public static Output <string> SignedBlobReadUrl(ZipBlob blob, Account account)
{
return(Output
.All <string>(account.Name, account.PrimaryConnectionString, blob.StorageContainerName, blob.Name)
.Apply(async values =>
{
string accountName = values[0];
string connectionString = values[1];
string containerName = values[2];
string blobName = values[3];
var sas = await Invokes.GetAccountBlobContainerSAS(
new GetAccountBlobContainerSASArgs
{
ConnectionString = connectionString,
ContainerName = containerName,
Start = "2019-01-01",
Expiry = "2100-01-01",
Permissions = new GetAccountBlobContainerSASPermissionsArgs
{
Read = true,
Write = false,
Delete = false,
List = false,
Add = false,
Create = false,
},
}
);
return $"https://{accountName}.blob.core.windows.net/{containerName}/{blobName}{sas.Sas}";
}));
}
public ArchiveFunctionApp(string name, ArchiveFunctionAppArgs args, ResourceOptions?options = null)
: base("examples:azure:ArchiveFunctionApp", name, options)
{
var opts = CustomResourceOptions.Merge(options, new CustomResourceOptions {
Parent = this
});
var storageAccount = new Account($"sa{args.Location}", new AccountArgs
{
ResourceGroupName = args.ResourceGroupName,
Location = args.Location,
AccountReplicationType = "LRS",
AccountTier = "Standard",
}, opts);
var appServicePlan = new Plan($"asp-{args.Location}", new PlanArgs
{
ResourceGroupName = args.ResourceGroupName,
Location = args.Location,
Kind = "FunctionApp",
Sku = new PlanSkuArgs
{
Tier = "Dynamic",
Size = "Y1",
},
}, opts);
var container = new Container($"zips-{args.Location}", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
}, opts);
var blob = new ZipBlob($"zip-{args.Location}", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = args.Archive,
}, opts);
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
args.AppSettings.Add("runtime", "dotnet");
args.AppSettings.Add("WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl);
var app = new FunctionApp($"app-{args.Location}", new FunctionAppArgs
{
ResourceGroupName = args.ResourceGroupName,
Location = args.Location,
AppServicePlanId = appServicePlan.Id,
AppSettings = args.AppSettings,
StorageConnectionString = storageAccount.PrimaryConnectionString,
Version = "~2",
}, opts);
this.AppId = app.Id;
}
static Task <int> Main()
{
return(Deployment.RunAsync(() => {
var resourceGroup = new ResourceGroup("functions-rg");
var storageAccount = new Account("sa", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
var appServicePlan = new Plan("asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "FunctionApp",
Sku = new PlanSkuArgs
{
Tier = "Dynamic",
Size = "Y1",
},
});
var container = new Container("zips", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
});
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = new FileArchive("./functions/bin/Debug/netcoreapp3.0/publish"),
});
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
var app = new FunctionApp("app", new FunctionAppArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
AppSettings =
{
{ "runtime", "dotnet" },
{ "WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl },
},
StorageConnectionString = storageAccount.PrimaryConnectionString,
Version = "~3",
});
return new Dictionary <string, object>
{
{ "endpoint", Output.Format($"https://{app.DefaultHostname}/api/Hello?name=Pulumi") },
};
}));
}
static Task <int> Main()
{
return(Deployment.RunAsync(() => {
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("doaw20-rg");
// Create an Azure Storage Account
var storageAccount = new Account("doaw20st", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
//EnableHttpsTrafficOnly = true
});
var appServicePlan = new Plan("doaw20-asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "FunctionApp",
Sku = new PlanSkuArgs
{
Tier = "Dynamic",
Size = "Y1"
}
});
var container = new Container("zips", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private"
});
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = new FileArchive("../HelloFunc/bin/Debug/netcoreapp3.1/publish")
});
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
var app = new FunctionApp("doaw20-app", new FunctionAppArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
AppSettings =
{
{ "runtime", "dotnet" },
{ "WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl }
},
StorageConnectionString = storageAccount.PrimaryConnectionString,
Version = "~3"
});
// Export the connection string for the storage account
return new Dictionary <string, object?>
{
{ "connectionString", storageAccount.PrimaryConnectionString },
{ "endpoint", Output.Format($"https://{app.DefaultHostname}/api/HelloPulumi?name=DevOps@Work20") }
};
}));
}
static Task <int> Main()
{
return(Deployment.RunAsync(async() => {
var resourceGroup = new ResourceGroup("keyvault-rg");
// Create a storage account for Blobs
var storageAccount = new Account("storage", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
// The container to put our files into
var storageContainer = new Container("files", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
});
// Azure SQL Server that we want to access from the application
var administratorLoginPassword = new RandomPassword("password",
new RandomPasswordArgs {
Length = 16, Special = true
}).Result;
var sqlServer = new SqlServer("sqlserver", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
// The login and password are required but won't be used in our application
AdministratorLogin = "******",
AdministratorLoginPassword = administratorLoginPassword,
Version = "12.0",
});
// Azure SQL Database that we want to access from the application
var database = new Database("db", new DatabaseArgs
{
ResourceGroupName = resourceGroup.Name,
ServerName = sqlServer.Name,
RequestedServiceObjectiveName = "S0",
});
// The connection string that has no credentials in it: authertication will come through MSI
var connectionString = Output.Format($"Server=tcp:{sqlServer.Name}.database.windows.net;Database={database.Name};");
// A file in Blob Storage that we want to access from the application
var textBlob = new Blob("text", new BlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = storageContainer.Name,
Type = "block",
Source = "./README.md",
});
// A plan to host the App Service
var appServicePlan = new Plan("asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "App",
Sku = new PlanSkuArgs
{
Tier = "Basic",
Size = "B1",
},
});
// ASP.NET deployment package
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = storageContainer.Name,
Type = "block",
Content = new FileArchive("./webapp/bin/Debug/netcoreapp2.2/publish"),
});
var clientConfig = await Pulumi.Azure.Core.Invokes.GetClientConfig();
var tenantId = clientConfig.TenantId;
var currentPrincipal = clientConfig.ObjectId;
// Key Vault to store secrets (e.g. Blob URL with SAS)
var vault = new KeyVault("vault", new KeyVaultArgs
{
ResourceGroupName = resourceGroup.Name,
SkuName = "standard",
TenantId = tenantId,
AccessPolicies =
{
new KeyVaultAccessPoliciesArgs
{
TenantId = tenantId,
// The current principal has to be granted permissions to Key Vault so that it can actually add and then remove
// secrets to/from the Key Vault. Otherwise, 'pulumi up' and 'pulumi destroy' operations will fail.
ObjectId = currentPrincipal,
SecretPermissions ={ "delete", "get", "list", "set" },
}
},
});
// Put the URL of the zip Blob to KV
var secret = new Secret("deployment-zip", new SecretArgs
{
KeyVaultId = vault.Id,
Value = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount),
});
var secretUri = Output.Format($"{secret.VaultUri}secrets/{secret.Name}/{secret.Version}");
// The application hosted in App Service
var app = new AppService("app", new AppServiceArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
// A system-assigned managed service identity to be used for authentication and authorization to the SQL Database and the Blob Storage
Identity = new AppServiceIdentityArgs {
Type = "SystemAssigned"
},
AppSettings =
{
// Website is deployed from a URL read from the Key Vault
{ "WEBSITE_RUN_FROM_ZIP", Output.Format($"@Microsoft.KeyVault(SecretUri={secretUri})") },
// Note that we simply provide the URL without SAS or keys
{ "StorageBlobUrl", textBlob.Url },
},
ConnectionStrings =
{
new AppServiceConnectionStringsArgs
{
Name = "db",
Type = "SQLAzure",
Value = connectionString,
},
},
});
// Work around a preview issue https://github.com/pulumi/pulumi-azure/issues/192
var principalId = app.Identity.Apply(id => id.PrincipalId ?? "11111111-1111-1111-1111-111111111111");
// Grant App Service access to KV secrets
var policy = new AccessPolicy("app-policy", new AccessPolicyArgs
{
KeyVaultId = vault.Id,
TenantId = tenantId,
ObjectId = principalId,
SecretPermissions = { "get" },
});
// Make the App Service the admin of the SQL Server (double check if you want a more fine-grained security model in your real app)
var sqlAdmin = new ActiveDirectoryAdministrator("adadmin", new ActiveDirectoryAdministratorArgs
{
ResourceGroupName = resourceGroup.Name,
TenantId = tenantId,
ObjectId = principalId,
Login = "******",
ServerName = sqlServer.Name,
});
// Grant access from App Service to the container in the storage
var blobPermission = new Assignment("readblob", new AssignmentArgs
{
PrincipalId = principalId,
Scope = Output.Format($"{storageAccount.Id}/blobServices/default/containers/{storageContainer.Name}"),
RoleDefinitionName = "Storage Blob Data Reader",
});
// Add SQL firewall exceptions
var firewallRules = app.OutboundIpAddresses.Apply(
ips => ips.Split(",").Select(
ip => new FirewallRule($"FR{ip}", new FirewallRuleArgs
{
ResourceGroupName = resourceGroup.Name,
StartIpAddress = ip,
EndIpAddress = ip,
ServerName = sqlServer.Name,
})
).ToList());
return new Dictionary <string, object>
{
{ "endpoint", Output.Format($"https://{app.DefaultSiteHostname}") },
};
}));
}
static Task <int> Main()
{
return(Deployment.RunAsync(() =>
{
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("resourceGroup", new ResourceGroupArgs
{
Name = "pulumi"
});
// Create an Azure Storage Account
var storageAccount = new Account("storage", new AccountArgs
{
Name = "wwwcontainer",
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
var appServicePlan = new Plan("asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Name = "website",
Kind = "App",
Sku = new PlanSkuArgs
{
Tier = "Basic",
Size = "B1",
},
});
var container = new Container("zips", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
});
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = new FileArchive(@"C:\code\ozcode\pulumiapp\pulumiapp\bin\Debug\netcoreapp3.1\publish"),
});
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
var config = new Config();
var username = config.Get("sqlAdmin") ?? "pulumi";
var password = config.RequireSecret("sqlPassword");
var sqlServer = new SqlServer("sql", new SqlServerArgs
{
Name = "pulumiserver",
ResourceGroupName = resourceGroup.Name,
AdministratorLogin = username,
AdministratorLoginPassword = password,
Version = "12.0",
});
var database = new Database("db", new DatabaseArgs
{
Name = "pulumidatabase",
ResourceGroupName = resourceGroup.Name,
ServerName = sqlServer.Name,
RequestedServiceObjectiveName = "S0",
});
var app = new AppService("app", new AppServiceArgs
{
Name = "pulumiwebapp",
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
AppSettings =
{
{ "WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl },
{ "OzCode:Agent:Token", "76c0dff5-a7ba-415c-858f-b1bc1124a42c|73b8df28-4f14-468d-a978-918900c1736c" }
},
public static Dictionary <string, object> Run()
{
var resourceGroup = new ResourceGroup("dotnet-rg", new ResourceGroupArgs
{
Location = "West Europe"
});
var cosmosapp = new CosmosApp("capp", new CosmosAppArgs
{
ResourceGroupName = resourceGroup.Name,
Locations = new[] { resourceGroup.Location },
});
var storageAccount = new Account("sa", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
var appServicePlan = new Plan("asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "App",
Sku = new PlanSkuArgs
{
Tier = "Basic",
Size = "B1",
},
});
var container = new Container("c", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
});
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = new FileArchive("wwwroot"),
});
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
//var username = "******"; // TODO: Pulumi.Config
//var password = "******";
//var sqlServer = new SqlServer("sql", new SqlServerArgs
//{
// ResourceGroupName = resourceGroup.Name,
// AdministratorLogin = username,
// AdministratorLoginPassword = password,
// Version = "12.0",
//});
//var database = new Database("db", new DatabaseArgs
//{
// ResourceGroupName = resourceGroup.Name,
// ServerName = sqlServer.Name,
// RequestedServiceObjectiveName = "S0",
//});
var app = new AppService("app", new AppServiceArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
AppSettings =
{
{ "WEBSITE_RUN_FROM_ZIP", codeBlobUrl },
},
//ConnectionStrings = new[]
//{
// new AppService.ConnectionStringArgs
// {
// Name = "db",
// Type = "SQLAzure",
// Value = Output.All<string>(sqlServer.Name, database.Name).Apply(values =>
// {
// return $"Server= tcp:${values[0]}.database.windows.net;initial catalog=${values[1]};userID=${username};password=${password};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;";
// }),
// },
//},
});
return(new Dictionary <string, object>
{
{ "endpoint", app.DefaultSiteHostname },
});
}
static Task <int> Main(string[] args)
{
return(Deployment.RunAsync(() => {
var resourceGroup = new ResourceGroup("appservice-rg");
var storageAccount = new Account("sa", new AccountArgs
{
ResourceGroupName = resourceGroup.Name,
AccountReplicationType = "LRS",
AccountTier = "Standard",
});
var appServicePlan = new Plan("asp", new PlanArgs
{
ResourceGroupName = resourceGroup.Name,
Kind = "App",
Sku = new PlanSkuArgs
{
Tier = "Basic",
Size = "B1",
},
});
var container = new Container("zips", new ContainerArgs
{
StorageAccountName = storageAccount.Name,
ContainerAccessType = "private",
});
var blob = new ZipBlob("zip", new ZipBlobArgs
{
StorageAccountName = storageAccount.Name,
StorageContainerName = container.Name,
Type = "block",
Content = new FileArchive("wwwroot"),
});
var codeBlobUrl = SharedAccessSignature.SignedBlobReadUrl(blob, storageAccount);
var config = new Config();
var username = config.Get("sqlAdmin") ?? "pulumi";
var password = config.RequireSecret("sqlPassword");
var sqlServer = new SqlServer("sql", new SqlServerArgs
{
ResourceGroupName = resourceGroup.Name,
AdministratorLogin = username,
AdministratorLoginPassword = password,
Version = "12.0",
});
var database = new Database("db", new DatabaseArgs
{
ResourceGroupName = resourceGroup.Name,
ServerName = sqlServer.Name,
RequestedServiceObjectiveName = "S0",
});
var app = new AppService("app", new AppServiceArgs
{
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
AppSettings =
{
{ "WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl },
},
ConnectionStrings =
{
new AppServiceConnectionStringsArgs
{
Name = "db",
Type = "SQLAzure",
Value = Output.Tuple <string, string, string>(sqlServer.Name, database.Name, password).Apply(t =>
{
(string server, string database, string pwd) = t;
return $"Server= tcp:{server}.database.windows.net;initial catalog={database};userID={username};password={pwd};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;";
}),
},
},
});
