diff --git a/azd-hooks/postprovision.sh b/azd-hooks/postprovision.sh index e9bd1fe..e3ca53b 100755 --- a/azd-hooks/postprovision.sh +++ b/azd-hooks/postprovision.sh @@ -30,32 +30,6 @@ az aks enable-addons \ --resource-group ${RESOURCE_GROUP_NAME} \ --workspace-resource-id ${WORKSPACE_ID} -echo "Provision postgresql server" -az postgres flexible-server create \ - --resource-group ${RESOURCE_GROUP_NAME} \ - --name ${DB_RESOURCE_NAME} \ - --location ${LOCATION} \ - --admin-user ${DB_USER_NAME} \ - --admin-password ${DB_USER_PASSWORD} \ - --version 15 --public-access 0.0.0.0 \ - --tier Burstable \ - --sku-name Standard_B1ms \ - --yes - -echo "Provision postgresql database" -az postgres flexible-server db create \ - --resource-group ${RESOURCE_GROUP_NAME} \ - --server-name ${DB_RESOURCE_NAME} \ - --database-name ${DB_NAME} - -echo "Allow Access to Azure Services" -az postgres flexible-server firewall-rule create \ - -g ${RESOURCE_GROUP_NAME} \ - -n ${DB_RESOURCE_NAME} \ - -r "AllowAllWindowsAzureIps" \ - --start-ip-address "0.0.0.0" \ - --end-ip-address "0.0.0.0" - az postgres flexible-server parameter set --name max_prepared_transactions --value 10 -g ${RESOURCE_GROUP_NAME} --server-name ${DB_RESOURCE_NAME} az postgres flexible-server restart -g ${RESOURCE_GROUP_NAME} --name ${DB_RESOURCE_NAME} diff --git a/infra/main.bicep b/infra/main.bicep index d94c3ca..25e402f 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -117,6 +117,29 @@ module cognitiveservices './shared/cognitiveservices.bicep' = { } } +module flexibleserver './shared/flexibleserver.bicep' = { + name: 'flexibleserver' + scope: rg + params: { + location: location + databaseNames: [ + 'liberty-db-${suffix}' + ] + name: 'liberty-server-${suffix}' + sku: { + name: 'Standard_D4ds_v4' + tier: 'GeneralPurpose' + } + storage: { + storageSizeGB: 64 + } + version: '15' + administratorLogin: administratorLogin + administratorLoginPassword: administratorLoginPassword + allowAzureIPsFirewall: true + } +} + output AZURE_OPENAI_KEY string =cognitiveservices.outputs.key output AZURE_OPENAI_ENDPOINT string =cognitiveservices.outputs.endpoint output AZURE_OPENAI_MODEL_NAME string = openAIModelName diff --git a/infra/shared/flexibleserver.bicep b/infra/shared/flexibleserver.bicep new file mode 100644 index 0000000..7e26b1a --- /dev/null +++ b/infra/shared/flexibleserver.bicep @@ -0,0 +1,65 @@ +metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.' +param name string +param location string = resourceGroup().location +param tags object = {} + +param sku object +param storage object +param administratorLogin string +@secure() +param administratorLoginPassword string +param databaseNames array = [] +param allowAzureIPsFirewall bool = false +param allowAllIPsFirewall bool = false +param allowedSingleIPs array = [] + +// PostgreSQL version +param version string + +// Latest official version 2022-12-01 does not have Bicep types available +resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { + location: location + tags: tags + name: name + sku: sku + properties: { + version: version + administratorLogin: administratorLogin + administratorLoginPassword: administratorLoginPassword + storage: storage + highAvailability: { + mode: 'Disabled' + } + } + + resource database 'databases' = [for name in databaseNames: { + name: name + }] + + resource firewall_all 'firewallRules' = if (allowAllIPsFirewall) { + name: 'allow-all-IPs' + properties: { + startIpAddress: '0.0.0.0' + endIpAddress: '255.255.255.255' + } + } + + resource firewall_azure 'firewallRules' = if (allowAzureIPsFirewall) { + name: 'allow-all-azure-internal-IPs' + properties: { + startIpAddress: '0.0.0.0' + endIpAddress: '0.0.0.0' + } + } + + resource firewall_single 'firewallRules' = [for ip in allowedSingleIPs: { + name: 'allow-single-${replace(ip, '.', '')}' + properties: { + startIpAddress: ip + endIpAddress: ip + } + }] + +} + +output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName