File size: 3,530 Bytes
9595e1d f24be86 9595e1d f24be86 fb79ec6 9595e1d f24be86 fb79ec6 9595e1d f24be86 9595e1d f24be86 9595e1d fb79ec6 f24be86 fb79ec6 f24be86 9595e1d f24be86 9595e1d f24be86 9595e1d f24be86 9595e1d f24be86 fb79ec6 f24be86 9595e1d fb79ec6 f24be86 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
param name string
param location string = resourceGroup().location
param tags object = {}
param sku object
param storage object
@allowed([
'Password'
'EntraOnly'
])
param authType string = 'Password'
param administratorLogin string = ''
@secure()
param administratorLoginPassword string = ''
@description('Entra admin role name')
param entraAdministratorName string = ''
@description('Entra admin role object ID (in Entra)')
param entraAdministratorObjectId string = ''
@description('Entra admin user type')
@allowed([
'User'
'Group'
'ServicePrincipal'
])
param entraAdministratorType string = 'User'
param databaseNames array = []
param allowAzureIPsFirewall bool = false
param allowAllIPsFirewall bool = false
param allowedSingleIPs array = []
// PostgreSQL version
param version string
var authProperties = authType == 'Password' ? {
administratorLogin: administratorLogin
administratorLoginPassword: administratorLoginPassword
authConfig: {
passwordAuth: 'Enabled'
}
} : {
authConfig: {
activeDirectoryAuth: 'Enabled'
passwordAuth: 'Disabled'
}
}
resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
location: location
tags: tags
name: name
sku: sku
properties: union(authProperties, {
version: version
storage: storage
highAvailability: {
mode: 'Disabled'
}
})
resource database 'databases' = [for name in databaseNames: {
name: name
}]
}
// This must be done separately due to conflicts with the Entra setup
resource firewall_all 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAllIPsFirewall) {
parent: postgresServer
name: 'allow-all-IPs'
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '255.255.255.255'
}
}
// This must be done separately due to conflicts with the Entra setup
resource firewall_azure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAzureIPsFirewall) {
parent: postgresServer
name: 'allow-all-azure-internal-IPs'
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '0.0.0.0'
}
}
@batchSize(1)
// This must be done separately due to conflicts with the Entra setup
resource firewall_single 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = [for ip in allowedSingleIPs: {
parent: postgresServer
name: 'allow-single-${replace(ip, '.', '')}'
properties: {
startIpAddress: ip
endIpAddress: ip
}
}]
// This must be created *after* the server is created - it cannot be a nested child resource
resource addAddUser 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2023-03-01-preview' = {
parent: postgresServer
name: entraAdministratorObjectId
properties: {
tenantId: subscription().tenantId
principalType: entraAdministratorType
principalName: entraAdministratorName
}
// This is a workaround for a bug in the API that requires the parent to be fully resolved
dependsOn: [postgresServer, firewall_all, firewall_azure]
}
// Workaround issue https://github.com/Azure/bicep-types-az/issues/1507
resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2023-03-01-preview' = {
name: 'azure.extensions'
parent: postgresServer
properties: {
value: 'vector'
source: 'user-override'
}
dependsOn: [
addAddUser, firewall_all, firewall_azure, firewall_single
]
}
output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName
|