зеркало из https://github.com/Azure/ipam.git
98 строки
2.7 KiB
Bicep
98 строки
2.7 KiB
Bicep
@description('Blob Container Name')
|
|
param containerName string = 'nginx'
|
|
|
|
@description('Deployment Location')
|
|
param location string = resourceGroup().location
|
|
|
|
@description('Managed Identity Id')
|
|
param managedIdentityId string
|
|
|
|
@description('Managed Identity PrincipalId')
|
|
param principalId string
|
|
|
|
@description('Role Assignment GUID')
|
|
param roleAssignmentName string = newGuid()
|
|
|
|
@description('Storage Account Name')
|
|
param storageAccountName string
|
|
|
|
var storageBlobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
|
|
var storageBlobDataContributorId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataContributor)
|
|
|
|
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
|
|
name: storageAccountName
|
|
location: location
|
|
sku: {
|
|
name: 'Standard_LRS'
|
|
}
|
|
kind: 'StorageV2'
|
|
properties: {
|
|
accessTier: 'Hot'
|
|
allowBlobPublicAccess: false
|
|
}
|
|
}
|
|
|
|
resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = {
|
|
name: '${storageAccount.name}/default/${containerName}'
|
|
}
|
|
|
|
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
|
|
name: roleAssignmentName
|
|
scope: blobContainer
|
|
properties: {
|
|
principalType: 'ServicePrincipal'
|
|
roleDefinitionId: storageBlobDataContributorId
|
|
principalId: principalId
|
|
}
|
|
}
|
|
|
|
resource copyNginxConfig 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
|
|
name: 'copyNginxConfig'
|
|
location: location
|
|
kind: 'AzurePowerShell'
|
|
identity: {
|
|
type: 'UserAssigned'
|
|
userAssignedIdentities: {
|
|
'${managedIdentityId}': {}
|
|
}
|
|
}
|
|
properties: {
|
|
azPowerShellVersion: '7.5'
|
|
timeout: 'PT1H'
|
|
environmentVariables: [
|
|
{
|
|
name: 'StorageAccountName'
|
|
value: storageAccount.name
|
|
}
|
|
{
|
|
name: 'ContainerName'
|
|
value: containerName
|
|
}
|
|
{
|
|
name: 'ResourceGroup'
|
|
value: resourceGroup().name
|
|
}
|
|
]
|
|
scriptContent: '''
|
|
Invoke-WebRequest "https://raw.githubusercontent.com/Azure/ipam/init/default.conf" -OutFile ./default.conf
|
|
$storageAccount = Get-AzStorageAccount -ResourceGroupName $Env:ResourceGroup -Name $Env:StorageAccountName
|
|
$ctx = $storageAccount.Context
|
|
$container = Get-AzStorageContainer -Name $Env:ContainerName -Context $ctx
|
|
|
|
$NginxConfig = @{
|
|
File = "./default.conf"
|
|
Container = $Env:ContainerName
|
|
Blob = "default.conf"
|
|
Context = $ctx
|
|
StandardBlobTier = "Hot"
|
|
}
|
|
|
|
Set-AzStorageBlobContent @NginxConfig
|
|
'''
|
|
cleanupPreference: 'Always'
|
|
retentionInterval: 'PT1H'
|
|
}
|
|
}
|
|
|
|
output name string = storageAccount.name
|