Skip to content

Commit a9b6bfe

Browse files
fosteramandafosteramanda
authored
Updating Standard Setup with new role assignment (#401)
* updating with new role assignment * updating templates
1 parent 7c09d68 commit a9b6bfe

File tree

14 files changed

+534
-699
lines changed

14 files changed

+534
-699
lines changed

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/azuredeploy.json

Lines changed: 105 additions & 130 deletions
Large diffs are not rendered by default.

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/cosmos-container-role-assignments.bicep

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -8,41 +8,39 @@ param projectPrincipalId string
88

99
param projectWorkspaceId string
1010

11-
var userThreadName = '${projectWorkspaceId}-thread-message-store'
11+
// var userThreadName = '${projectWorkspaceId}-thread-message-store'
1212

1313
resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
1414
name: cosmosAccountName
1515
scope: resourceGroup()
1616
}
1717

18-
// Reference existing database
19-
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
20-
parent: cosmosAccount
21-
name: 'enterprise_memory'
22-
}
18+
// // Reference existing database
19+
// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
20+
// parent: cosmosAccount
21+
// name: 'enterprise_memory'
22+
// }
2323

24-
resource containerUserMessageStore 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
25-
parent: database
26-
name: userThreadName
27-
}
24+
// resource containerUserMessageStore 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
25+
// parent: database
26+
// name: userThreadName
27+
// }
2828

2929
var roleDefinitionId = resourceId(
3030
'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions',
3131
cosmosAccountName,
3232
'00000000-0000-0000-0000-000000000002'
3333
)
3434

35-
var accountScope = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${cosmosAccountName}/dbs/enterprise_memory'
35+
var accountScope = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${cosmosAccountName}'
3636

3737
resource containerRoleAssignmentUserContainer 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
3838
parent: cosmosAccount
39-
name: guid(projectWorkspaceId, containerUserMessageStore.id, roleDefinitionId, projectPrincipalId)
39+
name: guid(projectWorkspaceId, cosmosAccountName, roleDefinitionId, projectPrincipalId)
4040
properties: {
4141
principalId: projectPrincipalId
4242
roleDefinitionId: roleDefinitionId
4343
scope: accountScope
4444
}
4545
}
4646

47-
48-

samples/microsoft/infrastructure-setup/16-private-network-standard-agent-apim-setup-preview/azuredeploy.json

Lines changed: 109 additions & 134 deletions
Large diffs are not rendered by default.

samples/microsoft/infrastructure-setup/16-private-network-standard-agent-apim-setup-preview/modules-network-secured/cosmos-container-role-assignments.bicep

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -8,41 +8,39 @@ param projectPrincipalId string
88

99
param projectWorkspaceId string
1010

11-
var userThreadName = '${projectWorkspaceId}-thread-message-store'
11+
// var userThreadName = '${projectWorkspaceId}-thread-message-store'
1212

1313
resource cosmosAccount 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' existing = {
1414
name: cosmosAccountName
1515
scope: resourceGroup()
1616
}
1717

18-
// Reference existing database
19-
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
20-
parent: cosmosAccount
21-
name: 'enterprise_memory'
22-
}
18+
// // Reference existing database
19+
// resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-12-01-preview' existing = {
20+
// parent: cosmosAccount
21+
// name: 'enterprise_memory'
22+
// }
2323

24-
resource containerUserMessageStore 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
25-
parent: database
26-
name: userThreadName
27-
}
24+
// resource containerUserMessageStore 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2024-12-01-preview' existing = {
25+
// parent: database
26+
// name: userThreadName
27+
// }
2828

2929
var roleDefinitionId = resourceId(
3030
'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions',
3131
cosmosAccountName,
3232
'00000000-0000-0000-0000-000000000002'
3333
)
3434

35-
var accountScope = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${cosmosAccountName}/dbs/enterprise_memory'
35+
var accountScope = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DocumentDB/databaseAccounts/${cosmosAccountName}'
3636

3737
resource containerRoleAssignmentUserContainer 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
3838
parent: cosmosAccount
39-
name: guid(projectWorkspaceId, containerUserMessageStore.id, roleDefinitionId, projectPrincipalId)
39+
name: guid(projectWorkspaceId, cosmosAccountName, roleDefinitionId, projectPrincipalId)
4040
properties: {
4141
principalId: projectPrincipalId
4242
roleDefinitionId: roleDefinitionId
4343
scope: accountScope
4444
}
4545
}
4646

47-
48-

samples/microsoft/infrastructure-setup/17-private-network-standard-user-assigned-identity-agent-setup/azuredeploy.json

Lines changed: 44 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@
44
"metadata": {
55
"_generator": {
66
"name": "bicep",
7-
"version": "0.38.33.27573",
8-
"templateHash": "10504569810887488431"
7+
"version": "0.39.26.7824",
8+
"templateHash": "1485106587909607955"
99
}
1010
},
1111
"parameters": {
@@ -30,7 +30,6 @@
3030
"canadaeast",
3131
"westeurope",
3232
"westus3",
33-
"centralus",
3433
"uksouth",
3534
"southindia",
3635
"koreacentral",
@@ -284,8 +283,8 @@
284283
"metadata": {
285284
"_generator": {
286285
"name": "bicep",
287-
"version": "0.38.33.27573",
288-
"templateHash": "13672135239617994134"
286+
"version": "0.39.26.7824",
287+
"templateHash": "12473591672685297473"
289288
}
290289
},
291290
"parameters": {
@@ -385,8 +384,8 @@
385384
"metadata": {
386385
"_generator": {
387386
"name": "bicep",
388-
"version": "0.38.33.27573",
389-
"templateHash": "3000326239105866665"
387+
"version": "0.39.26.7824",
388+
"templateHash": "8505298823279202405"
390389
}
391390
},
392391
"parameters": {
@@ -499,8 +498,8 @@
499498
"metadata": {
500499
"_generator": {
501500
"name": "bicep",
502-
"version": "0.38.33.27573",
503-
"templateHash": "9671686431891144160"
501+
"version": "0.39.26.7824",
502+
"templateHash": "4954184648131521061"
504503
}
505504
},
506505
"parameters": {
@@ -672,8 +671,8 @@
672671
"metadata": {
673672
"_generator": {
674673
"name": "bicep",
675-
"version": "0.38.33.27573",
676-
"templateHash": "9765569614489247577"
674+
"version": "0.39.26.7824",
675+
"templateHash": "3152324712046183852"
677676
}
678677
},
679678
"parameters": {
@@ -762,8 +761,8 @@
762761
"metadata": {
763762
"_generator": {
764763
"name": "bicep",
765-
"version": "0.38.33.27573",
766-
"templateHash": "1547357962959978060"
764+
"version": "0.39.26.7824",
765+
"templateHash": "17043822047386586435"
767766
}
768767
},
769768
"parameters": {
@@ -845,8 +844,8 @@
845844
"metadata": {
846845
"_generator": {
847846
"name": "bicep",
848-
"version": "0.38.33.27573",
849-
"templateHash": "1547357962959978060"
847+
"version": "0.39.26.7824",
848+
"templateHash": "17043822047386586435"
850849
}
851850
},
852851
"parameters": {
@@ -1020,8 +1019,8 @@
10201019
"metadata": {
10211020
"_generator": {
10221021
"name": "bicep",
1023-
"version": "0.38.33.27573",
1024-
"templateHash": "4149761019378707561"
1022+
"version": "0.39.26.7824",
1023+
"templateHash": "12620781326236378852"
10251024
}
10261025
},
10271026
"parameters": {
@@ -1077,9 +1076,10 @@
10771076
"allowProjectManagement": true,
10781077
"customSubDomainName": "[parameters('accountName')]",
10791078
"networkAcls": {
1080-
"defaultAction": "Allow",
1079+
"defaultAction": "Deny",
10811080
"virtualNetworkRules": [],
1082-
"ipRules": []
1081+
"ipRules": [],
1082+
"bypass": "AzureServices"
10831083
},
10841084
"publicNetworkAccess": "Disabled",
10851085
"networkInjections": "[if(equals(parameters('networkInjection'), 'true'), createArray(createObject('scenario', 'agent', 'subnetArmId', parameters('agentSubnetId'), 'useMicrosoftManagedNetwork', false())), null())]",
@@ -1159,8 +1159,8 @@
11591159
"metadata": {
11601160
"_generator": {
11611161
"name": "bicep",
1162-
"version": "0.38.33.27573",
1163-
"templateHash": "16601100743607825661"
1162+
"version": "0.39.26.7824",
1163+
"templateHash": "7641310640078958122"
11641164
}
11651165
},
11661166
"parameters": {
@@ -1311,8 +1311,8 @@
13111311
"metadata": {
13121312
"_generator": {
13131313
"name": "bicep",
1314-
"version": "0.38.33.27573",
1315-
"templateHash": "17070046545573522018"
1314+
"version": "0.39.26.7824",
1315+
"templateHash": "2754228344238136934"
13161316
}
13171317
},
13181318
"parameters": {
@@ -1591,8 +1591,8 @@
15911591
"metadata": {
15921592
"_generator": {
15931593
"name": "bicep",
1594-
"version": "0.38.33.27573",
1595-
"templateHash": "17544905015811744191"
1594+
"version": "0.39.26.7824",
1595+
"templateHash": "8094529554453089222"
15961596
}
15971597
},
15981598
"parameters": {
@@ -2123,8 +2123,8 @@
21232123
"metadata": {
21242124
"_generator": {
21252125
"name": "bicep",
2126-
"version": "0.38.33.27573",
2127-
"templateHash": "9141314581740624058"
2126+
"version": "0.39.26.7824",
2127+
"templateHash": "3622791801420135420"
21282128
}
21292129
},
21302130
"parameters": {
@@ -2301,8 +2301,8 @@
23012301
"metadata": {
23022302
"_generator": {
23032303
"name": "bicep",
2304-
"version": "0.38.33.27573",
2305-
"templateHash": "15304671762339152539"
2304+
"version": "0.39.26.7824",
2305+
"templateHash": "6910483561575524105"
23062306
}
23072307
},
23082308
"parameters": {
@@ -2356,8 +2356,8 @@
23562356
"metadata": {
23572357
"_generator": {
23582358
"name": "bicep",
2359-
"version": "0.38.33.27573",
2360-
"templateHash": "3832223064555251670"
2359+
"version": "0.39.26.7824",
2360+
"templateHash": "14683840003859985069"
23612361
}
23622362
},
23632363
"parameters": {
@@ -2414,8 +2414,8 @@
24142414
"metadata": {
24152415
"_generator": {
24162416
"name": "bicep",
2417-
"version": "0.38.33.27573",
2418-
"templateHash": "569562087392034404"
2417+
"version": "0.39.26.7824",
2418+
"templateHash": "25128059954858801"
24192419
}
24202420
},
24212421
"parameters": {
@@ -2478,8 +2478,8 @@
24782478
"metadata": {
24792479
"_generator": {
24802480
"name": "bicep",
2481-
"version": "0.38.33.27573",
2482-
"templateHash": "7728144288834450944"
2481+
"version": "0.39.26.7824",
2482+
"templateHash": "7968115481508840"
24832483
}
24842484
},
24852485
"parameters": {
@@ -2563,8 +2563,8 @@
25632563
"metadata": {
25642564
"_generator": {
25652565
"name": "bicep",
2566-
"version": "0.38.33.27573",
2567-
"templateHash": "11276064020188747288"
2566+
"version": "0.39.26.7824",
2567+
"templateHash": "17458377866351620215"
25682568
}
25692569
},
25702570
"parameters": {
@@ -2657,8 +2657,8 @@
26572657
"metadata": {
26582658
"_generator": {
26592659
"name": "bicep",
2660-
"version": "0.38.33.27573",
2661-
"templateHash": "15079808740991865877"
2660+
"version": "0.39.26.7824",
2661+
"templateHash": "13874725855824693255"
26622662
}
26632663
},
26642664
"parameters": {
@@ -2736,8 +2736,8 @@
27362736
"metadata": {
27372737
"_generator": {
27382738
"name": "bicep",
2739-
"version": "0.38.33.27573",
2740-
"templateHash": "10560822562740686594"
2739+
"version": "0.39.26.7824",
2740+
"templateHash": "16291470712974205281"
27412741
}
27422742
},
27432743
"parameters": {
@@ -2758,43 +2758,18 @@
27582758
}
27592759
},
27602760
"variables": {
2761-
"userThreadName": "[format('{0}-thread-message-store', parameters('projectWorkspaceId'))]",
2762-
"systemThreadName": "[format('{0}-system-thread-message-store', parameters('projectWorkspaceId'))]",
2763-
"entityStoreName": "[format('{0}-agent-entity-store', parameters('projectWorkspaceId'))]",
27642761
"roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', parameters('cosmosAccountName'), '00000000-0000-0000-0000-000000000002')]",
2765-
"scopeSystemContainer": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory/colls/{3}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'), variables('systemThreadName'))]",
2766-
"scopeUserContainer": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory/colls/{3}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'), variables('userThreadName'))]",
2767-
"scopeEntityContainer": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/dbs/enterprise_memory/colls/{3}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'), variables('entityStoreName'))]"
2762+
"accountScope": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}', subscription().subscriptionId, resourceGroup().name, parameters('cosmosAccountName'))]"
27682763
},
27692764
"resources": [
27702765
{
27712766
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
27722767
"apiVersion": "2022-05-15",
2773-
"name": "[format('{0}/{1}', parameters('cosmosAccountName'), guid(parameters('projectWorkspaceId'), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', parameters('cosmosAccountName'), 'enterprise_memory', variables('userThreadName')), variables('roleDefinitionId'), parameters('projectPrincipalId')))]",
2774-
"properties": {
2775-
"principalId": "[parameters('projectPrincipalId')]",
2776-
"roleDefinitionId": "[variables('roleDefinitionId')]",
2777-
"scope": "[variables('scopeUserContainer')]"
2778-
}
2779-
},
2780-
{
2781-
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
2782-
"apiVersion": "2022-05-15",
2783-
"name": "[format('{0}/{1}', parameters('cosmosAccountName'), guid(parameters('projectWorkspaceId'), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', parameters('cosmosAccountName'), 'enterprise_memory', variables('systemThreadName')), variables('roleDefinitionId'), parameters('projectPrincipalId')))]",
2784-
"properties": {
2785-
"principalId": "[parameters('projectPrincipalId')]",
2786-
"roleDefinitionId": "[variables('roleDefinitionId')]",
2787-
"scope": "[variables('scopeSystemContainer')]"
2788-
}
2789-
},
2790-
{
2791-
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
2792-
"apiVersion": "2022-05-15",
2793-
"name": "[format('{0}/{1}', parameters('cosmosAccountName'), guid(parameters('projectWorkspaceId'), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers', parameters('cosmosAccountName'), 'enterprise_memory', variables('entityStoreName')), variables('roleDefinitionId'), parameters('projectPrincipalId')))]",
2768+
"name": "[format('{0}/{1}', parameters('cosmosAccountName'), guid(parameters('projectWorkspaceId'), parameters('cosmosAccountName'), variables('roleDefinitionId'), parameters('projectPrincipalId')))]",
27942769
"properties": {
27952770
"principalId": "[parameters('projectPrincipalId')]",
27962771
"roleDefinitionId": "[variables('roleDefinitionId')]",
2797-
"scope": "[variables('scopeEntityContainer')]"
2772+
"scope": "[variables('accountScope')]"
27982773
}
27992774
}
28002775
]

0 commit comments

Comments
 (0)