From fb05660e91e428b6c82493297ccd8d4d66a9b1b4 Mon Sep 17 00:00:00 2001 From: Maciej Maciejewski Date: Sat, 2 Mar 2024 20:27:31 +0000 Subject: [PATCH] documentation --- modules/database/sqlserver/README.md | 47 ++++++++++++++- modules/database/sqlserver/main.bicep | 60 +++++++------------ .../security/keyvault-access-policy/README.md | 31 +++++++++- .../keyvault-access-policy/main.bicep | 2 +- modules/security/keyvault-secrets/README.md | 27 ++++++++- modules/security/keyvault/README.md | 54 ++++++++++++++++- modules/security/keyvault/main.bicep | 50 ++++++++-------- modules/storage/storage-account/README.md | 49 ++++++++++++++- modules/storage/storage-account/main.bicep | 6 +- modules/web/appservice/README.md | 40 ++++++------- test-deployment/deployment-test.azcli | 3 +- test-deployment/main.bicep | 60 +++++++++++++++---- 12 files changed, 321 insertions(+), 108 deletions(-) diff --git a/modules/database/sqlserver/README.md b/modules/database/sqlserver/README.md index b8e8697..8110e19 100644 --- a/modules/database/sqlserver/README.md +++ b/modules/database/sqlserver/README.md @@ -4,4 +4,49 @@ This module deploys Azure SQL Server. ## Details -Use this module within other Bicep templates to simplify the usage of a SQL Server. \ No newline at end of file +Use this module within other Bicep templates to simplify the usage of a SQL Server. + +## Parameters + +| Name | Type | Required | Description | +| :------------------------- | :------: | :------: | :---------------------------------------------------------------------------------------------------------------------------- | +| `sqlServerName` | `string` | Yes | Required. The SQL Server Name | +| `location` | `string` | Yes | Required. Location name for the resource. default to resource group location | +| `tags` | `object` | Yes | Required. Tags of the resources | +| `sqlDatabaseName` | `string` | Yes | Required. The SQL Server Database Name | +| `keyVaultName` | `string` | Yes | Required. The name of the exisiting Key Vault to store connection string | +| `sqlAdministratorUsername` | `string` | No | Optional. Provide the name of sql admin user name | +| `sqlAdministratorPassword` | `string` | No | Optional. Provide the password for sql admin user if left empty it will be generate random password | +| `skuName` | `string` | No | Optional. Database SKU Name e.g. Basic, Standard (S0-S12), Premium(P1-P15). Defaults is Basic. | +| `skuCapacity` | `string` | No | Optional. Database SKU Capacity depends on the sku name for Basic is between 1-5. Defaults is 1 | +| `skuTier` | `string` | No | Optional. Database SKU Tier e.g. Basic, Standard, Premium. Defaults is Basic | +| `sqlServerSubnetId` | `string` | No | Optional. Provide VNet subnet id to protect the database | +| `connectionStringKey` | `string` | No | Optional. Provide a key name in Key Vault where the connection string will be saved. Default is "AZURE-SQL-CONNECTION-STRING" | + +## Outputs + +| Name | Type | Description | +| :----------- | :------: | :-------------------------------- | +| `resourceId` | `string` | The resource ID of the SQL server | + +## Examples + +### Examples 1 + +The example how to deploy the SQL Server using the minimum required oarameters. + +```bicep +module sql 'br:mmbicepmoduleregistry.azurecr.io/sqlserver"1.0.2' = { + name: '${uniqueString(deployment().name, 'uksouth')}-sql' + params: { + keyVaultName: 'my-kv-name' + location: 'uksouth' + databaseName: 'my-db-name' + sqlServerName: 'my-sql-server-name' + tags: { + environment: 'production' + } + } +} + +``` diff --git a/modules/database/sqlserver/main.bicep b/modules/database/sqlserver/main.bicep index e9f4623..8724c71 100644 --- a/modules/database/sqlserver/main.bicep +++ b/modules/database/sqlserver/main.bicep @@ -12,32 +12,38 @@ param location string param tags object @description('Required. The SQL Server Database Name.') -param sqlDatabaseName string +param databaseName string @description('Required. The name of the exisiting Key Vault to store connection string.') param keyVaultName string -@description('Optional. Provide the name of sql admin user name.') +@description('Optional. Provide the name of sql admin user name. Default is "sqlAdmin"') param sqlAdministratorUsername string = 'sqlAdmin' -@description('Optional. Provide the password for sql admin user.') +@description('Optional. Provide the password for sql admin user if left empty it will be generate random password.') @secure() param sqlAdministratorPassword string = '' -param skuName string = 'B1' -param skuCapacity int = 1 -param skuTier string = 'Basic' +@description('Optional. Database SKU Name e.g. Basic, Standard (S0-S12), Premium(P1-P15). Defaults is "Basic".') +param databaseSkuName string = 'Basic' + +@description('Optional. Database SKU Capacity depends on the sku name for Basic is between 1-5. Defaults is 1.') +param databaseSkuCapacity int = 0 + +@description('Optional. Database SKU Tier e.g. Basic, Standard, Premium. Defaults is "Basic"') +param databaseSkuTier string = 'Basic' // @description('Optional. Provide the Log Analytics Workspace ID to store logs.') // param workspaceId string = '' @description('Optional. Provide VNet subnet id to protect the database.') param sqlServerSubnetId string = '' +@description('Optional. Provide a key name in Key Vault where the connection string will be saved. Default is "AZURE-SQL-CONNECTION-STRING"') param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING' param guidValue string = newGuid() -var adminPassword = empty(sqlAdministratorPassword) ? sqlAdministratorPassword : '${toUpper(uniqueString(resourceGroup().id))}-${guidValue}' +var adminPassword = !empty(sqlAdministratorPassword) ? sqlAdministratorPassword : 'P${toUpper(uniqueString(resourceGroup().id))}-${guidValue}' resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { name: sqlServerName @@ -45,7 +51,7 @@ resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { tags: tags properties: { version: '12.0' - minimalTlsVersion: '1.3' + minimalTlsVersion: '1.2' publicNetworkAccess: 'Enabled' administratorLogin: sqlAdministratorUsername administratorLoginPassword: adminPassword @@ -58,12 +64,12 @@ resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { } resource sqlDatabase 'databases' = { - name: sqlDatabaseName + name: databaseName location: location sku: { - name: skuName - capacity: skuCapacity - tier: skuTier + name: databaseSkuName + capacity: databaseSkuCapacity == 0 ? null : databaseSkuCapacity + tier: databaseSkuTier } } @@ -76,33 +82,6 @@ resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { } } -// resource vnetRule 'Microsoft.Sql/servers/virtualNetworkRules@2023-05-01-preview' = if (!empty(sqlServerSubnetId)) { -// name: sqlServerName -// properties: { -// virtualNetworkSubnetId: sqlServerSubnetId -// } -// } - -// resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { -// parent: sqlServer -// name: sqlDatabaseName -// location: location -// sku: { -// name: skuName -// capacity: skuCapacity -// tier: skuTier -// } -// } - -// resource firewall 'Microsoft.Sql/servers/firewallRules@2023-05-01-preview' = { -// parent: sqlServer -// name: 'AllowAllWindowsAzureIps' -// properties: { -// startIpAddress: '0.0.0.0' -// endIpAddress: '0.0.0.0' -// } -// } - resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: keyVaultName } @@ -114,3 +93,6 @@ resource keyVaultSecret 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = { value: 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::sqlDatabase.name}; User=${sqlAdministratorUsername}; Password=${adminPassword};' } } + +@description('The resource ID of the SQL server.') +output resourceId string = sqlServer.id diff --git a/modules/security/keyvault-access-policy/README.md b/modules/security/keyvault-access-policy/README.md index ffd6833..1692ffa 100644 --- a/modules/security/keyvault-access-policy/README.md +++ b/modules/security/keyvault-access-policy/README.md @@ -4,4 +4,33 @@ This module deploy Key Vaults Access Policy. ## Details -Use this module within other Bicep template to simplify the usage of a Key Vault Access Policy. \ No newline at end of file +Use this module within other Bicep template to simplify the usage of a Key Vault Access Policy. + +## Parameters + +| Name | Type | Required | Description | +| :---------------------- | :------: | :------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `keyVaultName` | `string` | Yes | Required. Name of Key Vault | +| `objectId` | `string` | Yes | Required. Object Id of a user, service principal or security group | +| `applicationId` | `string` | No | Optional. Application id of the client making request | +| `secretsPermissions` | `array` | No | Optional. Specifies the permissions to secrets in the vault. Valid values are: all, get, list, set, delete, backup, restore, recover, and purge | +| `keyPermissions` | `array` | No | Optional. Specifies the permissions to keys in the vault. Valid values are: all, encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, and purge | +| `certificatPermissions` | `array` | No | Optional. Specify the permissions to certificates. Valid values are: all, backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers, update | +| `policyName` | `string` | No | Optional. Name of Key Vault Access Policy | + +## Examples + +### Example 1 + +Example of how to deploy a key vault access policy using a minimum required parameters. + +```bicep +module kv_access_policy '.br:mmbicepmoduleregistry.azurecr.io/keyvault-access-policy:0.1.2' = { + name: '${uniqueString(deployment().name, 'uksouth')}-access-policy' + params: { + keyVaultName: 'az-kv-01' + objectId: '00000000-0000-0000-0000-000000000000' + secretsPermissions: [ 'get', 'list', 'set', 'delete' ] + } +} +``` diff --git a/modules/security/keyvault-access-policy/main.bicep b/modules/security/keyvault-access-policy/main.bicep index 994d8bc..ff67a82 100644 --- a/modules/security/keyvault-access-policy/main.bicep +++ b/modules/security/keyvault-access-policy/main.bicep @@ -20,7 +20,7 @@ param keyPermissions array = [] @description('Optional. Specify the permissions to certificates. Valid values are: all, backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers, update') param certificatPermissions array = [] -@description('Oprional. Name of Key Vault Access Policy.') +@description('Optional. Name of Key Vault Access Policy.') param policyName string = 'add' resource keyvault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { diff --git a/modules/security/keyvault-secrets/README.md b/modules/security/keyvault-secrets/README.md index 0ad36c9..d355cbc 100644 --- a/modules/security/keyvault-secrets/README.md +++ b/modules/security/keyvault-secrets/README.md @@ -4,4 +4,29 @@ This module deploy Key Vaults Secrets. ## Details -Use this module within other Bicep template to simplify the usage of a Key Vault Secrets. \ No newline at end of file +Use this module within other Bicep template to simplify the usage of a Key Vault Secrets. + +## Parameters + +| Name | Type | Required | Description | +| :------------- | :------: | :------: | :-------------------------- | +| `keyVaultName` | `string` | Yes | Required. Name of Key Vault | +| `secretName` | `string` | Yes | Required. Secret name | +| `secretValue` | `string` | Yes | Required. Secret value | + +## Examples + +# Example 1 + +Example of how to deploy a key vault secrets using a minimum required parameters + +```bicep +module kv_secret 'br:mmbicepmoduleregistry.azurecr.io/keyvault-secrets:0.1.2' = { + name: '${uniqueString(deployment().name, 'uksouth')}-secret' + params: { + keyVaultName: 'az-kv-01' + secretName: 'secret-name' + secretValue: 'secret-value' + } +} +``` diff --git a/modules/security/keyvault/README.md b/modules/security/keyvault/README.md index 20aa5e3..c257cab 100644 --- a/modules/security/keyvault/README.md +++ b/modules/security/keyvault/README.md @@ -4,4 +4,56 @@ This module deploy Key Vaults. ## Details -Use this module within other Bicep template to simplify the usage of a Key Vault. \ No newline at end of file +Use this module within other Bicep template to simplify the usage of a Key Vault. + +## Parameters + +| Name | Type | Required | Description | +| :-------------------------- | :--------: | :------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `name` | `string` | Yes | Required. Name of Key Vault | +| `location` | `string` | Yes | Required. Location for all resources | +| `tags` | `object` | Yes | Required. Tags of the resources | +| `workspaceId` | `string` | Yes | Required. Provide Log Analytics Workspace Id for diagnostics settings | +| `principalId` | `string` | No | Optional. Provide Service Principal Id with access for the keyvault | +| `enableSoftDelete` | `bool` | No | Optional. Specifies whether soft delete should be enabled for the Key Vault | +| `softDeleteRetentionInDays` | `string` | No | Optional. The number of days to retain deleted data in the Key Vault | +| `enablePurgeProtection` | `string` | No | Optional. Specify whether purge protection should be enabled for the Key Vault | +| `enableRbacAuthorization` | `string` | No | Optional. Specify whether the Key Vault will be using RBAC. Default is false - use the access policy | +| `skuName` | `string` | No | Optional. The SKU name of the Key Vault | +| `skuFamily` | `string` | No | Optional. The SKU family of the Key Vault | +| `networkAcls` | `string` | No | Optional. Configuration for network access rules | +| `publicNetworkAccess` | `string` | No | Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set | +| `lock` | `lockType` | No | Optional. The lock settings of the service | + +## Outputs + +| Name | Type | Description | +| :----------- | :------: | :------------------------------- | +| `resourceId` | `string` | The resource ID of the key vault | +| `name` | `string` | The name of the key vault | + +## Examples + +### Example 1 + +Example of how to deploy a key vault using a minimum required parameters. + +```bicep +module kv 'br:mmbicepmoduleregistry.azurecr.io/keyvault:0.1.5' = { + name: '${uniqueString(deployment().name, 'uksouth')}-kv' + params: { + name: 'az-kv-01' + workspaceId: '1234abcd-def89-765a-9abc-def1234abcde' + networkAcls: { + bypass: 'AzureServices' + defaultAction: 'Deny' + ipAllowlist: [ '127.0.0.0/24' ] + } + principalId: '00000000-0000-0000-0000-000000000000' + location: 'uksouth' + tags: { + environment: 'production' + } + } +} +``` diff --git a/modules/security/keyvault/main.bicep b/modules/security/keyvault/main.bicep index 97fc58f..ca410cf 100644 --- a/modules/security/keyvault/main.bicep +++ b/modules/security/keyvault/main.bicep @@ -17,24 +17,24 @@ param workspaceId string @description('Optional. Provide Service Principal Id with access for the keyvault') param principalId string = '' -@description('Optional. Specifies whether soft delete should be enabled for the Key Vault.') +@description('Optional. Specifies whether soft delete should be enabled for the Key Vault. The default is true.') param enableSoftDelete bool = true -@description('Optional. The number of days to retain deleted data in the Key Vault.') +@description('Optional. The number of days to retain deleted data in the Key Vault. The default is 7 days.') param softDeleteRetentionInDays int = 7 -@description('Optional. Specify whether purge protection should be enabled for the Key Vault.') +@description('Optional. Specify whether purge protection should be enabled for the Key Vault. The default is false.') param enablePurgeProtection bool = false @description('Optional. Specify whether the Key Vault will be using RBAC. Default is false - use the access policy.') param enableRbacAuthorization bool = false @allowed([ 'standard', 'premium' ]) -@description('Optional. The SKU name of the Key Vault.') +@description('Optional. The SKU name of the Key Vault. The default is "standard".') param skuName string = 'standard' @allowed([ 'A', 'B' ]) -@description('Optional. The SKU family of the Key Vault.') +@description('Optional. The SKU family of the Key Vault. The default is "A".') param skuFamily string = 'A' @description('Optional. Configuration for network access rules.') @@ -50,12 +50,12 @@ param networkAcls networkAclsType = { ]) param publicNetworkAccess string = '' -// @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -// param privateEndpoints privateEndpointType - @description('Optional. The lock settings of the service.') param lock lockType = {} +// @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +// param privateEndpoints privateEndpointType + var varNetworkAclsIpRules = [for ip in networkAcls.?ipAllowlist ?? []: { value: ip }] var varNetworkAclsVirtualNetworkRules = [for subnet in networkAcls.?subnetIds ?? []: { id: subnet }] @@ -119,7 +119,7 @@ resource keyVault_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(l } @description('Key vault id') -output id string = keyVault.id +output resourceId string = keyVault.id @description('Key vault name') output name string = keyVault.name @@ -241,28 +241,28 @@ type lockType = { // } // }[]? -type roleAssignmentType = { - @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') - roleDefinitionIdOrName: string +// type roleAssignmentType = { +// @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +// roleDefinitionIdOrName: string - @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') - principalId: string +// @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') +// principalId: string - @description('Optional. The principal type of the assigned principal ID.') - principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? +// @description('Optional. The principal type of the assigned principal ID.') +// principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? - @description('Optional. The description of the role assignment.') - description: string? +// @description('Optional. The description of the role assignment.') +// description: string? - @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') - condition: string? +// @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') +// condition: string? - @description('Optional. Version of the condition.') - conditionVersion: '2.0'? +// @description('Optional. Version of the condition.') +// conditionVersion: '2.0'? - @description('Optional. The Resource Id of the delegated managed identity resource.') - delegatedManagedIdentityResourceId: string? -}[]? +// @description('Optional. The Resource Id of the delegated managed identity resource.') +// delegatedManagedIdentityResourceId: string? +// }[]? // type diagnosticSettingType = { // @description('Optional. The name of diagnostic setting.') diff --git a/modules/storage/storage-account/README.md b/modules/storage/storage-account/README.md index 81782d9..f3667c3 100644 --- a/modules/storage/storage-account/README.md +++ b/modules/storage/storage-account/README.md @@ -1,3 +1,50 @@ # Storage -This module deploy storage account \ No newline at end of file +This module deploy storage account. + +## Details + +Use this module within other Bicep template to simplify the usage of storage account. + +## Parameters + +| Name | Type | Required | Description | +| :---------------------- | :-------------------------: | :------: | :----------------------------------------------------------------------------------------------------- | +| `name` | `string` | Yes | Required. Name of Storage Account. Must be unique within Azure | +| `location` | `string` | Yes | Required. Location for all resources | +| `tags` | `object` | Yes | Required. Tags of the resources | +| `isZoneRedundant` | `bool` | No | Optional. This toggle changes the default value of the sku parameter from Standard_LRS to Standard_ZRS | +| `sku` | `string` | No | Optional. Storage Account SKU. default is Standard_LRS | +| `kind` | `string` | No | Optional. Storage Account Kind. Default is StorageV2 | +| `accessTier` | `string` | No | Optional. The access tier of the storage account, which is used for billing | +| `allowBlobPublicAccess` | `bool` | No | Optional. Allow or disallow public access to all blobs or containers in the storage account | +| `blobServiceProperties` | `blobServicePropertiesType` | No | Optional. Properties object for a Blob service of a Storage Account | +| `blobContainers` | `blobContainerType` | No | Optional. Array of blob containers to be created for blobServices of Storage Account | +| `networkAcls` | `networkAclsType` | No | Optional. Configuration for network access rules | + +## Outputs + +| Name | Type | Description | +| :----------- | :------: | :------------------------------------- | +| `resourceId` | `string` | The resource ID of the storage account | +| `name` | `string` | The name of the storage account | + +## Examples + +### Examples 1 + +Example of how to deploy a storage account using a minumum required parameters. + +```bicep +module test1 'br:mmbicepmoduleregistry.azurecr.io/storage-account:0.1.12' = { + name: '${uniqueString(deployment().name, 'uksouth')}-sa' + params: { + name: 'az-sa-001' + sku: 'Standard_GRS' + location: 'uksouth' + tags: { + environment: 'production' + } + } +} +``` diff --git a/modules/storage/storage-account/main.bicep b/modules/storage/storage-account/main.bicep index 8357fb8..3544d5a 100644 --- a/modules/storage/storage-account/main.bicep +++ b/modules/storage/storage-account/main.bicep @@ -115,7 +115,7 @@ resource blobContainer 'Microsoft.Storage/storageAccounts/blobServices/container properties: container.?properties ?? {} }] -@description('The properties of a storage account’s Blob service.') +@description('The properties of a storage accounts Blob service.') type blobServicePropertiesType = { changeFeed: changeFeed? containerDeleteRetentionPolicy: deleteRetentionPolicyType? @@ -208,7 +208,7 @@ type networkAclsResourceAccessRuleType = { } @description('The name of the Storage Account resource') -output name string = name +output name string = storageAccount.name @description('The ID of the Storage Account. Use this ID to reference the Storage Account in other Azure resource deployments.') -output id string = storageAccount.id +output resourceId string = storageAccount.id diff --git a/modules/web/appservice/README.md b/modules/web/appservice/README.md index b6d2abb..fa00888 100644 --- a/modules/web/appservice/README.md +++ b/modules/web/appservice/README.md @@ -8,28 +8,28 @@ Use this module within other Bicep templates to simplify the usage of a Web App ## Parameters -| Name | Type | Required | Description | -| :------------------------- | :------: | :------: | :--------------------------------------------------------------------------- | -| `name` | `string` | Yes | Required. The App Service Name | -| `location` | `string` | Yes | Required. Location name for the resource. default to resource group location | -| `tags` | `object` | Yes | Required. Tags of the resources | -| `runtimeName` | `string` | Yes | Required. Provide a runtime name from the list (dotnet, dotnetcore, node, python, java). | -| `runtimeVersion` | `string` | Yes | Required. Provide a runtime version | -| `sku` | `object` | No | Optional. SKU for the App Service Plan | -| `applicationInsightsName` | `string` | No | Optional. Provide Application Insight Name. | -| `keyVaultName` | `string` | No | Optional. Provide Key Vault Name | -| `kind` | `string` | No | Optional. Kind of resource | -| `reserved` | `bool` | No | Optional. If Linux app service plan true, false otherwise.| +| Name | Type | Required | Description | +| :------------------------ | :------: | :------: | :--------------------------------------------------------------------------------------- | +| `name` | `string` | Yes | Required. The App Service Name | +| `location` | `string` | Yes | Required. Location name for the resource. default to resource group location | +| `tags` | `object` | Yes | Required. Tags of the resources | +| `runtimeName` | `string` | Yes | Required. Provide a runtime name from the list (dotnet, dotnetcore, node, python, java). | +| `runtimeVersion` | `string` | Yes | Required. Provide a runtime version | +| `sku` | `object` | No | Optional. SKU for the App Service Plan | +| `applicationInsightsName` | `string` | No | Optional. Provide Application Insight Name. | +| `keyVaultName` | `string` | No | Optional. Provide Key Vault Name | +| `kind` | `string` | No | Optional. Kind of resource | +| `reserved` | `bool` | No | Optional. If Linux app service plan true, false otherwise. | ## Outputs -| Name | Type | Description | -| :------------------ | :------: | :-------------------------------------- | -| `identityPrincipalId` | `string` | The app service identity principal ID | -| `appServiceName` | `string` | The name of app service | -| `appServiceUrl` | `string` | The public url for the app service | -| `appServicePlanId` | `string` | The app service plan ID | -| `appServicePlanName` | `string` | The app service plan name | +| Name | Type | Description | +| :-------------------- | :------: | :------------------------------------ | +| `identityPrincipalId` | `string` | The app service identity principal ID | +| `appServiceName` | `string` | The name of app service | +| `appServiceUrl` | `string` | The public url for the app service | +| `appServicePlanId` | `string` | The app service plan ID | +| `appServicePlanName` | `string` | The app service plan name | ## Examples @@ -71,4 +71,4 @@ module test2 '../main.bicep' = { runtimeVersion: '18-lts' } } -``` \ No newline at end of file +``` diff --git a/test-deployment/deployment-test.azcli b/test-deployment/deployment-test.azcli index ee4653c..b7c73cf 100644 --- a/test-deployment/deployment-test.azcli +++ b/test-deployment/deployment-test.azcli @@ -7,14 +7,13 @@ # to change the current subscription use the below command # az account set --subscription "Your Subscription Name" -export rg_name="bicep-module-tmp-test-rg" +export rg_name="tmp-test-bicep-module-rg" export location="uksouth" # create a rg az group create --resource-group $rg_name --location $location # create deployment in rg with the content from main.bicep file and params - az deployment group create --resource-group $rg_name --name module-testing --mode Complete --template-file main.bicep --parameters main.parameters.json diff --git a/test-deployment/main.bicep b/test-deployment/main.bicep index d979122..3a8a315 100644 --- a/test-deployment/main.bicep +++ b/test-deployment/main.bicep @@ -39,7 +39,6 @@ var varNetworkAcls = { } module kv '../modules/security/keyvault/main.bicep' = { - // scope: rg name: 'deploy-kv-test' params: { location: location @@ -52,20 +51,55 @@ module kv '../modules/security/keyvault/main.bicep' = { } } -module kv_secret '../modules/security/keyvault-secrets/main.bicep' = { - name: 'deploy-kv-secret-test' +module sql '../modules/database/sqlserver/main.bicep' = { + name: 'deploy-sql-test' params: { keyVaultName: kv.outputs.name - secretName: 'ConnectionStrings--DefaultConnection' - secretValue: 'my pass' + location: location + databaseName: 'my-db-name' + sqlServerName: 'my-sql-server-name' + tags: tags } } -module kv_access_policy '../modules/security/keyvault-accesspolicy/main.bicep' = { - name: 'deploy-kv-access-policy-test' - params: { - keyVaultName: kv.outputs.name - objectId: '47689dc0-8e50-4474-970a-b913a75b5b0e' // for magicsoftware-Calculator-8e88c488-1596-4d79-8d3f-f9d16aa345ad - secretsPermissions: [ 'get', 'list', 'set', 'delete' ] - } -} +// Key Vault sample +// + +// var varNetworkAcls = { +// bypass: 'AzureServices' +// defaultAction: 'Deny' +// ipAllowlist: [ '81.106.66.0/24' ] +// // subnetIds [''] +// } + +// module kv '../modules/security/keyvault/main.bicep' = { +// // scope: rg +// name: 'deploy-kv-test' +// params: { +// location: location +// name: '${abbrs.keyVaultVaults}${resourceToken}' +// tags: tags +// workspaceId: logAnalyticsWorkspace.id +// networkAcls: varNetworkAcls +// principalId: 'c5c1dcd6-c181-466e-a606-cd67d0532eb9' // me + +// } +// } + +// module kv_secret '../modules/security/keyvault-secrets/main.bicep' = { +// name: 'deploy-kv-secret-test' +// params: { +// keyVaultName: kv.outputs.name +// secretName: 'ConnectionStrings--DefaultConnection' +// secretValue: 'my pass' +// } +// } + +// module kv_access_policy '../modules/security/keyvault-accesspolicy/main.bicep' = { +// name: 'deploy-kv-access-policy-test' +// params: { +// keyVaultName: kv.outputs.name +// objectId: '47689dc0-8e50-4474-970a-b913a75b5b0e' // for magicsoftware-Calculator-8e88c488-1596-4d79-8d3f-f9d16aa345ad +// secretsPermissions: [ 'get', 'list', 'set', 'delete' ] +// } +// }