": {
"parameters.location.value": "${Location}",
"parameters.streamAnalyticsClusterName.value": "${DataLandingZoneName}-streamanalyticscluster001",
"parameters.eventHubId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.EventHub/namespaces/${DataLandingZoneName}-eventhub001",
"parameters.sqlServerId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.Sql/servers/${DataLandingZoneName}-sqlserver001",
"parameters.cosmosDbId.value": "/subscriptions/${DataLandingZoneSubscriptionId}/resourceGroups/${DataLandingZoneName}-rg/providers/Microsoft.DocumentDB/databaseAccounts/${DataLandingZoneName}-cosmos001"
}
}
]

108
infra/BigDataPool/deploy.bigDataPool.json
Просмотреть файл

@ -1,108 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"bigDataPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the big data pool."
}
},
"bigDataPoolNodeSize": {
"type": "string",
"defaultValue": "Medium",
"allowedValues": [
"Small",
"Medium",
"Large",
"XLarge",
"XXLarge",
"XXXLarge"
],
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMinNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 3,
"metadata": {
"description": "Specifies the minimum node count of the big data pool."
}
},
"bigDataPoolMaxNodes": {
"type": "int",
"minValue": 3,
"defaultValue": 10,
"metadata": {
"description": "Specifies the maximum node count of the big data pool."
}
},
"bigDataPoolAutopauseDelay": {
"type": "int",
"minValue": 1,
"defaultValue": 15,
"metadata": {
"description": "Specifies the autopause delay of the big data pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the big data pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"bigDataPoolName": "[parameters('bigDataPoolName')]",
"bigDataPoolNodeSize": "[parameters('bigDataPoolNodeSize')]",
"bigDataPoolMinNodes": "[parameters('bigDataPoolMinNodes')]",
"bigDataPoolMaxNodes": "[parameters('bigDataPoolMaxNodes')]",
"bigDataPoolAutopauseDelay": "[parameters('bigDataPoolAutopauseDelay')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/bigDataPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('bigDataPoolName'))]",
"location": "[variables('location')]",
"properties": {
"autoPause": {
"enabled": true,
"delayInMinutes": "[variables('bigDataPoolAutopauseDelay')]"
},
"autoScale": {
"enabled": true,
"minNodeCount": "[variables('bigDataPoolMinNodes')]",
"maxNodeCount": "[variables('bigDataPoolMaxNodes')]"
},
"defaultSparkLogFolder": "logs/",
// "libraryRequirements": {
// "content": "",
// "filename": "requirements.txt"
// },
"nodeSize": "[variables('bigDataPoolNodeSize')]",
"nodeSizeFamily": "MemoryOptimized",
"provisioningState": "Succeeded",
"sparkEventsFolder": "events/",
"sparkVersion": "2.4",
"sessionLevelPackagesEnabled": false,
"isComputeIsolationEnabled": false,
"sparkConfigProperties": {}
}
}
],
"outputs": {}
}

27
infra/BigDataPool/params.bigDataPool001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"bigDataPoolName": {
"value": "bigdatapool001"
},
"bigDataPoolNodeSize": {
"value": "Medium"
},
"bigDataPoolMinNodes": {
"value": 3
},
"bigDataPoolMaxNodes": {
"value": 10
},
"bigDataPoolAutopauseDelay": {
"value": 15
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.Synapse/workspaces/dn001-dd002-synapse001"
}
}
}

184
infra/CosmosDb/deploy.cosmosDb.json
Просмотреть файл

@ -1,184 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location of all deployed resources."
}
},
"cosmosAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the Cosmos DB account name (max length 44 characters)."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"cosmosAccountName": "[parameters('cosmosAccountName')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('cosmosAccountName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2020-06-01-preview",
"name": "[variables('cosmosAccountName')]",
"kind": "GlobalDocumentDB",
"location": "[variables('location')]",
"properties": {
"consistencyPolicy": {
"defaultConsistencyLevel": "BoundedStaleness",
"maxIntervalInSeconds": 10,
"maxStalenessPrefix": 200
},
"locations": [
{
"locationName": "[variables('location')]",
"failoverPriority": 0,
"isZoneRedundant": true
}
],
"databaseAccountOfferType": "Standard",
"ipRules": [],
"isVirtualNetworkFilterEnabled": true,
"enableAutomaticFailover": true,
"virtualNetworkRules": [
],
"enableMultipleWriteLocations": false,
"enableCassandraConnector": false,
"publicNetworkAccess": "Disabled",
"capabilities": [
],
"disableKeyBasedMetadataWriteAccess": true,
"enableAnalyticalStorage": false,
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 240,
"backupRetentionIntervalInHours": 8
}
},
"cors": [],
"createMode": "Default"
// "apiProperties": { // Only supported for Mongo DB
// "serverVersion": "3.6"
// }
// "connectorOffer": "Small" // Only required for Cassandra
},
"resources": [
// {
// "type": "sqlDatabases",
// "name": "[variables('cosmosDatabaseName')]",
// "apiVersion": "2020-04-01",
// "dependsOn": [
// "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
// ],
// "properties": {
// "resource": {
// "id": "[variables('cosmosDatabaseName')]"
// },
// "options": {
// // "throughput": "[variables('cosmosDatabaseThroughput')]" // use autoscale instead of fixed throughput
// "autoscaleSettings": {
// "maxThroughput": "[variables('cosmosDatabaseThroughput')]"
// }
// }
// }
// }
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]",
"groupIds": [
"sql"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/cosmosConnectionString')]",
"apiVersion": "2019-09-01",
"dependsOn": [
"[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
],
"properties": {
"contentType": "text/plain",
"value": "[listConnectionStrings(resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName')), '2020-04-01').connectionStrings[0].connectionString]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {
"cosmosDbId": {
"type": "string",
"value": "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosAccountName'))]"
}
}
}

21
infra/CosmosDb/params.cosmosDb001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"cosmosAccountName": {
"value": "dn001-dd002-cosmos001"
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.KeyVault/vaults/dn001-dd002-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
}
}
}

214
infra/EventHub/deploy.eventHub.json
Просмотреть файл

@ -1,214 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"eventHubName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the event hub."
}
},
"eventHubSku": {
"type": "string",
"allowedValues": [
"Basic",
"Standard"
],
"defaultValue": "Standard",
"metadata": {
"description": "Specifies the minimum throughput units of the event hub."
}
},
"eventHubMinThroughputUnits": {
"type": "int",
"minValue": 1,
"maxValue": 20,
"defaultValue": 1,
"metadata": {
"description": "Specifies the minimum throughput units of the event hub."
}
},
"eventHubMaxThroughputUnits": {
"type": "int",
"minValue": 1,
"maxValue": 20,
"defaultValue": 2,
"metadata": {
"description": "Specifies the maximum throughput units of the event hub."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"eventHubName": "[parameters('eventHubName')]",
"eventHubSku": "[parameters('eventHubSku')]",
"eventHubMinThroughputUnits": "[parameters('eventHubMinThroughputUnits')]",
"eventHubMaxThroughputUnits": "[parameters('eventHubMaxThroughputUnits')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('eventHubName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.EventHub/namespaces",
"apiVersion": "2017-04-01",
"name": "[variables('eventHubName')]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('eventHubSku')]",
"tier": "[variables('eventHubSku')]",
"capacity": "[variables('eventHubMinThroughputUnits')]"
},
"properties": {
"isAutoInflateEnabled": true,
"kafkaEnabled": true,
"maximumThroughputUnits": "[variables('eventHubMaxThroughputUnits')]",
"zoneRedundant": true
},
"resources": [
// {
// "type": "eventhubs",
// "apiVersion": "2017-04-01",
// "name": "default",
// "properties": {
// "messageRetentionInDays": 3,
// "partitionCount": 1,
// "status": "Deleting",
// "captureDescription": {
// "enabled": true,
// "encoding": "Avro",
// "intervalInSeconds": 900,
// "sizeLimitInBytes": 10485760,
// "destination": {
// "name": "default",
// "properties": {
// "storageAccountResourceId": "",
// "blobContainer": "",
// "archiveNameFormat": ""
// }
// },
// "skipEmptyArchives": true
// }
// }
// }
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName'))]",
"groupIds": [
"namespace"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "EventHubSecretDeployment",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/eventHubNamespacePrimaryConnectionString')]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[listkeys(resourceId('Microsoft.EventHub/namespaces/authorizationRules', variables('eventHubName'), 'RootManageSharedAccessKey'), '2017-04-01').primaryConnectionString]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"eventHubId": {
"type": "string",
"value": "[resourceId('Microsoft.EventHub/namespaces', variables('eventHubName'))]"
}
}
}

30
infra/EventHub/params.eventHub001.json
Просмотреть файл

@ -1,30 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"eventHubName": {
"value": "dn001-dd002-eventhub001"
},
"eventHubSku": {
"value": "Standard"
},
"eventHubMinThroughputUnits": {
"value": 1
},
"eventHubMaxThroughputUnits": {
"value": 2
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.KeyVault/vaults/dn001-dd002-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
}
}
}

162
infra/IotHub/deploy.iotHub.json
Просмотреть файл

@ -1,162 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"iotHubName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the iot hub."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdIotHub": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone of iot hub."
}
},
"privateDnsZoneIdEventHub": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone of event hub."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"iotHubName": "[parameters('iotHubName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdIotHub": "[parameters('privateDnsZoneIdIotHub')]",
"privateDnsZoneIdEventHub": "[parameters('privateDnsZoneIdEventHub')]",
"privateEndpointName": "[concat(variables('iotHubName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Devices/IotHubs",
"apiVersion": "2020-08-01",
"name": "[variables('iotHubName')]",
"location": "[variables('location')]",
"sku": {
"name": "S1",
"tier": "Standard",
"capacity": 1
},
"properties": {
"authorizationPolicies": [],
"publicNetworkAccess": "Disabled",
"ipFilterRules": [],
// "minTlsVersion": "1.2",
"eventHubEndpoints": {
"events": {
"retentionTimeInDays": 1,
"partitionCount": 4
}
},
"routing": {
"endpoints": {
"serviceBusQueues": [],
"serviceBusTopics": [],
"eventHubs": [],
"storageContainers": []
},
"routes": [],
"fallbackRoute": {
"name": "$fallback",
"source": "DeviceMessages",
"condition": "true",
"endpointNames": [
"events"
],
"isEnabled": false
}
},
"storageEndpoints": {},
"messagingEndpoints": {
"fileNotifications": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"enableFileUploadNotifications": false,
"cloudToDevice": {
"maxDeliveryCount": 10,
"defaultTtlAsIso8601": "PT1H",
"feedback": {
"lockDurationAsIso8601": "PT1M",
"ttlAsIso8601": "PT1H",
"maxDeliveryCount": 10
}
},
"comments": "",
"features": "DeviceManagement"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Devices/IotHubs', variables('iotHubName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Devices/IotHubs', variables('iotHubName'))]",
"groupIds": [
"iotHub"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord-iothub')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdIotHub')]"
}
},
{
"name": "[concat(variables('privateEndpointName'), '-aRecord-eventhub')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdEventHub')]"
}
}
]
}
}
],
"outputs": {}
}

21
infra/IotHub/params.iotHub001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"iotHubName": {
"value": "dn001-dd002-iothub001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneIdIotHub": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net"
},
"privateDnsZoneIdEventHub": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
}
}
}

152
infra/KeyVault/deploy.keyVault.json
Просмотреть файл

@ -1,152 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"keyVaultName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the key vault."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
},
"resourceExists": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether this is the first deployment of this resource or whether the resource already exists."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"keyVaultName": "[parameters('keyVaultName')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"resourceExists": "[parameters('resourceExists')]",
"privateEndpointName": "[concat(variables('keyVaultName'), '-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[concat(variables('keyVaultName'), 'Deployment')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[variables('keyVaultName')]",
"location": "[variables('location')]",
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForDiskEncryption": false,
"enablePurgeProtection": true,
"enableSoftDelete": true,
"enableRbacAuthorization": false,
"tenantId": "[subscription().tenantId]",
"createMode": "default",
"accessPolicies": "[if(variables('resourceExists'), reference(resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName')), '2016-10-01').accessPolicies, createArray())]",
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
],
"virtualNetworkRules": [
]
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroup": "[resourceGroup().name]"
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[concat(variables('keyVaultName'), 'Deployment')]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
"groupIds": [
"vault"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"keyVaultId": {
"type": "string",
"value": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]"
}
}
}

21
infra/KeyVault/params.keyVault001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"keyVaultName": {
"value": "dn001-dd002-keyvault001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"resourceExists": {
"value": false
}
}
}

244
infra/SqlDatabase/deploy.sqlDatabase.json
Просмотреть файл

@ -1,244 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlServerId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the SQL server to which the database will be deployed."
}
},
"sqlServerAdministratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the admin passwort of the SQL server to which the database will be deployed."
}
},
"sqlDatabaseName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL database."
}
},
"sqlDatabaseSku": {
"type": "string",
"defaultValue": "GP_Gen5",
"metadata": {
"description": "Specifies the SKU of the SQL database which is typically a letter + number code (e.g. 'GP_S_Gen5_1')."
}
},
"sqlDatabaseTier": {
"type": "string",
"defaultValue": "GeneralPurpose",
"metadata": {
"description": "Specifies the or edition of the database SKU (e.g. 'GeneralPurpose', etc.)."
}
},
"sqlDatabaseCapacity": {
"type": "int",
"metadata": {
"description": "Specifies the capacity in DTUs or vCores of the SQL database."
}
},
"sqlDatabaseMaxSizeInBytes": {
"type": "int",
"defaultValue": 34359738368,
"metadata": {
"description": "Specifies the maximum size of the database expressed in bytes."
}
},
"sqlDatabaseZoneRedundant": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the database should be zone redundant which means the replicas of this database will be spread across multiple availability zones."
}
},
"sqlDatabaseLicenseType": {
"type": "string",
"defaultValue": "LicenseIncluded",
"allowedValues": [
"LicenseIncluded",
"BasePrice"
],
"metadata": {
"description": "Specifies the license type to apply for this database (if you bring your own license, then select 'BasePrice')."
}
},
"sqlDatabaseReadReplicaCount": {
"type": "int",
"defaultValue": 0,
"minValue": 0,
"metadata": {
"description": "Specifies the number of readonly secondary replicas associated with the database."
}
},
"sqlDatabaseMinCapacity": {
"type": "string",
"defaultValue": "0.5",
"metadata": {
"description": "Specifies the minimal capacity that database will always have allocated, if not paused (only applies to serverless tier)."
}
},
"sqlDatabaseStorageAccountType": {
"type": "string",
"defaultValue": "GRS",
"allowedValues": [
"GRS",
"LRS",
"ZRS"
],
"metadata": {
"description": "Specifies the storage account type used to store backups for this database."
}
},
"sqlDatabaseAutoPauseDelay": {
"type": "int",
"defaultValue": -1,
"minValue": -1,
"metadata": {
"description": "Specifies the time in minutes after which database is automatically paused (only applies to serverless tier)."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the key vault to store the storage access key."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlServerId": "[parameters('sqlServerId')]",
"sqlServerName": "[last(split(variables('sqlServerId'), '/'))]",
"sqlServerAdministratorLoginPassword": "[parameters('sqlServerAdministratorLoginPassword')]",
"sqlDatabaseSku": "[parameters('sqlDatabaseSku')]",
"sqlDatabaseTier": "[parameters('sqlDatabaseTier')]",
"sqlDatabaseName": "[parameters('sqlDatabaseName')]",
"sqlDatabaseMaxSizeInBytes": "[parameters('sqlDatabaseMaxSizeInBytes')]",
"sqlDatabaseZoneRedundant": "[parameters('sqlDatabaseZoneRedundant')]",
"sqlDatabaseLicenseType": "[parameters('sqlDatabaseLicenseType')]",
"sqlDatabaseReadReplicaCount": "[parameters('sqlDatabaseReadReplicaCount')]",
"sqlDatabaseMinCapacity": "[parameters('sqlDatabaseMinCapacity')]",
"sqlDatabaseCapacity": "[parameters('sqlDatabaseCapacity')]",
"sqlDatabaseStorageAccountType": "[parameters('sqlDatabaseStorageAccountType')]",
"sqlDatabaseAutoPauseDelay": "[parameters('sqlDatabaseAutoPauseDelay')]",
"keyVaultId": "[parameters('keyVaultId')]",
"keyVaultName": "[last(split(variables('keyVaultId'), '/'))]",
"connectionStringSecretName": "[concat(variables('sqlDatabaseName'), 'ConnectionString')]",
"usernameSecretName": "[concat(variables('sqlDatabaseName'), 'Username')]",
"passwordSecretName": "[concat(variables('sqlDatabaseName'), 'Password')]"
},
"resources": [
{
"apiVersion": "2019-06-01-preview",
"type": "Microsoft.Sql/servers/databases",
"name": "[concat(variables('sqlServerName'), '/', variables('sqlDatabaseName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlDatabaseSku')]",
"tier": "[variables('sqlDatabaseTier')]",
"capacity": "[variables('sqlDatabaseCapacity')]"
},
"properties": {
"collation": "SQL_Latin1_General_CP1_CI_AS",
"maxSizeBytes": "[variables('sqlDatabaseMaxSizeInBytes')]",
"catalogCollation": "DATABASE_DEFAULT",
"zoneRedundant": "[variables('sqlDatabaseZoneRedundant')]",
"licenseType": "[variables('sqlDatabaseLicenseType')]",
"readScale": "[if(greater(variables('sqlDatabaseReadReplicaCount'), 0), 'Enabled', 'Disabled')]",
"readReplicaCount": "[variables('sqlDatabaseReadReplicaCount')]",
"autoPauseDelay": "[variables('sqlDatabaseAutoPauseDelay')]",
"storageAccountType": "[variables('sqlDatabaseStorageAccountType')]",
"minCapacity": "[variables('sqlDatabaseMinCapacity')]"
}
},
{
"name": "SqlDbSecretDeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "outer"
},
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('connectionStringSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[concat('Server=tcp:', reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').fullyQualifiedDomainName, ',1433;Initial Catalog=', variables('sqlDatabaseName'), ';Persist Security Info=False;User ID=', reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').administratorLogin, ';Password=', variables('sqlServerAdministratorLoginPassword'), ';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('usernameSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[reference(resourceId('Microsoft.Sql/servers', variables('sqlServerName')), '2019-06-01-preview').administratorLogin]",
"attributes": {
"enabled": true
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'), '/', variables('passwordSecretName'))]",
"apiVersion": "2019-09-01",
"properties": {
"contentType": "text/plain",
"value": "[variables('sqlServerAdministratorLoginPassword')]",
"attributes": {
"enabled": true
}
}
}
],
"outputs": {}
}
},
"subscriptionId": "[split(variables('keyVaultId'), '/')[2]]",
"resourceGroup": "[split(variables('keyVaultId'), '/')[4]]"
}
],
"outputs": {
"sqlDatabaseId": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]"
},
"connectionStringSecretName": {
"type": "string",
"value": "[variables('connectionStringSecretName')]"
},
"usernameSecretName": {
"type": "string",
"value": "[variables('usernameSecretName')]"
},
"passwordSecretName": {
"type": "string",
"value": "[variables('passwordSecretName')]"
}
}
}

51
infra/SqlDatabase/params.sqlDatabase001.json
Просмотреть файл

@ -1,51 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlServerId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.Sql/servers/dn001-dd002-sqlserver001"
},
"sqlServerAdministratorLoginPassword": {
"value": "<your-secure-password>"
},
"sqlDatabaseName": {
"value": "DataDomain001"
},
"sqlDatabaseSku": {
"value": "Basic"
},
"sqlDatabaseTier": {
"value": "Basic"
},
"sqlDatabaseCapacity": {
"value": 5
},
"sqlDatabaseMaxSizeInBytes": {
"value": 524288000
},
"sqlDatabaseZoneRedundant": {
"value": false
},
"sqlDatabaseLicenseType": {
"value": "LicenseIncluded"
},
"sqlDatabaseReadReplicaCount": {
"value": 0
},
"sqlDatabaseMinCapacity": {
"value": "0.5"
},
"sqlDatabaseStorageAccountType": {
"value": "GRS"
},
"sqlDatabaseAutoPauseDelay": {
"value": -1
},
"keyVaultId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.KeyVault/vaults/dn001-dd002-keyvault001"
}
}
}

74
infra/SqlPool/deploy.sqlPool.json
Просмотреть файл

@ -1,74 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlPoolName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL pool."
}
},
"sqlPoolCapacity": {
"type": "string",
"defaultValue": "DW100c",
"allowedValues": [
"DW100c",
"DW200c",
"DW300c",
"DW400c",
"DW500c",
"DW1000c",
"DW1500c",
"DW2000c",
"DW2500c",
"DW3000c",
"DW5000c",
"DW6000c",
"DW7500c",
"DW10000c",
"DW15000c",
"DW30000c"
],
"metadata": {
"description": "Specifies the capacity in DWs of the SQL pool."
}
},
"synapseWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Synapse workspace to which the sql pool will be deployed."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"sqlPoolName": "[parameters('sqlPoolName')]",
"sqlPoolCapacity": "[parameters('sqlPoolCapacity')]",
"synapseWorkspaceId": "[parameters('synapseWorkspaceId')]",
"synapseWorkspaceName": "[last(split(variables('synapseWorkspaceId'), '/'))]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces/sqlPools",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('synapseWorkspaceName'), '/', variables('sqlPoolName'))]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('sqlPoolCapacity')]"
},
"properties": {
"createMode": "Default",
"collation": "SQL_Latin1_General_CP1_CI_AS"
}
}
],
"outputs": {}
}

18
infra/SqlPool/params.sqlPool001.json
Просмотреть файл

@ -1,18 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlPoolName": {
"value": "sqlpool001"
},
"sqlPoolCapacity": {
"value": "DW100c"
},
"synapseWorkspaceId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.Synapse/workspaces/dn001-dd002-synapse001"
}
}
}

155
infra/SqlServer/deploy.sqlServer.json
Просмотреть файл

@ -1,155 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"sqlServerName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the SQL server."
}
},
"administratorLogin": {
"type": "string",
"defaultValue": "sqladminuser",
"metadata": {
"description": "Specifies the login account name for the SQL server."
}
},
"administratorLoginPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the SQL server."
}
},
"sqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the SQL admin group."
}
},
"sqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the SQL admin group."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneId": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"administratorLogin": "[parameters('administratorLogin')]",
"administratorLoginPassword": "[parameters('administratorLoginPassword')]",
"sqlServerName": "[parameters('sqlServerName')]",
"sqlAdminGroupName": "[parameters('sqlAdminGroupName')]",
"sqlAdminGroupObjectID": "[parameters('sqlAdminGroupObjectID')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneId": "[parameters('privateDnsZoneId')]",
"privateEndpointName": "[concat(variables('sqlServerName'), '-private-endpoint')]"
},
"resources": [
{
"apiVersion": "2019-06-01-preview",
"type": "Microsoft.Sql/servers",
"name": "[variables('sqlServerName')]",
"location": "[variables('location')]",
"properties": {
"administratorLogin": "[variables('administratorLogin')]",
"administratorLoginPassword": "[variables('administratorLoginPassword')]",
"version": "12.0",
"minimalTlsVersion": "1.2",
"publicNetworkAccess": "Disabled"
},
"identity": {
"type": "SystemAssigned"
},
"resources": [
{
"condition": "[and(not(empty(variables('sqlAdminGroupObjectID'))), not(empty(variables('sqlAdminGroupObjectID'))))]",
"type": "administrators",
"apiVersion": "2019-06-01-preview",
"name": "ActiveDirectory",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', variables('sqlServerName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('sqlAdminGroupName')]",
"sid": "[variables('sqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointName')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]",
"groupIds": [
"sqlServer"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointName'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointName'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneId')]"
}
}
]
}
}
],
"outputs": {
"sqlServerId": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]"
}
}
}

30
infra/SqlServer/params.sqlServer001.json
Просмотреть файл

@ -1,30 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"sqlServerName": {
"value": "dn001-dd002-sqlserver001"
},
"administratorLogin": {
"value": "ServerMainUser"
},
"administratorLoginPassword": {
"value": "<your-secure-password>"
},
"sqlAdminGroupName": {
"value": ""
},
"sqlAdminGroupObjectID": {
"value": ""
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
}
}
}

103
infra/StreamAnalytics/deploy.streamAnalytics.json
Просмотреть файл

@ -1,103 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"streamAnalyticsName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the stream analytics service."
}
},
"streamAnalyticsCapacity": {
"type": "int",
"minValue": 1,
"maxValue": 48,
"allowedValues": [
1,
3,
6,
12,
18,
24,
30,
36,
42,
48
],
"defaultValue": 1,
"metadata": {
"description": "Specifies the capacity of the stream analytics service."
}
},
"streamAnalyticsJobStorageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the storage account used for stream analytics."
}
},
"streamAnalyticsClusterId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the stream analytics cluster."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"streamAnalyticsName": "[parameters('streamAnalyticsName')]",
"streamAnalyticsCapacity": "[parameters('streamAnalyticsCapacity')]",
"streamAnalyticsJobStorageAccountId": "[parameters('streamAnalyticsJobStorageAccountId')]",
"streamAnalyticsJobStorageAccountName": "[last(split(variables('streamAnalyticsJobStorageAccountId'), '/'))]",
"streamAnalyticsClusterId": "[parameters('streamAnalyticsClusterId')]"
},
"resources": [
{
"type": "Microsoft.StreamAnalytics/streamingjobs",
"apiVersion": "2017-04-01-preview",
"name": "[variables('streamAnalyticsName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"sku": {
"name": "Standard"
},
"jobType": "Cloud",
"eventsOutOfOrderPolicy": "Adjust",
"outputErrorPolicy": "Stop",
"eventsOutOfOrderMaxDelayInSeconds": 0,
"eventsLateArrivalMaxDelayInSeconds": 5,
"dataLocale": "en-US",
"compatibilityLevel": "1.2",
"inputs": [],
"transformation": {
"name": "Transformation",
"properties": {
"streamingUnits": "[variables('streamAnalyticsCapacity')]",
"query": "SELECT\r\n *\r\nINTO\r\n [YourOutputAlias]\r\nFROM\r\n [YourInputAlias]"
}
},
"outputs": [],
"functions": [],
// "contentStoragePolicy": "JobStorageAccount", // Can be used to store all connection details in storage account
// "jobStorageAccount": {
// "accountName": "[variables('streamAnalyticsJobStorageAccountName')]",
// "authenticationMode": "Msi"
// },
"cluster": {
"id": "[variables('streamAnalyticsClusterId')]"
}
}
}
],
"outputs": {}
}

21
infra/StreamAnalytics/params.streamAnalytics001.json
Просмотреть файл

@ -1,21 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"streamAnalyticsName": {
"value": "dn001-dd002-streamanalytics001"
},
"streamAnalyticsCapacity": {
"value": 1
},
"streamAnalyticsJobStorageAccountId": {
"value": ""
},
"streamAnalyticsClusterId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.StreamAnalytics/clusters/dn001-dd002-streamanalyticscluster001"
}
}
}

184
infra/StreamAnalyticsCluster/deploy.streamAnalyticsCluster.json
Просмотреть файл

@ -1,184 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"streamAnalyticsClusterName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the stream analytics service."
}
},
"streamAnalyticsClusterCapacity": {
"type": "int",
"minValue": 36,
"maxValue": 216,
"defaultValue": 36,
"metadata": {
"description": "Specifies the capacity of the stream analytics service."
}
},
"storageAccountId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource id of the storage account for which a private endpoint should be created."
}
},
"eventHubId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource id of the event hub for which a private endpoint should be created."
}
},
"sqlServerId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource id of the sql server for which a private endpoint should be created."
}
},
"cosmosDbId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource id of the cosmos db for which a private endpoint should be created."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"streamAnalyticsClusterName": "[parameters('streamAnalyticsClusterName')]",
"streamAnalyticsClusterCapacity": "[parameters('streamAnalyticsClusterCapacity')]",
"storageAccountId": "[parameters('storageAccountId')]",
"storageAccountName": "[last(split(variables('storageAccountId'), '/'))]",
"eventHubId": "[parameters('eventHubId')]",
"eventHubName": "[last(split(variables('eventHubId'), '/'))]",
"sqlServerId": "[parameters('sqlServerId')]",
"sqlServerName": "[last(split(variables('sqlServerId'), '/'))]",
"cosmosDbId": "[parameters('cosmosDbId')]",
"cosmosDbName": "[last(split(variables('cosmosDbId'), '/'))]",
"privateEndpointRequestMessage": "Please approve the private endpoint."
},
"resources": [
{
"type": "Microsoft.StreamAnalytics/clusters",
"apiVersion": "2020-03-01-preview",
"name": "[variables('streamAnalyticsClusterName')]",
"location": "[variables('location')]",
"sku": {
"name": "Default",
"capacity": "[variables('streamAnalyticsClusterCapacity')]"
},
"properties": {},
"resources": [
{
"condition": "[not(empty(variables('storageAccountId')))]",
"type": "privateEndpoints",
"apiVersion": "2020-03-01-preview",
"name": "[concat(variables('storageAccountName'), '-storage-pe')]",
"dependsOn": [
"[resourceId('Microsoft.StreamAnalytics/clusters', variables('streamAnalyticsClusterName'))]"
],
"properties": {
"manualPrivateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[variables('storageAccountId')]",
"groupIds": [
"blob"
],
"requestMessage": "[variables('privateEndpointRequestMessage')]",
"privateLinkServiceConnectionState": {}
}
}
]
}
},
{
"condition": "[not(empty(variables('sqlServerId')))]",
"type": "privateEndpoints",
"apiVersion": "2020-03-01-preview",
"name": "[concat(variables('sqlServerName'), '-sqlserver-pe')]",
"dependsOn": [
"[resourceId('Microsoft.StreamAnalytics/clusters', variables('streamAnalyticsClusterName'))]"
],
"properties": {
"manualPrivateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[variables('sqlServerId')]",
"groupIds": [
"sqlServer"
],
"requestMessage": "[variables('privateEndpointRequestMessage')]",
"privateLinkServiceConnectionState": {}
}
}
]
}
},
{
"condition": "[not(empty(variables('eventHubId')))]",
"type": "privateEndpoints",
"apiVersion": "2020-03-01-preview",
"name": "[concat(variables('eventHubName'), '-eventhub-pe')]",
"dependsOn": [
"[resourceId('Microsoft.StreamAnalytics/clusters', variables('streamAnalyticsClusterName'))]"
],
"properties": {
"manualPrivateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[variables('eventHubId')]",
"groupIds": [
"namespace"
],
"requestMessage": "[variables('privateEndpointRequestMessage')]",
"privateLinkServiceConnectionState": {}
}
}
]
}
},
{
"condition": "[not(empty(variables('cosmosDbId')))]",
"type": "privateEndpoints",
"apiVersion": "2020-03-01-preview",
"name": "[concat(variables('cosmosDbName'), '-comosSql-pe')]",
"dependsOn": [
"[resourceId('Microsoft.StreamAnalytics/clusters', variables('streamAnalyticsClusterName'))]"
],
"properties": {
"manualPrivateLinkServiceConnections": [
{
"properties": {
"privateLinkServiceId": "[variables('cosmosDbId')]",
"groupIds": [
"Sql"
],
"requestMessage": "[variables('privateEndpointRequestMessage')]",
"privateLinkServiceConnectionState": {}
}
}
]
}
}
]
}
],
"outputs": {
"streamAnalyticsClusterId": {
"type": "string",
"value": "[resourceId('Microsoft.StreamAnalytics/clusters', variables('streamAnalyticsClusterName'))]"
}
}
}

27
infra/StreamAnalyticsCluster/params.streamAnalyticsCluster001.json
Просмотреть файл

@ -1,27 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"streamAnalyticsClusterName": {
"value": "dn001-dd002-streamanalyticscluster001"
},
"streamAnalyticsClusterCapacity": {
"value": 36
},
"storageAccountId": {
"value": ""
},
"eventHubId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.EventHub/namespaces/dn001-dd002-eventhub001"
},
"sqlServerId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.Sql/servers/dn001-dd002-sqlserver001"
},
"cosmosDbId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-dd002/providers/Microsoft.DocumentDB/databaseAccounts/dn001-dd002-cosmos001"
}
}
}

323
infra/Synapse/deploy.synapse.json
Просмотреть файл

@ -1,323 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all resources."
}
},
"synapseWorkspaceName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseDefaultStorageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the default storage account of the synapse workspace."
}
},
"synapseDefaultStorageAccountFileSystem": {
"type": "string",
"metadata": {
"description": "Specifies the name of the synapse workspace."
}
},
"synapseSqlAdministratorLogin": {
"type": "string",
"metadata": {
"description": "Specifies the login account name for the SQL DW of the synapse workspace."
}
},
"synapseSqlAdministratorPassword": {
"type": "securestring",
"metadata": {
"description": "Specifies the password for the SQL DW of the synapse workspace."
}
},
"synapseDatalakeAnalyticsResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseComputeSubnetResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the resource ID of data lake analytics for the synapse workspace."
}
},
"synapseSqlAdminGroupName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Active Directory group of the SQL admin group."
}
},
"synapseSqlAdminGroupObjectID": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Active Directory objectID of the SQL admin group."
}
},
"purviewId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the purview data catalog that should be linked to the data factory."
}
},
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the id of the subnet which the private endpoint uses."
}
},
"privateDnsZoneIdSql": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for sql pools."
}
},
"privateDnsZoneIdDev": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the private dns zone for dev."
}
}
},
"functions": [],
"variables": {
"location": "[parameters('location')]",
"synapseWorkspaceName": "[parameters('synapseWorkspaceName')]",
"synapseDefaultStorageAccountUrl": "[concat('https://', parameters('synapseDefaultStorageAccountName'), '.dfs.core.windows.net')]",
"synapseDefaultStorageAccountFileSystem": "[parameters('synapseDefaultStorageAccountFileSystem')]",
"synapseSqlAdministratorLogin": "[parameters('synapseSqlAdministratorLogin')]",
"synapseSqlAdministratorPassword": "[parameters('synapseSqlAdministratorPassword')]",
"synapseDatalakeAnalyticsResourceId": "[parameters('synapseDatalakeAnalyticsResourceId')]",
"synapseComputeSubnetResourceId": "[parameters('synapseComputeSubnetResourceId')]",
"synapseSqlAdminGroupName": "[parameters('synapseSqlAdminGroupName')]",
"synapseSqlAdminGroupObjectID": "[parameters('synapseSqlAdminGroupObjectID')]",
"purviewId": "[parameters('purviewId')]",
"subnetId": "[parameters('subnetId')]",
"privateDnsZoneIdSql": "[parameters('privateDnsZoneIdSql')]",
"privateDnsZoneIdDev": "[parameters('privateDnsZoneIdDev')]",
"privateEndpointNameSql": "[concat(variables('synapseWorkspaceName'), '-sql-private-endpoint')]",
"privateEndpointNameSqlOnDemand": "[concat(variables('synapseWorkspaceName'), '-sqlondemand-private-endpoint')]",
"privateEndpointNameDev": "[concat(variables('synapseWorkspaceName'), '-dev-private-endpoint')]"
},
"resources": [
{
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2019-06-01-preview",
"name": "[variables('synapseWorkspaceName')]",
"location": "[variables('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"defaultDataLakeStorage": {
"accountUrl": "[variables('synapseDefaultStorageAccountUrl')]",
"filesystem": "[variables('synapseDefaultStorageAccountFileSystem')]"
},
"sqlAdministratorLogin": "[variables('synapseSqlAdministratorLogin')]",
"sqlAdministratorLoginPassword": "[variables('synapseSqlAdministratorPassword')]",
"adlaResourceId": "[variables('synapseDatalakeAnalyticsResourceId')]",
"managedVirtualNetwork": "default",
"virtualNetworkProfile": {
"computeSubnetId": "[variables('synapseComputeSubnetResourceId')]"
},
"managedResourceGroupName": "[variables('synapseWorkspaceName')]",
"managedVirtualNetworkSettings": {
"allowedAadTenantIdsForLinking": [
"[subscription().tenantId]"
],
"linkedAccessCheckOnTargetResource": true,
"preventDataExfiltration": true
},
"connectivityEndpoints": {},
"purviewConfiguration": {
"purviewResourceId": "[variables('purviewId')]"
}
},
"resources": [
{
"type": "managedIdentitySqlControlSettings",
"apiVersion": "2019-06-01-preview",
"name": "default",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"grantSqlControlToManagedIdentity": {
"desiredState": "Enabled"
}
}
},
{
"condition": "[and(not(empty(variables('synapseSqlAdminGroupName'))), not(empty(variables('synapseSqlAdminGroupObjectID'))))]",
"type": "administrators",
"apiVersion": "2019-06-01-preview",
"name": "activeDirectory",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('synapseWorkspaceName'))]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "[variables('synapseSqlAdminGroupName')]",
"sid": "[variables('synapseSqlAdminGroupObjectID')]",
"tenantId": "[subscription().tenantId]"
}
}
]
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSql')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSql')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Sql"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSql'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSql'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSql'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameSqlOnDemand')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"SqlOnDemand"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameSqlOnDemand'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameSqlOnDemand'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdSql')]"
}
}
]
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('privateEndpointNameDev')]",
"dependsOn": [
"[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
],
"location": "[variables('location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('privateEndpointNameDev')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]",
"groupIds": [
"Dev"
]
}
}
],
"manualPrivateLinkServiceConnections": [
],
"subnet": {
"id": "[variables('subnetId')]"
}
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"name": "[concat(variables('privateEndpointNameDev'), '/aRecord')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointNameDev'))]"
],
"location": "[variables('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat(variables('privateEndpointNameDev'), '-aRecord')]",
"properties": {
"privateDnsZoneId": "[variables('privateDnsZoneIdDev')]"
}
}
]
}
}
],
"outputs": {
"synapseWorkspaceId": {
"type": "string",
"value": "[resourceId('Microsoft.Synapse/workspaces', variables('synapseWorkspaceName'))]"
}
}
}

48
infra/Synapse/params.synapse001.json
Просмотреть файл

@ -1,48 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"synapseWorkspaceName": {
"value": "dn001-dd002-synapse001"
},
"synapseDefaultStorageAccountName": {
"value": "dn001workspacesa"
},
"synapseDefaultStorageAccountFileSystem": {
"value": "dd001"
},
"synapseSqlAdministratorLogin": {
"value": "ServerMainUser"
},
"synapseSqlAdministratorPassword": {
"value": "<your-secure-password>"
},
"synapseDatalakeAnalyticsResourceId": {
"value": ""
},
"synapseComputeSubnetResourceId": {
"value": ""
},
"synapseSqlAdminGroupName": {
"value": ""
},
"synapseSqlAdminGroupObjectID": {
"value": ""
},
"purviewId": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-governance/providers/Microsoft.Purview/accounts/dh-purview001"
},
"subnetId": {
"value": "/subscriptions/2f68ca09-59d9-4ab5-ad11-c54872bfa28d/resourceGroups/dn001-network/providers/Microsoft.Network/virtualNetworks/dn001-vnet/subnets/dn001-dd002-privatelink-subnet"
},
"privateDnsZoneIdSql": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdDev": {
"value": "/subscriptions/4060c03e-0d2e-44b7-82a3-da9376fe50b2/resourceGroups/dh-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
}
}
}

186
infra/main.bicep Normal file
Просмотреть файл

@ -0,0 +1,186 @@
targetScope = 'resourceGroup'
// General parameters
@description('Specifies the location for all resources.')
param location string
@allowed([
'dev'
'test'
'prod'
])
@description('Specifies the environment of the deployment.')
param environment string
@minLength(2)
@maxLength(5)
@description('Specifies the prefix for all resources created in this deployment.')
param prefix string
// Resource parameters
@secure()
@description('Specifies the administrator password of the sql servers.')
param administratorPassword string
@description('Specifies the resource ID of the default storage account file system for synapse.')
param synapseDefaultStorageAccountFileSystemId string
@description('Specifies the resource ID of the default storage account for strea analytics.')
param streamanalyticsDefaultStorageAccountFileSystemId string
@description('Specifies the resource ID of the central purview instance.')
param purviewId string
@description('Specifies whether role assignments should be enabled.')
param enableRoleAssignments bool
// Network parameters
@description('Specifies the resource ID of the subnet to which all services will connect.')
param subnetId string
// Private DNS Zone parameters
@description('Specifies the resource ID of the private DNS zone for KeyVault.')
param privateDnsZoneIdKeyVault string
@description('Specifies the resource ID of the private DNS zone for Synapse Dev.')
param privateDnsZoneIdSynapseDev string
@description('Specifies the resource ID of the private DNS zone for Synapse Sql.')
param privateDnsZoneIdSynapseSql string
@description('Specifies the resource ID of the private DNS zone for EventHub Namespaces.')
param privateDnsZoneIdEventhubNamespace string
@description('Specifies the resource ID of the private DNS zone for Cosmos Sql.')
param privateDnsZoneIdCosmosdbSql string
@description('Specifies the resource ID of the private DNS zone for Sql Server.')
param privateDnsZoneIdSqlServer string
@description('Specifies the resource ID of the private DNS zone for IoT Hub.')
param privateDnsZoneIdIothub string
// Variables
var name = toLower('${prefix}-${environment}')
var tags = {
Owner: 'Enterprise Scale Analytics'
Project: 'Enterprise Scale Analytics'
Environment: environment
Toolkit: 'bicep'
Name: name
}
var synapseDefaultStorageAccountSubscriptionId = split(synapseDefaultStorageAccountFileSystemId, '/')[2]
var synapseDefaultStorageAccountResourceGroupName = split(synapseDefaultStorageAccountFileSystemId, '/')[4]
var streamanalyticsDefaultStorageAccountSubscriptionId = split(streamanalyticsDefaultStorageAccountFileSystemId, '/')[2]
var streamanalyticsDefaultStorageAccountResourceGroupName = split(streamanalyticsDefaultStorageAccountFileSystemId, '/')[4]
var streamanalyticsDefaultStorageAccountName = split(streamanalyticsDefaultStorageAccountFileSystemId, '/')[8]
// Resources
module keyvault001 'modules/services/keyvault.bicep' = {
name: 'keyvault001'
scope: resourceGroup()
params: {
location: location
keyvaultName: '${name}-vault001'
tags: tags
subnetId: subnetId
privateDnsZoneIdKeyVault: privateDnsZoneIdKeyVault
}
}
module synapse001 'modules/services/synapse.bicep' = {
name: 'synapse001'
scope: resourceGroup()
params: {
location: location
synapseName: '${name}-synapse001'
tags: tags
subnetId: subnetId
administratorPassword: administratorPassword
synapseSqlAdminGroupName: ''
synapseSqlAdminGroupObjectID: ''
privateDnsZoneIdSynapseDev: privateDnsZoneIdSynapseDev
privateDnsZoneIdSynapseSql: privateDnsZoneIdSynapseSql
purviewId: purviewId
synapseComputeSubnetId: ''
synapseDefaultStorageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
}
}
module synapse001RoleAssignmentStorage 'modules/auxiliary/synapseRoleAssignmentStorage.bicep' = if (enableRoleAssignments) {
name: 'synapse001RoleAssignmentStorage'
scope: resourceGroup(synapseDefaultStorageAccountSubscriptionId, synapseDefaultStorageAccountResourceGroupName)
params: {
storageAccountFileSystemId: synapseDefaultStorageAccountFileSystemId
synapseId: synapse001.outputs.synapseId
}
}
module cosmosdb001 'modules/services/cosmosdb.bicep' = {
name: 'cosmos001'
scope: resourceGroup()
params: {
location: location
cosmosdbName: '${name}-cosmos001'
tags: tags
subnetId: subnetId
privateDnsZoneIdCosmosdbSql: privateDnsZoneIdCosmosdbSql
}
}
module sql001 'modules/services/sql.bicep' = {
name: 'sql001'
scope: resourceGroup()
params: {
location: location
sqlserverName: '${name}-sqlserver001'
tags: tags
subnetId: subnetId
administratorPassword: administratorPassword
privateDnsZoneIdSqlServer: privateDnsZoneIdSqlServer
sqlserverAdminGroupName: ''
sqlserverAdminGroupObjectID: ''
}
}
module iothub001 'modules/services/iothub.bicep' = {
name: 'iothub001'
scope: resourceGroup()
params: {
location: location
iothubName: '${name}-iothub001'
tags: tags
subnetId: subnetId
iothubSkuName: 'S1'
iothubSkuCapacity: 1
privateDnsZoneIdEventhubNamespace: privateDnsZoneIdEventhubNamespace
privateDnsZoneIdIothub: privateDnsZoneIdIothub
}
}
module eventhubNamespace001 'modules/services/eventhubnamespace.bicep' = {
name: 'eventhubNamespaceDomain001'
scope: resourceGroup()
params: {
location: location
tags: tags
subnetId: subnetId
eventhubnamespaceName: '${name}-eventhub001'
privateDnsZoneIdEventhubNamespace: privateDnsZoneIdEventhubNamespace
eventhubnamespaceMinThroughput: 1
eventhubnamespaceMaxThroughput: 1
}
}
module streamanalytics001 'modules/services/streamanalytics.bicep' = {
name: 'streamanalytics001'
scope: resourceGroup()
params: {
location: location
tags: tags
eventhubNamespaceId: eventhubNamespace001.outputs.eventhubNamespaceId
sqlServerId: sql001.outputs.sqlserverId
storageAccountId: resourceId(streamanalyticsDefaultStorageAccountSubscriptionId, streamanalyticsDefaultStorageAccountResourceGroupName, 'Microsoft.Storage/storageAccounts', streamanalyticsDefaultStorageAccountName)
streamanalyticsclusterName: '${name}-streamanalyticscluster001'
streamanalyticsclusterSkuCapacity: 36
streamanalyticsName: '${name}-streamanalytics001'
streamanalyticsjobSkuCapacity: 1
}
}
module streamanalytics001RoleAssignmentStorage 'modules/auxiliary/streamanalyticsRoleAssignmentStorage.bicep' = if (enableRoleAssignments) {
name: 'streamanalytics001RoleAssignmentStorage'
scope: resourceGroup(streamanalyticsDefaultStorageAccountSubscriptionId, streamanalyticsDefaultStorageAccountResourceGroupName)
params: {
storageAccountFileSystemId: streamanalyticsDefaultStorageAccountFileSystemId
streamanalyticsjobId: streamanalytics001.outputs.streamanalyticsjob001Id
}
}

1699
infra/main.json Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

34
infra/modules/auxiliary/streamanalyticsRoleAssignmentStorage.bicep Normal file
Просмотреть файл

@ -0,0 +1,34 @@
// The module contains a template to create a role assignment of the Synase MSI to a file system.
targetScope = 'resourceGroup'
// Parameters
param storageAccountFileSystemId string
param streamanalyticsjobId string
// Variables
var storageAccountFileSystemName = last(split(storageAccountFileSystemId, '/'))
var storageAccountName = split(storageAccountFileSystemId, '/')[8]
var streamanalyticsjobSubscriptionId = split(streamanalyticsjobId, '/')[2]
var streamanalyticsjobResourceGroupName = split(streamanalyticsjobId, '/')[4]
var streamanalyticsjobName = last(split(streamanalyticsjobId, '/'))
// Resources
resource storageAccountFileSystem 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' existing = {
name: '${storageAccountName}/default/${storageAccountFileSystemName}'
}
resource streamanalyticsjob 'Microsoft.StreamAnalytics/streamingjobs@2017-04-01-preview' existing = {
name: streamanalyticsjobName
scope: resourceGroup(streamanalyticsjobSubscriptionId, streamanalyticsjobResourceGroupName)
}
resource synapseRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(uniqueString(storageAccountFileSystem.id, streamanalyticsjob.id))
scope: storageAccountFileSystem
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
principalId: streamanalyticsjob.identity.principalId
}
}
// Outputs

34
infra/modules/auxiliary/synapseRoleAssignmentStorage.bicep Normal file
Просмотреть файл

@ -0,0 +1,34 @@
// The module contains a template to create a role assignment of the Synase MSI to a file system.
targetScope = 'resourceGroup'
// Parameters
param storageAccountFileSystemId string
param synapseId string
// Variables
var storageAccountFileSystemName = last(split(storageAccountFileSystemId, '/'))
var storageAccountName = split(storageAccountFileSystemId, '/')[8]
var synapseSubscriptionId = split(synapseId, '/')[2]
var synapseResourceGroupName = split(synapseId, '/')[4]
var synapseName = last(split(synapseId, '/'))
// Resources
resource storageAccountFileSystem 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' existing = {
name: '${storageAccountName}/default/${storageAccountFileSystemName}'
}
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' existing = {
name: synapseName
scope: resourceGroup(synapseSubscriptionId, synapseResourceGroupName)
}
resource synapseRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(uniqueString(storageAccountFileSystem.id, synapse.id))
scope: storageAccountFileSystem
properties: {
roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
principalId: synapse.identity.principalId
}
}
// Outputs

115
infra/modules/services/cosmosdb.bicep Normal file
Просмотреть файл

@ -0,0 +1,115 @@
// This template is used to create a Cosmos Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param cosmosdbName string
param privateDnsZoneIdCosmosdbSql string
// Variables
var cosmosdbPrivateEndpointName = '${cosmosdb.name}-private-endpoint'
// Resources
resource cosmosdb 'Microsoft.DocumentDB/databaseAccounts@2021-03-15' = {
name: cosmosdbName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
kind: 'GlobalDocumentDB'
properties: {
// apiProperties: { // For Mongo DB
// serverVersion: '4.0'
// }
backupPolicy: {
type: 'Continuous'
}
capabilities: []
// connectorOffer: 'Small' // For Cassandra DB
consistencyPolicy: {
defaultConsistencyLevel: 'Eventual'
maxStalenessPrefix: 1
maxIntervalInSeconds: 5
}
cors: []
databaseAccountOfferType: 'Standard'
disableKeyBasedMetadataWriteAccess: true
enableAnalyticalStorage: false
enableAutomaticFailover: true
enableCassandraConnector: false
enableFreeTier: false
enableMultipleWriteLocations: false
ipRules: []
networkAclBypass: 'None'
networkAclBypassResourceIds: []
publicNetworkAccess: 'Disabled'
virtualNetworkRules: []
isVirtualNetworkFilterEnabled: true
locations: [
{
locationName: location
failoverPriority: 0
isZoneRedundant: true
}
]
}
}
// resource cosmosdbSqlDatabase001 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2021-03-15' = { // Uncomment to deploy SQL database to the cosmos account
// parent: cosmosdb
// name: 'Database001'
// properties: {
// options: {
// autoscaleSettings: {
// maxThroughput: 10
// }
// }
// resource: {
// id: 'Database001'
// }
// }
// }
resource cosmosdbPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: cosmosdbPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: cosmosdbPrivateEndpointName
properties: {
groupIds: [
'sql'
]
privateLinkServiceId: cosmosdb.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource cosmosdbPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: cosmosdbPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${cosmosdbPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdCosmosdbSql
}
}
]
}
}
// Outputs

106
infra/modules/services/eventhubnamespace.bicep Normal file
Просмотреть файл

@ -0,0 +1,106 @@
// This template is used to create a Databricks workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param eventhubnamespaceName string
@minValue(1)
@maxValue(20)
param eventhubnamespaceMinThroughput int
@minValue(1)
@maxValue(20)
param eventhubnamespaceMaxThroughput int
param privateDnsZoneIdEventhubNamespace string
// Variables
var eventhubNamespacePrivateEndpointName = '${eventhubNamespace.name}-private-endpoint'
// Resources
resource eventhubNamespace 'Microsoft.EventHub/namespaces@2021-01-01-preview' = {
name: eventhubnamespaceName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: 'Standard'
tier: 'Standard'
capacity: eventhubnamespaceMinThroughput
}
properties: {
isAutoInflateEnabled: true
kafkaEnabled: true
maximumThroughputUnits: eventhubnamespaceMaxThroughput
zoneRedundant: true
}
}
// resource eventhub001 'Microsoft.EventHub/namespaces/eventhubs@2021-01-01-preview' = { // Uncomment to deploy an Event Hub in the namespace
// parent: eventhubNamespace
// name: 'default'
// properties: {
// captureDescription: {
// destination: {
// name: 'default'
// properties: {
// archiveNameFormat: ''
// blobContainer: ''
// storageAccountResourceId: ''
// }
// }
// enabled: true
// encoding: 'Avro'
// intervalInSeconds: 900
// sizeLimitInBytes: 10485760
// skipEmptyArchives: true
// }
// messageRetentionInDays: 3
// partitionCount: 1
// status: 'Active'
// }
// }
resource eventhubNamespacePrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: eventhubNamespacePrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: eventhubNamespacePrivateEndpointName
properties: {
groupIds: [
'namespace'
]
privateLinkServiceId: eventhubNamespace.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource eventhubNamespacePrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: eventhubNamespacePrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${eventhubNamespacePrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdEventhubNamespace
}
}
]
}
}
// Outputs
output eventhubNamespaceId string = eventhubNamespace.id

133
infra/modules/services/iothub.bicep Normal file
Просмотреть файл

@ -0,0 +1,133 @@
// This template is used to create a Databricks workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param iothubName string
param iothubSkuName string
@minValue(1)
param iothubSkuCapacity int
param privateDnsZoneIdIothub string
param privateDnsZoneIdEventhubNamespace string
// Variables
var iothubPrivateEndpointName = '${iothub.name}-private-endpoint'
// Resources
resource iothub 'Microsoft.Devices/IotHubs@2021-03-31' = {
name: iothubName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
sku: {
name: iothubSkuName
capacity: iothubSkuCapacity
}
properties: {
authorizationPolicies: []
cloudToDevice: {
defaultTtlAsIso8601: 'PT1M'
feedback: {
lockDurationAsIso8601: 'PT1M'
maxDeliveryCount: 10
ttlAsIso8601: 'PT1H'
}
maxDeliveryCount: 10
}
comments: ''
enableFileUploadNotifications: false
eventHubEndpoints: {
events: {
partitionCount: 4
retentionTimeInDays: 1
}
}
features: 'DeviceManagement'
ipFilterRules: []
messagingEndpoints: {
fileNotifications: {
lockDurationAsIso8601: 'PT1M'
maxDeliveryCount: 10
ttlAsIso8601: 'PT1H'
}
}
// minTlsVersion: '1.2' // Uncomment to enforce TLS Version 1.2. This is only available in select region (https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-tls-support)
networkRuleSets: {
applyToBuiltInEventHubEndpoint: true
defaultAction: 'Deny'
ipRules: []
}
publicNetworkAccess: 'Disabled'
routing: {
endpoints: {
eventHubs: []
serviceBusQueues: []
serviceBusTopics: []
storageContainers: []
}
enrichments: []
fallbackRoute: {
condition: 'true'
endpointNames: [
'events'
]
isEnabled: false
name: '$fallback'
source: 'DeviceMessages'
}
routes: []
}
storageEndpoints: {}
}
}
resource iothubPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: iothubPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: iothubPrivateEndpointName
properties: {
groupIds: [
'iotHub'
]
privateLinkServiceId: iothub.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource iothubPrivateEndpointIotHubARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: iothubPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${iothubPrivateEndpoint.name}-arecord-iothub'
properties: {
privateDnsZoneId: privateDnsZoneIdIothub
}
}
{
name: '${iothubPrivateEndpoint.name}-arecord-eventhub'
properties: {
privateDnsZoneId: privateDnsZoneIdEventhubNamespace
}
}
]
}
}
// Outputs

83
infra/modules/services/keyvault.bicep Normal file
Просмотреть файл

@ -0,0 +1,83 @@
// This template is used to create a KeyVault.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param keyvaultName string
param privateDnsZoneIdKeyVault string
// Variables
var keyVaultPrivateEndpointName = '${keyVault.name}-private-endpoint'
// Resources
resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = {
name: keyvaultName
location: location
tags: tags
properties: {
accessPolicies: []
createMode: 'default'
enabledForDeployment: false
enabledForDiskEncryption: false
enabledForTemplateDeployment: false
enablePurgeProtection: true
enableRbacAuthorization: true
enableSoftDelete: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Deny'
ipRules: []
virtualNetworkRules: []
}
sku: {
family: 'A'
name: 'standard'
}
softDeleteRetentionInDays: 7
tenantId: subscription().tenantId
}
}
resource keyVaultPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: keyVaultPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: keyVaultPrivateEndpointName
properties: {
groupIds: [
'vault'
]
privateLinkServiceId: keyVault.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource keyVaultPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: keyVaultPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${keyVaultPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdKeyVault
}
}
]
}
}
// Outputs
output keyvaultId string = keyVault.id

135
infra/modules/services/sql.bicep Normal file
Просмотреть файл

@ -0,0 +1,135 @@
// This template is used to create a SQL Server and Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param sqlserverName string
@secure()
param administratorPassword string
param sqlserverAdminGroupName string
param sqlserverAdminGroupObjectID string
param privateDnsZoneIdSqlServer string
// Variables
var administratorUsername = 'SqlServerMainUser'
var sqlserverPrivateEndpointName = '${sqlserver.name}-private-endpoint'
// Resources
resource sqlserver 'Microsoft.Sql/servers@2020-11-01-preview' = {
name: sqlserverName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
administratorLogin: administratorUsername
administratorLoginPassword: administratorPassword
administrators: {}
minimalTlsVersion: '1.2'
publicNetworkAccess: 'Disabled'
version: '12.0'
}
}
resource sqlserverAdministrators 'Microsoft.Sql/servers/administrators@2020-11-01-preview' = if (sqlserverAdminGroupName != '' && sqlserverAdminGroupObjectID != '') {
parent: sqlserver
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: sqlserverAdminGroupName
sid: sqlserverAdminGroupObjectID
tenantId: subscription().tenantId
}
}
// resource sqlserverElasticPool001 'Microsoft.Sql/servers/elasticPools@2020-11-01-preview' = { // Uncomment, if you want to deploy an elastic pool
// parent: sqlserver
// name: 'elasticPool001'
// location: location
// tags: tags
// sku: {
// name: 'Basic'
// tier: 'Basic'
// capacity: 5
// }
// properties: {
// licenseType: 'LicenseIncluded'
// maxSizeBytes: 524288000
// perDatabaseSettings: {
// minCapacity: 524288000
// maxCapacity: 524288000
// }
// zoneRedundant: true
// }
// }
resource sqlserverDatabase001 'Microsoft.Sql/servers/databases@2020-11-01-preview' = {
parent: sqlserver
name: 'Database001'
location: location
tags: tags
sku: {
name: 'Basic'
tier: 'Basic'
capacity: 5
}
properties: {
autoPauseDelay: -1
catalogCollation: 'DATABASE_DEFAULT'
collation: 'SQL_Latin1_General_CP1_CI_AS'
createMode: 'Default'
readScale: 'Disabled'
highAvailabilityReplicaCount: 0
licenseType: 'LicenseIncluded'
maxSizeBytes: 524288000
minCapacity: 1
requestedBackupStorageRedundancy: 'Geo'
zoneRedundant: false
// elasticPoolId: sqlserverElasticPool001.id // Uncomment, if you want to deploy to an elastic pool. Do not forget to remove some properties from the database
}
}
resource sqlserverPrivateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: sqlserverPrivateEndpointName
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: sqlserverPrivateEndpointName
properties: {
groupIds: [
'sqlServer'
]
privateLinkServiceId: sqlserver.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource sqlserverPrivateEndpointARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: sqlserverPrivateEndpoint
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${sqlserverPrivateEndpoint.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSqlServer
}
}
]
}
}
// Outputs
output sqlserverId string = sqlserver.id

152
infra/modules/services/streamanalytics.bicep Normal file
Просмотреть файл

@ -0,0 +1,152 @@
// This template is used to create a Cosmos Database.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param streamanalyticsclusterName string
param streamanalyticsName string
@minValue(36)
@maxValue(216)
param streamanalyticsclusterSkuCapacity int
@allowed([
1
3
6
12
18
24
30
36
42
48
])
param streamanalyticsjobSkuCapacity int
param storageAccountId string
param sqlServerId string
param eventhubNamespaceId string
// Variables
var storageAccountName = last(split(storageAccountId, '/'))
var sqlServerName = last(split(sqlServerId, '/'))
var eventhubNamespaceName = last(split(eventhubNamespaceId, '/'))
var streamanalyticsclusterManagedPrivateEndpointNameStorageAccount = '${storageAccountName}-private-endpoint'
var streamanalyticsclusterManagedPrivateEndpointNameSqlServer = '${sqlServerName}-private-endpoint'
var streamanalyticsclusterManagedPrivateEndpointNameEventhubNamespace = '${eventhubNamespaceName}-private-endpoint'
var requestMessage = 'Private Endpoint for Stream Analytics Cluster ${streamanalyticscluster.name}'
// Resources
resource streamanalyticscluster 'Microsoft.StreamAnalytics/clusters@2020-03-01-preview' = {
name: streamanalyticsclusterName
location: location
tags: tags
sku: {
name: 'Default'
capacity: streamanalyticsclusterSkuCapacity
}
properties: {}
}
resource streamanalyticsclusterManagedPrivateEndpointStorageAccount 'Microsoft.StreamAnalytics/clusters/privateEndpoints@2020-03-01-preview' = if (!empty(storageAccountId)) {
parent: streamanalyticscluster
name: streamanalyticsclusterManagedPrivateEndpointNameStorageAccount
properties: {
manualPrivateLinkServiceConnections: [
{
properties: {
privateLinkServiceId: storageAccountId
groupIds: [
'blob'
]
privateLinkServiceConnectionState: {}
requestMessage: requestMessage
}
}
]
}
}
resource streamanalyticsclusterManagedPrivateEndpointSqlServer 'Microsoft.StreamAnalytics/clusters/privateEndpoints@2020-03-01-preview' = if (!empty(sqlServerId)) {
parent: streamanalyticscluster
name: streamanalyticsclusterManagedPrivateEndpointNameSqlServer
properties: {
manualPrivateLinkServiceConnections: [
{
properties: {
privateLinkServiceId: sqlServerId
groupIds: [
'sqlServer'
]
privateLinkServiceConnectionState: {}
requestMessage: requestMessage
}
}
]
}
}
resource streamanalyticsclusterManagedPrivateEndpointEventhubNamespace 'Microsoft.StreamAnalytics/clusters/privateEndpoints@2020-03-01-preview' = if (!empty(eventhubNamespaceId)) {
parent: streamanalyticscluster
name: streamanalyticsclusterManagedPrivateEndpointNameEventhubNamespace
properties: {
manualPrivateLinkServiceConnections: [
{
properties: {
privateLinkServiceId: eventhubNamespaceId
groupIds: [
'namespace'
]
privateLinkServiceConnectionState: {}
requestMessage: requestMessage
}
}
]
}
}
resource streamanalyticsjob001 'Microsoft.StreamAnalytics/streamingjobs@2017-04-01-preview' = {
name: streamanalyticsName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
cluster: {
id: streamanalyticscluster.id
}
compatibilityLevel: '1.0'
// contentStoragePolicy: 'JobStorageAccount' // Uncomment to store all connection details in storage account
// jobStorageAccount: {
// accountName: storageAccountName
// authenticationMode: 'Msi'
// }
dataLocale: 'en-US'
eventsLateArrivalMaxDelayInSeconds: 5
eventsOutOfOrderMaxDelayInSeconds: 0
eventsOutOfOrderPolicy: 'Adjust'
// externals: { // Uncomment to point to a storage account where custom code artifacts are stored
// container: 'mycontainername'
// path: 'my/path/to/artifacts'
// storageAccount: storageAccountName
// }
functions: []
inputs: []
outputs: []
jobType: 'Cloud'
outputErrorPolicy: 'Stop'
sku: {
name: 'Standard'
}
transformation: {
name: 'transformation'
properties: {
streamingUnits: streamanalyticsjobSkuCapacity
query: 'SELECT\r\n *\r\nINTO\r\n [YourOutputAlias]\r\nFROM\r\n [YourInputAlias]'
}
}
}
}
// Outputs
output streamanalyticsjob001Id string = streamanalyticsjob001.id

250
infra/modules/services/synapse.bicep Normal file
Просмотреть файл

@ -0,0 +1,250 @@
// This template is used to create a Synapse workspace.
targetScope = 'resourceGroup'
// Parameters
param location string
param tags object
param subnetId string
param synapseName string
@secure()
param administratorPassword string
param synapseSqlAdminGroupName string
param synapseSqlAdminGroupObjectID string
param synapseDefaultStorageAccountFileSystemId string
param synapseComputeSubnetId string
param privateDnsZoneIdSynapseSql string
param privateDnsZoneIdSynapseDev string
param purviewId string
// Variables
var synapseDefaultStorageAccountFileSystemName = last(split(synapseDefaultStorageAccountFileSystemId, '/'))
var synapseDefaultStorageAccountName = split(synapseDefaultStorageAccountFileSystemId, '/')[7]
var synapsePrivateEndpointNameSql = '${synapse.name}-sql-private-endpoint'
var synapsePrivateEndpointNameSqlOnDemand = '${synapse.name}-sqlondemand-private-endpoint'
var synapsePrivateEndpointNameDev = '${synapse.name}-dev-private-endpoint'
// Resources
resource synapse 'Microsoft.Synapse/workspaces@2021-03-01' = {
name: synapseName
location: location
tags: tags
identity: {
type: 'SystemAssigned'
}
properties: {
defaultDataLakeStorage: {
accountUrl: 'https://${synapseDefaultStorageAccountName}.dfs.${environment().suffixes.storage}'
filesystem: synapseDefaultStorageAccountFileSystemName
}
managedResourceGroupName: synapseName
managedVirtualNetwork: 'default'
managedVirtualNetworkSettings: {
allowedAadTenantIdsForLinking: []
linkedAccessCheckOnTargetResource: true
preventDataExfiltration: true
}
publicNetworkAccess: 'Disabled'
purviewConfiguration: {
purviewResourceId: purviewId
}
sqlAdministratorLogin: 'SqlServerMainUser'
sqlAdministratorLoginPassword: administratorPassword
virtualNetworkProfile: {
computeSubnetId: synapseComputeSubnetId
}
}
}
resource synapseSqlPool001 'Microsoft.Synapse/workspaces/sqlPools@2021-03-01' = {
parent: synapse
name: 'sqlPool001'
location: location
tags: tags
sku: {
name: 'DW100c'
}
properties: {
collation: 'SQL_Latin1_General_CP1_CI_AS'
createMode: 'Default'
storageAccountType: 'GRS'
}
}
resource synapseBigDataPool001 'Microsoft.Synapse/workspaces/bigDataPools@2021-03-01' = {
parent: synapse
name: 'bigDataPool001'
location: location
tags: tags
properties: {
autoPause: {
enabled: true
delayInMinutes: 15
}
autoScale: {
enabled: true
maxNodeCount: 10
minNodeCount: 3
}
// cacheSize: 100 // Uncomment to set a specific cache size
customLibraries: []
defaultSparkLogFolder: 'logs/'
dynamicExecutorAllocation: {
enabled: true
}
// isComputeIsolationEnabled: true // Uncomment to enable compute isolation (only available in selective regions)
// libraryRequirements: { // Uncomment to install pip dependencies on the Spark cluster
// content: ''
// filename: 'requirements.txt'
// }
nodeSize: 'Small'
nodeSizeFamily: 'MemoryOptimized'
sessionLevelPackagesEnabled: true
// sparkConfigProperties: { // Uncomment to set spark conf on the Spark cluster
// content: ''
// filename: 'spark.conf'
// }
sparkEventsFolder: 'events/'
sparkVersion: '3.0'
}
}
resource synapseManagedIdentitySqlControlSettings 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings@2021-03-01' = {
parent: synapse
name: 'default'
properties: {
grantSqlControlToManagedIdentity: {
desiredState: 'Enabled'
}
}
}
resource synapseAadAdministrators 'Microsoft.Synapse/workspaces/administrators@2021-03-01' = if (synapseSqlAdminGroupName != '' && synapseSqlAdminGroupObjectID != '') {
parent: synapse
name: 'activeDirectory'
properties: {
administratorType: 'ActiveDirectory'
login: synapseSqlAdminGroupName
sid: synapseSqlAdminGroupObjectID
tenantId: subscription().tenantId
}
}
resource synapsePrivateEndpointSql 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSql
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSql
properties: {
groupIds: [
'Sql'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSql
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSql.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointSqlOnDemand 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameSqlOnDemand
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameSqlOnDemand
properties: {
groupIds: [
'SqlOnDemand'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointSqlOnDemandARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointSqlOnDemand
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointSqlOnDemand.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseSql
}
}
]
}
}
resource synapsePrivateEndpointDev 'Microsoft.Network/privateEndpoints@2020-11-01' = {
name: synapsePrivateEndpointNameDev
location: location
tags: tags
properties: {
manualPrivateLinkServiceConnections: []
privateLinkServiceConnections: [
{
name: synapsePrivateEndpointNameDev
properties: {
groupIds: [
'Dev'
]
privateLinkServiceId: synapse.id
requestMessage: ''
}
}
]
subnet: {
id: subnetId
}
}
}
resource synapsePrivateEndpointDevARecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2020-11-01' = {
parent: synapsePrivateEndpointDev
name: 'aRecord'
properties: {
privateDnsZoneConfigs: [
{
name: '${synapsePrivateEndpointDev.name}-arecord'
properties: {
privateDnsZoneId: privateDnsZoneIdSynapseDev
}
}
]
}
}
// Outputs
output synapseId string = synapse.id

54
infra/params.dev.json Normal file
Просмотреть файл

@ -0,0 +1,54 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "dev"
},
"prefix": {
"value": "dom02"
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-storage/providers/Microsoft.Storage/storageAccounts/dlz01devencur/blobServices/default/containers/dd002"
},
"streamanalyticsDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-storage/providers/Microsoft.Storage/storageAccounts/dlz01devencur/blobServices/default/containers/dd002"
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-dev-network/providers/Microsoft.Network/virtualNetworks/dlz01-dev-vnet/subnets/DataDomain002Subnet"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-governance/providers/Microsoft.Purview/accounts/dmz-dev-purview001"
},
"enableRoleAssignments": {
"value": false
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdEventhubNamespace": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
},
"privateDnsZoneIdCosmosdbSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
},
"privateDnsZoneIdSqlServer": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
},
"privateDnsZoneIdIothub": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-dev-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net"
}
}
}

54
infra/params.prod.json Normal file
Просмотреть файл

@ -0,0 +1,54 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "prod"
},
"prefix": {
"value": "dom02"
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-storage/providers/Microsoft.Storage/storageAccounts/dlz01prodencur/blobServices/default/containers/dd002"
},
"streamanalyticsDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-storage/providers/Microsoft.Storage/storageAccounts/dlz01prodencur/blobServices/default/containers/dd002"
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-prod-network/providers/Microsoft.Network/virtualNetworks/dlz01-prod-vnet/subnets/DataDomain002Subnet"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-governance/providers/Microsoft.Purview/accounts/dmz-prod-purview001"
},
"enableRoleAssignments": {
"value": false
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdEventhubNamespace": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
},
"privateDnsZoneIdCosmosdbSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
},
"privateDnsZoneIdSqlServer": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
},
"privateDnsZoneIdIothub": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-prod-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net"
}
}
}

54
infra/params.test.json Normal file
Просмотреть файл

@ -0,0 +1,54 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "northeurope"
},
"environment": {
"value": "test"
},
"prefix": {
"value": "dom02"
},
"administratorPassword": {
"value": "<your-secure-password>"
},
"synapseDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-storage/providers/Microsoft.Storage/storageAccounts/dlz01testencur/blobServices/default/containers/dd002"
},
"streamanalyticsDefaultStorageAccountFileSystemId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-storage/providers/Microsoft.Storage/storageAccounts/dlz01testencur/blobServices/default/containers/dd002"
},
"subnetId": {
"value": "/subscriptions/2150d511-458f-43b9-8691-6819ba2e6c7b/resourceGroups/dlz01-test-network/providers/Microsoft.Network/virtualNetworks/dlz01-test-vnet/subnets/DataDomain002Subnet"
},
"purviewId": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-governance/providers/Microsoft.Purview/accounts/dmz-test-purview001"
},
"enableRoleAssignments": {
"value": false
},
"privateDnsZoneIdKeyVault": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
},
"privateDnsZoneIdSynapseDev": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net"
},
"privateDnsZoneIdSynapseSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net"
},
"privateDnsZoneIdEventhubNamespace": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"
},
"privateDnsZoneIdCosmosdbSql": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com"
},
"privateDnsZoneIdSqlServer": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net"
},
"privateDnsZoneIdIothub": {
"value": "/subscriptions/17588eb2-2943-461a-ab3f-00a3ceac3112/resourceGroups/dmz-test-global-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net"
}
}
}