forked from Azure-Samples/ctfd-azure-paas
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ctfd.bicep
180 lines (158 loc) · 5.24 KB
/
ctfd.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
@description('Location for all resources.')
param resourcesLocation string = resourceGroup().location
@description('Deploy with VNet')
param vnet bool = true
@description('SKU Name for Azure cache for Redis')
@allowed([
'Basic'
'Premium'
'Standard'
])
param redisSkuName string = 'Standard'
@allowed([
0
1
2
3
4
5
6
])
@description('The size of the Redis cache')
param redisSkuSize int = 0
@description('Database administrator login name')
@minLength(1)
param administratorLogin string = 'ctfd'
@description('Database administrator password. Minimum 8 characters and maximum 128 characters. Password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers, and non-alphanumeric characters.')
@minLength(8)
@secure()
param administratorLoginPassword string
@description('Database vCores count')
@allowed([
2
4
8
16
32
])
param databaseVCores int = 2
@description('App Service Plan SKU name')
@allowed([
'B1'
'B2'
'B3'
'S1'
'S2'
'S3'
'P1'
'P2'
'P3'
'P4'
])
param appServicePlanSkuName string = 'B1'
@description('Name for Azure Web app. Controls the DNS name of the CTF website')
param webAppName string = 'ctfd-app-${uniqueString(resourceGroup().id)}'
@description('SKU for Azure Container Registry')
var containerRegistrySku = 'Basic'
@description('Name of Azure Key Vault')
var keyVaultName = 'ctfd-kv-${uniqueString(resourceGroup().id)}'
@description('Name of the key vault secret holding the cache connection string')
var ctfCacheSecretName = 'ctfd-cache-url'
@description('Name of the key vault secret holding the database connection string')
var ctfDatabaseSecretName = 'ctfd-db-url'
// Scope
targetScope = 'resourceGroup'
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: 'ctf-managed-identity'
location: resourcesLocation
}
@description('Deploys Azure Log Analytics workspace')
module logAnalyticsModule 'modules/loganalytics.bicep' = {
name: 'logAnalyticsDeploy'
params: {
location: resourcesLocation
}
}
@description('Deploys Azure Container Registry and build a custom CTFd docker image')
module acrModule 'modules/acr.bicep' = {
name: 'acrDeploy'
params: {
logAnalyticsWorkspaceId: logAnalyticsModule.outputs.logAnalyticsWorkspaceId
location: resourcesLocation
containerRegistrySku: containerRegistrySku
managedIdentityId: managedIdentity.id
managedIdentityPrincipalId: managedIdentity.properties.principalId
}
}
@description('Deploys Virtual Network with two subnets')
module vnetModule 'modules/vnet.bicep' = if (vnet) {
name: 'vnetDeploy'
params: {
location: resourcesLocation
}
}
@description('Deploys Azure App Service for containers')
module ctfWebAppModule 'modules/webapp.bicep' = {
name: 'ctfDeploy'
params: {
virtualNetworkName: vnetModule.outputs.virtualNetworkName
location: resourcesLocation
appServicePlanSkuName: appServicePlanSkuName
keyVaultName: keyVaultName
ctfCacheSecretName: ctfCacheSecretName
ctfDatabaseSecretName: ctfDatabaseSecretName
publicResourcesSubnetName: vnetModule.outputs.publicResourcesSubnetName
webAppName: webAppName
logAnalyticsWorkspaceId: logAnalyticsModule.outputs.logAnalyticsWorkspaceId
acrImageName: acrModule.outputs.acrImage
registryName: acrModule.outputs.registryName
managedIdentityClientId: managedIdentity.properties.clientId
managedIdentityId: managedIdentity.id
vnet: vnet
}
}
@description('Deploys Azure Key Vault')
module akvModule 'modules/keyvault.bicep' = {
name: 'keyVaultDeploy'
dependsOn: [ ctfWebAppModule ]
params: {
location: resourcesLocation
readerPrincipalId: managedIdentity.properties.principalId
internalResourcesSubnetName: vnetModule.outputs.internalResourcesSubnetName
virtualNetworkName: vnetModule.outputs.virtualNetworkName
logAnalyticsWorkspaceId: logAnalyticsModule.outputs.logAnalyticsWorkspaceId
vnet: vnet
keyVaultName: keyVaultName
}
}
@description('Deploys Azure Cache for Redis and a Key Vault secret with its connection string')
module redisModule 'modules/redis.bicep' = {
name: 'redisDeploy'
params: {
internalResourcesSubnetName: vnetModule.outputs.internalResourcesSubnetName
virtualNetworkName: vnetModule.outputs.virtualNetworkName
location: resourcesLocation
vnet: vnet
ctfCacheSecretName: ctfCacheSecretName
keyVaultName: akvModule.outputs.keyVaultName
redisSkuName: redisSkuName
redisSkuSize: redisSkuSize
logAnalyticsWorkspaceId: logAnalyticsModule.outputs.logAnalyticsWorkspaceId
}
}
@description('Deploys Azure Database for MariaDB and a Key Vault secret with its connection string')
module mariaDbModule 'modules/mariadb.bicep' = {
name: 'mariaDbDeploy'
params: {
administratorLogin: administratorLogin
administratorLoginPassword: administratorLoginPassword
internalResourcesSubnetName: vnetModule.outputs.internalResourcesSubnetName
virtualNetworkName: vnetModule.outputs.virtualNetworkName
location: resourcesLocation
vnet: vnet
ctfDbSecretName: ctfDatabaseSecretName
keyVaultName: akvModule.outputs.keyVaultName
databaseVCores: databaseVCores
logAnalyticsWorkspaceId: logAnalyticsModule.outputs.logAnalyticsWorkspaceId
}
}