Skip to content

Commit

Permalink
Aligned SQL MI and SQL Server
Browse files Browse the repository at this point in the history
  • Loading branch information
@ahmadabdalla
ahmadabdalla committed Oct 24, 2023
1 parent 918bcc9 commit a9b8832
Show file tree
Hide file tree
Showing 8 changed files with 20 additions and 36 deletions.
11 changes: 4 additions & 7 deletions modules/sql/managed-instance/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "7571236887873003427"
"templateHash": "7653568276267549552"
},
"name": "SQL Managed Instances",
"description": "This module deploys a SQL Managed Instance.",
Expand Down Expand Up @@ -1433,7 +1433,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "16419324698366777740"
"templateHash": "5582620280313265167"
},
"name": "SQL Managed Instance Vulnerability Assessments",
"description": "This module deploys a SQL Managed Instance Vulnerability Assessment.",
Expand Down Expand Up @@ -1501,9 +1501,6 @@
}
}
},
"variables": {
"splitStorageAccountResourceId": "[split(parameters('storageAccountResourceId'), '/')]"
},
"resources": [
{
"condition": "[parameters('enableDefaultTelemetry')]",
Expand Down Expand Up @@ -1538,15 +1535,15 @@
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-sbdc-rbac', parameters('managedInstanceName'))]",
"resourceGroup": "[variables('splitStorageAccountResourceId')[4]]",
"resourceGroup": "[split(parameters('storageAccountResourceId'), '/')[4]]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"storageAccountName": {
"value": "[last(variables('splitStorageAccountResourceId'))]"
"value": "[last(split(parameters('storageAccountResourceId'), '/'))]"
},
"managedInstanceIdentityPrincipalId": {
"value": "[reference(resourceId('Microsoft.Sql/managedInstances', parameters('managedInstanceName')), '2022-05-01-preview', 'full').identity.principalId]"
Expand Down
8 changes: 3 additions & 5 deletions modules/sql/managed-instance/vulnerability-assessment/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ param createStorageRoleAssignment bool = true
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true

var splitStorageAccountResourceId = split(storageAccountResourceId, '/')

resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
properties: {
Expand All @@ -48,11 +46,11 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2022-05-01-preview' exi
}

// Assign SQL MI MSI access to storage account
module storageAccount_sbdc_rbac '.bicep/nested_storageRoleAssignment.bicep' = if (!useStorageAccountAccessKey && createStorageRoleAssignment) {
module storageAccount_sbdc_rbac 'modules/nested_storageRoleAssignment.bicep' = if (!useStorageAccountAccessKey && createStorageRoleAssignment) {
name: '${managedInstance.name}-sbdc-rbac'
scope: resourceGroup(splitStorageAccountResourceId[4])
scope: resourceGroup(split(storageAccountResourceId, '/')[4])
params: {
storageAccountName: last(splitStorageAccountResourceId)
storageAccountName: last(split(storageAccountResourceId, '/'))
managedInstanceIdentityPrincipalId: managedInstance.identity.principalId
}
}
Expand Down
9 changes: 3 additions & 6 deletions modules/sql/managed-instance/vulnerability-assessment/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "16419324698366777740"
"templateHash": "5582620280313265167"
},
"name": "SQL Managed Instance Vulnerability Assessments",
"description": "This module deploys a SQL Managed Instance Vulnerability Assessment.",
Expand Down Expand Up @@ -73,9 +73,6 @@
}
}
},
"variables": {
"splitStorageAccountResourceId": "[split(parameters('storageAccountResourceId'), '/')]"
},
"resources": [
{
"condition": "[parameters('enableDefaultTelemetry')]",
Expand Down Expand Up @@ -110,15 +107,15 @@
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-sbdc-rbac', parameters('managedInstanceName'))]",
"resourceGroup": "[variables('splitStorageAccountResourceId')[4]]",
"resourceGroup": "[split(parameters('storageAccountResourceId'), '/')[4]]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"storageAccountName": {
"value": "[last(variables('splitStorageAccountResourceId'))]"
"value": "[last(split(parameters('storageAccountResourceId'), '/'))]"
},
"managedInstanceIdentityPrincipalId": {
"value": "[reference(resourceId('Microsoft.Sql/managedInstances', parameters('managedInstanceName')), '2022-05-01-preview', 'full').identity.principalId]"
Expand Down
0 ....bicep/nested_storageRoleAssignment.bicep → ...odules/nested_storageRoleAssignment.bicep
View file
File renamed without changes.
11 changes: 4 additions & 7 deletions modules/sql/server/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "7339009855010154380"
"templateHash": "3706987978525659012"
},
"name": "Azure SQL Servers",
"description": "This module deploys an Azure SQL Server.",
Expand Down Expand Up @@ -2391,7 +2391,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "15718774987027357704"
"templateHash": "1780388510504326565"
},
"name": "Azure SQL Server Vulnerability Assessments",
"description": "This module deploys an Azure SQL Server Vulnerability Assessment.",
Expand Down Expand Up @@ -2459,9 +2459,6 @@
}
}
},
"variables": {
"splitStorageAccountResourceId": "[split(parameters('storageAccountResourceId'), '/')]"
},
"resources": [
{
"condition": "[parameters('enableDefaultTelemetry')]",
Expand Down Expand Up @@ -2496,15 +2493,15 @@
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-sbdc-rbac', parameters('serverName'))]",
"resourceGroup": "[variables('splitStorageAccountResourceId')[4]]",
"resourceGroup": "[split(parameters('storageAccountResourceId'), '/')[4]]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"storageAccountName": {
"value": "[last(variables('splitStorageAccountResourceId'))]"
"value": "[last(split(parameters('storageAccountResourceId'), '/'))]"
},
"managedInstanceIdentityPrincipalId": {
"value": "[reference(resourceId('Microsoft.Sql/servers', parameters('serverName')), '2022-05-01-preview', 'full').identity.principalId]"
Expand Down
8 changes: 3 additions & 5 deletions modules/sql/server/vulnerability-assessment/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ param createStorageRoleAssignment bool = true
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true

var splitStorageAccountResourceId = split(storageAccountResourceId, '/')

resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-9319755b-f697-4146-b966-4656e0b46cac-${uniqueString(deployment().name)}'
properties: {
Expand All @@ -48,11 +46,11 @@ resource server 'Microsoft.Sql/servers@2022-05-01-preview' existing = {
}

// Assign SQL Server MSI access to storage account
module storageAccount_sbdc_rbac '.bicep/nested_storageRoleAssignment.bicep' = if (!useStorageAccountAccessKey && createStorageRoleAssignment) {
module storageAccount_sbdc_rbac 'modules/nested_storageRoleAssignment.bicep' = if (!useStorageAccountAccessKey && createStorageRoleAssignment) {
name: '${server.name}-sbdc-rbac'
scope: resourceGroup(splitStorageAccountResourceId[4])
scope: resourceGroup(split(storageAccountResourceId, '/')[4])
params: {
storageAccountName: last(splitStorageAccountResourceId)
storageAccountName: last(split(storageAccountResourceId, '/'))
managedInstanceIdentityPrincipalId: server.identity.principalId
}
}
Expand Down
9 changes: 3 additions & 6 deletions modules/sql/server/vulnerability-assessment/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "15718774987027357704"
"templateHash": "1780388510504326565"
},
"name": "Azure SQL Server Vulnerability Assessments",
"description": "This module deploys an Azure SQL Server Vulnerability Assessment.",
Expand Down Expand Up @@ -73,9 +73,6 @@
}
}
},
"variables": {
"splitStorageAccountResourceId": "[split(parameters('storageAccountResourceId'), '/')]"
},
"resources": [
{
"condition": "[parameters('enableDefaultTelemetry')]",
Expand Down Expand Up @@ -110,15 +107,15 @@
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('{0}-sbdc-rbac', parameters('serverName'))]",
"resourceGroup": "[variables('splitStorageAccountResourceId')[4]]",
"resourceGroup": "[split(parameters('storageAccountResourceId'), '/')[4]]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"storageAccountName": {
"value": "[last(variables('splitStorageAccountResourceId'))]"
"value": "[last(split(parameters('storageAccountResourceId'), '/'))]"
},
"managedInstanceIdentityPrincipalId": {
"value": "[reference(resourceId('Microsoft.Sql/servers', parameters('serverName')), '2022-05-01-preview', 'full').identity.principalId]"
Expand Down
0 ....bicep/nested_storageRoleAssignment.bicep → ...odules/nested_storageRoleAssignment.bicep
View file
File renamed without changes.

0 comments on commit a9b8832

Please sign in to comment.