add infra code

Author: john0isaac

azure.yaml

@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+
+
+name: azure-django-mysql-flexible-appservice
+metadata:
+    template: [email protected]
+infra:
+    provider: "bicep"
+services:
+    web:
+        project: src
+        language: py
+        host: appservice

infra/core/ai/cognitiveservices.bicep

@@ -0,0 +1,38 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2022-10-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+    model: deployment.model
+    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+    scaleSettings: deployment.scaleSettings
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name

infra/core/database/cosmos/cosmos-account.bicep

@@ -0,0 +1,48 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param keyVaultName string
+
+@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+param kind string
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+  name: name
+  kind: kind
+  location: location
+  tags: tags
+  properties: {
+    consistencyPolicy: { defaultConsistencyLevel: 'Session' }
+    locations: [
+      {
+        locationName: location
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    enableMultipleWriteLocations: false
+    apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.0' } : {}
+    capabilities: [ { name: 'EnableServerless' } ]
+  }
+}
+
+resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+  parent: keyVault
+  name: connectionStringKey
+  properties: {
+    value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
+
+output connectionStringKey string = connectionStringKey
+output endpoint string = cosmos.properties.documentEndpoint
+output id string = cosmos.id
+output name string = cosmos.name

infra/core/database/cosmos/cosmos-pg-adapter.bicep

@@ -0,0 +1,62 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param administratorLogin string
+@secure()
+param administratorLoginPassword string
+
+param coordinatorServerEdition string
+param coordinatorStorageQuotainMb int
+param coordinatorVCores int
+param databaseName string
+param nodeCount int
+param nodeVCores int
+param allowAzureIPsFirewall bool = false
+param allowAllIPsFirewall bool = false
+param allowedSingleIPs array = []
+param postgresqlVersion string
+
+resource postgresCluster 'Microsoft.DBforPostgreSQL/serverGroupsv2@2023-03-02-preview' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    administratorLogin: administratorLogin
+    administratorLoginPassword: administratorLoginPassword
+    coordinatorServerEdition: coordinatorServerEdition
+    coordinatorStorageQuotaInMb: coordinatorStorageQuotainMb
+    coordinatorVCores: coordinatorVCores
+    postgresqlVersion: postgresqlVersion
+    nodeCount: nodeCount
+    nodeVCores: nodeVCores
+    databaseName: databaseName
+  }
+
+  resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
+    name: 'allow-all-IPs'
+    properties: {
+      startIpAddress: '0.0.0.0'
+      endIpAddress: '255.255.255.255'
+    }
+  }
+
+  resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
+    name: 'allow-all-azure-internal-IPs'
+    properties: {
+      startIpAddress: '0.0.0.0'
+      endIpAddress: '0.0.0.0'
+    }
+  }
+
+  resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
+    name: 'allow-single-${replace(ip, '.', '')}'
+    properties: {
+      startIpAddress: ip
+      endIpAddress: ip
+    }
+  }]
+
+}
+
+output domainName string = postgresCluster.properties.serverNames[0].fullyQualifiedDomainName

infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep

@@ -0,0 +1,22 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param keyVaultName string
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+  name: 'cosmos-account'
+  params: {
+    name: name
+    location: location
+    connectionStringKey: connectionStringKey
+    keyVaultName: keyVaultName
+    kind: 'MongoDB'
+    tags: tags
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id

infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep

@@ -0,0 +1,46 @@
+param accountName string
+param databaseName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param collections array = []
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param keyVaultName string
+
+module cosmos 'cosmos-mongo-account.bicep' = {
+  name: 'cosmos-mongo-account'
+  params: {
+    name: accountName
+    location: location
+    keyVaultName: keyVaultName
+    tags: tags
+    connectionStringKey: connectionStringKey
+  }
+}
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
+  name: '${accountName}/${databaseName}'
+  tags: tags
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'collections' = [for collection in collections: {
+    name: collection.name
+    properties: {
+      resource: {
+        id: collection.id
+        shardKey: { _id: collection.shardKey }
+        indexes: [ { key: { keys: [ collection.indexKey ] } } ]
+      }
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+output connectionStringKey string = connectionStringKey
+output databaseName string = databaseName
+output endpoint string = cosmos.outputs.endpoint

infra/core/database/cosmos/sql/cosmos-sql-account.bicep

@@ -0,0 +1,21 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param keyVaultName string
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+  name: 'cosmos-account'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    keyVaultName: keyVaultName
+    kind: 'GlobalDocumentDB'
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id
+output name string = cosmos.outputs.name

infra/core/database/cosmos/sql/cosmos-sql-db.bicep

@@ -0,0 +1,73 @@
+param accountName string
+param databaseName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containers array = []
+param keyVaultName string
+param principalIds array = []
+
+module cosmos 'cosmos-sql-account.bicep' = {
+  name: 'cosmos-sql-account'
+  params: {
+    name: accountName
+    location: location
+    tags: tags
+    keyVaultName: keyVaultName
+  }
+}
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
+  name: '${accountName}/${databaseName}'
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'containers' = [for container in containers: {
+    name: container.name
+    properties: {
+      resource: {
+        id: container.id
+        partitionKey: { paths: [ container.partitionKey ] }
+      }
+      options: {}
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+module roleDefintion 'cosmos-sql-role-def.bicep' = {
+  name: 'cosmos-sql-role-definition'
+  params: {
+    accountName: accountName
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}
+
+// We need batchSize(1) here because sql role assignments have to be done sequentially
+@batchSize(1)
+module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
+  name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
+  params: {
+    accountName: accountName
+    roleDefinitionId: roleDefintion.outputs.id
+    principalId: principalId
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}]
+
+output accountId string = cosmos.outputs.id
+output accountName string = cosmos.outputs.name
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output databaseName string = databaseName
+output endpoint string = cosmos.outputs.endpoint
+output roleDefinitionId string = roleDefintion.outputs.id

infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep

@@ -0,0 +1,18 @@
+param accountName string
+
+param roleDefinitionId string
+param principalId string = ''
+
+resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
+  parent: cosmos
+  name: guid(roleDefinitionId, principalId, cosmos.id)
+  properties: {
+    principalId: principalId
+    roleDefinitionId: roleDefinitionId
+    scope: cosmos.id
+  }
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: accountName
+}

infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep

@@ -0,0 +1,29 @@
+param accountName string
+
+resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
+  parent: cosmos
+  name: guid(cosmos.id, accountName, 'sql-role')
+  properties: {
+    assignableScopes: [
+      cosmos.id
+    ]
+    permissions: [
+      {
+        dataActions: [
+          'Microsoft.DocumentDB/databaseAccounts/readMetadata'
+          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
+          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
+        ]
+        notDataActions: []
+      }
+    ]
+    roleName: 'Reader Writer'
+    type: 'CustomRole'
+  }
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: accountName
+}
+
+output id string = roleDefinition.id