From 53a4ffae6d6254cdb555e99431aace94f96b2e7c Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Tue, 10 Jan 2023 19:12:12 -0800 Subject: [PATCH 1/8] Add PostgreSQL module --- .../database/postgresql/flexibleserver.bicep | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep new file mode 100644 index 00000000000..1fbea756b9e --- /dev/null +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -0,0 +1,44 @@ +param name string +param location string = resourceGroup().location +param tags object = {} + +param sku object +param storage object + +param databaseName string +param administratorLogin string +@secure() +param administratorLoginPassword string + +// PostgreSQL version +@allowed(['11', '12', '13', '14', '15']) +param version string + +resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-preview' = { + location: location + tags: tags + name: name + sku: sku + properties: { + version: version + administratorLogin: administratorLogin + administratorLoginPassword: administratorLoginPassword + storage: storage + highAvailability: { + mode: 'Disabled' + } + } + + resource database 'databases' = { + name: databaseName + } + + resource firewall 'firewallRules' = { + name: 'AllowAllWindowsAzureIps' + properties: { + startIpAddress: '0.0.0.0' + endIpAddress: '0.0.0.0' + } + } +} + From 3cb9e6d1270a59d66c8e8d7a134afbf4881bf059 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Thu, 19 Jan 2023 16:08:18 +0000 Subject: [PATCH 2/8] Updates for Dapr sample --- .../database/postgresql/flexibleserver.bicep | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index 1fbea756b9e..f3bbed154f7 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -4,14 +4,13 @@ param tags object = {} param sku object param storage object - -param databaseName string param administratorLogin string @secure() param administratorLoginPassword string +param databaseNames array = [] +param enableFirewall bool = false // PostgreSQL version -@allowed(['11', '12', '13', '14', '15']) param version string resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-preview' = { @@ -29,16 +28,15 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-pr } } - resource database 'databases' = { - name: databaseName - } + resource database 'databases' = [for name in databaseNames: { + name: name + }] - resource firewall 'firewallRules' = { - name: 'AllowAllWindowsAzureIps' + resource firewall 'firewallRules' = if (enableFirewall) { + name: 'postgresql-firwall' properties: { startIpAddress: '0.0.0.0' - endIpAddress: '0.0.0.0' + endIpAddress: '255.255.255.255' } } -} - +} \ No newline at end of file From 1f17eeefa9f46f0cc9a506c5c1c8e9cd022f9add Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Thu, 19 Jan 2023 17:38:28 +0000 Subject: [PATCH 3/8] Add newline --- .../infra/bicep/core/database/postgresql/flexibleserver.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index f3bbed154f7..32d7b492e3d 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -39,4 +39,4 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-pr endIpAddress: '255.255.255.255' } } -} \ No newline at end of file +} From 285530e8f25d7767dd9a05cbadce8ceee96b8602 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Thu, 19 Jan 2023 17:38:58 +0000 Subject: [PATCH 4/8] Typo --- .../infra/bicep/core/database/postgresql/flexibleserver.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index 32d7b492e3d..7a71fb49e2d 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -33,7 +33,7 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-pr }] resource firewall 'firewallRules' = if (enableFirewall) { - name: 'postgresql-firwall' + name: 'postgresql-firewall' properties: { startIpAddress: '0.0.0.0' endIpAddress: '255.255.255.255' From 4a740da921c32f03f924e6355e4c798d0dc90158 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Mon, 30 Jan 2023 22:48:10 +0000 Subject: [PATCH 5/8] Implement suggested params for firewalls --- .../database/postgresql/flexibleserver.bicep | 29 ++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index 7a71fb49e2d..ddc370d5b87 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -8,12 +8,14 @@ param administratorLogin string @secure() param administratorLoginPassword string param databaseNames array = [] -param enableFirewall bool = false +param allowAzureIPsFirewall bool = false +param allowAllIPsFirewall bool = false +param allowedSingleIPs array = [] // PostgreSQL version param version string -resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-preview' = { +resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { location: location tags: tags name: name @@ -32,11 +34,30 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-01-20-pr name: name }] - resource firewall 'firewallRules' = if (enableFirewall) { - name: 'postgresql-firewall' + resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) { + name: 'allow-all-IPS' properties: { startIpAddress: '0.0.0.0' endIpAddress: '255.255.255.255' } } + + resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) { + name: 'allow-all-azure-internal-IPs' + properties: { + startIpAddress: '0.0.0.0' + endIpAddress: '0.0.0.0' + } + } + + resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: { + name: 'allow-single-${replace(ip, '.', '')}' + properties: { + startIpAddress: ip + endIpAddress: ip + } + }] + } + +output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName From 6695111e3f1922be88092d021eac2d6c7c3d9547 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Tue, 31 Jan 2023 00:16:42 +0000 Subject: [PATCH 6/8] Adding preview and comment --- .../infra/bicep/core/database/postgresql/flexibleserver.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index ddc370d5b87..bd463a116a7 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -15,7 +15,8 @@ param allowedSingleIPs array = [] // PostgreSQL version param version string -resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { +// Latest official version 2022-12-01 does not have Bicep types available +resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01-preview' = { location: location tags: tags name: name From f5eff918d1c97cd3084decdfa27395f21de487b3 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Tue, 31 Jan 2023 00:23:51 +0000 Subject: [PATCH 7/8] Name capitalization --- .../infra/bicep/core/database/postgresql/flexibleserver.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index bd463a116a7..eed0fa3f78d 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -36,7 +36,7 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01-pr }] resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) { - name: 'allow-all-IPS' + name: 'allow-all-IPs' properties: { startIpAddress: '0.0.0.0' endIpAddress: '255.255.255.255' From bf6f0fb6823a7ee71ecbb23a223f890a579102b2 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Tue, 31 Jan 2023 14:03:23 +0000 Subject: [PATCH 8/8] Use latest without types --- .../infra/bicep/core/database/postgresql/flexibleserver.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep index eed0fa3f78d..1aaa5842190 100644 --- a/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep +++ b/templates/common/infra/bicep/core/database/postgresql/flexibleserver.bicep @@ -16,7 +16,7 @@ param allowedSingleIPs array = [] param version string // Latest official version 2022-12-01 does not have Bicep types available -resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01-preview' = { +resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { location: location tags: tags name: name