diff --git a/docs/how-to-guides/azure_resource_provision.json b/docs/how-to-guides/azure_resource_provision.json index b4a2a8788..557dd56c5 100644 --- a/docs/how-to-guides/azure_resource_provision.json +++ b/docs/how-to-guides/azure_resource_provision.json @@ -1,549 +1,639 @@ - { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourcePrefix": { - "minLength": 3, - "maxLength": 15, - "type": "String", - "metadata": { - "description": "Resource prefix for all the resource provisioned. This should be an alphanumeric string. Note: please keep the `resourcePrefix` short, since some of the Azure resources need the full name to be less than 24 characters. It's recommended that to keep `resource_prefix` less than 15 characters." - } - }, - "provisionPurview": { - "defaultValue": "true", - "allowedValues": [ - "true", - "false" - ], - "type": "String", - "metadata": { - "description": "Whether or not to provision purview as part of deployment script" - } + { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourcePrefix": { + "minLength": 3, + "maxLength": 15, + "type": "String", + "metadata": { + "description": "Resource prefix for all the resource provisioned. This should be an alphanumeric string. Note: please keep the `resourcePrefix` short, since some of the Azure resources need the full name to be less than 24 characters. It's recommended that to keep `resource_prefix` less than 15 characters." + } + }, + "supportStreamingSource": { + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ], + "type": "String", + "metadata": { + "description": "Flag to provision EventHub as part of deployment script, Required if using Kafka/EventHub as streaming source input." + } + }, + "sqlAdminUsername": { + "type": "String", + "metadata": { + "description": "Specify the username for SQL Database admin. Only required if you enable RBAC or select Azure-SQL as registry backend" + } + }, + "sqlAdminPassword": { + "type": "SecureString", + "metadata": { + "description": "Specify the password for SQL Database admin. Please note that the password can not contain semicolon (;) as it conflicts with connection string delimiter. Only required if you enable RBAC or select Azure-SQL as registry backend" + } + }, + "registryBackend": { + "defaultValue": "Azure-SQL", + "allowedValues": [ + "Azure-SQL", + "Azure-Purview" + ], + "type": "String", + "metadata": { + "description": "Backend for registry metadata storage. Current supported registry backends are Azure SQL and Azure Purview." + } + }, + "onlineStore": { + "defaultValue": "Azure-Redis", + "allowedValues": [ + "Azure-Redis", + "Azure-CosmosDB" + ], + "type": "String", + "metadata": { + "description": "Current supported online stores are Azure Redis and Azure Cosmos DB. If you select Azure Cosmos DB, follow instructions here to configure - https://feathr-ai.github.io/feathr/how-to-guides/jdbc-cosmos-notes.html#using-cosmosdb-as-the-online-store" + } + }, + "enableRBAC": { + "defaultValue": "Yes", + "allowedValues": [ + "Yes", + "No" + ], + "type": "String", + "metadata": { + "description": "Flag to enable RBAC as part of deployment script" + } + }, + "azureADClientId": { + "type": "String", + "metadata": { + "description": "Client Id of the Azure Active Directory (AAD) app provisioned for UI app authentication in the prior step." + } + }, + "azureADTenantId": { + "type": "String", + "metadata": { + "description": "Tenant Id of the Azure Active Directory (AAD) app provisioned for UI app authentication in the prior step." + } + } + }, + "variables": { + "location": "[resourceGroup().location]", + "tenantId": "[subscription().tenantId]", + "redisCacheName": "[concat(parameters('resourcePrefix'),'redis' )]", + "keyVaultName": "[concat(parameters('resourcePrefix'),'kv')]", + "eventhubNameSpaceName": "[concat(parameters('resourcePrefix'),'ehns')]", + "eventhubName": "[concat(parameters('resourcePrefix'),'eh')]", + "eventhubSku": "Standard", + "eventhubSkuCapacity": 1, + "keyVault": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]", + "redisCache": "[resourceId('Microsoft.Cache/redis', variables('redisCacheName'))]", + "eventhubNameSpace": "[resourceId('Microsoft.EventHub/namespaces/', variables('eventhubNameSpaceName'))]", + "sparkPoolName": "spark31", + "workspaceName": "[toLower(concat(parameters('resourcePrefix'),'syws'))]", + "dlsName": "[toLower(concat(parameters('resourcePrefix'), 'dls'))]", + "dlsFsName": "[toLower(concat(parameters('resourcePrefix'),'fs'))]", + "dlsAccount": "[resourceId('Microsoft.Storage/storageAccounts', variables('dlsName'))]", + "purviewName": "[concat(parameters('resourcePrefix'),'purview' )]", + "identityName": "[concat(parameters('resourcePrefix'),'identity' )]", + "roleDefinitionIdForKeyVaultSecretsUser": "4633458b-17de-408a-b874-0445c86b69e6", + "roleAssignmentNameForKeyVaultSecretsUser": "[guid(variables('roleDefinitionIdForKeyVaultSecretsUser'), resourceGroup().id)]", + "webAppName": "[concat(parameters('resourcePrefix'),'webapp' )]", + "webAppPlanName": "[concat(parameters('resourcePrefix'),'appplan' )]", + "webAppPlanSku": "P1v2", + "webAppAPIVersion": "2021-03-01", + "sqlServerName": "[concat(parameters('resourcePrefix'),'dbserver' )]", + "sqlDatabaseName": "[concat(parameters('resourcePrefix'),'db' )]", + "sourceBacpacBlobUrl": "https://azurefeathrstorage.blob.core.windows.net/public/feathr-registry-rbac-schema.bacpac", + "bacpacBlobName": "feathr-registry-schema.bacpac", + "destinationBacpacBlobUrl": "[concat('https://',variables('dlsName'),'.blob.core.windows.net/',variables('dlsFsName'),'/',variables('bacpacBlobName'))]", + "bacpacDeploymentScriptName": "CopyBacpacFile", + "bacpacDbExtensionName": "registryRbacDbImport", + "preBuiltdockerImage": "feathrfeaturestore/feathr-registry:releases-v0.9.0", + "cosmosDBAccountName": "[concat(parameters('resourcePrefix'),'cosmosacct' )]", + "cosmosDBDatabaseName": "[concat(parameters('resourcePrefix'),'cosmosdb' )]", + "cosmosDBContainerName": "[concat(parameters('resourcePrefix'),'cosmoscontainer' )]" + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-10-01", + "name": "[variables('keyVaultName')]", + "location": "[variables('location')]", + "properties": { + "tenantId": "[variables('tenantId')]", + "sku": { + "name": "standard", + "family": "A" + }, + "accessPolicies": [], + "enableSoftDelete": true, + "enableRbacAuthorization": true }, - "provisionEventHub": { - "defaultValue": "true", - "allowedValues": [ - "true", - "false" - ], - "type": "String", - "metadata": { - "description": "Whether or not to provision EventHub as part of deployment script" + "resources": [ + { + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-10-01", + "name": "[concat(variables('keyVaultName'), '/FEATHR-PREFIX')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('keyVault')]" + ], + "properties": { + "value": "[parameters('resourcePrefix')]" + } } + ] + }, + { + "condition": "[equals(parameters('onlineStore'),'Azure-Redis')]", + "type": "Microsoft.Cache/redis", + "apiVersion": "2021-06-01", + "name": "[variables('redisCacheName')]", + "location": "[resourceGroup().location]", + "tags": { + "displayName": "Feathr Online Store" }, - "sqlAdminUsername": { - "type": "String", - "metadata": { - "description": "Specify the username for SQL Database admin" + "properties": { + "redisVersion": "6", + "sku": { + "name": "Basic", + "family": "C", + "capacity": 2 } + } + }, + { + "condition": "[equals(parameters('onlineStore'),'Azure-Redis')]", + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-11-01-preview", + "name": "[concat(variables('keyVaultName'), '/FEATHR-ONLINE-STORE-CONN')]", + "location": "[resourceGroup().location]", + + "dependsOn": [ + "[variables('keyVault')]", + "[if(equals(parameters('onlineStore'),'Azure-Redis'),variables('redisCache'),variables('keyVault'))]" + ], + "properties": { + "value": "[if(equals(parameters('onlineStore'),'Azure-Redis'),concat(variables('redisCacheName'),'.redis.cache.windows.net:6380,password=', listKeys(concat('Microsoft.Cache/redis/', variables('redisCacheName')), '2021-06-01').primaryKey, ',ssl=True'),'')]" + } + + }, + { + "condition": "[equals(parameters('onlineStore'),'Azure-Redis')]", + + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-10-01", + "name": "[concat(variables('keyVaultName'), '/REDIS-PASSWORD')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('keyVault')]", + "[if(equals(parameters('onlineStore'),'Azure-Redis'),variables('redisCache'),variables('keyVault'))]" + + ], + "properties": { + "value": "[if(equals(parameters('onlineStore'),'Azure-Redis'),listKeys(concat('Microsoft.Cache/redis/', variables('redisCacheName')), '2021-06-01').primaryKey,'')]" + } + + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2021-08-01", + "name": "[variables('dlsName')]", + "location": "[variables('location')]", + "sku": { + "name": "Standard_LRS", + "tier": "Standard" }, - "sqlAdminPassword": { - "type": "SecureString", - "metadata": { - "description": "Specify the password for SQL Database admin. Please note that the password can not contain semicolon (;) as it conflicts with connection string delimiter" - } + "kind": "StorageV2", + "properties": { + "accessTier": "Hot", + "supportsHttpsTrafficOnly": true, + "isHnsEnabled": true }, - "registryBackend": { - "defaultValue": "Azure-SQL", - "allowedValues": [ - "Azure-SQL", - "Azure-Purview" - ], - "type": "String", - "metadata": { - "description": "Backend for registry metadata storage. Current supported registry backends are Azure SQL and Azure Purview" + "resources": [ + { + "type": "blobServices/containers", + "apiVersion": "2021-08-01", + "name": "[concat('default/', variables('dlsFsName'))]", + "dependsOn": [ + "[variables('dlsName')]" + ], + "properties": { + "publicAccess": "None" + } } + ] + }, + { + "type": "Microsoft.Purview/accounts", + "apiVersion": "2021-07-01", + "name": "[variables('purviewName')]", + "location": "[variables('location')]", + "sku": { + "name": "Standard", + "capacity": 1 }, - "enableRBAC": { - "defaultValue": "Yes", - "allowedValues": [ - "Yes", - "No" - ], - "type": "String", - "metadata": { - "description": "Whether or not to enable RBAC as part of deployment script" - } + "identity": { + "type": "SystemAssigned" }, - "azureADClientId": { - "type": "String", - "metadata": { - "description": "Client Id of the Azure Active Directory (AAD) app provisioned for UI app authentication in the prior step." - } + "properties": { + "cloudConnectors": {}, + "publicNetworkAccess": "Enabled" }, - "azureADTenantId": { - "type": "String", - "metadata": { - "description": "Tenant Id of the Azure Active Directory (AAD) app provisioned for UI app authentication in the prior step." - } - } - }, - "variables": { - "location": "[resourceGroup().location]", - "tenantId": "[subscription().tenantId]", - "redisCacheName": "[concat(parameters('resourcePrefix'),'redis' )]", - "keyVaultName": "[concat(parameters('resourcePrefix'),'kv')]", - "eventhubNameSpaceName": "[concat(parameters('resourcePrefix'),'ehns')]", - "eventhubName": "[concat(parameters('resourcePrefix'),'eh')]", - "eventhubSku": "Standard", - "eventhubSkuCapacity": 1, - "keyVault": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]", - "redisCache": "[resourceId('Microsoft.Cache/redis', variables('redisCacheName'))]", - "eventhubNameSpace": "[resourceId('Microsoft.EventHub/namespaces/', variables('eventhubNameSpaceName'))]", - "sparkPoolName": "spark31", - "workspaceName": "[toLower(concat(parameters('resourcePrefix'),'syws'))]", - "dlsName": "[toLower(concat(parameters('resourcePrefix'), 'dls'))]", - "dlsFsName": "[toLower(concat(parameters('resourcePrefix'),'fs'))]", - "dlsAccount": "[resourceId('Microsoft.Storage/storageAccounts', variables('dlsName'))]", - "purviewName": "[concat(parameters('resourcePrefix'),'purview' )]", - "identityName": "[concat(parameters('resourcePrefix'),'identity' )]", - "roleDefinitionIdForKeyVaultSecretsUser": "4633458b-17de-408a-b874-0445c86b69e6", - "roleAssignmentNameForKeyVaultSecretsUser": "[guid(variables('roleDefinitionIdForKeyVaultSecretsUser'), resourceGroup().id)]", - "webAppName": "[concat(parameters('resourcePrefix'),'webapp' )]", - "webAppPlanName": "[concat(parameters('resourcePrefix'),'appplan' )]", - "webAppPlanSku": "P1v2", - "webAppAPIVersion": "2021-03-01", - "sqlServerName": "[concat(parameters('resourcePrefix'),'dbserver' )]", - "sqlDatabaseName": "[concat(parameters('resourcePrefix'),'db' )]", - "sourceBacpacBlobUrl": "https://azurefeathrstorage.blob.core.windows.net/public/feathr-registry-rbac-schema.bacpac", - "bacpacBlobName": "feathr-registry-schema.bacpac", - "destinationBacpacBlobUrl": "[concat('https://',variables('dlsName'),'.blob.core.windows.net/',variables('dlsFsName'),'/',variables('bacpacBlobName'))]", - "bacpacDeploymentScriptName": "CopyBacpacFile", - "bacpacDbExtensionName": "registryRbacDbImport", - "preBuiltdockerImage": "feathrfeaturestore/feathr-registry:releases-v0.9.0" + "condition": "[equals(parameters('registryBackend'),'Azure-Purview')]" }, - "functions": [], - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-10-01", - "name": "[variables('keyVaultName')]", - "location": "[variables('location')]", - "properties": { - "tenantId": "[variables('tenantId')]", - "sku": { - "name": "standard", - "family": "A" - }, - "accessPolicies": [], - "enableSoftDelete": true, - "enableRbacAuthorization": true - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2021-10-01", - "name": "[concat(variables('keyVaultName'), '/FEATHR-PREFIX')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[variables('keyVault')]" - ], - "properties": { - "value": "[parameters('resourcePrefix')]" - } - } - ] + { + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2021-11-01", + "name": "[variables('eventhubNameSpaceName')]", + "location": "[variables('location')]", + "sku": { + "name": "[variables('eventhubSku')]", + "tier": "[variables('eventhubSku')]", + "capacity": "[variables('eventhubSkuCapacity')]" }, - { - "type": "Microsoft.Cache/redis", - "apiVersion": "2021-06-01", - "name": "[variables('redisCacheName')]", - "location": "[resourceGroup().location]", - "tags": { - "displayName": "Feathr Online Store" - }, - "properties": { - "redisVersion": "6", - "sku": { - "name": "Basic", - "family": "C", - "capacity": 2 - } + "properties": {}, + "condition": "[equals(parameters('supportStreamingSource'),'Yes')]", + "resources": [ + { + "type": "eventhubs", + "apiVersion": "2021-11-01", + "name": "[variables('eventhubName')]", + "dependsOn": [ + "[variables('eventhubNameSpace')]" + ], + "properties": {}, + "condition": "[equals(parameters('supportStreamingSource'),'Yes')]" }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2021-10-01", - "name": "[concat(variables('keyVaultName'), '/FEATHR-ONLINE-STORE-CONN')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[variables('keyVault')]", - "[variables('redisCache')]" - ], - "properties": { - "value": "[concat(variables('redisCacheName'),'.redis.cache.windows.net:6380,password=', listKeys(concat('Microsoft.Cache/redis/', variables('redisCacheName')), '2021-06-01').primaryKey, ',ssl=True')]" - } + { + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2021-10-01", + "name": "[concat(variables('keyVaultName'), '/EVENTHUB-POLICY-KEY')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[variables('keyVault')]", + "[variables('eventhubNameSpace')]" + ], + "properties": { + "value": "[if(equals(parameters('supportStreamingSource'),'Yes'),listKeys(resourceId('Microsoft.EventHub/namespaces/AuthorizationRules',variables('eventhubNameSpaceName'),'RootManageSharedAccessKey'),'2021-11-01').primaryConnectionString,'null' )]" }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2021-10-01", - "name": "[concat(variables('keyVaultName'), '/REDIS-PASSWORD')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[variables('keyVault')]", - "[variables('redisCache')]" - ], - "properties": { - "value": "[listKeys(concat('Microsoft.Cache/redis/', variables('redisCacheName')), '2021-06-01').primaryKey]" - } - } - ] - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2021-08-01", - "name": "[variables('dlsName')]", - "location": "[variables('location')]", - "sku": { - "name": "Standard_LRS", - "tier": "Standard" - }, - "kind": "StorageV2", - "properties": { - "accessTier": "Hot", - "supportsHttpsTrafficOnly": true, - "isHnsEnabled": true - }, - "resources": [ - { - "type": "blobServices/containers", - "apiVersion": "2021-08-01", - "name": "[concat('default/', variables('dlsFsName'))]", - "dependsOn": [ - "[variables('dlsName')]" - ], - "properties": { - "publicAccess": "None" - } - } - ] + "condition": "[equals(parameters('supportStreamingSource'),'Yes')]" + } + ] + }, + { + "type": "Microsoft.Synapse/workspaces", + "apiVersion": "2021-06-01", + "name": "[variables('workspaceName')]", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('dlsName')]", + "[variables('dlsFsName')]" + ], + "identity": { + "type": "SystemAssigned" }, - { - "type": "Microsoft.Purview/accounts", - "apiVersion": "2021-07-01", - "name": "[variables('purviewName')]", - "location": "[variables('location')]", - "sku": { - "name": "Standard", - "capacity": 1 - }, - "identity": { - "type": "SystemAssigned" + "properties": { + "defaultDataLakeStorage": { + "accountUrl": "[reference(variables('dlsName')).primaryEndpoints.dfs]", + "filesystem": "[variables('dlsFsName')]" }, - "properties": { - "cloudConnectors": {}, - "publicNetworkAccess": "Enabled" - }, - "condition": "[equals(parameters('provisionPurview'),'true')]" + "managedVirtualNetwork": "default" }, - { - "type": "Microsoft.EventHub/namespaces", - "apiVersion": "2021-11-01", - "name": "[variables('eventhubNameSpaceName')]", - "location": "[variables('location')]", - "sku": { - "name": "[variables('eventhubSku')]", - "tier": "[variables('eventhubSku')]", - "capacity": "[variables('eventhubSkuCapacity')]" - }, - "properties": {}, - "resources": [ - { - "type": "eventhubs", - "apiVersion": "2021-11-01", - "name": "[variables('eventhubName')]", - "dependsOn": [ - "[variables('eventhubNameSpace')]" - ], - "properties": {}, - "condition": "[equals(parameters('provisionEventHub'),'true')]" - }, - { - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2021-10-01", - "name": "[concat(variables('keyVaultName'), '/EVENTHUB-POLICY-KEY')]", - "location": "[resourceGroup().location]", - "dependsOn": [ - "[variables('keyVault')]", - "[variables('eventhubNameSpace')]" - ], - "properties": { - "value": "[if(equals(parameters('provisionEventHub'),'true'),listKeys(resourceId('Microsoft.EventHub/namespaces/AuthorizationRules',variables('eventhubNameSpaceName'),'RootManageSharedAccessKey'),'2021-11-01').primaryConnectionString,'null' )]" - }, - "condition": "[equals(parameters('provisionEventHub'),'true')]" + "resources": [ + { + "type": "firewallrules", + "apiVersion": "2021-06-01", + "name": "allowAll", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('workspaceName')]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "255.255.255.255" } - ], - "condition": "[equals(parameters('provisionEventHub'),'true')]" - }, - { - "type": "Microsoft.Synapse/workspaces", - "apiVersion": "2021-06-01", - "name": "[variables('workspaceName')]", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('dlsName')]", - "[variables('dlsFsName')]" - ], - "identity": { - "type": "SystemAssigned" }, - "properties": { - "defaultDataLakeStorage": { - "accountUrl": "[reference(variables('dlsName')).primaryEndpoints.dfs]", - "filesystem": "[variables('dlsFsName')]" - }, - "managedVirtualNetwork": "default" + { + "type": "firewallrules", + "apiVersion": "2021-06-01", + "name": "AllowAllWindowsAzureIps", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('workspaceName')]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" + } }, - "resources": [ - { - "type": "firewallrules", - "apiVersion": "2021-06-01", - "name": "allowAll", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('workspaceName')]" - ], - "properties": { - "startIpAddress": "0.0.0.0", - "endIpAddress": "255.255.255.255" - } - }, - { - "type": "firewallrules", - "apiVersion": "2021-06-01", - "name": "AllowAllWindowsAzureIps", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('workspaceName')]" - ], - "properties": { - "startIpAddress": "0.0.0.0", - "endIpAddress": "0.0.0.0" - } - }, - { - "type": "managedIdentitySqlControlSettings", - "apiVersion": "2021-06-01", - "name": "default", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('workspaceName')]" - ], - "properties": { - "grantSqlControlToManagedIdentity": { - "desiredState": "Enabled" - } + { + "type": "managedIdentitySqlControlSettings", + "apiVersion": "2021-06-01", + "name": "default", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('workspaceName')]" + ], + "properties": { + "grantSqlControlToManagedIdentity": { + "desiredState": "Enabled" } } - ] + } + ] + }, + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "[variables('webAppAPIVersion')]", + "name": "[variables('webAppPlanName')]", + "location": "[variables('location')]", + "sku": { + "name": "[variables('webAppPlanSku')]" }, - { - "type": "Microsoft.Web/serverfarms", - "apiVersion": "[variables('webAppAPIVersion')]", - "name": "[variables('webAppPlanName')]", - "location": "[variables('location')]", - "sku": { - "name": "[variables('webAppPlanSku')]" - }, - "kind": "linux", - "properties": { - "reserved": true + "kind": "linux", + "properties": { + "reserved": true + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "[variables('webAppAPIVersion')]", + "name": "[variables('webAppName')]", + "location": "[variables('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', variables('webAppPlanName'))]", + "[if(or (equals(parameters('enableRBAC'),'Yes'), equals(parameters('registryBackend'),'Azure-SQL')),resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName')),resourceId('Microsoft.Web/serverfarms', variables('webAppPlanName')))]", + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]" + ], + "kind": "app,linux,container", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {} } }, - { - "type": "Microsoft.Web/sites", - "apiVersion": "[variables('webAppAPIVersion')]", + "properties": { "name": "[variables('webAppName')]", - "location": "[variables('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Web/serverfarms', variables('webAppPlanName'))]", - "[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]", - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]" - ], - "kind": "app,linux,container", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {} - } - }, - "properties": { - "name": "[variables('webAppName')]", - "httpsOnly": "true", - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webAppPlanName'))]", - "siteConfig": { - "linuxFxVersion": "[concat('DOCKER|', variables('preBuiltdockerImage'))]", - "alwaysOn": true, - "ftpsState": "Disabled", - "appSettings": [ - { - "name": "DOCKER_REGISTRY_SERVER_URL", - "value": "https://index.docker.io/v1" - }, - { - "name": "REACT_APP_AZURE_CLIENT_ID", - "value": "[parameters('azureADClientId')]" - }, - { - "name": "REACT_APP_AZURE_TENANT_ID", - "value": "[parameters('azureADTenantId')]" - }, - { - "name": "API_BASE", - "value": "api/v1" - }, - { - "name": "CONNECTION_STR", - "value": "[concat('Server=tcp:',reference(variables('sqlServerName')).fullyQualifiedDomainName,',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;User ID=',reference(variables('sqlserverName')).administratorLogin,';Password=',parameters('sqlAdminPassword'),';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]" - }, - { - "name": "REACT_APP_ENABLE_RBAC", - "value": "[if(equals(parameters('enableRBAC'),'Yes'),json('true'),json('null'))]" - }, - { - "name": "PURVIEW_NAME", - "value": "[if(equals(parameters('registryBackend'),'Azure-Purview'),variables('purviewName'),json('null'))]" - }, - { + "httpsOnly": "true", + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webAppPlanName'))]", + "siteConfig": { + "linuxFxVersion": "[concat('DOCKER|', variables('preBuiltdockerImage'))]", + "alwaysOn": true, + "ftpsState": "Disabled", + "appSettings": [ + { + "name": "DOCKER_REGISTRY_SERVER_URL", + "value": "https://index.docker.io/v1" + }, + { + "name": "REACT_APP_AZURE_CLIENT_ID", + "value": "[parameters('azureADClientId')]" + }, + { + "name": "REACT_APP_AZURE_TENANT_ID", + "value": "[parameters('azureADTenantId')]" + }, + { + "name": "API_BASE", + "value": "api/v1" + }, + { + "name": "CONNECTION_STR", + "value": "[if(or (equals (parameters('enableRBAC'),'Yes'), equals(parameters('registryBackend'),'Azure-SQL')),concat('Server=tcp:',reference(variables('sqlServerName')).fullyQualifiedDomainName,',1433;Initial Catalog=',variables('sqlDatabaseName'),';Persist Security Info=False;User ID=',reference(variables('sqlserverName')).administratorLogin,';Password=',parameters('sqlAdminPassword'),';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;'), '')]" + }, + { + "name": "REACT_APP_ENABLE_RBAC", + "value": "[if(equals(parameters('enableRBAC'),'Yes'),json('true'),json('null'))]" + }, + { + "name": "PURVIEW_NAME", + "value": "[if(equals(parameters('registryBackend'),'Azure-Purview'),variables('purviewName'),json('null'))]" + }, + { "name": "AZURE_CLIENT_ID", "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName')), '2018-11-30','Full').properties.clientId]" - }, - { + }, + { "name": "DOCKER_ENABLE_CI", "value": "true" } - ] - } + ] } + } + }, + { + "type": "Microsoft.Synapse/workspaces/bigDataPools", + "apiVersion": "2021-06-01", + "name": "[concat(variables('workspaceName'), '/', variables('sparkPoolName'))]", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('workspaceName')]" + ], + "properties": { + "autoPause": { + "delayInMinutes": 30, + "enabled": true + }, + "autoScale": { + "enabled": true, + "minNodeCount": 3, + "maxNodeCount": 5 + }, + "sparkVersion": "3.1", + "nodeCount": 3, + "nodeSizeFamily": "MemoryOptimized", + "nodeSize": "Medium" + } + }, + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[variables('identityName')]", + "location": "[variables('location')]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-10-01-preview", + "name": "[variables('roleAssignmentNameForKeyVaultSecretsUser')]", + "dependsOn": [ + "[variables('keyVault')]", + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]" + + ], + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionIdForKeyVaultSecretsUser'))]", + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName')), '2018-11-30').principalId]", + "scope": "[resourceGroup().id]", + "principalType": "ServicePrincipal" + + } + }, + { + "type": "Microsoft.Sql/servers", + "apiVersion": "2021-11-01-preview", + "name": "[variables('sqlServerName')]", + "location": "[variables('location')]", + "properties": { + "administratorLogin": "[parameters('sqlAdminUsername')]", + "administratorLoginPassword": "[parameters('sqlAdminPassword')]", + "version": "12.0" }, - { - "type": "Microsoft.Synapse/workspaces/bigDataPools", - "apiVersion": "2021-06-01", - "name": "[concat(variables('workspaceName'), '/', variables('sparkPoolName'))]", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('workspaceName')]" - ], - "properties": { - "autoPause": { - "delayInMinutes": 30, - "enabled": true + "condition": "[or(equals(parameters('registryBackend'),'Azure-SQL'),equals(parameters('enableRBAC'), 'Yes'))]", + "resources": [ + { + "type": "firewallrules", + "apiVersion": "2021-11-01-preview", + "name": "AllowAllAzureIps", + "location": "[variables('location')]", + "dependsOn": [ + "[variables('sqlServerName')]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" }, - "autoScale": { - "enabled": true, - "minNodeCount": 3, - "maxNodeCount": 5 - }, - "sparkVersion": "3.1", - "nodeCount": 3, - "nodeSizeFamily": "MemoryOptimized", - "nodeSize": "Medium" + "condition": "[or(equals(parameters('registryBackend'),'Azure-SQL'),equals(parameters('enableRBAC'), 'Yes'))]" + } + ] + }, + { + "type": "Microsoft.Resources/deploymentScripts", + "apiVersion": "2020-10-01", + "name": "[variables('bacpacDeploymentScriptName')]", + "location": "[variables('location')]", + "kind": "AzureCLI", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {} } }, - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[variables('identityName')]", - "location": "[variables('location')]" - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-10-01-preview", - "name": "[variables('roleAssignmentNameForKeyVaultSecretsUser')]", - "dependsOn": [ - "[variables('keyVault')]", - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]" - - ], - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionIdForKeyVaultSecretsUser'))]", - "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName')), '2018-11-30').principalId]", - "scope": "[resourceGroup().id]", - "principalType": "ServicePrincipal" + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]", + "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('dlsName'), 'default', variables('dlsFsName'))]" + ], + "properties": { + "AzCliVersion": "2.2.0", + "timeout": "PT30M", + "arguments": "[concat(listKeys(variables('dlsAccount'),'2019-04-01').keys[0].value, ' ',variables('dlsName'), ' ', variables('bacpacBlobName'), ' ', variables('dlsFsName'),' ' ,variables('sourceBacpacBlobUrl'))]", + "scriptContent": "az storage blob copy start --account-key $1 --account-name $2 --destination-blob $3 --destination-container $4 --source-uri $5", + "cleanupPreference": "OnSuccess", + "retentionInterval": "P1D" + } + }, + { + "condition": "[or(equals(parameters('registryBackend'),'Azure-SQL'),equals(parameters('enableRBAC'), 'Yes'))]", + "type": "Microsoft.Sql/servers/databases", + "apiVersion": "2021-11-01-preview", + "name": "[concat(string(variables('sqlServerName')), '/', string(variables('sqlDatabaseName')))]", + "location": "[variables('location')]", + "dependsOn": [ + "[concat('Microsoft.Sql/servers/', variables('sqlServerName'))]" + ], + "resources": [ + { + "type": "extensions", + "apiVersion": "2021-11-01-preview", + "name": "[variables('bacpacDbExtensionName')]", + "dependsOn": [ + "[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]", + "[resourceId('Microsoft.Resources/deploymentScripts', variables('bacpacDeploymentScriptName'))]" + ], + "properties": { + "storageKeyType": "StorageAccessKey", + "storageKey": "[listKeys(variables('dlsAccount'),'2019-04-01').keys[0].value]", + "storageUri": "[variables('destinationBacpacBlobUrl')]", + "administratorLogin": "[parameters('sqlAdminUsername')]", + "administratorLoginPassword": "[parameters('sqlAdminPassword')]", + "operationMode": "Import" + } } - }, - { - "type": "Microsoft.Sql/servers", - "apiVersion": "2021-11-01-preview", - "name": "[variables('sqlServerName')]", - "location": "[variables('location')]", - "properties": { - "administratorLogin": "[parameters('sqlAdminUsername')]", - "administratorLoginPassword": "[parameters('sqlAdminPassword')]", - "version": "12.0" + ] + }, + { + "type": "Microsoft.DocumentDB/databaseAccounts", + "apiVersion": "2022-05-15", + "name": "[variables('cosmosDBAccountName')]", + "location": "[variables('location')]", + "kind": "GlobalDocumentDB", + "properties": { + "consistencyPolicy": { + "defaultConsistencyLevel": "Session", + "maxIntervalInSeconds": 5, + "maxStalenessPrefix": 100 }, - "resources": [ + "locations": [ { - "type": "firewallrules", - "apiVersion": "2021-11-01-preview", - "name": "AllowAllAzureIps", - "location": "[variables('location')]", - "dependsOn": [ - "[variables('sqlServerName')]" - ], - "properties": { - "startIpAddress": "0.0.0.0", - "endIpAddress": "0.0.0.0" - } + "locationName": "[variables('location')]", + "failoverPriority": 0, + "isZoneRedundant": false } - ] - }, - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[variables('bacpacDeploymentScriptName')]", - "location": "[variables('location')]", - "kind": "AzureCLI", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]": {} - } - }, - "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('identityName'))]", - "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', variables('dlsName'), 'default', variables('dlsFsName'))]" ], - "properties": { - "AzCliVersion": "2.2.0", - "timeout": "PT30M", - "arguments": "[concat(listKeys(variables('dlsAccount'),'2019-04-01').keys[0].value, ' ',variables('dlsName'), ' ', variables('bacpacBlobName'), ' ', variables('dlsFsName'),' ' ,variables('sourceBacpacBlobUrl'))]", - "scriptContent": "az storage blob copy start --account-key $1 --account-name $2 --destination-blob $3 --destination-container $4 --source-uri $5", - "cleanupPreference": "OnSuccess", - "retentionInterval": "P1D" + "databaseAccountOfferType": "Standard", + "enableAutomaticFailover": false + }, + "condition": "[equals(parameters('onlineStore'),'Azure-CosmosDB')]" + + }, + { + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases", + "apiVersion": "2022-05-15", + "name": "[format('{0}/{1}', variables('cosmosDBAccountName'), variables('cosmosDBDatabaseName'))]", + "properties": { + "resource": { + "id": "[variables('cosmosDBDatabaseName')]" } }, - { - "type": "Microsoft.Sql/servers/databases", - "apiVersion": "2021-11-01-preview", - "name": "[concat(string(variables('sqlServerName')), '/', string(variables('sqlDatabaseName')))]", - "location": "[variables('location')]", - "dependsOn": [ - "[concat('Microsoft.Sql/servers/', variables('sqlServerName'))]" - ], - "resources": [ - { - "type": "extensions", - "apiVersion": "2021-11-01-preview", - "name": "[variables('bacpacDbExtensionName')]", - "dependsOn": [ - "[resourceId('Microsoft.Sql/servers/databases', variables('sqlServerName'), variables('sqlDatabaseName'))]", - "[resourceId('Microsoft.Resources/deploymentScripts', variables('bacpacDeploymentScriptName'))]" + "dependsOn": [ + "[resourceId('Microsoft.DocumentDB/databaseAccounts', variables('cosmosDBAccountName'))]" + ], + "condition": "[equals(parameters('onlineStore'),'Azure-CosmosDB')]" + }, + { + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers", + "apiVersion": "2022-08-15", + "name": "[format('{0}/{1}/{2}',variables('cosmosDBAccountName'), variables('cosmosDBDatabaseName'), variables('cosmosDBContainerName'))]", + "properties": { + "resource": { + "id": "[variables('cosmosDBContainerName')]", + "partitionKey": { + "paths": [ + "/id" ], - "properties": { - "storageKeyType": "StorageAccessKey", - "storageKey": "[listKeys(variables('dlsAccount'),'2019-04-01').keys[0].value]", - "storageUri": "[variables('destinationBacpacBlobUrl')]", - "administratorLogin": "[parameters('sqlAdminUsername')]", - "administratorLoginPassword": "[parameters('sqlAdminPassword')]", - "operationMode": "Import" - } + "kind": "Hash" + }, + "indexingPolicy": { + "indexingMode": "consistent", + "includedPaths": [ + { + "path": "/*" + } + ], + "excludedPaths": [ + { + "path": "/\"_etag\"/?" + } + ] + }, + "uniqueKeyPolicy": { + "uniqueKeys": [ + ] } - ] - } - ], - "outputs": {} - } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases', split(format('{0}/{1}', toLower(variables('cosmosDBAccountName')), variables('cosmosDBDatabaseName')), '/')[0], split(format('{0}/{1}', variables('cosmosDBAccountName'), variables('cosmosDBDatabaseName')), '/')[1])]" + ], + "condition": "[equals(parameters('onlineStore'),'Azure-CosmosDB')]" + + } + ], + "outputs": {} +}