-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.bicep
131 lines (122 loc) · 3.63 KB
/
main.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
param storageAccountType string = 'Standard_LRS'
param fileShareName string = 'sftpfileshare'
param sftpUser string
@secure()
param sftpPassword string
param location string = resourceGroup().location
var scriptName = 'createFileShare'
var identityName = 'scratch'
var roleDefinitionId = resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
var roleAssignmentName = guid(identityName, roleDefinitionId)
var sftpContainerName = 'sftp'
var sftpContainerGroupName = 'sftp-group'
var sftpContainerImage = 'atmoz/sftp:latest'
var sftpEnvVariable = '${sftpUser}:${sftpPassword}:1001'
var storageAccountName = 'sftpstg${uniqueString(resourceGroup().id)}'
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: identityName
location: location
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
properties: {
roleDefinitionId: roleDefinitionId
principalId: managedIdentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2020-08-01-preview' = {
name: storageAccountName
location: location
sku: {
name: storageAccountType
}
kind: 'StorageV2'
dependsOn: [
roleAssignment // need to create a slight delay for the roleAssignment to replicate before the deployment script can run
]
}
resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
name: scriptName
location: location
kind: 'AzurePowerShell'
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentity.id}': {}
}
}
properties: {
forceUpdateTag: '1'
azPowerShellVersion: '3.0'
arguments: ' -storageAccountName ${storageAccount.name} -fileShareName ${fileShareName} -resourceGroupName ${resourceGroup().name}'
scriptContent: 'param([string] $storageAccountName, [string] $fileShareName, [string] $resourceGroupName) Get-AzStorageAccount -StorageAccountName $storageAccountName -ResourceGroupName $resourceGroupName | New-AzStorageShare -Name $fileShareName'
timeout: 'PT5M'
cleanupPreference: 'OnSuccess'
retentionInterval: 'P1D'
}
}
resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2019-12-01' = {
name: sftpContainerGroupName
location: location
dependsOn: [
deploymentScript // Need to create the fileShare before creating the container.
]
properties: {
containers: [
{
name: sftpContainerName
properties: {
image: sftpContainerImage
environmentVariables: [
{
name: 'SFTP_USERS'
value: sftpEnvVariable
}
]
resources: {
requests: {
cpu: 2
memoryInGB: 1
}
}
ports: [
{
port: 22
}
]
volumeMounts: [
{
name: 'sftpvolume'
mountPath: '/home/${sftpUser}/upload'
readOnly: false
}
]
}
}
]
osType: 'Linux'
ipAddress: {
type: 'Public'
ports: [
{
protocol: 'TCP'
port: 22
}
]
}
restartPolicy: 'OnFailure'
volumes: [
{
name: 'sftpvolume'
azureFile: {
readOnly: false
shareName: fileShareName
storageAccountName: storageAccount.name
storageAccountKey: storageAccount.listKeys().keys[0].value
}
}
]
}
}
output containerIpv4Address string = containerGroup.properties.ipAddress.ip