private static Output <string> GetConnectionString(Input <string> resourceGroupName, Input <string> accountName)
{
// Retrieve the primary storage account key.
var storageAccountKeys = ListStorageAccountKeys.Invoke(new ListStorageAccountKeysInvokeArgs
{
ResourceGroupName = resourceGroupName,
AccountName = accountName
});
return(storageAccountKeys.Apply(keys =>
{
var primaryStorageKey = keys.Keys[0].Value;
// Build the connection string to the storage account.
return Output.Format($"DefaultEndpointsProtocol=https;AccountName={accountName};AccountKey={primaryStorageKey}");
}));
}
public AppStack()
{
var config = new Config();
var resourceGroup = new ResourceGroup("rotatesecretoneset-rg");
var sqlAdminLogin = config.Get("sqlAdminLogin") ?? "sqlAdmin";
var sqlAdminPassword = new RandomUuid("sqlPassword").Result;
var sqlServer = new Server("sqlServer", new ServerArgs
{
AdministratorLogin = sqlAdminLogin,
AdministratorLoginPassword = sqlAdminPassword,
ResourceGroupName = resourceGroup.Name,
Version = "12.0",
});
new FirewallRule("AllowAllWindowsAzureIps",
new FirewallRuleArgs
{
ServerName = sqlServer.Name,
ResourceGroupName = resourceGroup.Name,
StartIpAddress = "0.0.0.0",
EndIpAddress = "0.0.0.0",
});
var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantId = clientConfig.Apply(c => c.TenantId);
var storageAccount = new StorageAccount("storageaccount", new StorageAccountArgs
{
Kind = "Storage",
ResourceGroupName = resourceGroup.Name,
Sku = new Storage.Inputs.SkuArgs
{
Name = "Standard_LRS"
},
});
var appInsights = new Component("appInsights", new ComponentArgs
{
RequestSource = "IbizaWebAppExtensionCreate",
ResourceGroupName = resourceGroup.Name,
ApplicationType = "web",
Kind = "web",
Tags =
{
//{ "[concat('hidden-link:', resourceId('Microsoft.Web/sites', parameters('functionAppName')))]", "Resource" },
},
});
var secretName = config.Get("secretName") ?? "sqlPassword";
var appService = new AppServicePlan("functionApp-appService", new AppServicePlanArgs
{
ResourceGroupName = resourceGroup.Name,
Sku = new SkuDescriptionArgs
{
Name = "Y1",
Tier = "Dynamic",
},
});
var storageKey = ListStorageAccountKeys.Invoke(new ListStorageAccountKeysInvokeArgs
{
AccountName = storageAccount.Name,
ResourceGroupName = resourceGroup.Name
}).Apply(t => t.Keys[0].Value);
var functionApp = new WebApp("functionApp", new WebAppArgs
{
Kind = "functionapp",
ResourceGroupName = resourceGroup.Name,
ServerFarmId = appService.Id,
Identity = new ManagedServiceIdentityArgs {
Type = ManagedServiceIdentityType.SystemAssigned
},
SiteConfig = new SiteConfigArgs
{
AppSettings =
{
new NameValuePairArgs
{
Name = "AzureWebJobsStorage",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={storageKey}"),
},
new NameValuePairArgs
{
Name = "FUNCTIONS_EXTENSION_VERSION",
Value = "~3",
},
new NameValuePairArgs
{
Name = "FUNCTIONS_WORKER_RUNTIME",
Value = "dotnet",
},
new NameValuePairArgs
{
Name = "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};EndpointSuffix=core.windows.net;AccountKey={storageKey}"),
},
new NameValuePairArgs
{
Name = "WEBSITE_NODE_DEFAULT_VERSION",
Value = "~10",
},
new NameValuePairArgs
{
Name = "APPINSIGHTS_INSTRUMENTATIONKEY",
Value = appInsights.InstrumentationKey,
},
},
},
});
var functionAppSourceControl = new WebAppSourceControl("functionApp-sourceControl",
new WebAppSourceControlArgs
{
Name = functionApp.Name,
IsManualIntegration = true,
Branch = "main",
RepoUrl = config.Get("functionAppRepoURL") ?? "https://github.com/Azure-Samples/KeyVault-Rotation-SQLPassword-Csharp.git",
ResourceGroupName = resourceGroup.Name,
});
var webAppAppService = new AppServicePlan("webApp-appService", new AppServicePlanArgs
{
ResourceGroupName = resourceGroup.Name,
Sku = new SkuDescriptionArgs
{
Name = "F1",
},
});
var webApp = new WebApp("webApp", new WebAppArgs
{
Kind = "app",
ResourceGroupName = resourceGroup.Name,
ServerFarmId = webAppAppService.Id,
Identity = new ManagedServiceIdentityArgs {
Type = ManagedServiceIdentityType.SystemAssigned
},
});
var keyVault = new Vault("keyVault", new VaultArgs
{
Properties = new VaultPropertiesArgs
{
AccessPolicies =
{
new AccessPolicyEntryArgs
{
TenantId = tenantId,
ObjectId = functionApp.Identity.Apply(i => i !.PrincipalId),
Permissions = new PermissionsArgs
{
Secrets ={ "get", "list", "set" },
},
},