/
postgresql_and_keyvault.json
132 lines (132 loc) · 5.88 KB
/
postgresql_and_keyvault.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"parameters": {
"servicePrincipalObjectId": { "type": "string" },
"keyvaultName": { "type": "string" },
"postgresqlName": { "type": "string" },
"postgresqlAdmin": { "type": "string" },
"postgresqlPassword": { "type": "securestring" }
},
"variables": {
"names": {
"keyvault": "[parameters('keyvaultName')]",
"postgresql": "[parameters('postgresqlName')]"
},
"postgresql": {
"administratorLogin": "[parameters('postgresqlAdmin')]",
"administratorLoginPassword": "[parameters('postgresqlPassword')]"
},
"apiVersion": {
"keyvault_vaults": "2018-02-14",
"keyvault_vaults_secrets": "2018-02-14",
"dbforpostgresql_servers": "2017-12-01-preview"
}
},
"resources": [
{
"type": "Microsoft.DBforPostgreSQL/servers",
"apiVersion": "[variables('apiVersion').dbforpostgresql_servers]",
"location": "[resourceGroup().location]",
"name": "[variables('names').postgresql]",
"tags": {
"displayName": "PostgreSQL Database"
},
"sku": {
"family": "Gen5",
"capacity": 1,
"name": "B_Gen5_1",
"tier": "Basic"
},
"properties": {
"version": "11",
"createMode": "Default",
"administratorLogin": "[variables('postgresql').administratorLogin]",
"administratorLoginPassword": "[variables('postgresql').administratorLoginPassword]",
"sslEnforcement": "Enabled",
"storageProfile": {
"storageMB": 5120,
"backupRetentionDays": 7,
"geoRedundantBackup": "Disabled",
"storageAutoGrow": "Enabled"
}
},
"resources": [
{
"type": "firewallRules",
"apiVersion": "[variables('apiVersion').dbforpostgresql_servers]",
"location": "[resourceGroup().location]",
"name": "free-lunch",
"tags": { "displayName": "!!! Whole Internet can connect." },
"dependsOn": [ "[concat('Microsoft.DBforPostgreSQL/servers/', variables('names').postgresql)]" ],
"properties": { "startIpAddress": "0.0.0.0", "endIpAddress": "255.255.255.255" }
},
{
"type": "firewallRules",
"apiVersion": "[variables('apiVersion').dbforpostgresql_servers]",
"location": "[resourceGroup().location]",
"name": "AllowAllWindowsAzureIps",
"tags": { "displayName": "Azure IPs can access" },
"dependsOn": [ "[concat('Microsoft.DBforPostgreSQL/servers/', variables('names').postgresql)]" ],
"properties": { "startIpAddress": "0.0.0.0", "endIpAddress": "0.0.0.0" }
}
]
},
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('names').keyvault]",
"apiVersion": "[variables('apiVersion').keyvault_vaults]",
"location": "[resourceGroup().location]",
"tags": { "displayName": "Key Vault" },
"dependsOn": [
"[concat('Microsoft.DBforPostgreSQL/servers/', variables('names').postgresql)]"
],
"properties": {
"tenantId": "[subscription().tenantId]",
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
"sku": { "name": "Standard", "family": "A" },
"networkAcls": { "value": { "defaultAction": "Allow", "bypass": "AzureServices" } },
"accessPolicies": [
{
"tenantId": "[subscription().tenantId]",
"objectId": "[parameters('servicePrincipalObjectId')]",
"permissions": { "secrets": [ "get", "list" ] }
}
]
},
"resources": [
{
"type": "secrets",
"apiVersion": "[variables('apiVersion').keyvault_vaults_secrets]",
"dependsOn": [ "[concat('Microsoft.KeyVault/vaults/', variables('names').keyvault)]" ],
"name": "postgresdatabaseconnectionstring",
"tags": { "displayName": "PostgreSQL Connection string for.NET Npgsql driver." },
"properties": {
"contentType": "string",
"value": "[postgresql.createNpgsqlConnectionString(variables('names').postgresql, variables('postgresql').administratorLogin, variables('postgresql').administratorLoginPassword)]"
}
}
]
}
],
"functions": [
{
"namespace": "postgresql",
"members": {
"createNpgsqlConnectionString": {
"parameters": [
{ "name": "server", "type": "string" },
{ "name": "username", "type": "string" },
{ "name": "password", "type": "string" }
],
"output": {
"value": "[concat('Server=', parameters('server'), '.postgres.database.azure.com;Port=5432;Username=', parameters('username'), '@', parameters('server'), ';Password=', parameters('password'), ';SSLMode=Prefer;')]",
"type": "string"
}
}
}
}
]
}