{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "siteName": { "defaultValue": "Enter a unique hostname for SQL, Web Server and Log Analytics ", "type": "string" }, "spId": { "defaultValue": "Service principal id", "type": "string" }, "spSecret": { "defaultValue": "", "type": "secureString" }, "admins": { "defaultValue": "Administrators of this solutions", "type": "string" }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", "metadata": { "description": "Location for all resources." } }, "tagsByResource": { "type": "object", "defaultValue": { } }, "dbUser": { "type": "string", "defaultValue": "dbadmin" }, "_salt1": { "defaultValue": "[concat(utcNow('yyyy-MM-ddTHH:mm:ss.fffZ'),newGuid())]", "type": "secureString" }, "_salt2": { "defaultValue": "[replace(newGuid(), '-', '')]", "type": "secureString" }, "_salt3": { "defaultValue": "[replace(newGuid(), '-', '')]", "type": "secureString" }, "_salt4": { "defaultValue": "[replace(newGuid(), '-', '')]", "type": "secureString" }, "_salt5": { "defaultValue": "[replace(newGuid(), '-', '')]", "type": "secureString" } }, "variables": { "connectionString": "[concat('Server=tcp:',concat(parameters('siteName'),''),environment().suffixes.sqlServerHostname,',1433;Initial Catalog=Hydra;Persist Security Info=False;User ID=',parameters('dbUser'),';Password=',variables('SqlPassword'),';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=90;')]", "connectionStringEntra": "[concat('Server=tcp:',concat(parameters('siteName'),''),environment().suffixes.sqlServerHostname,',1433;Initial Catalog=Hydra;Persist Security Info=False;Connection Timeout=90;')]", "siteNameUnique": "[concat(parameters('siteName'),'')]", "storageName": "[toLower(concat('avd', uniqueString(resourceGroup().id,subscription().subscriptionId)))]", "SqlPassword": "[substring(base64(concat(parameters('_salt4'),uniquestring(parameters('_salt3')),uniquestring(parameters('_salt1')),replace(guid(resourceGroup().id,deployment().name,parameters('_salt2')),'-',''),substring(parameters('spSecret'),8,12),'1dge8376f24rbc24rz89438dstm34z89t3z948tzd9nw4tz98723b4vt3984tz8x8z3d4t89z8z9')),3,128)]" }, "resources": [ { "type": "Microsoft.Sql/servers", "apiVersion": "2023-05-01-preview", "name": "[variables('siteNameUnique')]", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Sql/servers'), parameters('tagsByResource')['Microsoft.Sql/servers'], json('{}')) ]", "kind": "v12.0", "properties": { "administratorLogin": "[parameters('dbUser')]", "administratorLoginPassword": "[variables('SqlPassword')]", "version": "12.0", "minimalTlsVersion": "1.2" }, "dependsOn": [ "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]" ] }, { "type": "Microsoft.Sql/servers/administrators", "apiVersion": "2023-05-01-preview", "name": "[concat(variables('siteNameUnique'), '/ActiveDirectory')]", "properties": { "administratorType": "ActiveDirectory", "principalType": "Group", "login": "[variables('siteNameUnique')]", "sid": "[reference(resourceId('Microsoft.Web/sites', variables('siteNameUnique')),'2023-01-01', 'full').identity.principalId]", "tenantId": "[subscription().tenantid]", "azureADOnlyAuthentication": true }, "dependsOn": [ "[resourceId('Microsoft.Sql/servers', variables('siteNameUnique'))]" ] }, { "type": "Microsoft.Storage/storageAccounts", "kind": "Storage", "name": "[variables('storageName')]", "apiVersion": "2023-04-01", "sku": { "name": "Standard_LRS" }, "kind": "StorageV2", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]", "properties": { "minimumTlsVersion": "TLS1_2", "supportsHttpsTrafficOnly": true, "accessTier": "Hot" } }, { "type": "Microsoft.KeyVault/vaults", "name": "[variables('siteNameUnique')]", "apiVersion": "2023-07-01", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.KeyVault/vaults'), parameters('tagsByResource')['Microsoft.KeyVault/vaults'], json('{}')) ]", "properties": { "sku": { "family": "A", "name": "standard" }, "tenantId": "[subscription().tenantid]", "accessPolicies": [ { "tenantId": "[subscription().tenantid]", "objectId": "[reference(resourceId('Microsoft.Web/sites', variables('siteNameUnique')),'2023-01-01', 'full').identity.principalId]", "permissions": { "secrets": [ "get", "list", "set" ] } } ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": false, "enableSoftDelete": true, "softDeleteRetentionInDays": 90 }, "dependsOn": [ "[resourceId('Microsoft.OperationalInsights/workspaces', variables('siteNameUnique'))]", "[resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))]", "[resourceId('Microsoft.Sql/servers/databases', variables('siteNameUnique'),'Hydra')]" ] }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'AzureAd--ClientId')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[parameters('spId')]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'AzureAd--ClientSecret')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[parameters('spSecret')]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'AzureAd--TenantId')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[subscription().tenantid]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-CryptoKey')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[base64(substring(concat(uniqueString('secHash',parameters('_salt2'),guid(resourceGroup().id, deployment().name)),parameters('_salt5'),uniqueString(subscription().id,parameters('_salt1')),parameters('spSecret'),'842983489234989823!'),0,32))]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-Index')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "1" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-DbConnectionString')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[variables('connectionStringEntra')]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-DbConnectionString-Native')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[variables('connectionString')]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-LogAnalyticsDefaultId')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces',variables('siteNameUnique'))).customerId]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-StorageAccountUri')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[concat(variables('storageName'),'.',environment().suffixes.storage)]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-StorageAccountKey')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2023-04-01').keys[0].value]" } }, { "type": "Microsoft.KeyVault/vaults/secrets", "apiVersion": "2023-07-01", "name": "[concat(variables('siteNameUnique'), '/', 'Hydra-LogAnalyticsDefaultKey')]", "location": "[parameters('location')]", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults', variables('siteNameUnique'))]" ], "properties": { "value": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', variables('siteNameUnique')), '2022-10-01').primarySharedKey]" } }, { "type": "Microsoft.Sql/servers/databases", "apiVersion": "2023-05-01-preview", "name": "[concat(variables('siteNameUnique'), '/Hydra')]", "location": "[parameters('location')]", "sku": { "name": "S0", "tier": "Standard" }, "kind": "v12.0,user", "properties": { "collation": "SQL_Latin1_General_CP1_CI_AS", "catalogCollation": "SQL_Latin1_General_CP1_CI_AS" }, "dependsOn": [ "[resourceId('Microsoft.Sql/servers', variables('siteNameUnique'))]" ] }, { "type": "Microsoft.Sql/servers/firewallRules", "apiVersion": "2023-05-01-preview", "name": "[concat(variables('siteNameUnique'), '/AllowAllWindowsAzureIps')]", "dependsOn": [ "[resourceId('Microsoft.Sql/servers', variables('siteNameUnique'))]" ], "properties": { "startIpAddress": "0.0.0.0", "endIpAddress": "0.0.0.0" } }, { "name": "[concat(variables('siteNameUnique'),'/Microsoft.Authorization/',Guid(concat('1',variables('siteNameUnique'),resourceGroup().id)))]", "type": "Microsoft.OperationalInsights/workspaces/providers/roleAssignments", "apiVersion": "2022-04-01", "properties": { "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('siteNameUnique')),'2023-01-01', 'full').identity.principalId]", "scope": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('siteNameUnique'))]" }, "dependsOn": [ "[resourceId('Microsoft.OperationalInsights/workspaces', variables('siteNameUnique'))]", "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]", "[resourceId('Microsoft.Sql/servers/databases', variables('siteNameUnique'),'Hydra')]" ] }, { "apiVersion": "2022-10-01", "name": "[variables('siteNameUnique')]", "type": "Microsoft.OperationalInsights/workspaces", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.OperationalInsights/workspaces'), parameters('tagsByResource')['Microsoft.OperationalInsights/workspaces'], json('{}')) ]", "properties": { "sku": { "Name": "PerGB2018" }, "retentionInDays": 90 }, "dependsOn": [ "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]" ] }, { "type": "Microsoft.Web/serverfarms", "apiVersion": "2023-01-01", "name": "[variables('siteNameUnique')]", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Web/serverfarms'), parameters('tagsByResource')['Microsoft.Web/serverfarms'], json('{}')) ]", "sku": { "name": "S1", "tier": "Standard", "size": "S1", "family": "S", "capacity": 1 }, "kind": "app", "properties": { "name": "[variables('siteNameUnique')]", "perSiteScaling": false, "reserved": false, "targetWorkerCount": 0, "targetWorkerSizeId": 0 } }, { "name": "[concat(variables('siteNameUnique'),'/Microsoft.Authorization/',Guid(concat('4',variables('siteNameUnique'),resourceGroup().id)))]", "type": "Microsoft.Web/sites/providers/roleAssignments", "apiVersion": "2022-04-01", "properties": { "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('siteNameUnique')),'2023-01-01', 'full').identity.principalId]", "scope": "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]" }, "dependsOn": [ "[resourceId('Microsoft.OperationalInsights/workspaces', variables('siteNameUnique'))]", "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]", "[resourceId('Microsoft.Sql/servers/databases', variables('siteNameUnique'),'Hydra')]" ] }, { "type": "Microsoft.Web/sites", "apiVersion": "2023-01-01", "name": "[variables('siteNameUnique')]", "location": "[parameters('location')]", "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Web/sites'), parameters('tagsByResource')['Microsoft.Web/sites'], json('{}')) ]", "identity": { "type": "SystemAssigned" }, "kind": "app", "properties": { "enabled": true, "serverFarmId": "[resourceId('Microsoft.Web/serverfarms',variables('siteNameUnique'))]", "httpsOnly": true, "siteConfig": { "alwaysOn": true, "use32BitWorkerProcess": false, "appSettings": [ { "name": "config:Administrators", "value": "[parameters('admins')]" }, { "name": "config:KeyVaultUri", "value": "[concat('https://',variables('siteNameUnique'),environment().suffixes.keyvaultDns)]" }, { "name": "AzureAd:Cloud", "value": "[environment().name]" }, { "name": "PROJECT", "value": "bin" }, { "name": "config:MarketplaceDeployment", "value": "1" }, { "name": "WEBSITE_PROACTIVE_AUTOHEAL_ENABLED", "value": "false" } ] } }, "resources": [ { "name": "web", "type": "sourcecontrols", "apiVersion": "2023-01-01", "dependsOn": [ "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'AzureAd--ClientId')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'AzureAd--ClientSecret')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'AzureAd--TenantId')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-CryptoKey')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-DbConnectionString')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-LogAnalyticsDefaultId')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-StorageAccountUri')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-StorageAccountKey')]", "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('siteNameUnique'), 'Hydra-LogAnalyticsDefaultKey')]", "[resourceId('Microsoft.Web/sites', variables('siteNameUnique'))]" ], "properties": { "repoUrl": "https://github.com/MarcelMeurer/WVD-Hydra.git", "branch": "main", "IsManualIntegration": true } } ], "dependsOn": [ "[resourceId('Microsoft.Web/serverfarms', variables('siteNameUnique'))]" ] } ] }