Integrate PostgreSQL flexible server setup with Bicep module.

azd-hooks/postprovision.sh

@@ -30,32 +30,6 @@ az aks enable-addons \
   --resource-group ${RESOURCE_GROUP_NAME} \
   --workspace-resource-id ${WORKSPACE_ID}
 
-echo "Provision postgresql server"
-az postgres flexible-server create \
-   --resource-group ${RESOURCE_GROUP_NAME} \
-   --name ${DB_RESOURCE_NAME} \
-   --location ${LOCATION} \
-   --admin-user ${DB_USER_NAME} \
-   --admin-password ${DB_USER_PASSWORD} \
-   --version 15 --public-access 0.0.0.0 \
-   --tier Burstable  \
-   --sku-name Standard_B1ms  \
-   --yes
-
-echo "Provision postgresql database"
-az postgres flexible-server db create \
-  --resource-group ${RESOURCE_GROUP_NAME} \
-  --server-name ${DB_RESOURCE_NAME} \
-  --database-name ${DB_NAME}
-
-echo "Allow Access to Azure Services"
-az postgres flexible-server firewall-rule create \
-  -g ${RESOURCE_GROUP_NAME} \
-  -n ${DB_RESOURCE_NAME} \
-  -r "AllowAllWindowsAzureIps" \
-  --start-ip-address "0.0.0.0" \
-  --end-ip-address "0.0.0.0"
-
 az postgres flexible-server parameter set --name max_prepared_transactions --value 10 -g ${RESOURCE_GROUP_NAME} --server-name ${DB_RESOURCE_NAME}
 az postgres flexible-server restart -g ${RESOURCE_GROUP_NAME} --name ${DB_RESOURCE_NAME}
 

infra/main.bicep

@@ -117,6 +117,29 @@ module cognitiveservices './shared/cognitiveservices.bicep' = {
   }
 }
 
+module flexibleserver './shared/flexibleserver.bicep' = {
+  name: 'flexibleserver'
+  scope: rg
+  params: {
+      location: location
+      databaseNames: [
+        'liberty-db-${suffix}'
+      ]
+      name: 'liberty-server-${suffix}'
+      sku: {
+        name: 'Standard_D4ds_v4'
+        tier: 'GeneralPurpose'
+      }
+      storage: {
+        storageSizeGB: 64
+      }
+      version: '15'
+      administratorLogin: administratorLogin
+      administratorLoginPassword: administratorLoginPassword
+      allowAzureIPsFirewall: true
+    }
+}
+
 output AZURE_OPENAI_KEY string =cognitiveservices.outputs.key
 output AZURE_OPENAI_ENDPOINT string =cognitiveservices.outputs.endpoint
 output AZURE_OPENAI_MODEL_NAME string = openAIModelName

infra/shared/flexibleserver.bicep

@@ -0,0 +1,65 @@
+metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param sku object
+param storage object
+param administratorLogin string
+@secure()
+param administratorLoginPassword string
+param databaseNames array = []
+param allowAzureIPsFirewall bool = false
+param allowAllIPsFirewall bool = false
+param allowedSingleIPs array = []
+
+// PostgreSQL version
+param version string
+
+// Latest official version 2022-12-01 does not have Bicep types available
+resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
+  location: location
+  tags: tags
+  name: name
+  sku: sku
+  properties: {
+    version: version
+    administratorLogin: administratorLogin
+    administratorLoginPassword: administratorLoginPassword
+    storage: storage
+    highAvailability: {
+      mode: 'Disabled'
+    }
+  }
+
+  resource database 'databases' = [for name in databaseNames: {
+    name: name
+  }]
+
+  resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) {
+    name: 'allow-all-IPs'
+    properties: {
+      startIpAddress: '0.0.0.0'
+      endIpAddress: '255.255.255.255'
+    }
+  }
+
+  resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) {
+    name: 'allow-all-azure-internal-IPs'
+    properties: {
+      startIpAddress: '0.0.0.0'
+      endIpAddress: '0.0.0.0'
+    }
+  }
+
+  resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: {
+    name: 'allow-single-${replace(ip, '.', '')}'
+    properties: {
+      startIpAddress: ip
+      endIpAddress: ip
+    }
+  }]
+
+}
+
+output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName