|
22 | 22 | }, |
23 | 23 | "deploymentTimestamp": { |
24 | 24 | "type": "string", |
25 | | - "defaultValue": "[utcNow()]" |
| 25 | + "defaultValue": "[utcNow('O')]" |
26 | 26 | }, |
27 | 27 | "devopsServicePrincipalId": { |
28 | 28 | "type": "string" |
29 | 29 | }, |
30 | 30 | "adlsStorageAccountContainerName": { |
31 | 31 | "type": "string", |
32 | 32 | "defaultValue": "test" |
| 33 | + }, |
| 34 | + "adlsStorageAccountSasProperties": { |
| 35 | + "type": "object", |
| 36 | + "defaultValue": { |
| 37 | + "signedServices": "b", |
| 38 | + "signedPermission": "rl", |
| 39 | + "signedExpiry": "[dateTimeAdd(parameters('deploymentTimestamp'), 'P7D')]", |
| 40 | + "signedResourceTypes": "c" |
| 41 | + } |
33 | 42 | } |
34 | 43 | }, |
35 | 44 | "variables": { |
36 | 45 | "storageAccountApiVersion": "2021-04-01", |
37 | 46 | "adlsStorageAccountName": "[concat('adls', substring(uniqueString(parameters('branch')), 0, 4), 'xxxx', substring(parameters('commit'), 0, min(length(parameters('commit')), 7)))]", |
38 | 47 | "adlsStorageAccountResourceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('adlsStorageAccountName'))]", |
39 | | - //"adlsStorageAccountContainerName": "test", |
| 48 | + |
| 49 | + "keyVaultApiVersion": "2021-04-01-preview", |
| 50 | + "keyVaultName": "[concat('kv', substring(uniqueString(parameters('branch')), 0, 4), 'xxxx', substring(parameters('commit'), 0, min(length(parameters('commit')), 7)))]", |
40 | 51 |
|
41 | 52 | "functionsAppApiVersion": "2015-08-01", |
42 | 53 | "functionsAppBlobStorageAccountName": "[concat('funcblob', substring(uniqueString(parameters('branch')), 0, 4), 'xxxx', substring(parameters('commit'), 0, min(length(parameters('commit')), 7)))]", |
43 | 54 | "functionsAppName": "[concat('func', substring(uniqueString(parameters('branch')), 0, 4), 'xxxx', substring(parameters('commit'), 0, min(length(parameters('commit')), 7)))]", |
44 | 55 |
|
45 | 56 | "authorizationApiVersion": "2018-09-01-preview", |
46 | 57 |
|
| 58 | + |
| 59 | + |
47 | 60 | "owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", |
48 | 61 | "contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", |
49 | 62 | "reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", |
|
70 | 83 | } |
71 | 84 | }, |
72 | 85 |
|
73 | | - // 'Storage Blob Data Reader' scoped to the storage account |
74 | | - { |
75 | | - "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments", |
76 | | - "name": "[concat(variables('adlsStorageAccountName'),'/Microsoft.Authorization/',guid(resourceGroup().id, 'devopsServicePrincipal_adlsStorageAccount_storageBlobDataReader'))]", |
77 | | - "apiVersion": "[variables('authorizationApiVersion')]", |
78 | | - "properties": { |
79 | | - "roleDefinitionId": "[variables('storageBlobDatareader')]", |
80 | | - "principalId": "[parameters('devopsServicePrincipalId')]" |
81 | | - }, |
82 | | - "dependsOn": [ |
83 | | - "[concat('Microsoft.Storage/storageAccounts/', variables('adlsStorageAccountName'))]" |
84 | | - ] |
85 | | - }, |
| 86 | + // // 'Storage Blob Data Reader' scoped to the storage account |
| 87 | + // { |
| 88 | + // "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments", |
| 89 | + // "name": "[concat(variables('adlsStorageAccountName'),'/Microsoft.Authorization/',guid(resourceGroup().id, 'devopsServicePrincipal_adlsStorageAccount_storageBlobDataReader'))]", |
| 90 | + // "apiVersion": "[variables('authorizationApiVersion')]", |
| 91 | + // "properties": { |
| 92 | + // "roleDefinitionId": "[variables('storageBlobDatareader')]", |
| 93 | + // "principalId": "[parameters('devopsServicePrincipalId')]" |
| 94 | + // }, |
| 95 | + // "dependsOn": [ |
| 96 | + // "[concat('Microsoft.Storage/storageAccounts/', variables('adlsStorageAccountName'))]" |
| 97 | + // ] |
| 98 | + // }, |
86 | 99 |
|
87 | 100 | // 'Storage Blob Data Contributor' scoped to the storage account container |
88 | 101 | { |
89 | 102 | "type": "Microsoft.Storage/storageAccounts/blobServices/containers/providers/roleAssignments", |
90 | | - //"name": "[concat(variables('adlsStorageAccountName'), '/default/', parameters('adlsStorageAccountContainerName'), '/Microsoft.Authorization/', guid(resourceGroup().id, 'devopsServicePrincipal_adlsStorageAccountContainer', parameters('adlsStorageAccountContainerName'), 'test_storageBlobDataContributor'))]", |
91 | 103 | "name": "[concat(variables('adlsStorageAccountName'), '/default/', parameters('adlsStorageAccountContainerName'), '/Microsoft.Authorization/', guid(resourceGroup().id, parameters('devopsServicePrincipalId'), variables('adlsStorageAccountName'), parameters('adlsStorageAccountContainerName'), variables('storageBlobDataContributor')))]", |
92 | 104 | "apiVersion": "[variables('authorizationApiVersion')]", |
93 | | - //"scope": "[concat(resourceGroup().id, '/providers/Microsoft.Storage/storageAccounts/', variables('adlsStorageAccountName'), '/blobServices/containers/containers/', variables('adlsStorageAccountContainerName'))]", |
94 | 105 | "properties": { |
95 | 106 | "roleDefinitionId": "[variables('storageBlobDataContributor')]", |
96 | 107 | "principalId": "[parameters('devopsServicePrincipalId')]" |
|
166 | 177 | "Branch": "[parameters('branch')]", |
167 | 178 | "Pull Request": "[parameters('pullRequest')]", |
168 | 179 | "Create Date Time": "[parameters('deploymentTimestamp')]", |
169 | | - "Git Project Resource Code": "ADLS", |
170 | | - "RG": "[resourceGroup().name]" |
| 180 | + "Git Project Resource Code": "ADLS" |
171 | 181 | }, |
172 | 182 | "resources": [ |
173 | 183 | // Add a container to the storage account |
|
178 | 188 | "properties": { |
179 | 189 | "publicAccess": "None" |
180 | 190 | }, |
| 191 | + "tags": { |
| 192 | + "Git Project": "[parameters('gitProject')]", |
| 193 | + "Commit": "[parameters('commit')]", |
| 194 | + "Branch": "[parameters('branch')]", |
| 195 | + "Pull Request": "[parameters('pullRequest')]", |
| 196 | + "Create Date Time": "[parameters('deploymentTimestamp')]", |
| 197 | + "Git Project Resource Code": "ADLSTestContainer" |
| 198 | + }, |
181 | 199 | "dependsOn": [ |
182 | 200 | "[variables('adlsStorageAccountName')]" |
183 | 201 | ] |
|
186 | 204 | }, |
187 | 205 |
|
188 | 206 |
|
| 207 | + |
| 208 | + /******************************************************************************************************************************************** |
| 209 | + **** Key Vault |
| 210 | + ********************************************************************************************************************************************/ |
| 211 | + { |
| 212 | + "type": "Microsoft.KeyVault/vaults", |
| 213 | + "apiVersion": "[variables('keyVaultApiVersion')]", |
| 214 | + "name": "[variables('keyVaultName')]", |
| 215 | + "location": "[resourceGroup().location]", |
| 216 | + "tags": { |
| 217 | + "Git Project": "[parameters('gitProject')]", |
| 218 | + "Commit": "[parameters('commit')]", |
| 219 | + "Branch": "[parameters('branch')]", |
| 220 | + "Pull Request": "[parameters('pullRequest')]", |
| 221 | + "Create Date Time": "[parameters('deploymentTimestamp')]", |
| 222 | + "Git Project Resource Code": "KeyVault", |
| 223 | + "Tenant Id": "[subscription().tenantId]" |
| 224 | + }, |
| 225 | + "dependsOn": [ |
| 226 | + "[variables('adlsStorageAccountName')]", |
| 227 | + "[concat('Microsoft.Storage/storageAccounts/', variables('adlsStorageAccountName'))]", |
| 228 | + "[resourceId('Microsoft.Web/sites', variables('functionsAppName'))]" |
| 229 | + ], |
| 230 | + "properties": { |
| 231 | + "enabledForDeployment": true, |
| 232 | + "enabledForTemplateDeployment": true, |
| 233 | + "enabledForDiskEncryption": true, |
| 234 | + "tenantId": "[subscription().tenantId]", |
| 235 | + "accessPolicies": [ |
| 236 | + { |
| 237 | + "tenantId": "[subscription().tenantId]", |
| 238 | + "objectId": "[parameters('devopsServicePrincipalId')]", |
| 239 | + "permissions": { |
| 240 | + "secrets": [ |
| 241 | + "list", |
| 242 | + "get" |
| 243 | + ] |
| 244 | + } |
| 245 | + }, |
| 246 | + { |
| 247 | + "tenantId": "[subscription().tenantId]", |
| 248 | + "objectId": "[reference(resourceId('Microsoft.Web/sites', variables('functionsAppName')), variables('functionsAppApiVersion'), 'full').identity.principalId]", |
| 249 | + "permissions": { |
| 250 | + "secrets": [ |
| 251 | + "list", |
| 252 | + "get" |
| 253 | + ] |
| 254 | + } |
| 255 | + } |
| 256 | + ], |
| 257 | + "sku": { |
| 258 | + "name": "standard", |
| 259 | + "family": "A" |
| 260 | + } |
| 261 | + }, |
| 262 | + "resources": [ |
| 263 | + { |
| 264 | + "type": "secrets", |
| 265 | + "apiVersion": "[variables('keyVaultApiVersion')]", |
| 266 | + "name": "StorageSaSToken", |
| 267 | + "dependsOn": [ |
| 268 | + "[concat('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]" |
| 269 | + ], |
| 270 | + "properties": { |
| 271 | + "value": "[listAccountSas(variables('adlsStorageAccountName'), variables('storageAccountApiVersion'), parameters('adlsStorageAccountSasProperties')).accountSasToken]" |
| 272 | + } |
| 273 | + } |
| 274 | + ] |
| 275 | + }, |
| 276 | + |
| 277 | + |
189 | 278 | /******************************************************************************************************************************************** |
190 | 279 | **** Functions Apps |
191 | 280 | ********************************************************************************************************************************************/ |
|
0 commit comments