-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathazuredeploy.bicep
More file actions
204 lines (176 loc) · 8.01 KB
/
azuredeploy.bicep
File metadata and controls
204 lines (176 loc) · 8.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
@description('Name of the Company or Organization used for the Certificate Subject')
@minLength(2)
param OrgName string
@description('License Key for SCEPman')
param license string = 'trial'
@description('Specifies the name of the Azure Key Vault. The name of a Key Vault must be globally unique and contain only DNS-compatible characters (letters, numbers, and hyphens).')
@minLength(3)
@maxLength(24)
param keyVaultName string = 'kv-scepman-UNIQUENAME'
@description('When generating the SCEPman CA certificate, which kind of key pair shall be created? RSA is a software-protected RSA key; RSA-HSM is HSM-protected.')
@allowed([
'RSA'
'RSA-HSM'
])
param caKeyType string = 'RSA-HSM'
@description('Choose a globally unique name for your storage account. Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only.')
@minLength(3)
@maxLength(24)
param storageAccountName string = 'stscepmanuniquename'
@maxLength(40)
param appServicePlanName string = 'asp-scepman-UNIQUENAME'
@description('Provide the Resource ID of an existing App Service Plan (the long string displayed in the properties tab). Keep default value \'none\' if you want to create a new one.')
param existingAppServicePlanID string = 'none'
@description('Use Linux App Service Plan')
param deployOnLinux bool = true
@description('The SCEPman App Service and part of the default FQDN. Therefore, it must be globally unique and contain only DNS-compatible characters.')
@maxLength(60)
param primaryAppServiceName string = 'app-scepman-UNIQUENAME'
@description('The Log Analytics Workspace for SCEPman\'s logging. Alphanumerics and hyphens are allowed.')
@minLength(4)
@maxLength(63)
param logAnalyticsWorkspaceName string = 'log-scepman-UNIQUENAME'
@description('The App Service for the component SCEPman Certificate Master. As it is part of the default FQDN, it must be globally unique and contain only DNS-compatible characters.')
@maxLength(60)
param certificateMasterAppServiceName string = 'app-scepman-UNIQUENAME-cm'
@description('Enable the App Service health check.')
param enableHealthCheck bool = true
@description('Choose \'true\' to deploy SCEPman with a Virtual Network. In this case, you must also provide names for the parameters virtualNetworkName, privateEndpointForTableStorage, and privateEndpointForKeyVaultName.')
param deployPrivateNetwork bool = true
@description('The name of the Virtual Network. This is only applicable if deployPrivateNetwork is chosen.')
@maxLength(80)
param virtualNetworkName string = 'vnet-scepman-UNIQUENAME'
@description('Name of the Network Security Group applied to the subnets. This is only applicable if deployPrivateNetwork is chosen.')
@maxLength(80)
param nsgName string = 'nsg-scepman-UNIQUENAME'
@description('Name of the Private Endpoint for the Key Vault. This is only applicable if deployPrivateNetwork is chosen.')
@minLength(4)
@maxLength(64)
param privateEndpointForKeyVaultName string = 'pep-kv-scepman-UNIQUENAME'
@description('Name of the Private Endpoint for the Azure Table Storage Service. This is only applicable if deployPrivateNetwork is chosen.')
@minLength(4)
@maxLength(64)
param privateEndpointForTableStorage string = 'pep-sts-scepman-UNIQUENAME'
@description('Location for all resources. For a manual deployment, we recommend the default value.')
param location string = resourceGroup().location
@description('Tags to be assigned to all created resources. Use JSON syntax, e.g. if you want to add tags env with value dev and project with value scepman, then write { "env":"dev", "project":"scepman"}.')
param resourceTags object = {}
var artifactsRepositoryUrl = 'https://raw.githubusercontent.com/scepman/install/master/'
var ArtifactsLocationSCEPman = uri(artifactsRepositoryUrl, deployOnLinux ? 'dist/Artifacts-Linux.zip' : 'dist/Artifacts.zip')
var ArtifactsLocationCertMaster = uri(artifactsRepositoryUrl, deployOnLinux ? 'dist-certmaster/CertMaster-Artifacts-Linux.zip' : 'dist-certmaster/CertMaster-Artifacts.zip')
var appServiceNames = [
primaryAppServiceName
certificateMasterAppServiceName
]
module pid_a262352f_52a9_4ed9_a9ba_6a2b2478d19b_partnercenter './empty.bicep' = {
name: 'pid-a262352f-52a9-4ed9-a9ba-6a2b2478d19b-partnercenter'
params: {}
}
module CreateVirtualNetwork 'nestedtemplates/vnet.bicep' = if (deployPrivateNetwork) {
name: 'CreateVirtualNetwork'
params: {
virtualNetworkName: virtualNetworkName
location: location
resourceTags: resourceTags
networkSecurityGroupName: nsgName
}
}
@batchSize(1)
module AppService_ConnectionToVirtualNetwork 'nestedtemplates/vnet-to-appservices.bicep' = [
for (appServiceName, i) in appServiceNames: if (deployPrivateNetwork) {
name: 'AppSvc-${take(appServiceName, 42)}-${i}-VnetConn' // App Service names can be up to 60 characters long, but the connection resource name can only be 63 characters long. Therefore, we take only the first 42 characters of the app service name to ensure we do not exceed the limit when appending other strings.
params: {
virtualNetworkName: virtualNetworkName
location: location
appServiceName: appServiceName
}
dependsOn: [
CreateVirtualNetwork
SCEPmanAppServices
]
}
]
module SCEPmanAppServices 'nestedtemplates/appSvcDouble.bicep' = {
name: 'SCEPmanAppServices'
params: {
AppServicePlanName: appServicePlanName
existingAppServicePlanID: existingAppServicePlanID
deployOnLinux: deployOnLinux
appServiceName: primaryAppServiceName
appServiceName2: certificateMasterAppServiceName
location: location
resourceTags: resourceTags
}
}
module AzureMonitor 'nestedtemplates/loganalytics.bicep' = {
name: 'AzureMonitor'
params: {
logAnalyticsAccountName: logAnalyticsWorkspaceName
location: location
resourceTags: resourceTags
}
}
module SCEPmanVault 'nestedtemplates/vault.bicep' = {
name: 'SCEPmanVault'
params: {
keyVaultName: keyVaultName
permittedPrincipalId: SCEPmanAppServices.outputs.scepmanPrincipalID
location: location
resourceTags: resourceTags
virtualNetworkName: virtualNetworkName
privateEndpointName: (deployPrivateNetwork ? privateEndpointForKeyVaultName : 'None')
}
dependsOn: [
CreateVirtualNetwork
AppService_ConnectionToVirtualNetwork
SCEPmanStorageAccount
]
}
module DeploymentSCEPmanConfig 'nestedtemplates/appConfig-scepman.bicep' = {
name: 'DeploymentSCEPmanConfig'
params: {
StorageAccountTableUrl: SCEPmanStorageAccount.outputs.storageAccountTableUrl
appServiceName: primaryAppServiceName
deployOnLinux: deployOnLinux
scepManBaseURL: SCEPmanAppServices.outputs.scepmanURL
keyVaultURL: SCEPmanVault.outputs.keyVaultURL
caKeyType: caKeyType
logAnalyticsWorkspaceId: AzureMonitor.outputs.workspaceId
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
OrgName: OrgName
WebsiteArtifactsUri: ArtifactsLocationSCEPman
license: license
enableHealthCheck: enableHealthCheck
}
}
module DeploymentCertMasterConfig 'nestedtemplates/appConfig-certmaster.bicep' = {
name: 'DeploymentCertMasterConfig'
params: {
appServiceName: certificateMasterAppServiceName
deployOnLinux: deployOnLinux
scepmanUrl: SCEPmanAppServices.outputs.scepmanURL
StorageAccountTableUrl: SCEPmanStorageAccount.outputs.storageAccountTableUrl
logAnalyticsWorkspaceId: AzureMonitor.outputs.workspaceId
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
WebsiteArtifactsUri: ArtifactsLocationCertMaster
enableHealthCheck: enableHealthCheck
}
}
module SCEPmanStorageAccount 'nestedtemplates/stgAccount.bicep' = {
name: 'SCEPmanStorageAccount'
params: {
StorageAccountName: storageAccountName
location: location
resourceTags: resourceTags
tableContributorPrincipals: [
SCEPmanAppServices.outputs.scepmanPrincipalID
SCEPmanAppServices.outputs.certmasterPrincipalID
]
virtualNetworkName: virtualNetworkName
privateEndpointName: (deployPrivateNetwork ? privateEndpointForTableStorage : 'None')
}
dependsOn: [
CreateVirtualNetwork
AppService_ConnectionToVirtualNetwork
]
}