ipam/deploy/storageAccount.bicep

98 строки
2.7 KiB
Bicep

@description('Blob Container Name')
param containerName string = 'nginx'
@description('Deployment Location')
param location string = resourceGroup().location
@description('Managed Identity Id')
param managedIdentityId string
@description('Managed Identity PrincipalId')
param principalId string
@description('Role Assignment GUID')
param roleAssignmentName string = newGuid()
@description('Storage Account Name')
param storageAccountName string
var storageBlobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
var storageBlobDataContributorId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', storageBlobDataContributor)
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
}
}
resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = {
name: '${storageAccount.name}/default/${containerName}'
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
scope: blobContainer
properties: {
principalType: 'ServicePrincipal'
roleDefinitionId: storageBlobDataContributorId
principalId: principalId
}
}
resource copyNginxConfig 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: 'copyNginxConfig'
location: location
kind: 'AzurePowerShell'
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentityId}': {}
}
}
properties: {
azPowerShellVersion: '7.5'
timeout: 'PT1H'
environmentVariables: [
{
name: 'StorageAccountName'
value: storageAccount.name
}
{
name: 'ContainerName'
value: containerName
}
{
name: 'ResourceGroup'
value: resourceGroup().name
}
]
scriptContent: '''
Invoke-WebRequest "https://raw.githubusercontent.com/Azure/ipam/init/default.conf" -OutFile ./default.conf
$storageAccount = Get-AzStorageAccount -ResourceGroupName $Env:ResourceGroup -Name $Env:StorageAccountName
$ctx = $storageAccount.Context
$container = Get-AzStorageContainer -Name $Env:ContainerName -Context $ctx
$NginxConfig = @{
File = "./default.conf"
Container = $Env:ContainerName
Blob = "default.conf"
Context = $ctx
StandardBlobTier = "Hot"
}
Set-AzStorageBlobContent @NginxConfig
'''
cleanupPreference: 'Always'
retentionInterval: 'PT1H'
}
}
output name string = storageAccount.name