Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No longer allow one to provide service bus namespace or storage account #135

Merged
merged 1 commit into from
Mar 8, 2024
Merged

No longer allow one to provide service bus namespace or storage account #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 11 additions & 39 deletions main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,13 @@ param azureDevOpsProjectToken string
@description('Merge strategy to use when setting auto complete on created pull requests.')
param eventBusTransport string = 'ServiceBus'

@description('Resource identifier of the ServiceBus namespace to use. If none is provided, a new one is created.')
param serviceBusNamespaceId string = ''

@description('Resource identifier of the storage account to use. If none is provided, a new one is created.')
param storageAccountId string = ''

// Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabrikam/providers/Microsoft.OperationalInsights/workspaces/fabrikam
@description('Resource identifier of the LogAnalytics Workspace to use. If none is provided, a new one is created.')
param logAnalyticsWorkspaceId string = ''

@description('Resource identifier of the ContainerApp Environment to deploy to. If none is provided, a new one is created.')
param appEnvironmentId string = ''

var hasProvidedServiceBusNamespace = (serviceBusNamespaceId != null && !empty(serviceBusNamespaceId))
var hasProvidedStorageAccount = (storageAccountId != null && !empty(storageAccountId))
var hasProvidedLogAnalyticsWorkspace = (logAnalyticsWorkspaceId != null && !empty(logAnalyticsWorkspaceId))
var hasProvidedAppEnvironment = (appEnvironmentId != null && !empty(appEnvironmentId))
// avoid conflicts across multiple deployments for resources that generate FQDN based on the name
Expand All @@ -51,30 +43,19 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-
location: location
}

/* Service Bus namespace */
resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2021-11-01' = if (eventBusTransport == 'ServiceBus' && !hasProvidedServiceBusNamespace) {
/* Service Bus namespace and Storage Account */
// One cannot provide their own to reduce complexity in this file
// Further, these are free tiers and should not be a cost concern
resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2021-11-01' = if (eventBusTransport == 'ServiceBus') {
name: '${name}-${collisionSuffix}'
location: location
properties: { disableLocalAuth: false, zoneRedundant: false }
sku: { name: 'Basic' }

resource authorizationRule 'AuthorizationRules' existing = { name: 'RootManageSharedAccessKey' }
}
resource providedServiceBusNamespace 'Microsoft.ServiceBus/namespaces@2021-11-01' existing = if (eventBusTransport == 'ServiceBus' && hasProvidedServiceBusNamespace) {
// Inspired by https://github.com/Azure/bicep/issues/1722#issuecomment-952118402
// Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabrikam/providers/Microsoft.ServiceBus/namespaces/fabrikam
// 0 -> '', 1 -> 'subscriptions', 2 -> '00000000-0000-0000-0000-000000000000', 3 -> 'resourceGroups'
// 4 -> 'Fabrikam', 5 -> 'providers', 6 -> 'Microsoft.ServiceBus' 7 -> 'namespaces'
// 8 -> 'fabrikam'
name: split(serviceBusNamespaceId, '/')[8]
scope: resourceGroup(split(serviceBusNamespaceId, '/')[2], split(serviceBusNamespaceId, '/')[4])

resource authorizationRule 'AuthorizationRules' existing = { name: 'RootManageSharedAccessKey' }
}

/* Storage Account */
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = if (eventBusTransport == 'QueueStorage' && !hasProvidedStorageAccount) {
name: '${name}-${collisionSuffix}'
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = if (eventBusTransport == 'QueueStorage') {
name: '${name}${collisionSuffix}'
location: location
kind: 'StorageV2'
sku: { name: 'Standard_LRS' }
Expand All @@ -84,15 +65,6 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = if (eve
networkAcls: { bypass: 'AzureServices', defaultAction: 'Allow' }
}
}
resource providedStorageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = if (eventBusTransport == 'QueueStorage' && hasProvidedStorageAccount) {
// Inspired by https://github.com/Azure/bicep/issues/1722#issuecomment-952118402
// Example: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabrikam/providers/Microsoft.Storage/storageAccounts/fabrikam
// 0 -> '', 1 -> 'subscriptions', 2 -> '00000000-0000-0000-0000-000000000000', 3 -> 'resourceGroups'
// 4 -> 'Fabrikam', 5 -> 'providers', 6 -> 'Microsoft.Storage' 7 -> 'storageAccounts'
// 8 -> 'fabrikam'
name: split(storageAccountId, '/')[8]
scope: resourceGroup(split(storageAccountId, '/')[2], split(storageAccountId, '/')[4])
}

/* LogAnalytics */
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = if (!hasProvidedLogAnalyticsWorkspace) {
Expand Down Expand Up @@ -157,7 +129,7 @@ resource app 'Microsoft.App/containerApps@2023-05-01' = {
eventBusTransport == 'ServiceBus' ? [
{
name: 'connection-strings-asb-scaler'
value: hasProvidedServiceBusNamespace ? providedServiceBusNamespace::authorizationRule.listKeys().primaryConnectionString : serviceBusNamespace::authorizationRule.listKeys().primaryConnectionString
value: serviceBusNamespace::authorizationRule.listKeys().primaryConnectionString
}
] : [],
eventBusTransport == 'QueueStorage' ? [
Expand All @@ -166,8 +138,8 @@ resource app 'Microsoft.App/containerApps@2023-05-01' = {
//'DefaultEndpointsProtocol=https;AccountName=<name>;EndpointSuffix=<suffix>;AccountKey=<key>'
value: join([
'DefaultEndpointsProtocol=https'
'AccountName=${hasProvidedStorageAccount ? providedStorageAccount.name : storageAccount.name}'
'AccountKey=${hasProvidedStorageAccount ? providedStorageAccount.listKeys().keys[0].value : storageAccount.listKeys().keys[0].value}'
'AccountName=${storageAccount.name}'
'AccountKey=${storageAccount.listKeys().keys[0].value}'
'EndpointSuffix=${environment().suffixes.storage}'
], ';')
}
Expand All @@ -191,11 +163,11 @@ resource app 'Microsoft.App/containerApps@2023-05-01' = {
{
name: 'EventBus__Transports__azure-service-bus__FullyQualifiedNamespace'
// manipulating https://{your-namespace}.servicebus.windows.net:443/
value: eventBusTransport == 'ServiceBus' ? split(split(hasProvidedServiceBusNamespace ? providedServiceBusNamespace.properties.serviceBusEndpoint : serviceBusNamespace.properties.serviceBusEndpoint, '/')[2], ':')[0] : ''
value: eventBusTransport == 'ServiceBus' ? split(split(serviceBusNamespace.properties.serviceBusEndpoint, '/')[2], ':')[0] : ''
}
{
name: 'EventBus__Transports__azure-queue-storage__ServiceUrl'
value: eventBusTransport == 'QueueStorage' ? (hasProvidedStorageAccount ? providedStorageAccount.properties.primaryEndpoints.queue : storageAccount.properties.primaryEndpoints.queue) : ''
value: eventBusTransport == 'QueueStorage' ? (storageAccount.properties.primaryEndpoints.queue) : ''
}
]
resources: { cpu: json('0.25'), memory: '0.5Gi' } // these are the least resources we can provision
Expand Down
30 changes: 7 additions & 23 deletions main.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,20 +52,6 @@
"description": "Merge strategy to use when setting auto complete on created pull requests."
}
},
"serviceBusNamespaceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Resource identifier of the ServiceBus namespace to use. If none is provided, a new one is created."
}
},
"storageAccountId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Resource identifier of the storage account to use. If none is provided, a new one is created."
}
},
"logAnalyticsWorkspaceId": {
"type": "string",
"defaultValue": "",
Expand All @@ -82,8 +68,6 @@
}
},
"variables": {
"hasProvidedServiceBusNamespace": "[and(not(equals(parameters('serviceBusNamespaceId'), null())), not(empty(parameters('serviceBusNamespaceId'))))]",
"hasProvidedStorageAccount": "[and(not(equals(parameters('storageAccountId'), null())), not(empty(parameters('storageAccountId'))))]",
"hasProvidedLogAnalyticsWorkspace": "[and(not(equals(parameters('logAnalyticsWorkspaceId'), null())), not(empty(parameters('logAnalyticsWorkspaceId'))))]",
"hasProvidedAppEnvironment": "[and(not(equals(parameters('appEnvironmentId'), null())), not(empty(parameters('appEnvironmentId'))))]",
"collisionSuffix": "[uniqueString(resourceGroup().id)]"
Expand All @@ -96,7 +80,7 @@
"location": "[parameters('location')]"
},
{
"condition": "[and(equals(parameters('eventBusTransport'), 'ServiceBus'), not(variables('hasProvidedServiceBusNamespace')))]",
"condition": "[equals(parameters('eventBusTransport'), 'ServiceBus')]",
"type": "Microsoft.ServiceBus/namespaces",
"apiVersion": "2021-11-01",
"name": "[format('{0}-{1}', parameters('name'), variables('collisionSuffix'))]",
Expand All @@ -110,10 +94,10 @@
}
},
{
"condition": "[and(equals(parameters('eventBusTransport'), 'QueueStorage'), not(variables('hasProvidedStorageAccount')))]",
"condition": "[equals(parameters('eventBusTransport'), 'QueueStorage')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"name": "[format('{0}-{1}', parameters('name'), variables('collisionSuffix'))]",
"name": "[format('{0}{1}', parameters('name'), variables('collisionSuffix'))]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
Expand Down Expand Up @@ -195,7 +179,7 @@
}
]
},
"secrets": "[concat(createArray(createObject('name', 'connection-strings-application-insights', 'value', reference(resourceId('Microsoft.Insights/components', parameters('name')), '2020-02-02').ConnectionString), createObject('name', 'notifications-password', 'value', parameters('notificationsPassword')), createObject('name', 'project-and-token-0', 'value', format('{0};{1}', parameters('azureDevOpsProjectUrl'), parameters('azureDevOpsProjectToken')))), if(equals(parameters('eventBusTransport'), 'ServiceBus'), createArray(createObject('name', 'connection-strings-asb-scaler', 'value', if(variables('hasProvidedServiceBusNamespace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('serviceBusNamespaceId'), '/')[2], split(parameters('serviceBusNamespaceId'), '/')[4]), 'Microsoft.ServiceBus/namespaces/AuthorizationRules', split(parameters('serviceBusNamespaceId'), '/')[8], 'RootManageSharedAccessKey'), '2021-11-01').primaryConnectionString, listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', format('{0}-{1}', parameters('name'), variables('collisionSuffix')), 'RootManageSharedAccessKey'), '2021-11-01').primaryConnectionString))), createArray()), if(equals(parameters('eventBusTransport'), 'QueueStorage'), createArray(createObject('name', 'connection-strings-storage-scaler', 'value', join(createArray('DefaultEndpointsProtocol=https', format('AccountName={0}', if(variables('hasProvidedStorageAccount'), split(parameters('storageAccountId'), '/')[8], format('{0}-{1}', parameters('name'), variables('collisionSuffix')))), format('AccountKey={0}', if(variables('hasProvidedStorageAccount'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountId'), '/')[2], split(parameters('storageAccountId'), '/')[4]), 'Microsoft.Storage/storageAccounts', split(parameters('storageAccountId'), '/')[8]), '2023-01-01').keys[0].value, listKeys(resourceId('Microsoft.Storage/storageAccounts', format('{0}-{1}', parameters('name'), variables('collisionSuffix'))), '2023-01-01').keys[0].value)), format('EndpointSuffix={0}', environment().suffixes.storage)), ';'))), createArray()))]"
"secrets": "[concat(createArray(createObject('name', 'connection-strings-application-insights', 'value', reference(resourceId('Microsoft.Insights/components', parameters('name')), '2020-02-02').ConnectionString), createObject('name', 'notifications-password', 'value', parameters('notificationsPassword')), createObject('name', 'project-and-token-0', 'value', format('{0};{1}', parameters('azureDevOpsProjectUrl'), parameters('azureDevOpsProjectToken')))), if(equals(parameters('eventBusTransport'), 'ServiceBus'), createArray(createObject('name', 'connection-strings-asb-scaler', 'value', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', format('{0}-{1}', parameters('name'), variables('collisionSuffix')), 'RootManageSharedAccessKey'), '2021-11-01').primaryConnectionString)), createArray()), if(equals(parameters('eventBusTransport'), 'QueueStorage'), createArray(createObject('name', 'connection-strings-storage-scaler', 'value', join(createArray('DefaultEndpointsProtocol=https', format('AccountName={0}', format('{0}{1}', parameters('name'), variables('collisionSuffix'))), format('AccountKey={0}', listKeys(resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('name'), variables('collisionSuffix'))), '2023-01-01').keys[0].value), format('EndpointSuffix={0}', environment().suffixes.storage)), ';'))), createArray()))]"
},
"template": {
"containers": [
Expand Down Expand Up @@ -229,11 +213,11 @@
},
{
"name": "EventBus__Transports__azure-service-bus__FullyQualifiedNamespace",
"value": "[if(equals(parameters('eventBusTransport'), 'ServiceBus'), split(split(if(variables('hasProvidedServiceBusNamespace'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('serviceBusNamespaceId'), '/')[2], split(parameters('serviceBusNamespaceId'), '/')[4]), 'Microsoft.ServiceBus/namespaces', split(parameters('serviceBusNamespaceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, reference(resourceId('Microsoft.ServiceBus/namespaces', format('{0}-{1}', parameters('name'), variables('collisionSuffix'))), '2021-11-01').serviceBusEndpoint), '/')[2], ':')[0], '')]"
"value": "[if(equals(parameters('eventBusTransport'), 'ServiceBus'), split(split(reference(resourceId('Microsoft.ServiceBus/namespaces', format('{0}-{1}', parameters('name'), variables('collisionSuffix'))), '2021-11-01').serviceBusEndpoint, '/')[2], ':')[0], '')]"
},
{
"name": "EventBus__Transports__azure-queue-storage__ServiceUrl",
"value": "[if(equals(parameters('eventBusTransport'), 'QueueStorage'), if(variables('hasProvidedStorageAccount'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountId'), '/')[2], split(parameters('storageAccountId'), '/')[4]), 'Microsoft.Storage/storageAccounts', split(parameters('storageAccountId'), '/')[8]), '2023-01-01').primaryEndpoints.queue, reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}-{1}', parameters('name'), variables('collisionSuffix'))), '2023-01-01').primaryEndpoints.queue), '')]"
"value": "[if(equals(parameters('eventBusTransport'), 'QueueStorage'), reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('name'), variables('collisionSuffix'))), '2023-01-01').primaryEndpoints.queue, '')]"
}
],
"resources": {
Expand Down Expand Up @@ -271,7 +255,7 @@
"[resourceId('Microsoft.Insights/components', parameters('name'))]",
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]",
"[resourceId('Microsoft.ServiceBus/namespaces', format('{0}-{1}', parameters('name'), variables('collisionSuffix')))]",
"[resourceId('Microsoft.Storage/storageAccounts', format('{0}-{1}', parameters('name'), variables('collisionSuffix')))]"
"[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('name'), variables('collisionSuffix')))]"
]
},
{
Expand Down