-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathwinae.json
259 lines (259 loc) · 13.5 KB
/
winae.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourcePrefix": {
"comments": "Resource Prefix",
"type": "string",
"defaultValue": "[concat('winae', '-', uniqueString(newGuid()))]",
"metadata": {
"description": "Do not modify this name"
}
},
"encryptionKey": {
"comments": "Encryption Key",
"type": "string",
"defaultValue": "R2W8WuO2iJvtxecwAjED1ItRUtr54jzQw8YRN+pzL9A=",
"metadata": {
"description": "Specify one key to encrypt the Storage Account connection string, you can use the default one or the one which generated after the deployment."
}
}
},
"variables": {
"storageAccountName": "[concat(replace(parameters('resourcePrefix'),'-', ''), 'sa')]",
"storageAccountSkuName": "Standard_LRS",
"storageAccountSupportsHttpsTrafficOnly": true,
"storageAccountMinimumTlsVersion": "TLS1_2",
"storageAccountDefaultToOAuthAuthentication": true,
"storageAccountIsShareSoftDeleteEnabled": true,
"storageAccountShareSoftDeleteRetentionDays": 7,
"storageAccountFileShareName": "winae-file",
"storageAccountFileShareShareQuota": 5120,
"storageAccountFileShareEnabledProtocols": "SMB",
"redisName": "[concat(parameters('resourcePrefix'), '-', 'ctrl')]",
"redisSkuName": "Basic",
"redisSkuFamily": "C",
"redisSkuCapacity": 0,
"redisEnableNonSslPort": true,
"redisRedisVersion": "6",
"registryName": "[concat(replace(parameters('resourcePrefix'),'-', ''), 'cr')]",
"registrySkuName": "Standard",
"registryPublicNetworkAccess": "Enabled",
"registryZoneRedundancy": "disabled",
"registryAdminUserEnabled": true,
"planName": "[concat(parameters('resourcePrefix'), '-', 'plan')]",
"planKind": "linux",
"planSkuTier": "Dynamic",
"planSkuName": "Y1",
"planWorkerSize": "0",
"planWorkerSizeId": "0",
"planNumberOfWorkers": "1",
"planReserved": true,
"functionName": "[concat(parameters('resourcePrefix'), '-', 'func')]",
"functionKind": "functionapp,linux",
"functionSiteConfigAppSettingsFUNCTIONS_EXTENSION_VERSION": "~4",
"functionSiteConfigAppSettingsFUNCTIONS_WORKER_RUNTIME": "node",
"functionSiteConfigAppSettingsWEBSITE_CONTENTSHARE": "winae-func",
"functionSiteConfigUse32BitWorkerProcess": false,
"functionSiteConfigFtpsState": "FtpsOnly",
"functionSiteConfigLinuxFxVersion": "Node|18",
"functionClientAffinityEnabled": false,
"functionPublicNetworkAccess": "Enabled",
"functionHttpsOnly": true,
"functionServerFarmId": "[concat('subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', variables('planName'))]",
"scriptName": "[concat(replace(parameters('resourcePrefix'),'-', ''), 'sh')]"
},
"resources": [
{
"comments": "Storage Account",
"apiVersion": "2022-05-01",
"type": "Microsoft.Storage/storageAccounts",
"location": "[resourceGroup().location]",
"name": "[variables('storageAccountName')]",
"tags": {},
"sku": {
"name": "[variables('storageAccountSkuName')]"
},
"properties": {
"supportsHttpsTrafficOnly": "[variables('storageAccountSupportsHttpsTrafficOnly')]",
"minimumTlsVersion": "[variables('storageAccountMinimumTlsVersion')]",
"defaultToOAuthAuthentication": "[variables('storageAccountDefaultToOAuthAuthentication')]"
}
},
{
"comments": "Storage Account: fileservices",
"apiVersion": "2022-05-01",
"type": "Microsoft.Storage/storageAccounts/fileservices",
"name": "[concat(variables('storageAccountName'), '/default')]",
"properties": {
"shareDeleteRetentionPolicy": {
"enabled": "[variables('storageAccountIsShareSoftDeleteEnabled')]",
"days": "[variables('storageAccountShareSoftDeleteRetentionDays')]"
}
},
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
]
},
{
"comments": "Storage Account: fileshares",
"apiVersion": "2021-04-01",
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"location": "[resourceGroup().location]",
"name": "[concat(variables('storageAccountName'), '/default/', variables('storageAccountFileShareName'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/fileServices', variables('storageAccountName'), 'default')]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
],
"properties": {
"shareQuota": "[variables('storageAccountFileShareShareQuota')]",
"enabledProtocols": "[variables('storageAccountFileShareEnabledProtocols')]"
}
},
{
"comments": "Redis",
"apiVersion": "2023-08-01",
"type": "Microsoft.Cache/redis",
"location": "[resourceGroup().location]",
"name": "[variables('redisName')]",
"dependsOn": [],
"properties": {
"sku": {
"name": "[variables('redisSkuName')]",
"family": "[variables('redisSkuFamily')]",
"capacity": "[variables('redisSkuCapacity')]"
},
"redisConfiguration": {},
"enableNonSslPort": "[variables('redisEnableNonSslPort')]",
"redisVersion": "[variables('redisRedisVersion')]"
},
"tags": {}
},
{
"comments": "ACR",
"apiVersion": "2022-02-01-preview",
"type": "Microsoft.ContainerRegistry/registries",
"location": "[resourceGroup().location]",
"name": "[variables('registryName')]",
"sku": {
"name": "[variables('registrySkuName')]"
},
"dependsOn": [],
"tags": {},
"properties": {
"publicNetworkAccess": "[variables('registryPublicNetworkAccess')]",
"zoneRedundancy": "[variables('registryZoneRedundancy')]",
"adminUserEnabled": "[variables('registryAdminUserEnabled')]"
}
},
{
"comments": "ASP nested resources due to Storage Account",
"apiVersion": "2017-05-10",
"type": "Microsoft.Resources/deployments",
"name": "ASPResourcesDeployment",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"comments": "ASP",
"apiVersion": "2018-11-01",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"name": "[variables('planName')]",
"kind": "[variables('planKind')]",
"sku": {
"Tier": "[variables('planSkuTier')]",
"Name": "[variables('planSkuName')]"
},
"tags": {},
"dependsOn": [],
"properties": {
"name": "[variables('planName')]",
"workerSize": "[variables('planWorkerSize')]",
"workerSizeId": "[variables('planWorkerSizeId')]",
"numberOfWorkers": "[variables('planNumberOfWorkers')]",
"reserved": "[variables('planReserved')]"
}
},
{
"comments": "Function App",
"apiVersion": "2018-11-01",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"name": "[variables('functionName')]",
"kind": "[variables('functionKind')]",
"tags": {},
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('planName'))]"
],
"properties": {
"name": "[variables('functionName')]",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "[variables('functionSiteConfigAppSettingsFUNCTIONS_EXTENSION_VERSION')]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "[variables('functionSiteConfigAppSettingsFUNCTIONS_WORKER_RUNTIME')]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName')),'2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName')),'2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[variables('functionSiteConfigAppSettingsWEBSITE_CONTENTSHARE')]"
}
],
"cors": {
"allowedOrigins": []
},
"use32BitWorkerProcess": "[variables('functionSiteConfigUse32BitWorkerProcess')]",
"ftpsState": "[variables('functionSiteConfigFtpsState')]",
"linuxFxVersion": "[variables('functionSiteConfigLinuxFxVersion')]"
},
"clientAffinityEnabled": "[variables('functionClientAffinityEnabled')]",
"virtualNetworkSubnetId": null,
"publicNetworkAccess": "[variables('functionPublicNetworkAccess')]",
"httpsOnly": "[variables('functionHttpsOnly')]",
"serverFarmId": "[variables('functionServerFarmId')]"
}
},
{
"comments": "CMD",
"apiVersion": "2020-10-01",
"type": "Microsoft.Resources/deploymentScripts",
"location": "[resourceGroup().location]",
"name": "[variables('scriptName')]",
"kind": "AzurePowerShell",
"properties": {
"azPowerShellVersion": "8.3",
"scriptContent": "[concat('function Create-AesManagedObject($key, $IV, $mode) { $aesManaged = New-Object \"System.Security.Cryptography.AesManaged\"; if ($mode=\"CBC\") { $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC } elseif ($mode=\"CFB\") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CFB} elseif ($mode=\"CTS\") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CTS} elseif ($mode=\"ECB\") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::ECB} elseif ($mode=\"OFB\"){$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::OFB} $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; $aesManaged.BlockSize = 128; $aesManaged.KeySize = 256; if ($IV) { if ($IV.getType().Name -eq \"String\") { $aesManaged.IV = [System.Convert]::FromBase64String($IV); } else { $aesManaged.IV = $IV; } } if ($key) { if ($key.getType().Name -eq \"String\") { $aesManaged.Key = [System.Convert]::FromBase64String($key); } else { $aesManaged.Key = $key; } } $aesManaged; }', 'function Encrypt-String($key, $plaintext) {$bytes = [System.Text.Encoding]::UTF8.GetBytes($plaintext);$aesManaged = Create-AesManagedObject $key;$encryptor = $aesManaged.CreateEncryptor();$encryptedData = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length);[byte[]] $fullData = $aesManaged.IV + $encryptedData;[System.Convert]::ToBase64String($fullData);}', '$k=New-Object \"System.Security.Cryptography.AesManaged\";$k.Mode=[System.Security.Cryptography.CipherMode]::ECB;$k.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$k.BlockSize=128;$k.KeySize=256;$k.GenerateKey();$key1=[System.Convert]::ToBase64String($k.Key);', '$key2=\"', parameters('encryptionKey'), '\";', '$pass=\"', listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName')),'2019-06-01').keys[0].value, '\"; ', '$username=\"', variables('storageAccountName'), '\";', '$enc1 = Encrypt-String $key1 \"${username}|${pass}\"; $enc2 = Encrypt-String $key2 \"${username}|${pass}\";', 'echo \"============\"; echo \"Key 1 (auto-generated)\"; echo $key1; echo \"Startup script 1 (auto-generated)\"; echo \"powershell.exe C:/Users/ContainerAdministrator/winae-wrapper.ps1 $enc1 \"; echo \"============\"; echo \"Key 2 (user-defined)\"; echo $key2; echo \"Startup script 2 (user-defined)\"; echo \"powershell.exe C:/Users/ContainerAdministrator/winae-wrapper.ps1 $enc2 \"; ')]",
"arguments": "",
"timeout": "PT1H",
"cleanupPreference": "OnSuccess",
"retentionInterval": "P1D"
}
}
],
"outputs": {}
}
}
}
],
"outputs": {}
}