Skip to content

Commit 46aa59b

Browse files
DongbumleeDongbumlee
committed
update bicep with adding role assignments
1 parent 6142072 commit 46aa59b

1 file changed

Lines changed: 41 additions & 12 deletions

File tree

infra/main.bicep

Lines changed: 41 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,7 @@ module avmManagedIdentity './modules/managed-identity.bicep' = {
107107

108108
// Assign Owner role to the managed identity in the resource group
109109
module avmRoleAssignment 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
110-
name: format(deployment_param.resource_name_format_string, 'role-assignment-owner')
110+
name: format(deployment_param.resource_name_format_string, 'rbac-owner')
111111
params: {
112112
resourceId: avmManagedIdentity.outputs.resourceId
113113
principalId: avmManagedIdentity.outputs.principalId
@@ -176,7 +176,7 @@ module avmKeyVault './modules/key-vault.bicep' = {
176176
}
177177

178178
module avmKeyVault_RoleAssignment_appConfig 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
179-
name: format(deployment_param.resource_name_format_string, 'role-assignment-keyvault-app-config')
179+
name: format(deployment_param.resource_name_format_string, 'rbac-keyvault-app-config')
180180
params: {
181181
resourceId: avmKeyVault.outputs.resourceId
182182
principalId: avmAppConfig.outputs.systemAssignedMIPrincipalId
@@ -283,7 +283,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
283283
}
284284

285285
module avmStorageAccount_RoleAssignment_avmContainerApp_blob 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
286-
name: format(deployment_param.resource_name_format_string, 'role-assignment-storage-data-contributor-container-app')
286+
name: format(deployment_param.resource_name_format_string, 'rbac-storage-data-contributor-container-app')
287287
params: {
288288
resourceId: avmStorageAccount.outputs.resourceId
289289
principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId
@@ -293,8 +293,19 @@ module avmStorageAccount_RoleAssignment_avmContainerApp_blob 'br/public:avm/ptn/
293293
}
294294
}
295295

296+
module avmStorageAccount_RoleAssignment_avmContainerApp_API_blob 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
297+
name: format(deployment_param.resource_name_format_string, 'rbac-storage-data-contributor-container-api')
298+
params: {
299+
resourceId: avmStorageAccount.outputs.resourceId
300+
principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId
301+
roleName: 'Storage Blob Data Contributor'
302+
roleDefinitionId: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //'Storage Blob Data Contributor'
303+
principalType: 'ServicePrincipal'
304+
}
305+
}
306+
296307
module avmStorageAccount_RoleAssignment_avmContainerApp_queue 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
297-
name: format(deployment_param.resource_name_format_string, 'role-assignment-storage-contributor-container-app-queue')
308+
name: format(deployment_param.resource_name_format_string, 'rbac-storage-contributor-container-app-queue')
298309
params: {
299310
resourceId: avmStorageAccount.outputs.resourceId
300311
principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId
@@ -304,6 +315,17 @@ module avmStorageAccount_RoleAssignment_avmContainerApp_queue 'br/public:avm/ptn
304315
}
305316
}
306317

318+
module avmStorageAccount_RoleAssignment_avmContainerApp_API_queue 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
319+
name: format(deployment_param.resource_name_format_string, 'rbac-storage-data-contributor-container-api-queue')
320+
params: {
321+
resourceId: avmStorageAccount.outputs.resourceId
322+
principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId
323+
roleName: 'Storage Queue Data Contributor'
324+
roleDefinitionId: '974c5e8b-45b9-4653-ba55-5f855dd0fb88' //'Storage Queue Data Contributor'
325+
principalType: 'ServicePrincipal'
326+
}
327+
}
328+
307329
// module storage 'deploy_storage_account.bicep' = {
308330
// name: 'deploy_storage_account'
309331
// params: {
@@ -369,7 +391,7 @@ module avmAiServices 'br/public:avm/res/cognitive-services/account:0.10.2' = {
369391

370392
// Role Assignment
371393
module avmAiServices_roleAssignment 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
372-
name: format(deployment_param.resource_name_format_string, 'role-assignment-ai-services')
394+
name: format(deployment_param.resource_name_format_string, 'rbac-ai-services')
373395
params: {
374396
resourceId: avmAiServices.outputs.resourceId
375397
principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId
@@ -404,7 +426,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.10.2' =
404426
}
405427

406428
module avmAiServices_cu_roleAssignment 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
407-
name: format(deployment_param.resource_name_format_string, 'role-assignment-ai-services-cu')
429+
name: format(deployment_param.resource_name_format_string, 'rbac-ai-services-cu')
408430
params: {
409431
resourceId: avmAiServices_cu.outputs.resourceId
410432
principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId
@@ -627,7 +649,7 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.16.0' = {
627649
containers: [
628650
{
629651
name: '${abbrs.containers.containerApp}${deployment_param.solution_prefix}'
630-
image: '${deployment_param.public_container_image_endpoint}/contentprocessor:latest'
652+
image: '${deployment_param.public_container_image_endpoint}/contentprocessor:dblee'
631653

632654
resources: {
633655
cpu: '4'
@@ -663,7 +685,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.16.0' = {
663685
{
664686
server: deployment_param.public_container_image_endpoint
665687
image: 'contentprocessorapi'
666-
imageTag: 'latest'
688+
imageTag: 'dblee'
667689
}
668690
]
669691
: null
@@ -678,7 +700,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.16.0' = {
678700
containers: [
679701
{
680702
name: '${abbrs.containers.containerApp}${deployment_param.solution_prefix}-api'
681-
image: '${deployment_param.public_container_image_endpoint}/contentprocessorapi:latest'
703+
image: '${deployment_param.public_container_image_endpoint}/contentprocessorapi:dblee'
682704
resources: {
683705
cpu: '4'
684706
memory: '8.0Gi'
@@ -743,6 +765,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.16.0' = {
743765
]
744766
}
745767
ingressExternal: true
768+
activeRevisionsMode: 'Single'
746769
ingressTransport: 'auto'
747770
ingressAllowInsecure: true
748771
corsPolicy: {
@@ -894,6 +917,12 @@ module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = {
894917
maxIntervalInSeconds: 5
895918
maxStalenessPrefix: 100
896919
zoneRedundant: false
920+
921+
networkRestrictions: {
922+
publicNetworkAccess: 'Enabled'
923+
ipRules: []
924+
virtualNetworkRules: []
925+
}
897926
}
898927
}
899928
// module cosmosdb './deploy_cosmos_db.bicep' = {
@@ -1021,7 +1050,7 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6
10211050
}
10221051

10231052
module avmRoleAssignment_container_app 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
1024-
name: format(deployment_param.resource_name_format_string, 'role-assignment-app-config-data-reader')
1053+
name: format(deployment_param.resource_name_format_string, 'rbac-app-config-data-reader')
10251054
params: {
10261055
resourceId: avmAppConfig.outputs.resourceId
10271056
principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId
@@ -1032,7 +1061,7 @@ module avmRoleAssignment_container_app 'br/public:avm/ptn/authorization/resource
10321061
}
10331062

10341063
module avmRoleAssignment_container_app_api 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
1035-
name: format(deployment_param.resource_name_format_string, 'role-assignment-app-config-data-reader-api')
1064+
name: format(deployment_param.resource_name_format_string, 'rbac-app-config-data-reader-api')
10361065
params: {
10371066
resourceId: avmAppConfig.outputs.resourceId
10381067
principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId
@@ -1042,7 +1071,7 @@ module avmRoleAssignment_container_app_api 'br/public:avm/ptn/authorization/reso
10421071
}
10431072
}
10441073
module avmRoleAssignment_container_app_web 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.2' = {
1045-
name: format(deployment_param.resource_name_format_string, 'role-assignment-app-config-data-reader-web')
1074+
name: format(deployment_param.resource_name_format_string, 'rbac-app-config-data-reader-web')
10461075
params: {
10471076
resourceId: avmAppConfig.outputs.resourceId
10481077
principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId

0 commit comments

Comments
 (0)