add todo mongo aks

luxu-ms · Feb 29, 2024 · 930991d · 930991d
1 parent cb13587
commit 930991d
Show file tree

Hide file tree

Showing 57 changed files with 4,271 additions and 0 deletions.
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/abbreviations.json b/Environments/Todo-Nodejs-Mongo-AKS/abbreviations.json
@@ -0,0 +1,136 @@
+{
+    "analysisServicesServers": "as",
+    "apiManagementService": "apim-",
+    "appConfigurationConfigurationStores": "appcs-",
+    "appManagedEnvironments": "cae-",
+    "appContainerApps": "ca-",
+    "authorizationPolicyDefinitions": "policy-",
+    "automationAutomationAccounts": "aa-",
+    "blueprintBlueprints": "bp-",
+    "blueprintBlueprintsArtifacts": "bpa-",
+    "cacheRedis": "redis-",
+    "cdnProfiles": "cdnp-",
+    "cdnProfilesEndpoints": "cdne-",
+    "cognitiveServicesAccounts": "cog-",
+    "cognitiveServicesFormRecognizer": "cog-fr-",
+    "cognitiveServicesTextAnalytics": "cog-ta-",
+    "computeAvailabilitySets": "avail-",
+    "computeCloudServices": "cld-",
+    "computeDiskEncryptionSets": "des",
+    "computeDisks": "disk",
+    "computeDisksOs": "osdisk",
+    "computeGalleries": "gal",
+    "computeSnapshots": "snap-",
+    "computeVirtualMachines": "vm",
+    "computeVirtualMachineScaleSets": "vmss-",
+    "containerInstanceContainerGroups": "ci",
+    "containerRegistryRegistries": "cr",
+    "containerServiceManagedClusters": "aks-",
+    "databricksWorkspaces": "dbw-",
+    "dataFactoryFactories": "adf-",
+    "dataLakeAnalyticsAccounts": "dla",
+    "dataLakeStoreAccounts": "dls",
+    "dataMigrationServices": "dms-",
+    "dBforMySQLServers": "mysql-",
+    "dBforPostgreSQLServers": "psql-",
+    "devicesIotHubs": "iot-",
+    "devicesProvisioningServices": "provs-",
+    "devicesProvisioningServicesCertificates": "pcert-",
+    "documentDBDatabaseAccounts": "cosmos-",
+    "eventGridDomains": "evgd-",
+    "eventGridDomainsTopics": "evgt-",
+    "eventGridEventSubscriptions": "evgs-",
+    "eventHubNamespaces": "evhns-",
+    "eventHubNamespacesEventHubs": "evh-",
+    "hdInsightClustersHadoop": "hadoop-",
+    "hdInsightClustersHbase": "hbase-",
+    "hdInsightClustersKafka": "kafka-",
+    "hdInsightClustersMl": "mls-",
+    "hdInsightClustersSpark": "spark-",
+    "hdInsightClustersStorm": "storm-",
+    "hybridComputeMachines": "arcs-",
+    "insightsActionGroups": "ag-",
+    "insightsComponents": "appi-",
+    "keyVaultVaults": "kv-",
+    "kubernetesConnectedClusters": "arck",
+    "kustoClusters": "dec",
+    "kustoClustersDatabases": "dedb",
+    "loadTesting": "lt-",
+    "logicIntegrationAccounts": "ia-",
+    "logicWorkflows": "logic-",
+    "machineLearningServicesWorkspaces": "mlw-",
+    "managedIdentityUserAssignedIdentities": "id-",
+    "managementManagementGroups": "mg-",
+    "migrateAssessmentProjects": "migr-",
+    "networkApplicationGateways": "agw-",
+    "networkApplicationSecurityGroups": "asg-",
+    "networkAzureFirewalls": "afw-",
+    "networkBastionHosts": "bas-",
+    "networkConnections": "con-",
+    "networkDnsZones": "dnsz-",
+    "networkExpressRouteCircuits": "erc-",
+    "networkFirewallPolicies": "afwp-",
+    "networkFirewallPoliciesWebApplication": "waf",
+    "networkFirewallPoliciesRuleGroups": "wafrg",
+    "networkFrontDoors": "fd-",
+    "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
+    "networkLoadBalancersExternal": "lbe-",
+    "networkLoadBalancersInternal": "lbi-",
+    "networkLoadBalancersInboundNatRules": "rule-",
+    "networkLocalNetworkGateways": "lgw-",
+    "networkNatGateways": "ng-",
+    "networkNetworkInterfaces": "nic-",
+    "networkNetworkSecurityGroups": "nsg-",
+    "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
+    "networkNetworkWatchers": "nw-",
+    "networkPrivateDnsZones": "pdnsz-",
+    "networkPrivateLinkServices": "pl-",
+    "networkPublicIPAddresses": "pip-",
+    "networkPublicIPPrefixes": "ippre-",
+    "networkRouteFilters": "rf-",
+    "networkRouteTables": "rt-",
+    "networkRouteTablesRoutes": "udr-",
+    "networkTrafficManagerProfiles": "traf-",
+    "networkVirtualNetworkGateways": "vgw-",
+    "networkVirtualNetworks": "vnet-",
+    "networkVirtualNetworksSubnets": "snet-",
+    "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
+    "networkVirtualWans": "vwan-",
+    "networkVpnGateways": "vpng-",
+    "networkVpnGatewaysVpnConnections": "vcn-",
+    "networkVpnGatewaysVpnSites": "vst-",
+    "notificationHubsNamespaces": "ntfns-",
+    "notificationHubsNamespacesNotificationHubs": "ntf-",
+    "operationalInsightsWorkspaces": "log-",
+    "portalDashboards": "dash-",
+    "powerBIDedicatedCapacities": "pbi-",
+    "purviewAccounts": "pview-",
+    "recoveryServicesVaults": "rsv-",
+    "resourcesResourceGroups": "rg-",
+    "searchSearchServices": "srch-",
+    "serviceBusNamespaces": "sb-",
+    "serviceBusNamespacesQueues": "sbq-",
+    "serviceBusNamespacesTopics": "sbt-",
+    "serviceEndPointPolicies": "se-",
+    "serviceFabricClusters": "sf-",
+    "signalRServiceSignalR": "sigr",
+    "sqlManagedInstances": "sqlmi-",
+    "sqlServers": "sql-",
+    "sqlServersDataWarehouse": "sqldw-",
+    "sqlServersDatabases": "sqldb-",
+    "sqlServersDatabasesStretch": "sqlstrdb-",
+    "storageStorageAccounts": "st",
+    "storageStorageAccountsVm": "stvm",
+    "storSimpleManagers": "ssimp",
+    "streamAnalyticsCluster": "asa-",
+    "synapseWorkspaces": "syn",
+    "synapseWorkspacesAnalyticsWorkspaces": "synw",
+    "synapseWorkspacesSqlPoolsDedicated": "syndp",
+    "synapseWorkspacesSqlPoolsSpark": "synsp",
+    "timeSeriesInsightsEnvironments": "tsi-",
+    "webServerFarms": "plan-",
+    "webSitesAppService": "app-",
+    "webSitesAppServiceEnvironment": "ase-",
+    "webSitesFunctions": "func-",
+    "webStaticSites": "stapp-"
+}
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/app/db.bicep b/Environments/Todo-Nodejs-Mongo-AKS/app/db.bicep
@@ -0,0 +1,40 @@
+param accountName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param collections array = [
+  {
+    name: 'TodoList'
+    id: 'TodoList'
+    shardKey: 'Hash'
+    indexKey: '_id'
+  }
+  {
+    name: 'TodoItem'
+    id: 'TodoItem'
+    shardKey: 'Hash'
+    indexKey: '_id'
+  }
+]
+param databaseName string = ''
+param keyVaultName string
+
+// Because databaseName is optional in main.bicep, we make sure the database name is set here.
+var defaultDatabaseName = 'Todo'
+var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName
+
+module cosmos '../core/database/cosmos/mongo/cosmos-mongo-db.bicep' = {
+  name: 'cosmos-mongo'
+  params: {
+    accountName: accountName
+    databaseName: actualDatabaseName
+    location: location
+    collections: collections
+    keyVaultName: keyVaultName
+    tags: tags
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output databaseName string = cosmos.outputs.databaseName
+output endpoint string = cosmos.outputs.endpoint
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/cosmos-account.bicep
@@ -0,0 +1,49 @@
+metadata description = 'Creates an Azure Cosmos DB account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param keyVaultName string
+
+@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+param kind string
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+  name: name
+  kind: kind
+  location: location
+  tags: tags
+  properties: {
+    consistencyPolicy: { defaultConsistencyLevel: 'Session' }
+    locations: [
+      {
+        locationName: location
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    enableMultipleWriteLocations: false
+    apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
+    capabilities: [ { name: 'EnableServerless' } ]
+  }
+}
+
+resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+  parent: keyVault
+  name: connectionStringKey
+  properties: {
+    value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
+
+output connectionStringKey string = connectionStringKey
+output endpoint string = cosmos.properties.documentEndpoint
+output id string = cosmos.id
+output name string = cosmos.name
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-account.bicep
@@ -0,0 +1,23 @@
+metadata description = 'Creates an Azure Cosmos DB for MongoDB account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param keyVaultName string
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+  name: 'cosmos-account'
+  params: {
+    name: name
+    location: location
+    connectionStringKey: connectionStringKey
+    keyVaultName: keyVaultName
+    kind: 'MongoDB'
+    tags: tags
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/mongo/cosmos-mongo-db.bicep
@@ -0,0 +1,47 @@
+metadata description = 'Creates an Azure Cosmos DB for MongoDB account with a database.'
+param accountName string
+param databaseName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param collections array = []
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param keyVaultName string
+
+module cosmos 'cosmos-mongo-account.bicep' = {
+  name: 'cosmos-mongo-account'
+  params: {
+    name: accountName
+    location: location
+    keyVaultName: keyVaultName
+    tags: tags
+    connectionStringKey: connectionStringKey
+  }
+}
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
+  name: '${accountName}/${databaseName}'
+  tags: tags
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'collections' = [for collection in collections: {
+    name: collection.name
+    properties: {
+      resource: {
+        id: collection.id
+        shardKey: { _id: collection.shardKey }
+        indexes: [ { key: { keys: [ collection.indexKey ] } } ]
+      }
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+output connectionStringKey string = connectionStringKey
+output databaseName string = databaseName
+output endpoint string = cosmos.outputs.endpoint
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/sql/cosmos-sql-account.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/sql/cosmos-sql-account.bicep
@@ -0,0 +1,22 @@
+metadata description = 'Creates an Azure Cosmos DB for NoSQL account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param keyVaultName string
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+  name: 'cosmos-account'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    keyVaultName: keyVaultName
+    kind: 'GlobalDocumentDB'
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id
+output name string = cosmos.outputs.name
diff --git a/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/sql/cosmos-sql-db.bicep b/Environments/Todo-Nodejs-Mongo-AKS/core/database/cosmos/sql/cosmos-sql-db.bicep
@@ -0,0 +1,74 @@
+metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.'
+param accountName string
+param databaseName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containers array = []
+param keyVaultName string
+param principalIds array = []
+
+module cosmos 'cosmos-sql-account.bicep' = {
+  name: 'cosmos-sql-account'
+  params: {
+    name: accountName
+    location: location
+    tags: tags
+    keyVaultName: keyVaultName
+  }
+}
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
+  name: '${accountName}/${databaseName}'
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'containers' = [for container in containers: {
+    name: container.name
+    properties: {
+      resource: {
+        id: container.id
+        partitionKey: { paths: [ container.partitionKey ] }
+      }
+      options: {}
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+module roleDefinition 'cosmos-sql-role-def.bicep' = {
+  name: 'cosmos-sql-role-definition'
+  params: {
+    accountName: accountName
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}
+
+// We need batchSize(1) here because sql role assignments have to be done sequentially
+@batchSize(1)
+module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
+  name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
+  params: {
+    accountName: accountName
+    roleDefinitionId: roleDefinition.outputs.id
+    principalId: principalId
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}]
+
+output accountId string = cosmos.outputs.id
+output accountName string = cosmos.outputs.name
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output databaseName string = databaseName
+output endpoint string = cosmos.outputs.endpoint
+output roleDefinitionId string = roleDefinition.outputs.id