diff --git a/infra/main.bicep b/infra/main.bicep index 5b1e94b..18140a8 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -9,19 +9,11 @@ param name string @description('Primary location for all resources') param location string -@description('Entra admin role name') -param postgresEntraAdministratorName string +@description('Id of the user or app to assign application roles') +param principalId string -@description('Entra admin role object ID (in Entra)') -param postgresEntraAdministratorObjectId string - -@description('Entra admin user type') -@allowed([ - 'User' - 'Group' - 'ServicePrincipal' -]) -param postgresEntraAdministratorType string = 'User' +@description('Whether the deployment is running on GitHub Actions') +param runningOnGh string = '' var resourceToken = toLower(uniqueString(subscription().id, name, location)) var tags = { 'azd-env-name': name } @@ -35,8 +27,10 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { var prefix = '${name}-${resourceToken}' var postgresServerName = '${prefix}-postgresql' -var postgresAdminUser = 'admin${uniqueString(resourceGroup.id)}' var postgresDatabaseName = 'flask' +var postgresEntraAdministratorObjectId = principalId +var postgresEntraAdministratorType = empty(runningOnGh) ? 'User' : 'ServicePrincipal' +var postgresEntraAdministratorName = 'admin${uniqueString(resourceGroup.id, principalId)}' module postgresServer 'core/database/postgresql/flexibleserver.bicep' = { name: 'postgresql' diff --git a/infra/main.parameters.json b/infra/main.parameters.json index 96ee922..deb5594 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -8,14 +8,11 @@ "location": { "value": "${AZURE_LOCATION}" }, - "postgresEntraAdministratorName": { - "value": "useradmin" - }, - "postgresEntraAdministratorObjectId": { + "principalId": { "value": "${AZURE_PRINCIPAL_ID}" }, - "postgresEntraAdministratorType": { - "value": "User" + "runningOnGh": { + "value": "${GITHUB_ACTIONS}" } } }