From b69ffee12850d5e705559d8e6da8db0f65b1de15 Mon Sep 17 00:00:00 2001 From: Raafat Zarka Date: Fri, 13 Dec 2024 13:54:41 +0000 Subject: [PATCH] Upgrading bicep templates #886 --- .../infrastructure/modules/actiongroup.bicep | 19 +++++- .../infrastructure/modules/alerts.bicep | 62 ++++++++++++------- .../infrastructure/modules/appinsights.bicep | 16 +++-- .../infrastructure/modules/dashboard.bicep | 15 ++++- .../modules/data_quality_workbook.bicep | 23 ++++++- .../infrastructure/modules/databricks.bicep | 27 +++++--- .../infrastructure/modules/datafactory.bicep | 39 +++--------- .../modules/diagnostic_settings.bicep | 39 +++++++++--- .../infrastructure/modules/keyvault.bicep | 52 ++++++++++------ .../modules/log_analytics.bicep | 21 ++++--- .../infrastructure/modules/storage.bicep | 26 +++++--- .../modules/synapse_sql_pool.bicep | 32 ++++++---- 12 files changed, 249 insertions(+), 122 deletions(-) diff --git a/e2e_samples/parking_sensors/infrastructure/modules/actiongroup.bicep b/e2e_samples/parking_sensors/infrastructure/modules/actiongroup.bicep index 7f7b80076..5da314318 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/actiongroup.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/actiongroup.bicep @@ -1,19 +1,30 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/actiongroups +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The unique identifier for this deployment.') param deployment_id string +@description('The email address for the alert action group.') param email_id string - -resource actiongroup 'Microsoft.Insights/actionGroups@2021-09-01' = { +// Resource: Action Group +resource actiongroup 'Microsoft.Insights/actionGroups@2024-10-01-preview' = { name: '${project}-emailactiongroup-${env}-${deployment_id}' location: 'global' tags: { DisplayName: 'Action Group' Environment: env + Project: project + DeploymentId: deployment_id + } + identity: { + type: 'SystemAssigned' // Optional: Adjust based on your managed identity requirements } properties: { groupShortName: 'emailgroup' @@ -25,7 +36,9 @@ resource actiongroup 'Microsoft.Insights/actionGroups@2021-09-01' = { } ] enabled: true + // Additional receivers can be added here if needed } } - +// Outputs +@description('The ID of the created action group.') output actiongroup_id string = actiongroup.id diff --git a/e2e_samples/parking_sensors/infrastructure/modules/alerts.bicep b/e2e_samples/parking_sensors/infrastructure/modules/alerts.bicep index acee99171..d5364d6dc 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/alerts.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/alerts.bicep @@ -1,52 +1,68 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/metricalerts?pivots=deployment-language-bicep +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string +@description('The name of the Data Factory.') param datafactory_name string +@description('The ID of the action group.') param action_group_id string - +// Resource: Metric Alert resource adpipelinefailed 'Microsoft.Insights/metricAlerts@2018-03-01' = { name: '${project}-adffailedalert-${env}-${deployment_id}' location: 'global' tags: { DisplayName: 'ADF Pipeline Failed' Environment: env + Project: project + DeploymentId: deployment_id } properties: { - actions: [ - { - actionGroupId: action_group_id - } + description: 'ADF pipeline failed' + enabled: true + severity: 1 + evaluationFrequency: 'PT1M' + windowSize: 'PT5M' + scopes: [ + '${subscription().id}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DataFactory/factories/${datafactory_name}' ] - autoMitigate: false + targetResourceType: 'Microsoft.DataFactory/factories' + targetResourceRegion: location criteria: { 'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' allOf: [ { - threshold : 1 - name : 'Metric1' - metricNamespace: 'Microsoft.DataFactory/factories' - metricName: 'PipelineFailedRuns' - operator: 'GreaterThan' - timeAggregation: 'Total' - criterionType: 'StaticThresholdCriterion' + name: 'PipelineFailedRunsCriteria' + metricName: 'PipelineFailedRuns' + metricNamespace: 'Microsoft.DataFactory/factories' + operator: 'GreaterThan' + threshold: 1 + timeAggregation: 'Total' + criterionType: 'StaticThresholdCriterion' } - ] + ] } - description: 'ADF pipeline failed' - enabled: true - evaluationFrequency: 'PT1M' - scopes: [ - '${subscription().id}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DataFactory/factories/${datafactory_name}' + actions: [ + { + actionGroupId: action_group_id + webHookProperties: { + exampleProperty: 'exampleValue' + } + } ] - severity: 1 - targetResourceRegion: location - targetResourceType: 'Microsoft.DataFactory/factories' - windowSize: 'PT5M' + autoMitigate: false } } +// Outputs +@description('The ID of the created metric alert.') +output adpipelinefailed_id string = adpipelinefailed.id diff --git a/e2e_samples/parking_sensors/infrastructure/modules/appinsights.bicep b/e2e_samples/parking_sensors/infrastructure/modules/appinsights.bicep index 3b3f276de..7a3915424 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/appinsights.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/appinsights.bicep @@ -1,25 +1,33 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/components +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string - - -resource appinsights 'Microsoft.Insights/components@2020-02-02-preview' = { +// Resource: Application Insights +resource appinsights 'Microsoft.Insights/components@2020-02-02' = { name: '${project}-appi-${env}-${deployment_id}' location: location tags: { DisplayName: 'Application Insights' Environment: env + Project: project + DeploymentId: deployment_id } kind: 'other' properties: { Application_Type: 'other' } } - +// Output: Application Insights Name +@description('The name of the created Application Insights resource.') output appinsights_name string = appinsights.name diff --git a/e2e_samples/parking_sensors/infrastructure/modules/dashboard.bicep b/e2e_samples/parking_sensors/infrastructure/modules/dashboard.bicep index 224a302bc..5a1fb0514 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/dashboard.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/dashboard.bicep @@ -1,22 +1,33 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.portal/dashboards +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string +@description('The name of the Data Factory.') param datafactory_name string +@description('The name of the SQL server.') param sql_server_name string +@description('The name of the SQL database.') param sql_database_name string - -resource dashboard 'Microsoft.Portal/dashboards@2020-09-01-preview' = { +// Resource: Azure Portal Dashboard +resource dashboard 'Microsoft.Portal/dashboards@2022-12-01-preview' = { name: '${project}-dashboard-${env}-${deployment_id}' location: location tags: { DisplayName: 'Azure Dashboard' Environment: env + Project: project + DeploymentId: deployment_id } properties: { lenses: [ diff --git a/e2e_samples/parking_sensors/infrastructure/modules/data_quality_workbook.bicep b/e2e_samples/parking_sensors/infrastructure/modules/data_quality_workbook.bicep index 656c9f485..1fa2ca02d 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/data_quality_workbook.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/data_quality_workbook.bicep @@ -1,7 +1,14 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/workbooks +// Parameters +@description('The display name of the workbook.') param workbookDisplayName string = 'DQ Report' +@description('The category/type of the workbook.') param workbookType string = 'workbook' +@description('The name of the Application Insights resource.') param appinsights_name string +@description('The location of the resource.') param location string = resourceGroup().location +// Variables var workbookSourceId = subscriptionResourceId('microsoft.insights/components', '${appinsights_name}') var workbookId = guid(workbookSourceId) var serializedData = '{"version":"Notebook/1.0","items":[{"type":3,"content":{"version":"KqlItem/1.0","query":"traces\\r\\n| where message==\\"verifychecks\\"\\r\\n| where customDimensions.check_name==\\"Parkingbay Data DQ\\" or customDimensions.check_name==\\"Transformed Data\\" \\r\\n| where severityLevel==\\"1\\" or severityLevel==\\"3\\"\\r\\n| where notempty(customDimensions.pipelinerunid)\\r\\n| project Status = iif(severityLevel==\\"1\\", \\"success\\", \\"failed\\"),CheckName=customDimensions.check_name,RunID = customDimensions.pipelinerunid, Details=customDimensions,Timestamp=timestamp","size":0,"aggregation":3,"timeContext":{"durationMs":604800000},"queryType":0,"resourceType":"microsoft.insights/components","visualization":"table","gridSettings":{"formatters":[{"columnMatch":"Status","formatter":11},{"columnMatch":"status","formatter":11}]}},"name":"query - 0"},{"type":3,"content":{"version":"KqlItem/1.0","query":"traces\\r\\n| where message==\\"verifychecks\\"\\r\\n| where customDimensions.check_name==\\"DQ checks\\"\\r\\n| where severityLevel==\\"1\\" or severityLevel==\\"3\\"\\r\\n| where notempty(customDimensions.pipelinerunid)\\r\\n| project Status = iif(severityLevel==\\"1\\", \\"Success\\", \\"Failed\\"),CheckName=customDimensions.check_name,RunID = customDimensions.pipelinerunid, Details=customDimensions,Timestamp=timestamp\\r\\n| summarize count() by Status \\r\\n| render piechart","size":0,"timeContext":{"durationMs":604800000},"queryType":0,"resourceType":"microsoft.insights/components","visualization":"piechart","tileSettings":{"showBorder":false,"titleContent":{"columnMatch":"Status","formatter":1},"leftContent":{"columnMatch":"count_","formatter":12,"formatOptions":{"palette":"auto"},"numberFormat":{"unit":17,"options":{"maximumSignificantDigits":3,"maximumFractionDigits":2}}}},"graphSettings":{"type":0,"topContent":{"columnMatch":"Status","formatter":1},"centerContent":{"columnMatch":"count_","formatter":1,"numberFormat":{"unit":17,"options":{"maximumSignificantDigits":3,"maximumFractionDigits":2}}}},"chartSettings":{"seriesLabelSettings":[{"seriesName":"success","label":"","color":"greenDark"},{"seriesName":"failed","color":"red"}]},"mapSettings":{"locInfo":"LatLong","sizeSettings":"count_","sizeAggregation":"Sum","legendMetric":"count_","legendAggregation":"Sum","itemColorSettings":{"type":"heatmap","colorAggregation":"Sum","nodeColorField":"count_","heatmapPalette":"greenRed"}}},"name":"query - 1"}],"fallbackResourceIds":["/subscriptions/XXX-XXX-XXX-XX-XXX/resourceGroups/XXXX/providers/microsoft.insights/components/XXXX"],"$schema":"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"}' @@ -14,8 +21,8 @@ var updatedWorkbookData = { ] } var reserializedData = string(updatedWorkbookData) - -resource data_quality_workbook_resource 'microsoft.insights/workbooks@2022-04-01' = { +// Resource: Data Quality Workbook +resource data_quality_workbook_resource 'microsoft.insights/workbooks@2023-06-01' = { name: workbookId location: location kind: 'shared' @@ -25,8 +32,18 @@ resource data_quality_workbook_resource 'microsoft.insights/workbooks@2022-04-01 version: '1.0' sourceId: workbookSourceId category: workbookType + description: 'Data Quality Report Workbook' + tags: [ + 'DataQuality' + 'Monitoring' + ] + } + tags: { + Environment: 'Production' + Project: 'DataQualityMonitoring' } dependsOn: [] } - +// Output: Workbook ID +@description('The ID of the created workbook resource.') output workbookId string = data_quality_workbook_resource.id diff --git a/e2e_samples/parking_sensors/infrastructure/modules/databricks.bicep b/e2e_samples/parking_sensors/infrastructure/modules/databricks.bicep index f3b61ced1..09f3f2cbc 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/databricks.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/databricks.bicep @@ -1,18 +1,26 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.databricks/workspaces +//https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments +//Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string +@description('The principal ID of the contributor.') param contributor_principal_id string - -//https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles +// Variables +@description('Role definition ID for Contributor.') var contributor = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - -resource databricks 'Microsoft.Databricks/workspaces@2018-04-01' = { +// Databricks Workspace Resource +resource databricks 'Microsoft.Databricks/workspaces@2024-09-01-preview' = { name: '${project}-dbw-${env}-${deployment_id}' location: location tags: { @@ -21,22 +29,27 @@ resource databricks 'Microsoft.Databricks/workspaces@2018-04-01' = { } sku: { name: 'premium' + tier: 'Premium' } properties: { managedResourceGroupId: subscriptionResourceId('Microsoft.Resources/resourceGroups', '${project}-${deployment_id}-dbw-${env}-rg') } } - -resource databricks_roleassignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = { +// Role Assignment Resource +resource databricks_roleassignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(databricks.id) scope: databricks properties: { roleDefinitionId: contributor principalId: contributor_principal_id principalType: 'ServicePrincipal' + description: 'Contributor access for Databricks workspace.' } } - +// Outputs +@description('Databricks workspace details.') output databricks_output object = databricks +@description('Databricks workspace ID.') output databricks_id string = databricks.id +@description('Databricks workspace URL.') output databricks_workspace_url string = databricks.properties.workspaceUrl diff --git a/e2e_samples/parking_sensors/infrastructure/modules/datafactory.bicep b/e2e_samples/parking_sensors/infrastructure/modules/datafactory.bicep index 463c86859..3221c5b2c 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/datafactory.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/datafactory.bicep @@ -1,18 +1,19 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.datafactory/factories +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string - -// param account_name string = '' -// param repository_name string = '' -// param collaboration_branch string = 'main' -// param root_folder string = '/e2e_samples/parking_sensors/adf' - +// Data Factory Resource resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' = { name: '${project}-adf-${env}-${deployment_id}' location: location @@ -24,29 +25,9 @@ resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' = { type: 'SystemAssigned' } } - -// resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' = if (env == 'dev') { -// name: adf_name -// location: location -// tags: { -// DisplayName: 'Data Factory' -// Environment: env -// } -// identity: { -// type: 'SystemAssigned' -// } -// properties: { -// repoConfiguration: { -// accountName: account_name -// repositoryName: repository_name -// collaborationBranch: collaboration_branch -// rootFolder: root_folder -// type: 'FactoryGitHubConfiguration' -// } -// } -// } - - +// Outputs +@description('The principal ID of the Data Factory identity.') output datafactory_principal_id string = datafactory.identity.principalId output datafactory_id string = datafactory.id +@description('The name of the Data Factory.') output datafactory_name string = datafactory.name diff --git a/e2e_samples/parking_sensors/infrastructure/modules/diagnostic_settings.bicep b/e2e_samples/parking_sensors/infrastructure/modules/diagnostic_settings.bicep index 4fbff5802..1ecf70dfa 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/diagnostic_settings.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/diagnostic_settings.bicep @@ -1,19 +1,28 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.datafactory/factories +//https://learn.microsoft.com/en-us/azure/templates/microsoft.operationalinsights/workspaces +//https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/diagnosticsettings +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') param env string +@description('The unique identifier for this deployment.') param deployment_id string +@description('The name of the Log Analytics workspace.') param loganalytics_workspace_name string +@description('The name of the Data Factory.') param datafactory_name string - +// Variables var commonPrefix = '${project}-diag-${env}-${deployment_id}' - +// Existing Data Factory Resource resource datafactoryworkspace 'Microsoft.DataFactory/factories@2018-06-01' existing = { name: datafactory_name } - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { +// Existing Log Analytics Workspace Resource +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { name: loganalytics_workspace_name } - +// Diagnostic Settings Resource resource diagnosticSetting1 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { scope: datafactoryworkspace name: '${commonPrefix}-${datafactoryworkspace.name}' @@ -23,20 +32,36 @@ resource diagnosticSetting1 'Microsoft.Insights/diagnosticSettings@2021-05-01-pr { category: 'PipelineRuns' enabled: true + retentionPolicy: { + enabled: false + days: 0 + } } { category: 'TriggerRuns' enabled: true + retentionPolicy: { + enabled: false + days: 0 + } } { category: 'ActivityRuns' enabled: true + retentionPolicy: { + enabled: false + days: 0 + } } ] metrics: [ { - category: 'AllMetrics' - enabled: true + category: 'AllMetrics' + enabled: true + retentionPolicy: { + enabled: false + days: 0 + } } ] } diff --git a/e2e_samples/parking_sensors/infrastructure/modules/keyvault.bicep b/e2e_samples/parking_sensors/infrastructure/modules/keyvault.bicep index a56a4108e..089302540 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/keyvault.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/keyvault.bicep @@ -1,14 +1,26 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults +// Parameters +@description('The environment for the deployment.') +@allowed([ + 'dev' + 'stg' + 'prod' +]) param env string +@description('The location of the resource.') param location string = resourceGroup().location - +@description('The Key Vault name.') param keyvault_name string +@description('The object ID of the Key Vault owner.') param keyvault_owner_object_id string +@description('The principal ID of the Data Factory.') param datafactory_principal_id string +@description('Enable soft delete for the Key Vault.') param enable_soft_delete bool = true +@description('Enable purge protection for the Key Vault.') param enable_purge_protection bool = true - - -resource keyvault 'Microsoft.KeyVault/vaults@2023-07-01' = { +// Key Vault Resource +resource keyvault 'Microsoft.KeyVault/vaults@2024-04-01-preview' = { name: keyvault_name location: location tags: { @@ -29,27 +41,29 @@ resource keyvault 'Microsoft.KeyVault/vaults@2023-07-01' = { tenantId: subscription().tenantId objectId: keyvault_owner_object_id permissions: { - keys: [ - 'all' - ] - secrets: [ - 'all' - ] + keys: [ + 'all' + ] + secrets: [ + 'all' + ] } } { - tenantId: subscription().tenantId - objectId: datafactory_principal_id - permissions: { - secrets: [ - 'get' - 'list' - ] - } + tenantId: subscription().tenantId + objectId: datafactory_principal_id + permissions: { + secrets: [ + 'get' + 'list' + ] + } } ] } } - +// Outputs +@description('The name of the Key Vault.') output keyvault_name string = keyvault.name +@description('The resource ID of the Key Vault.') output keyvault_resource_id string = keyvault.id diff --git a/e2e_samples/parking_sensors/infrastructure/modules/log_analytics.bicep b/e2e_samples/parking_sensors/infrastructure/modules/log_analytics.bicep index 9d0bd6ed7..f87431f34 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/log_analytics.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/log_analytics.bicep @@ -1,16 +1,22 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.operationalinsights/workspaces +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string +@description('The retention period for logs in days.') param retentionInDays int = 31 - - -resource loganalyticsworkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' = { +// Log Analytics Workspace Resource +resource loganalyticsworkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: '${project}-log-${env}-${deployment_id}' location: location tags: { @@ -18,15 +24,16 @@ resource loganalyticsworkspace 'Microsoft.OperationalInsights/workspaces@2020-08 Environment: env } properties: { - sku: { - name: 'PerGB2018' - } retentionInDays: retentionInDays features: { searchVersion: 1 legacy: 0 } + sku: { + name: 'PerGB2018' + } } } - +// Outputs +@description('The name of the Log Analytics Workspace.') output loganalyticswsname string = loganalyticsworkspace.name diff --git a/e2e_samples/parking_sensors/infrastructure/modules/storage.bicep b/e2e_samples/parking_sensors/infrastructure/modules/storage.bicep index cdf1289dd..259a94f52 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/storage.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/storage.bicep @@ -1,18 +1,26 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts +//https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments +// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') @allowed([ 'dev' 'stg' 'prod' ]) param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string +@description('The principal ID of the contributor.') param contributor_principal_id string - -//https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles +// Variables +@description('Role definition ID for Storage Blob Data Contributor.') var storage_blob_data_contributor = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') - -resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { +// Storage Account Resource +resource storage 'Microsoft.Storage/storageAccounts@2023-05-01' = { name: '${project}st${env}${deployment_id}' location: location tags: { @@ -34,9 +42,11 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { services: { file: { enabled: true + keyType: 'Account' } blob: { enabled: true + keyType: 'Account' } } keySource: 'Microsoft.Storage' @@ -44,15 +54,17 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { accessTier: 'Hot' } } - -resource storage_roleassignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = { +// Role Assignment Resource +resource storage_roleassignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(storage.id) scope: storage properties: { roleDefinitionId: storage_blob_data_contributor principalId: contributor_principal_id principalType: 'ServicePrincipal' + description: 'Grants Storage Blob Data Contributor access to the service principal.' } } - +// Outputs +@description('The name of the storage account.') output storage_account_name string = storage.name diff --git a/e2e_samples/parking_sensors/infrastructure/modules/synapse_sql_pool.bicep b/e2e_samples/parking_sensors/infrastructure/modules/synapse_sql_pool.bicep index 29b917754..ed3a9fc22 100644 --- a/e2e_samples/parking_sensors/infrastructure/modules/synapse_sql_pool.bicep +++ b/e2e_samples/parking_sensors/infrastructure/modules/synapse_sql_pool.bicep @@ -1,17 +1,25 @@ +//https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers// Parameters +@description('The project name.') param project string +@description('The environment for the deployment.') param env string +@description('The location of the resource.') param location string = resourceGroup().location +@description('The unique identifier for this deployment.') param deployment_id string - +@description('The username for the SQL Server.') param sql_server_username string = 'sqlAdmin' @secure() +@description('The password for the SQL Server.') param sql_server_password string +@description('The login for the Entra admin.') param entra_admin_login string +@description('The object ID of the Key Vault owner.') param keyvault_owner_object_id string +@description('The tenant ID.') param tenant_id string - - -resource sql_server 'Microsoft.Sql/servers@2023-08-01-preview' = { +// SQL Server Resource +resource sql_server 'Microsoft.Sql/servers@2024-05-01-preview' = { name: '${project}-sql-${env}-${deployment_id}' location: location tags: { @@ -22,8 +30,9 @@ resource sql_server 'Microsoft.Sql/servers@2023-08-01-preview' = { administratorLogin: sql_server_username administratorLoginPassword: sql_server_password minimalTlsVersion: '1.2' -} - + version: '12.0' // Specify SQL Server version + } + // Synapse Dedicated SQL Pool Resource resource synapse_dedicated_sql_pool 'databases@2023-05-01-preview' = { name: '${project}-syndp-${env}-${deployment_id}' location: location @@ -39,7 +48,7 @@ resource sql_server 'Microsoft.Sql/servers@2023-08-01-preview' = { collation: 'SQL_Latin1_General_CP1_CI_AS' } } - + // SQL Server Administrator Resource resource sql_server_admin 'administrators@2023-05-01-preview' = { name: 'ActiveDirectory' properties: { @@ -49,7 +58,7 @@ resource sql_server 'Microsoft.Sql/servers@2023-08-01-preview' = { tenantId: tenant_id } } - + // SQL Server Entra Only Authentication Resource resource sql_server_entra_only_auth 'azureADOnlyAuthentications@2023-05-01-preview' = { name: 'default' dependsOn: [ @@ -59,16 +68,17 @@ resource sql_server 'Microsoft.Sql/servers@2023-08-01-preview' = { azureADOnlyAuthentication: false } } - + // Firewall Rules Resource resource firewall_rules 'firewallRules@2021-02-01-preview' = { name: 'AllowAllAzureIps' properties: { - endIpAddress: '0.0.0.0' startIpAddress: '0.0.0.0' + endIpAddress: '0.0.0.0' } } } - +// Outputs +@description('Synapse SQL Pool Output.') output synapse_sql_pool_output object = { name: sql_server.name username: sql_server_username