diff --git a/README.md b/README.md index d9e65a6e..d8872f19 100644 --- a/README.md +++ b/README.md @@ -293,16 +293,20 @@ Prior to running this command on the ingress url `https:///auth/` ```bash azd env set AUTH_CODE -azd deploy -azd env show AUTH_TOKEN +azd hooks run predeploy ``` -This command deploys some additional configuration helpful to using the solution. +This command performs the following actions: -_Posthook_ +1. Adds the first user to the platform with an operator role. +2. Retrieves an openid refresh token for the first user. +3. Writes necessary environment to the Visual Studio Code settings file. + + +__Execute Rest Scripts__ + +Using the Rest Client Extension for VSCode an environment has been conveniently added in `.vscode/scipts` which can be selected and the scripts now in `tools/rest-scripts` can be used to run api checks. -1. Configure the Initial User into Entitlements. -2. Using a provided Authorization Code get an initial user refresh token. __Removal and Cleaning up__ diff --git a/azure.yaml b/azure.yaml index f1318aab..0aa10422 100644 --- a/azure.yaml +++ b/azure.yaml @@ -76,20 +76,3 @@ hooks: echo "Docker is not installed." exit 1 fi - postdeploy: - posix: - interactive: false - continueOnError: false - shell: sh - run: | - env_vars=$(azd env get-values | tr -d '"' | awk '{print "-e " $0}') - # Check if Docker command exists - if command -v docker &> /dev/null; then - echo "Building Docker Image" - docker buildx build --no-cache -f scripts/Dockerfile-provision -t azd-provision scripts - docker run --rm -v $(pwd):/workspace -v "${HOME}/.azure:/root/.azure" $env_vars -e AZURE_CONFIG_DIR=/root/.azure azd-provision /usr/local/bin/postdeploy.sh -s ${AZURE_SUBSCRIPTION_ID} - sleep 5 - else - echo "Docker is not installed." - exit 1 - fi \ No newline at end of file diff --git a/bicep/main.bicep b/bicep/main.bicep index 11cf24e8..4ef0f4c3 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -361,6 +361,7 @@ module partitionBlade 'modules/blade_partition.bicep' = { partitionSize: tier partitions: configuration.partitions + managedIdentityName: stampIdentity.outputs.name } dependsOn: [ networkBlade @@ -436,7 +437,6 @@ module serviceBlade 'modules/blade_service.bicep' = { ] } -output KEYVAULT_NAME string = commonBlade.outputs.keyvaultName output ACR_NAME string = serviceBlade.outputs.registryName output AKS_NAME string = serviceBlade.outputs.clusterName diff --git a/bicep/modules/blade_partition.bicep b/bicep/modules/blade_partition.bicep index cc2ba58a..eeefc319 100644 --- a/bicep/modules/blade_partition.bicep +++ b/bicep/modules/blade_partition.bicep @@ -62,13 +62,16 @@ param partitions array = [ } ] +@description('The managed identity name for deployment scripts') +param managedIdentityName string + ///////////////////////////////// // Configuration ///////////////////////////////// var partitionLayerConfig = { secrets: { storageAccountName: 'storage' - storageAccountKey: 'key' + storageAccountKey: 'storage-key' cosmosConnectionString: 'cosmos-connection' cosmosEndpoint: 'cosmos-endpoint' cosmosPrimaryKey: 'cosmos-primary-key' @@ -539,6 +542,23 @@ module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.4.2' = [for } }] + +// Deployment Scripts are not enabled yet for Private Link +// https://github.com/Azure/bicep/issues/6540 +module blobUpload './script-blob-upload/main.bicep' = [for (partition, index) in partitions: { + name: '${bladeConfig.sectionName}-storage-blob-upload-${index}' + params: { + storageAccountName: partitionStorage[index].outputs.name + location: location + + useExistingManagedIdentity: true + managedIdentityName: managedIdentityName + existingManagedIdentitySubId: subscription().subscriptionId + existingManagedIdentityResourceGroupName:resourceGroup().name + } +}] + + // Output partitionStorage names output partitionStorageNames string[] = [for (partition, index) in partitions: partitionStorage[index].outputs.name] output partitionServiceBusNames string[] = [for (partition, index) in partitions: partitonNamespace[index].outputs.name] diff --git a/bicep/modules/script-blob-upload/Legal_COO.json b/bicep/modules/script-blob-upload/Legal_COO.json new file mode 100644 index 00000000..4dfbe41f --- /dev/null +++ b/bicep/modules/script-blob-upload/Legal_COO.json @@ -0,0 +1,1472 @@ +[{ + "name": "Andorra", + "alpha2": "AD", + "numeric": 16, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "United Arab Emirates", + "alpha2": "AE", + "numeric": 784, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Afghanistan", + "alpha2": "AF", + "numeric": 4, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Antigua and Barbuda", + "alpha2": "AG", + "numeric": 28, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Anguilla", + "alpha2": "AI", + "numeric": 660, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Albania", + "alpha2": "AL", + "numeric": 8, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Armenia", + "alpha2": "AM", + "numeric": 51, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Netherlands Antilles", + "alpha2": "AN", + "numeric": 530, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Angola", + "alpha2": "AO", + "numeric": 24, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Antarctica", + "alpha2": "AQ", + "numeric": 10, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Argentina", + "alpha2": "AR", + "numeric": 32, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "American Samoa", + "alpha2": "AS", + "numeric": 16, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Austria", + "alpha2": "AT", + "numeric": 40, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Australia", + "alpha2": "AU", + "numeric": 36, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Aruba", + "alpha2": "AW", + "numeric": 533, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Aland Islands", + "alpha2": "AX", + "numeric": 248, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Azerbaijan", + "alpha2": "AZ", + "numeric": 31, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Bosnia and Herzegovina", + "alpha2": "BA", + "numeric": 70, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Barbados", + "alpha2": "BB", + "numeric": 52, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bangladesh", + "alpha2": "BD", + "numeric": 50, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Belgium", + "alpha2": "BE", + "numeric": 56, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Burkina Faso", + "alpha2": "BF", + "numeric": 854, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bulgaria", + "alpha2": "BG", + "numeric": 100, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bahrain", + "alpha2": "BH", + "numeric": 48, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Burundi", + "alpha2": "BI", + "numeric": 108, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Benin", + "alpha2": "BJ", + "numeric": 204, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Barthelemy", + "alpha2": "BL", + "numeric": 652, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bermuda", + "alpha2": "BM", + "numeric": 60, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Brunei Darussalam", + "alpha2": "BN", + "numeric": 96, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bolivia", + "alpha2": "BO", + "numeric": 68, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Brazil", + "alpha2": "BR", + "numeric": 76, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bahamas", + "alpha2": "BS", + "numeric": 44, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bhutan", + "alpha2": "BT", + "numeric": 64, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Bouvet Island", + "alpha2": "BV", + "numeric": 74, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Botswana", + "alpha2": "BW", + "numeric": 72, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Belarus", + "alpha2": "BY", + "numeric": 112, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Belize", + "alpha2": "BZ", + "numeric": 84, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Canada", + "alpha2": "CA", + "numeric": 124, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cocos Islands", + "alpha2": "CC", + "numeric": 166, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "The Democratic Republic of the Congo", + "alpha2": "CD", + "numeric": 180, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Central African Republic", + "alpha2": "CF", + "numeric": 140, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Congo", + "alpha2": "CG", + "numeric": 178, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Switzerland", + "alpha2": "CH", + "numeric": 756, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cote d'Ivoire", + "alpha2": "CI", + "numeric": 384, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cook Islands", + "alpha2": "CK", + "numeric": 184, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Chile", + "alpha2": "CL", + "numeric": 152, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cameroon", + "alpha2": "CM", + "numeric": 120, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "China", + "alpha2": "CN", + "numeric": 156, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Colombia", + "alpha2": "CO", + "numeric": 170, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Costa Rica", + "alpha2": "CR", + "numeric": 188, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cuba", + "alpha2": "CU", + "numeric": 192, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Cape Verde", + "alpha2": "CV", + "numeric": 132, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Christmas Island", + "alpha2": "CX", + "numeric": 162, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cyprus", + "alpha2": "CY", + "numeric": 196, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Czech Republic", + "alpha2": "CZ", + "numeric": 203, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Germany", + "alpha2": "DE", + "numeric": 276, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Djibouti", + "alpha2": "DJ", + "numeric": 262, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Denmark", + "alpha2": "DK", + "numeric": 208, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Dominica", + "alpha2": "DM", + "numeric": 212, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Dominican Republic", + "alpha2": "DO", + "numeric": 214, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Algeria", + "alpha2": "DZ", + "numeric": 12, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Ecuador", + "alpha2": "EC", + "numeric": 218, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Estonia", + "alpha2": "EE", + "numeric": 233, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Egypt", + "alpha2": "EG", + "numeric": 818, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Western Sahara", + "alpha2": "EH", + "numeric": 732, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Eritrea", + "alpha2": "ER", + "numeric": 232, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Spain", + "alpha2": "ES", + "numeric": 724, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Ethiopia", + "alpha2": "ET", + "numeric": 231, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Finland", + "alpha2": "FI", + "numeric": 246, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Fiji", + "alpha2": "FJ", + "numeric": 242, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Falkland Islands", + "alpha2": "FK", + "numeric": 238, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Federated States of Micronesia", + "alpha2": "FM", + "numeric": 583, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Faroe Islands", + "alpha2": "FO", + "numeric": 234, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "France", + "alpha2": "FR", + "numeric": 250, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Gabon", + "alpha2": "GA", + "numeric": 266, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "United Kingdom", + "alpha2": "GB", + "numeric": 826, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Grenada", + "alpha2": "GD", + "numeric": 308, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Georgia", + "alpha2": "GE", + "numeric": 268, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "French Guiana", + "alpha2": "GF", + "numeric": 254, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guernsey", + "alpha2": "GG", + "numeric": 831, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Ghana", + "alpha2": "GH", + "numeric": 288, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Gibraltar", + "alpha2": "GI", + "numeric": 292, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Greenland", + "alpha2": "GL", + "numeric": 304, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Gambia", + "alpha2": "GM", + "numeric": 270, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guinea", + "alpha2": "GN", + "numeric": 324, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guadeloupe", + "alpha2": "GP", + "numeric": 312, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Equatorial Guinea", + "alpha2": "GQ", + "numeric": 226, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Greece", + "alpha2": "GR", + "numeric": 300, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "South Georgia and the South Sandwich Islands", + "alpha2": "GS", + "numeric": 239, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guatemala", + "alpha2": "GT", + "numeric": 320, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guam", + "alpha2": "GU", + "numeric": 316, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guinea-Bissau", + "alpha2": "GW", + "numeric": 624, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Guyana", + "alpha2": "GY", + "numeric": 328, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Hong Kong", + "alpha2": "HK", + "numeric": 344, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Heard Island and McDonald Islands", + "alpha2": "HM", + "numeric": 334, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Honduras", + "alpha2": "HN", + "numeric": 340, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Croatia", + "alpha2": "HR", + "numeric": 191, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Haiti", + "alpha2": "HT", + "numeric": 332, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Hungary", + "alpha2": "HU", + "numeric": 348, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Indonesia", + "alpha2": "ID", + "numeric": 360, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Ireland", + "alpha2": "IE", + "numeric": 372, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Israel", + "alpha2": "IL", + "numeric": 376, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Isle of Man", + "alpha2": "IM", + "numeric": 833, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "India", + "alpha2": "IN", + "numeric": 356, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "British Indian Ocean Territory", + "alpha2": "IO", + "numeric": 86, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Iraq", + "alpha2": "IQ", + "numeric": 368, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Islamic Republic of Iran", + "alpha2": "IR", + "numeric": 364, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Iceland", + "alpha2": "IS", + "numeric": 352, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Italy", + "alpha2": "IT", + "numeric": 380, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Jersey", + "alpha2": "JE", + "numeric": 832, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Jamaica", + "alpha2": "JM", + "numeric": 388, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Jordan", + "alpha2": "JO", + "numeric": 400, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Japan", + "alpha2": "JP", + "numeric": 392, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Kenya", + "alpha2": "KE", + "numeric": 404, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Kyrgyzstan", + "alpha2": "KG", + "numeric": 417, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Cambodia", + "alpha2": "KH", + "numeric": 116, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Kiribati", + "alpha2": "KI", + "numeric": 296, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Comoros", + "alpha2": "KM", + "numeric": 174, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Kitts and Nevis", + "alpha2": "KN", + "numeric": 659, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Democratic People's Republic of Korea", + "alpha2": "KP", + "numeric": 408, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Republic of Korea", + "alpha2": "KR", + "numeric": 410, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Kuwait", + "alpha2": "KW", + "numeric": 414, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Cayman Islands", + "alpha2": "KY", + "numeric": 136, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Kazakhstan", + "alpha2": "KZ", + "numeric": 398, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Lao People's Democratic Republic", + "alpha2": "LA", + "numeric": 418, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Lebanon", + "alpha2": "LB", + "numeric": 422, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Lucia", + "alpha2": "LC", + "numeric": 662, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Liechtenstein", + "alpha2": "LI", + "numeric": 438, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Sri Lanka", + "alpha2": "LK", + "numeric": 144, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Liberia", + "alpha2": "LR", + "numeric": 430, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Lesotho", + "alpha2": "LS", + "numeric": 426, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Lithuania", + "alpha2": "LT", + "numeric": 440, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Luxembourg", + "alpha2": "LU", + "numeric": 442, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Latvia", + "alpha2": "LV", + "numeric": 428, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Libya", + "alpha2": "LY", + "numeric": 434, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Morocco", + "alpha2": "MA", + "numeric": 504, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Monaco", + "alpha2": "MC", + "numeric": 492, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Republic of Moldova", + "alpha2": "MD", + "numeric": 498, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Montenegro", + "alpha2": "ME", + "numeric": 499, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Martin", + "alpha2": "MF", + "numeric": 663, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Madagascar", + "alpha2": "MG", + "numeric": 450, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Marshall Islands", + "alpha2": "MH", + "numeric": 584, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "The former Yugoslav Republic of Macedonia", + "alpha2": "MK", + "numeric": 807, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mali", + "alpha2": "ML", + "numeric": 466, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Myanmar", + "alpha2": "MM", + "numeric": 104, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mongolia", + "alpha2": "MN", + "numeric": 496, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Macao", + "alpha2": "MO", + "numeric": 446, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Northern Mariana Islands", + "alpha2": "MP", + "numeric": 580, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Martinique", + "alpha2": "MQ", + "numeric": 474, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mauritania", + "alpha2": "MR", + "numeric": 478, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Montserrat", + "alpha2": "MS", + "numeric": 500, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Malta", + "alpha2": "MT", + "numeric": 470, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mauritius", + "alpha2": "MU", + "numeric": 480, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Maldives", + "alpha2": "MV", + "numeric": 462, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Malawi", + "alpha2": "MW", + "numeric": 454, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mexico", + "alpha2": "MX", + "numeric": 484, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Malaysia", + "alpha2": "MY", + "numeric": 458, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Mozambique", + "alpha2": "MZ", + "numeric": 508, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Namibia", + "alpha2": "NA", + "numeric": 516, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "New Caledonia", + "alpha2": "NC", + "numeric": 540, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Niger", + "alpha2": "NE", + "numeric": 562, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Norfolk Island", + "alpha2": "NF", + "numeric": 574, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Nigeria", + "alpha2": "NG", + "numeric": 566, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Nicaragua", + "alpha2": "NI", + "numeric": 558, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Netherlands", + "alpha2": "NL", + "numeric": 528, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Norway", + "alpha2": "NO", + "numeric": 578, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Nepal", + "alpha2": "NP", + "numeric": 524, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Nauru", + "alpha2": "NR", + "numeric": 520, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Niue", + "alpha2": "NU", + "numeric": 570, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "New Zealand", + "alpha2": "NZ", + "numeric": 554, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Oman", + "alpha2": "OM", + "numeric": 512, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Panama", + "alpha2": "PA", + "numeric": 591, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Peru", + "alpha2": "PE", + "numeric": 604, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "French Polynesia", + "alpha2": "PF", + "numeric": 258, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Papua New Guinea", + "alpha2": "PG", + "numeric": 598, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Philippines", + "alpha2": "PH", + "numeric": 608, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Pakistan", + "alpha2": "PK", + "numeric": 586, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Poland", + "alpha2": "PL", + "numeric": 616, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Pierre and Miquelon", + "alpha2": "PM", + "numeric": 666, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Pitcairn", + "alpha2": "PN", + "numeric": 612, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Puerto Rico", + "alpha2": "PR", + "numeric": 630, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Palestinian Territory", + "alpha2": "PS", + "numeric": 275, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Portugal", + "alpha2": "PT", + "numeric": 620, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Palau", + "alpha2": "PW", + "numeric": 585, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Paraguay", + "alpha2": "PY", + "numeric": 600, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Qatar", + "alpha2": "QA", + "numeric": 634, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Reunion", + "alpha2": "RE", + "numeric": 638, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Romania", + "alpha2": "RO", + "numeric": 642, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Serbia", + "alpha2": "RS", + "numeric": 688, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Russian Federation", + "alpha2": "RU", + "numeric": 643, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Rwanda", + "alpha2": "RW", + "numeric": 646, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saudi Arabia", + "alpha2": "SA", + "numeric": 682, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Solomon Islands", + "alpha2": "SB", + "numeric": 90, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Seychelles", + "alpha2": "SC", + "numeric": 690, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Sudan", + "alpha2": "SD", + "numeric": 729, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Sweden", + "alpha2": "SE", + "numeric": 752, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Singapore", + "alpha2": "SG", + "numeric": 702, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Helena", + "alpha2": "SH", + "numeric": 654, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Slovenia", + "alpha2": "SI", + "numeric": 705, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Svalbard and Jan Mayen", + "alpha2": "SJ", + "numeric": 744, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Slovakia", + "alpha2": "SK", + "numeric": 703, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Sierra Leone", + "alpha2": "SL", + "numeric": 694, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "San Marino", + "alpha2": "SM", + "numeric": 674, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Senegal", + "alpha2": "SN", + "numeric": 686, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Somalia", + "alpha2": "SO", + "numeric": 706, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Suriname", + "alpha2": "SR", + "numeric": 740, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "South Sudan", + "alpha2": "SS", + "numeric": 728, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Sao Tome and Principe", + "alpha2": "ST", + "numeric": 678, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "El Salvador", + "alpha2": "SV", + "numeric": 222, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Syrian Arab Republic", + "alpha2": "SY", + "numeric": 760, + "residencyRisk": "Embargoed", + "typesNotApplyDataResidency": [] +}, { + "name": "Swaziland", + "alpha2": "SZ", + "numeric": 748, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Turks and Caicos Islands", + "alpha2": "TC", + "numeric": 796, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Chad", + "alpha2": "TD", + "numeric": 148, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Togo", + "alpha2": "TG", + "numeric": 768, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Thailand", + "alpha2": "TH", + "numeric": 764, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Tajikistan", + "alpha2": "TJ", + "numeric": 762, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Tokelau", + "alpha2": "TK", + "numeric": 772, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Timor-Leste", + "alpha2": "TL", + "numeric": 626, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Turkmenistan", + "alpha2": "TM", + "numeric": 795, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Tunisia", + "alpha2": "TN", + "numeric": 788, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Tonga", + "alpha2": "TO", + "numeric": 776, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Turkey", + "alpha2": "TR", + "numeric": 792, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Trinidad and Tobago", + "alpha2": "TT", + "numeric": 780, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Tuvalu", + "alpha2": "TV", + "numeric": 798, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Taiwan, Province of China", + "alpha2": "TW", + "numeric": 158, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "United Republic of Tanzania", + "alpha2": "TZ", + "numeric": 834, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Ukraine", + "alpha2": "UA", + "numeric": 804, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Uganda", + "alpha2": "UG", + "numeric": 800, + "residencyRisk": "Not assigned", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "United States Minor Outlying Islands", + "alpha2": "UM", + "numeric": 581, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "United States", + "alpha2": "US", + "numeric": 840, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Uruguay", + "alpha2": "UY", + "numeric": 858, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "Uzbekistan", + "alpha2": "UZ", + "numeric": 860, + "residencyRisk": "No restriction", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Saint Vincent and the Grenadines", + "alpha2": "VC", + "numeric": 670, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Venezuela", + "alpha2": "VE", + "numeric": 862, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "British Virgin Islands", + "alpha2": "VG", + "numeric": 92, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Virgin Islands, U.S.", + "alpha2": "VI", + "numeric": 850, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Vietnam", + "alpha2": "VN", + "numeric": 704, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Vanuatu", + "alpha2": "VU", + "numeric": 548, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Wallis and Futuna", + "alpha2": "WF", + "numeric": 876, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Samoa", + "alpha2": "WS", + "numeric": 882, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Yemen", + "alpha2": "YE", + "numeric": 887, + "residencyRisk": "Default", + "typesNotApplyDataResidency": [] +}, { + "name": "South Africa", + "alpha2": "ZA", + "numeric": 710, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Zambia", + "alpha2": "ZM", + "numeric": 894, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Zimbabwe", + "alpha2": "ZW", + "numeric": 716, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +}, { + "name": "Default", + "alpha2": "XX", + "numeric": 999, + "residencyRisk": "Default", + "typesNotApplyDataResidency": ["Transferred Data"] +} +] diff --git a/bicep/modules/script-blob-upload/main.bicep b/bicep/modules/script-blob-upload/main.bicep new file mode 100644 index 00000000..bbad45b8 --- /dev/null +++ b/bicep/modules/script-blob-upload/main.bicep @@ -0,0 +1,94 @@ +metadata name = 'Blob Upload' +metadata description = 'This module uploads a file to a blob storage account' +metadata owner = 'azure-global-energy' + +@description('Desired name of the storage account') +param storageAccountName string = uniqueString(resourceGroup().id, deployment().name, 'blob') + +@description('Name of the blob container') +param containerName string = 'legal-service-azure-configuration' + +@description('Name of the blob as it is stored in the blob container') +param filename string = 'Legal_COO.json' + +@description('The location of the Storage Account and where to deploy the module resources to') +param location string = resourceGroup().location + +@description('How the deployment script should be forced to execute') +param forceUpdateTag string = utcNow() + +@description('Azure RoleId that are required for the DeploymentScript resource to upload blobs') +param rbacRoleNeeded string = '' //Storage Blob Contributor is needed to upload secrets into Storage Account + +@description('Does the Managed Identity already exists, or should be created') +param useExistingManagedIdentity bool = false + +@description('Name of the Managed Identity resource') +param managedIdentityName string = 'id-storage-blob-${location}' + +@description('For an existing Managed Identity, the Subscription Id it is located in') +param existingManagedIdentitySubId string = subscription().subscriptionId + +@description('For an existing Managed Identity, the Resource Group it is located in') +param existingManagedIdentityResourceGroupName string = resourceGroup().name + +@description('A delay before the script import operation starts. Primarily to allow Azure AAD Role Assignments to propagate') +param initialScriptDelay string = '30s' + +@allowed([ 'OnSuccess', 'OnExpiration', 'Always' ]) +@description('When the script resource is cleaned up') +param cleanupPreference string = 'OnSuccess' + + +resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' existing = { + name: storageAccountName +} + +resource newDepScriptId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = if (!useExistingManagedIdentity) { + name: managedIdentityName + location: location +} + +resource existingDepScriptId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (useExistingManagedIdentity) { + name: managedIdentityName + scope: resourceGroup(existingManagedIdentitySubId, existingManagedIdentityResourceGroupName) +} + +resource rbac 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (!empty(rbacRoleNeeded)) { + name: guid(storageAccount.id, rbacRoleNeeded, useExistingManagedIdentity ? existingDepScriptId.id : newDepScriptId.id) + scope: storageAccount + properties: { + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', rbacRoleNeeded) + principalId: useExistingManagedIdentity ? existingDepScriptId.properties.principalId : newDepScriptId.properties.principalId + principalType: 'ServicePrincipal' + } +} + +resource uploadFile 'Microsoft.Resources/deploymentScripts@2020-10-01' = { + name: 'script-${storageAccount.name}-${replace(replace(filename, ':', ''), '/', '-')}' + location: location + identity: { + type: 'UserAssigned' + userAssignedIdentities: { '${useExistingManagedIdentity ? existingDepScriptId.id : newDepScriptId.id}': {} } + } + kind: 'AzureCLI' + dependsOn: [ rbac ] + properties: { + forceUpdateTag: forceUpdateTag + azCliVersion: '2.45.0' + timeout: 'PT15M' + retentionInterval: 'PT1H' + environmentVariables: [ + { name: 'AZURE_STORAGE_ACCOUNT', value: storageAccount.name } + { name: 'AZURE_STORAGE_KEY', value: storageAccount.listKeys().keys[0].value } + { name: 'CONTENT', value: loadTextContent('./Legal_COO.json') } + { name: 'FILE_NAME', value: filename } + { name: 'CONTAINER', value: containerName } + { name: 'initialDelay', value: initialScriptDelay } + ] + scriptContent: loadTextContent('script.sh') + // scriptContent: 'echo "$CONTENT" > ${filename} && az storage blob upload -f ${filename} -c ${containerName} -n ${filename}' + cleanupPreference: cleanupPreference + } +} + diff --git a/bicep/modules/script-blob-upload/script.sh b/bicep/modules/script-blob-upload/script.sh new file mode 100644 index 00000000..58406727 --- /dev/null +++ b/bicep/modules/script-blob-upload/script.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +echo "Waiting on Identity RBAC replication ($initialDelay)" +sleep $initialDelay + +echo "$CONTENT" > ${FILE_NAME} + +# Upload the blob, overwriting if it exists +az storage blob upload -f ${FILE_NAME} -c ${CONTAINER} -n ${FILE_NAME} --overwrite +echo "Blob ${CONTAINER} uploaded to container ${CONTAINER}, overwriting if it existed." \ No newline at end of file diff --git a/charts/env-debug/templates/kv-secrets.yaml b/charts/env-debug/templates/kv-secrets.yaml index 220787c9..12d70d01 100644 --- a/charts/env-debug/templates/kv-secrets.yaml +++ b/charts/env-debug/templates/kv-secrets.yaml @@ -62,7 +62,7 @@ spec: objectName: opendes-storage objectType: secret - | - objectName: opendes-key + objectName: opendes-storage-key objectType: secret - | objectName: opendes-cosmos-connection diff --git a/scripts/Dockerfile-provision b/scripts/Dockerfile-provision index 3d4ac47a..f94e7321 100644 --- a/scripts/Dockerfile-provision +++ b/scripts/Dockerfile-provision @@ -24,7 +24,6 @@ COPY functions.sh /usr/local/bin/functions.sh COPY hook-postprovision.sh /usr/local/bin/postprovision.sh COPY hook-preprovision.sh /usr/local/bin/preprovision.sh COPY hook-predeploy.sh /usr/local/bin/predeploy.sh -COPY hook-postdeploy.sh /usr/local/bin/postdeploy.sh # Create a directory to work in WORKDIR /workspace @@ -33,8 +32,7 @@ WORKDIR /workspace RUN chmod +x /usr/local/bin/functions.sh \ && chmod +x /usr/local/bin/postprovision.sh \ && chmod +x /usr/local/bin/preprovision.sh \ - && chmod +x /usr/local/bin/predeploy.sh \ - && chmod +x /usr/local/bin/postdeploy.sh + && chmod +x /usr/local/bin/predeploy.sh # Set the entrypoint to run your script CMD ["/bin/bash"] diff --git a/scripts/hook-postdeploy.sh b/scripts/hook-postdeploy.sh deleted file mode 100644 index 93dc4e5a..00000000 --- a/scripts/hook-postdeploy.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash - -############################################################################################### -# ---------------------------- # -# postDeploy - Post Deploy # -# ---------------------------- # -# # -# Usage: ./hook-postdeploy.sh # -# # -# Prerequisites: # -# 1. Ensure you have Azure CLI installed, and you're logged in to Azure CLI. # -# # -# Options: # -# -s : Specify a particular subscriptionId to use. # -# -h : Print help message and exit # -# # -# Note: # -# You must provide a subscription ID # -# # -############################################################################################### - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -PARENT_DIR=`dirname $SCRIPT_DIR` -ROOT_DIR=`dirname $PARENT_DIR` - -if [[ $SCRIPT_DIR == "/usr/local/bin" ]] -then - ROOT_DIR="/workspace" -else - ROOT_DIR=`dirname $PARENT_DIR` -fi - -print_help() { - echo -e "Usage: $0 --subscription SUBSCRIPTION_ID\n" - echo -e "Options:" - echo -e " -s Set the subscription ID" - echo -e " -h Print this help message and exit" - echo -e "\nYou must provide a SubscriptionId." -} - -# Parsing command-line arguments -AZURE_SUBSCRIPTION="" -while getopts ":hs:" opt; do - case ${opt} in - h ) - print_help - exit 0 - ;; - s ) - AZURE_SUBSCRIPTION=$OPTARG - ;; - \? ) - echo "Invalid option: -$OPTARG" >&2 - print_help - exit 1 - ;; - : ) - echo "Option -$OPTARG requires an argument." >&2 - print_help - exit 1 - ;; - esac -done -shift $((OPTIND -1)) - -############################### -# Checks -if [[ -z "$AZURE_SUBSCRIPTION" ]]; -then - echo "Error: You must provide a SubscriptionId" >&2 - print_help - exit 1 -fi - -# Check Azure CLI version. -REQUIRED_AZ_CLI_VERSION="2.58.0" -CURRENT_AZ_CLI_VERSION="$(az --version | head -n 1 | awk -F' ' '{print $2}')" - -if [[ $(echo -e "$REQUIRED_AZ_CLI_VERSION\n$CURRENT_AZ_CLI_VERSION"|sort -V|head -n1) != $REQUIRED_AZ_CLI_VERSION ]]; then - echo "This script requires Azure CLI version $REQUIRED_AZ_CLI_VERSION or higher. You have version $CURRENT_AZ_CLI_VERSION." - exit 1 -fi - -############################### -# Get Access Token using Refresh Token -if [[ -n $AUTH_REFRESH ]]; then - echo "Getting a Access Token using the Refresh Token..." - - response=$(curl --request POST \ - --url https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token \ - --header "content-type: application/x-www-form-urlencoded" \ - --data "grant_type=refresh_token" \ - --data "client_id=${AZURE_CLIENT_ID}" \ - --data "client_secret=$AZURE_CLIENT_SECRET" \ - --data refresh_token=$REFAUTH_TOKENESH_TOKEN \ - --data "scope=${AZURE_CLIENT_ID}/.default openid profile offline_access") - - # Extract the Refresh Token from the body and set it as an environment variable - refresh_token=$(echo "$response" | jq -r '.refresh_token') - if [[ -n $refresh_token ]]; then - azd env set AUTH_REFRESH $refresh_token - fi -fi - -output=$(azd env get-values) -AZURE_RESOURCE_GROUP=$(echo "$output" | grep "AZURE_RESOURCE_GROUP" | cut -d'=' -f2 | tr -d '"') -AZURE_TENANT_ID=$(echo "$output" | grep "AZURE_TENANT_ID" | cut -d'=' -f2 | tr -d '"') -AZURE_CLIENT_ID=$(echo "$output" | grep "AZURE_CLIENT_ID" | cut -d'=' -f2 | tr -d '"') -AZURE_CLIENT_SECRET=$(echo "$output" | grep "AZURE_CLIENT_SECRET" | cut -d'=' -f2 | tr -d '"') -AUTH_INGRESS=$(echo "$output" | grep "AUTH_INGRESS" | cut -d'=' -f2 | tr -d '"') -AUTH_REFRESH=$(echo "$output" | grep "AUTH_REFRESH" | cut -d'=' -f2 | tr -d '"') - -mkdir -p .vscode -cat << EOF > ".vscode/settings.json" -{ - "rest-client.environmentVariables": { - "${AZURE_RESOURCE_GROUP}": { - "TENANT_ID": "${AZURE_TENANT_ID}", - "CLIENT_ID": "${AZURE_CLIENT_ID}", - "CLIENT_SECRET": "${AZURE_CLIENT_SECRET}", - "HOST": "${AUTH_INGRESS}", - "REFRESH_TOKEN": "${AUTH_REFRESH}", - "DATA_PARTITION": "opendes" - } - } -} -EOF diff --git a/scripts/hook-postprovision.sh b/scripts/hook-postprovision.sh old mode 100644 new mode 100755 index cf163919..ffb74a88 --- a/scripts/hook-postprovision.sh +++ b/scripts/hook-postprovision.sh @@ -31,11 +31,12 @@ else fi print_help() { - echo -e "Usage: $0 --subscription SUBSCRIPTION_ID\n" + echo -e "Usage: $0 -s SUBSCRIPTION_ID\n" echo -e "Options:" echo -e " -s Set the subscription ID" echo -e " -h Print this help message and exit" echo -e "\nYou must provide a SubscriptionId." + exit 1; } # Parsing command-line arguments @@ -81,12 +82,28 @@ if [[ $(echo -e "$REQUIRED_AZ_CLI_VERSION\n$CURRENT_AZ_CLI_VERSION"|sort -V|head exit 1 fi +if [ -z $AZURE_CLIENT_ID ]; then + echo 'ERROR: AZURE_CLIENT_ID not provided' + exit 1; +fi + +if [ -z $AZURE_RESOURCE_GROUP ]; then + echo 'ERROR: AZURE_RESOURCE_GROUP not provided' + exit 1; +fi + +if [ -z $AKS_NAME ]; then + echo 'ERROR: AKS_NAME not provided' + exit 1; +fi + + ############################### # Checking Flux Compliance echo "Checking Software Installation..." # Initialize timer -end=$((SECONDS+600)) # 600 seconds = 10 minutes +end=$((SECONDS+1200)) # 1200 seconds = 20 minutes # Loop to check Flux compliance every 30 seconds up to 10 minutes while [ $SECONDS -lt $end ]; do @@ -126,7 +143,7 @@ fi # Fetch Private IP Address from the Load Balancer named 'kubernetes-internal' private_ip=$(az network lb frontend-ip list --lb-name kubernetes-internal -g "$node_resource_group" --query [].privateIPAddress -otsv) if [[ -n $private_ip ]]; then - echo "Adding Public Web Endpoint:" + echo "Adding Private Web Endpoint:" redirect_uris+=("https://$private_ip/auth/") # Add private ingress URI fi @@ -134,7 +151,7 @@ fi # Update Azure AD app only if there are URIs to add if [ ${#redirect_uris[@]} -gt 0 ]; then echo "==================================================================" - echo "Adding Web Direct URIs" + echo "Adding Web Direct URIs: ${redirect_uris[@]}" echo "==================================================================" az ad app update --id $AZURE_CLIENT_ID --web-redirect-uris "${redirect_uris[@]}" fi diff --git a/scripts/hook-predeploy.sh b/scripts/hook-predeploy.sh old mode 100644 new mode 100755 index 1ed0bb0e..37c43fa5 --- a/scripts/hook-predeploy.sh +++ b/scripts/hook-predeploy.sh @@ -31,7 +31,7 @@ else fi print_help() { - echo -e "Usage: $0 --subscription SUBSCRIPTION_ID\n" + echo -e "Usage: $0 -s SUBSCRIPTION_ID\n" echo -e "Options:" echo -e " -s Set the subscription ID" echo -e " -h Print this help message and exit" @@ -72,6 +72,27 @@ then exit 1 fi +if [ -z $AZURE_CLIENT_ID ]; then + echo 'ERROR: AZURE_CLIENT_ID not provided' + exit 1; +fi + +if [ -z $AZURE_CLIENT_SECRET ]; then + echo 'ERROR: AZURE_CLIENT_ID not provided' + exit 1; +fi + +if [ -z $AZURE_RESOURCE_GROUP ]; then + echo 'ERROR: AZURE_RESOURCE_GROUP not provided' + exit 1; +fi + +if [ -z $AKS_NAME ]; then + echo 'ERROR: AKS_NAME not provided' + exit 1; +fi + + # Check Azure CLI version. REQUIRED_AZ_CLI_VERSION="2.58.0" CURRENT_AZ_CLI_VERSION="$(az --version | head -n 1 | awk -F' ' '{print $2}')" @@ -102,7 +123,6 @@ if [[ ! -n $AUTH_INGRESS ]]; then azd env set AUTH_INGRESS $AUTH_INGRESS fi - ############################### # Add the first user. if [[ ! -n $AUTH_USER ]]; then @@ -116,7 +136,6 @@ if [[ ! -n $AUTH_USER ]]; then --data "client_secret=${AZURE_CLIENT_SECRET}" \ --data "scope=${AZURE_CLIENT_ID}/.default" |jq -r .access_token) -### AUTH_USER=$(az ad signed-in-user show --query userPrincipalName -o tsv) json_payload=$(jq -n --arg email "$AUTH_USER" '{"email": $email, "role": "MEMBER"}') @@ -212,4 +231,27 @@ if [[ -z "$AUTH_REFRESH" ]]; then fi fi +output=$(azd env get-values) +AZURE_RESOURCE_GROUP=$(echo "$output" | grep "AZURE_RESOURCE_GROUP" | cut -d'=' -f2 | tr -d '"') +AZURE_TENANT_ID=$(echo "$output" | grep "AZURE_TENANT_ID" | cut -d'=' -f2 | tr -d '"') +AZURE_CLIENT_ID=$(echo "$output" | grep "AZURE_CLIENT_ID" | cut -d'=' -f2 | tr -d '"') +AZURE_CLIENT_SECRET=$(echo "$output" | grep "AZURE_CLIENT_SECRET" | cut -d'=' -f2 | tr -d '"') +AUTH_INGRESS=$(echo "$output" | grep "AUTH_INGRESS" | cut -d'=' -f2 | tr -d '"') +AUTH_REFRESH=$(echo "$output" | grep "AUTH_REFRESH" | cut -d'=' -f2 | tr -d '"') + +mkdir -p .vscode +cat << EOF > ".vscode/settings.json" +{ + "rest-client.environmentVariables": { + "${AZURE_RESOURCE_GROUP}": { + "TENANT_ID": "${AZURE_TENANT_ID}", + "CLIENT_ID": "${AZURE_CLIENT_ID}", + "CLIENT_SECRET": "${AZURE_CLIENT_SECRET}", + "HOST": "${AUTH_INGRESS}", + "REFRESH_TOKEN": "${AUTH_REFRESH}", + "DATA_PARTITION": "opendes" + } + } +} +EOF diff --git a/scripts/hook-preprovision.sh b/scripts/hook-preprovision.sh index 29c4a780..e89f546b 100755 --- a/scripts/hook-preprovision.sh +++ b/scripts/hook-preprovision.sh @@ -121,6 +121,8 @@ aksExtensions=( "RunCommandPreview" "EnablePodIdentityPreview" "PodSubnetPreview" + "EnableImageCleanerPreview" + "AKS-AzureKeyVaultSecretsProvider" ) diff --git a/tools/rest-scripts/README.md b/tools/rest-scripts/README.md new file mode 100644 index 00000000..57536767 --- /dev/null +++ b/tools/rest-scripts/README.md @@ -0,0 +1,24 @@ +# Rest Scripts + +This directory has scripts to assist in making rest calls. +----------------------------------------------------------------- + +## Getting Started + +1. Once you have vscode running, you want to make sure and install the [rest-client](https://marketplace.visualstudio.com/items?itemName=humao.rest-client) extension. An environment has been configured in `.vscode/settings.json` that adheres to the following format. + +```json +{ + "rest-client.environmentVariables": { + "${AZURE_RESOURCE_GROUP}": { + "TENANT_ID": "${AZURE_TENANT_ID}", + "CLIENT_ID": "${AZURE_CLIENT_ID}", + "CLIENT_SECRET": "${AZURE_CLIENT_SECRET}", + "HOST": "${AUTH_INGRESS}", + "REFRESH_TOKEN": "${AUTH_REFRESH}", + "DATA_PARTITION": "opendes" + } + } +} +``` + diff --git a/tools/rest-scripts/auth-token.http b/tools/rest-scripts/auth-token.http deleted file mode 100644 index 6240d88e..00000000 --- a/tools/rest-scripts/auth-token.http +++ /dev/null @@ -1,44 +0,0 @@ -# -------HTTP REST CLIENT ------- -# https://marketplace.visualstudio.com/items?itemName=humao.rest-client - -@login_base = login.microsoftonline.com/{{TENANT_ID}} -@oauth_token_host = {{login_base}}/oauth2/v2.0/token -@scopes = {{CLIENT_ID}}/.default openid profile offline_access -@AUTH_CODE = - -# ----------------------- -# OAUTH authorization_code -# ----------------------- -### -# @name authorize -POST https://{{oauth_token_host}} HTTP/1.1 -Content-Type: application/x-www-form-urlencoded - -grant_type=authorization_code -&redirect_uri=http://localhost:8080 -&client_id={{CLIENT_ID}} -&client_secret={{CLIENT_SECRET}} -&scope={{scopes}} -&code={{AUTH_CODE}} - - -# ----------------------- -# OAUTH refresh_token -# ----------------------- -### -# @name refresh -POST https://{{oauth_token_host}} HTTP/1.1 -Content-Type: application/x-www-form-urlencoded - -grant_type=refresh_token -&client_id={{CLIENT_ID}} -&client_secret={{CLIENT_SECRET}} -&refresh_token={{authorize.response.body.refresh_token}} -&scope={{scopes}} - - -# ----------------------- -# API (Variables) -# ----------------------- -### -@access_token = {{refresh.response.body.access_token}} diff --git a/tools/rest-scripts/legal.http b/tools/rest-scripts/legal.http index 68bf7a8e..52dd9195 100644 --- a/tools/rest-scripts/legal.http +++ b/tools/rest-scripts/legal.http @@ -82,7 +82,7 @@ data-partition-id: {{DATA_PARTITION}} "US" ], "contractId": "A1234", - "expirationDate": "2023-12-31", + "expirationDate": "2028-12-31", "originator": "MyCompany", "dataType": "Transferred Data", "securityClassification": "Public", @@ -111,7 +111,7 @@ data-partition-id: {{DATA_PARTITION}} "name": "{{DATA_PARTITION}}-{{tag}}", "contractId": "A1234", "description": "Updated: This is a test tag from Rest Scripts", - "expirationDate": "2025-12-25" + "expirationDate": "2035-12-25" }