This repository was archived by the owner on Mar 20, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 555
/
Copy pathflexibleserver.bicep
79 lines (68 loc) · 2.02 KB
/
flexibleserver.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
param name string
param location string = resourceGroup().location
param tags object = {}
param sku object
param storage object
param administratorLogin string
@secure()
param administratorLoginPassword string
param databaseNames array = []
param allowAzureIPsFirewall bool = false
param allowAllIPsFirewall bool = false
param allowedSingleIPs array = []
param administratorLoginPasswordKey string = 'cmsDatabasePassword'
param keyVaultName string
// PostgreSQL version
param version string
// Latest official version 2022-12-01 does not have Bicep types available
resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
location: location
tags: tags
name: name
sku: sku
properties: {
version: version
administratorLogin: administratorLogin
administratorLoginPassword: administratorLoginPassword
storage: storage
highAvailability: {
mode: 'Disabled'
}
}
resource database 'databases' = [for name in databaseNames: {
name: name
}]
resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
name: 'allow-all-IPs'
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '255.255.255.255'
}
}
resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
name: 'allow-all-azure-internal-IPs'
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '0.0.0.0'
}
}
resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
name: 'allow-single-${replace(ip, '.', '')}'
properties: {
startIpAddress: ip
endIpAddress: ip
}
}]
}
resource postgresPassword 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
parent: keyVault
name: administratorLoginPasswordKey
properties: {
value: administratorLoginPassword
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: keyVaultName
}
output POSTGRES_SERVER_NAME string = postgresServer.name
output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName