From 35a91bd412e80748862e4a3f4f57736fa20473d5 Mon Sep 17 00:00:00 2001 From: Lyle Xu Date: Thu, 29 Feb 2024 16:29:28 +0800 Subject: [PATCH] add keyvault resource group --- .../core/database/cosmos/cosmos-account.bicep | 17 ++++++++--------- .../cosmos/cosmos-connection-string.bicep | 15 +++++++++++++++ .../cosmos/mongo/cosmos-mongo-account.bicep | 2 ++ .../database/cosmos/mongo/cosmos-mongo-db.bicep | 2 ++ 4 files changed, 27 insertions(+), 9 deletions(-) create mode 100644 Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-connection-string.bicep diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep index 6f8747f5..3832b3e4 100644 --- a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep +++ b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep @@ -5,6 +5,7 @@ param tags object = {} param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING' param keyVaultName string +param keyVaultResourceGroupName string @allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ]) param kind string @@ -31,18 +32,16 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = { } } -resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { - parent: keyVault - name: connectionStringKey - properties: { - value: cosmos.listConnectionStrings().connectionStrings[0].connectionString +module cosmosConnectionStringModule './cosmos-connection-string.bicep' = { + name: 'cosmosConnectionStringModule' + scope: resourceGroup(keyVaultResourceGroupName) + params: { + keyVaultName: keyVaultName + connectionStringKey: connectionStringKey + connectionString: cosmos.listConnectionStrings().connectionStrings[0].connectionString } } -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { - name: keyVaultName -} - output connectionStringKey string = connectionStringKey output endpoint string = cosmos.properties.documentEndpoint output id string = cosmos.id diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-connection-string.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-connection-string.bicep new file mode 100644 index 00000000..5a96f353 --- /dev/null +++ b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-connection-string.bicep @@ -0,0 +1,15 @@ +param keyVaultName string +param connectionStringKey string +param connectionString string + +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { + name: keyVaultName +} + +resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = { + parent: keyVault + name: connectionStringKey + properties: { + value: connectionString + } +} diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep index 4aafbf38..665e6a5c 100644 --- a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep +++ b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep @@ -4,6 +4,7 @@ param location string = resourceGroup().location param tags object = {} param keyVaultName string +param keyVaultResourceGroupName string param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING' module cosmos '../../cosmos/cosmos-account.bicep' = { @@ -13,6 +14,7 @@ module cosmos '../../cosmos/cosmos-account.bicep' = { location: location connectionStringKey: connectionStringKey keyVaultName: keyVaultName + keyVaultResourceGroupName: keyVaultResourceGroupName kind: 'MongoDB' tags: tags } diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep index 2a670578..dd7d0aa3 100644 --- a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep +++ b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep @@ -7,6 +7,7 @@ param tags object = {} param collections array = [] param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING' param keyVaultName string +param keyVaultResourceGroupName string module cosmos 'cosmos-mongo-account.bicep' = { name: 'cosmos-mongo-account' @@ -14,6 +15,7 @@ module cosmos 'cosmos-mongo-account.bicep' = { name: accountName location: location keyVaultName: keyVaultName + keyVaultResourceGroupName: keyVaultResourceGroupName tags: tags connectionStringKey: connectionStringKey }