forked from glueckkanja/gk-scepman
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathazuredeploy.bicep
194 lines (168 loc) · 7.33 KB
/
azuredeploy.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
@description('Name of the Company or Organization used for the Certificate Subject')
@minLength(2)
param OrgName string
@description('License Key for SCEPman')
param license string = 'trial'
@description('Specifies the name of the Azure Key Vault. The name of a Key Vault must be globally unique and contain only DNS-compatible characters (letters, numbers, and hyphens).')
@minLength(3)
@maxLength(24)
param keyVaultName string = 'kv-scepman-UNIQUENAME'
@description('When generating the SCEPman CA certificate, which kind of key pair shall be created? RSA is a software-protected RSA key; RSA-HSM is HSM-protected.')
@allowed([
'RSA'
'RSA-HSM'
])
param caKeyType string = 'RSA-HSM'
@description('Choose a globally unique name for your storage account. Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only.')
@minLength(3)
@maxLength(24)
param storageAccountName string = 'stscepmanuniquename'
@maxLength(40)
param appServicePlanName string = 'asp-scepman-UNIQUENAME'
@description('Provide the Resource ID of an existing App Service Plan (the long string displayed in the properties tab). Keep default value \'none\' if you want to create a new one.')
param existingAppServicePlanID string = 'none'
@description('Use Linux App Service Plan')
param deployOnLinux bool = false
@description('The SCEPman App Service and part of the default FQDN. Therefore, it must be globally unique and contain only DNS-compatible characters.')
@maxLength(60)
param primaryAppServiceName string = 'app-scepman-UNIQUENAME'
@description('The Log Analytics Workspace with log data. Alphanumerics and hyphens are allowed.')
@minLength(4)
@maxLength(63)
param logAnalyticsWorkspaceName string = 'log-scepman-UNIQUENAME'
@description('The App Service for the component SCEPman Certificate Master. As it is part of the default FQDN, it must be globally unique and contain only DNS-compatible characters.')
@maxLength(60)
param certificateMasterAppServiceName string = 'app-scepman-UNIQUENAME-cm'
@description('Choose \'true\' to deploy SCEPman with a Virtual Network. In this case, you must also provide names for the parameters virtualNetworkName, privateEndpointForTableStorage, and privateEndpointForKeyVaultName.')
param deployPrivateNetwork bool = true
@description('The name of the Virtual Network. This is only applicable if deployPrivateNetwork is chosen.')
@maxLength(80)
param virtualNetworkName string = 'vnet-scepman-UNIQUENAME'
@description('Name of the Private Endpoint for the Key Vault. This is only applicable if deployPrivateNetwork is chosen.')
@minLength(4)
@maxLength(64)
param privateEndpointForKeyVaultName string = 'pep-kv-scepman-UNIQUENAME'
@description('Name of the Private Endpoint for the Azure Table Storage Service. This is only applicable if deployPrivateNetwork is chosen.')
@minLength(4)
@maxLength(64)
param privateEndpointForTableStorage string = 'pep-sts-scepman-UNIQUENAME'
@description('Location for all resources. For a manual deployment, we recommend the default value.')
param location string = resourceGroup().location
@description('Tags to be assigned to all created resources. Use JSON syntax, e.g. if you want to add tags env with value dev and project with value scepman, then write { "env":"dev", "project":"scepman"}.')
param resourceTags object = {}
var artifactsRepositoryUrl = 'https://raw.githubusercontent.com/scepman/install/master/'
var ArtifactsLocationSCEPman = uri(artifactsRepositoryUrl, deployOnLinux ? 'dist/Artifacts-Linux.zip' : 'dist/Artifacts.zip')
var ArtifactsLocationCertMaster = uri(artifactsRepositoryUrl, deployOnLinux ? 'dist-certmaster/CertMaster-Artifacts-Linux.zip' : 'dist-certmaster/CertMaster-Artifacts.zip')
var appServiceNames = [
primaryAppServiceName
certificateMasterAppServiceName
]
module pid_a262352f_52a9_4ed9_a9ba_6a2b2478d19b_partnercenter './empty.bicep' = {
name: 'pid-a262352f-52a9-4ed9-a9ba-6a2b2478d19b-partnercenter'
params: {}
}
module CreateVirtualNetwork 'nestedtemplates/vnet.bicep' = if (deployPrivateNetwork) {
name: 'CreateVirtualNetwork'
params: {
virtualNetworkName: virtualNetworkName
location: location
resourceTags: resourceTags
}
}
@batchSize(1)
module AppService_ConnectionToVirtualNetwork 'nestedtemplates/vnet-to-appservices.bicep' = [
for i in range(0, 2): if (deployPrivateNetwork) {
name: 'AppService-${i}-ConnectionToVirtualNetwork'
params: {
virtualNetworkName: virtualNetworkName
location: location
appServiceName: appServiceNames[i]
}
dependsOn: [
CreateVirtualNetwork
SCEPmanAppServices
]
}
]
module SCEPmanAppServices 'nestedtemplates/appSvcDouble.bicep' = {
name: 'SCEPmanAppServices'
params: {
AppServicePlanName: appServicePlanName
existingAppServicePlanID: existingAppServicePlanID
deployOnLinux: deployOnLinux
appServiceName: primaryAppServiceName
appServiceName2: certificateMasterAppServiceName
location: location
resourceTags: resourceTags
}
}
module AzureMonitor 'nestedtemplates/loganalytics.bicep' = {
name: 'AzureMonitor'
params: {
logAnalyticsAccountName: logAnalyticsWorkspaceName
location: location
resourceTags: resourceTags
}
}
module SCEPmanVault 'nestedtemplates/vault.bicep' = {
name: 'SCEPmanVault'
params: {
keyVaultName: keyVaultName
permittedPrincipalId: SCEPmanAppServices.outputs.scepmanPrincipalID
location: location
resourceTags: resourceTags
virtualNetworkName: virtualNetworkName
privateEndpointName: (deployPrivateNetwork ? privateEndpointForKeyVaultName : 'None')
}
dependsOn: [
CreateVirtualNetwork
AppService_ConnectionToVirtualNetwork
SCEPmanStorageAccount
]
}
module DeploymentSCEPmanConfig 'nestedtemplates/appConfig-scepman.bicep' = {
name: 'DeploymentSCEPmanConfig'
params: {
StorageAccountTableUrl: SCEPmanStorageAccount.outputs.storageAccountTableUrl
appServiceName: primaryAppServiceName
deployOnLinux: deployOnLinux
scepManBaseURL: SCEPmanAppServices.outputs.scepmanURL
keyVaultURL: SCEPmanVault.outputs.keyVaultURL
caKeyType: caKeyType
logAnalyticsWorkspaceId: AzureMonitor.outputs.workspaceId
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
OrgName: OrgName
WebsiteArtifactsUri: ArtifactsLocationSCEPman
license: license
}
}
module DeploymentCertMasterConfig 'nestedtemplates/appConfig-certmaster.bicep' = {
name: 'DeploymentCertMasterConfig'
params: {
appServiceName: certificateMasterAppServiceName
deployOnLinux: deployOnLinux
scepmanUrl: SCEPmanAppServices.outputs.scepmanURL
StorageAccountTableUrl: SCEPmanStorageAccount.outputs.storageAccountTableUrl
logAnalyticsWorkspaceId: AzureMonitor.outputs.workspaceId
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
WebsiteArtifactsUri: ArtifactsLocationCertMaster
}
}
module SCEPmanStorageAccount 'nestedtemplates/stgAccount.bicep' = {
name: 'SCEPmanStorageAccount'
params: {
StorageAccountName: storageAccountName
location: location
resourceTags: resourceTags
tableContributorPrincipals: [
SCEPmanAppServices.outputs.scepmanPrincipalID
SCEPmanAppServices.outputs.certmasterPrincipalID
]
virtualNetworkName: virtualNetworkName
privateEndpointName: (deployPrivateNetwork ? privateEndpointForTableStorage : 'None')
}
dependsOn: [
CreateVirtualNetwork
AppService_ConnectionToVirtualNetwork
]
}