-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.bicep
189 lines (167 loc) · 6.03 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/*
SYNOPSIS:
Module for creating a Resource Group within Azure following the Governance
DESCRIPTION:
This main.bicep file creates a Resource Group within Azure and the resources within this group.
DO NOT CHANGE THE MANDATORY SECTION
VERSION:
1.0.0
OWNER TEAM:
TLN-DEVOPS
*/
//----------------- BEGIN MANDATORY SETTINGS - DO NOT CHANGE ------------------------------\\
targetScope = 'subscription'
/*PARAMS SECTION: */
@description('The prefix of the resource group, used for naming convention, and VAR: ResourceGroupName')
@allowed([
'rg'
])
param rgPrefix string
@description('Used for tagging this is a yaml pipeline parameter')
param createdBy string
@description('Used for tagging this is a yaml pipeline parameter')
@allowed([
'costCenterX'
'costCenterY'
'costCenterZ'
])
param costCenter string
@description('Used for tagging this is a yaml pipeline parameter')
param OpsTeam string
param FuncTeam string
@description('Used for tagging. This is a yaml pipeline parameter')
param currentDate string = utcNow('yyyy-MM-dd')
@description('Only West Europe is allowed. This is a yaml pipeline parameter')
@allowed([
'westeurope'
])
param location string
@description('The EnvironmentType: AzureDEV, AzureTST, AzureACC or AzurePRD. This is a yaml pipeline parameter')
@allowed([
'AzureDEV'
'AzureTST'
'AzureACC'
'AzurePRD'
])
param EnvironmentType string
@description('Change the BusinessUnit to a descriptive name for the configuration')
@allowed([
'finance'
'hr'
'sales'
'customer-support'
'itsupport'
'itops'
'itdev'
'itdevops'
'operations'
'bi'
])
param Department string
@description('Business Critical of the configuration, used for tagging, this is a yaml pipeline parameter')
@allowed([
'None-Not-Necessary'
'Low-Necessary'
'Medium-Important'
'High-Essential'
])
param BusinessAvailibility string
@description('Confidentialy Tag Value, this is a yaml pipeline parameter')
@allowed([
'None-Public'
'Low-BusinessConfidential'
'Medium-Confidential'
'High-Secret'
])
param BusinessConfidentiality string
@description('Integrity')
@allowed([
'None-Unprotected'
'Low-Protected'
'Medium-High'
'High-Absolute'
])
param BusinessIntegrity string
@description('name of Product')
param workload string
/* VAR SECTION: */
@description('Only the last 3 letters are needed for naming convention.')
var EnvironmentTypeLetter = substring(EnvironmentType,5,3)
@description('Construction of the BusinessUnit')
var BusinessUnit = '${costCenter}-${Department}'
@description('TagValues for the resources, these are defined as yaml pipeline parameters')
var tagValues = {
CreatedBy: createdBy
deploymentDate: currentDate
OpsTeam: OpsTeam
FuncTeam: FuncTeam
CostCenter: costCenter
BusinessUnit: BusinessUnit
Environment: EnvironmentType
Avilability: BusinessAvailibility
Confidential: BusinessConfidentiality
Integrity: BusinessIntegrity
}
@description('Constructing the Resource Group name following the Mandatory Naming Convention')
var resourceGroupName = toLower('${rgPrefix}-${BusinessUnit}-${workload}-${EnvironmentTypeLetter}')
/* LOADING MANDATORY RESOURCES GROUP AND MODULES*/
@description('Loading of the Naming Convention Module from Template Spec. Always include this Module')
module namesModule 'ts/NamesSpecs:convention-names:v1.0' = {
name: 'NamingConvention'
scope: subscription()
params: {
EnvironmentType: EnvironmentType
workload: workload
BusinessUnit: BusinessUnit
BusinessAvailibility: BusinessAvailibility
BusinessConfidentiality: BusinessConfidentiality
BusinessIntegrity: BusinessAvailibility
createdBy: createdBy
costCenter: costCenter
FuncTeam: FuncTeam
OpsTeam: OpsTeam
}
}
// Loading of Configuration Set Module from Template Spec. Alway include this Module
module resourcesConfigModule 'ts/ConfigSpecs:resources-config:v1.0' = {
name: 'resourcesConfigModule'
scope: subscription()
}
//---------------------- END MANDATORY SETTINGS ------------------------------\\
// START: CREATING RESOURCE GROUP
resource rgResource 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: location
tags: tagValues
}
// END: CREATION RESOURCE GROUP
// START CREATING RESOURCES WITHIN RESOURCE GROUP
module storageModule 'Modules/storage.account.bicep' = {
name: 'storageDeployment'
scope: resourceGroup(resourceGroupName)
params: {
tagValues: tagValues
storageAccountName: replace(namesModule.outputs.names.STORAGE.storageAccountName, '-', '')
storageKind: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.kind
storageSKU: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.sku
storageMinimumTlsVersion: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.properties.minimumTlsVersion
storagesupportsHttpsTrafficOnly: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.properties.supportsHttpsTrafficOnly
storageNetworkAclAllow: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.properties.networkAcls.defaultAction
storageNetworkAclBypass: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.ST.properties.networkAcls.bypass
blobContainerDeleteRetentionPolicy: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.STBLOB.properties.containerDeleteRetentionPolicy.enabled
blobDeleteRetentionPolicy: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.STBLOB.properties.deleteRetentionPolicy.enabled
blobRestore: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.STBLOB.properties.restorePolicy.enabled
fileServicesRetention: resourcesConfigModule.outputs.config[EnvironmentType].STORAGE.STFILE.properties.shareDeleteRetentionPolicy.enabled
}
}
module rbacLockModule 'Modules/rbac.lock.bicep' = {
name: 'rbacLockDeployment'
dependsOn: [
storageModule
]
scope: resourceGroup(resourceGroupName)
params:{
EnvironmentType: EnvironmentType
LockLevel: resourcesConfigModule.outputs.config[EnvironmentType].MANDATORY.LockLevel
}
}