anthonyfourie/deployAnalyticsPlatform.bicep Secret

## deployAnalyticsPlatform.bicep
/*Global parameters*/
param resLocation string = resourceGroup().location

/*This controls if we deploy the resource our not*/
param deployDataLake bool = true
param deploySynapse bool = true

/*Resource specific parameters - Synapse Analytics*/
param synapsWorkspaceName string = 'fancy-name'
param synapseSqlAdministratorLogin string = 'majestic-username'
param synapseSqlAdministratorLoginPassword string = 'your-complex-password'

/*Create a data lake storage account which we use as the Synapse Analytics default data lake*/
resource datalake 'Microsoft.Storage/storageAccounts@2021-04-01' = if (deployDataLake == true) {
  name: 'fancy-name'
  location: resLocation
  sku: {
    name: 'Standard_LRS'
    tier: 'Standard'
  }
  kind: 'StorageV2'
  properties: {
    isHnsEnabled: true
    supportsHttpsTrafficOnly: true
    accessTier: 'Hot'
    networkAcls: {
      defaultAction: 'Allow'
      bypass: 'AzureServices'
      virtualNetworkRules: []
      ipRules: []
    }
    encryption: {
      services: {
        blob: {
          enabled: true
        }
        file: {
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
  }
}

/*
    I built this child resource by wroking my way back through these templates: https://github.com/Azure-Samples/Synapse/tree/main/Manage/DeployWorkspace/storage
    It get's a little tricky, but we are building a dependency chain of parent-child resources. e.g. Storage account -> Blob -> Container
  */
  resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = if (deployDataLake == true) {
    parent: datalake
    name: 'default'
    properties: {
      cors: {
         corsRules: []
      }
      deleteRetentionPolicy: {
        enabled: false
      }
    }
  }

resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-04-01' = if (deployDataLake == true) {
  parent: blobService
  name: 'workspace'
  properties: {
    publicAccess: 'None'
  }
}

/*Create a Synapse Analytics workspace*/
resource synapseWorkspace 'Microsoft.Synapse/workspaces@2021-04-01-preview' = if (deploySynapse == true) {
  name: synapsWorkspaceName
  location: resLocation
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    defaultDataLakeStorage: {
      /*I used the datalake resource and can use dot notation to reference information about it. This establishes a dependency.*/
      accountUrl: datalake.properties.primaryEndpoints.dfs
      filesystem: container.name
    }
    sqlAdministratorLogin: synapseSqlAdministratorLogin
    sqlAdministratorLoginPassword: synapseSqlAdministratorLoginPassword
  }

  resource workspaceFirewall 'firewallRules@2021-04-01-preview' = {
    name: 'allowAll'
    properties: {
      startIpAddress: '0.0.0.0'
      endIpAddress: '255.255.255.255'
    }
  }
}
	/Global parameters/
	param resLocation string = resourceGroup().location

	/This controls if we deploy the resource our not/
	param deployDataLake bool = true
	param deploySynapse bool = true

	/Resource specific parameters - Synapse Analytics/
	param synapsWorkspaceName string = 'fancy-name'
	param synapseSqlAdministratorLogin string = 'majestic-username'
	param synapseSqlAdministratorLoginPassword string = 'your-complex-password'

	/Create a data lake storage account which we use as the Synapse Analytics default data lake/
	resource datalake 'Microsoft.Storage/storageAccounts@2021-04-01' = if (deployDataLake == true) {
	name: 'fancy-name'
	location: resLocation
	sku: {
	name: 'Standard_LRS'
	tier: 'Standard'
	}
	kind: 'StorageV2'
	properties: {
	isHnsEnabled: true
	supportsHttpsTrafficOnly: true
	accessTier: 'Hot'
	networkAcls: {
	defaultAction: 'Allow'
	bypass: 'AzureServices'
	virtualNetworkRules: []
	ipRules: []
	}
	encryption: {
	services: {
	blob: {
	enabled: true
	}
	file: {
	enabled: true
	}
	}
	keySource: 'Microsoft.Storage'
	}
	}
	}

	/*
	I built this child resource by wroking my way back through these templates: https://github.com/Azure-Samples/Synapse/tree/main/Manage/DeployWorkspace/storage
	It get's a little tricky, but we are building a dependency chain of parent-child resources. e.g. Storage account -> Blob -> Container
	*/
	resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = if (deployDataLake == true) {
	parent: datalake
	name: 'default'
	properties: {
	cors: {
	corsRules: []
	}
	deleteRetentionPolicy: {
	enabled: false
	}
	}
	}

	resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-04-01' = if (deployDataLake == true) {
	parent: blobService
	name: 'workspace'
	properties: {
	publicAccess: 'None'
	}
	}

	/Create a Synapse Analytics workspace/
	resource synapseWorkspace 'Microsoft.Synapse/workspaces@2021-04-01-preview' = if (deploySynapse == true) {
	name: synapsWorkspaceName
	location: resLocation
	identity: {
	type: 'SystemAssigned'
	}
	properties: {
	defaultDataLakeStorage: {
	/I used the datalake resource and can use dot notation to reference information about it. This establishes a dependency./
	accountUrl: datalake.properties.primaryEndpoints.dfs
	filesystem: container.name
	}
	sqlAdministratorLogin: synapseSqlAdministratorLogin
	sqlAdministratorLoginPassword: synapseSqlAdministratorLoginPassword
	}

	resource workspaceFirewall 'firewallRules@2021-04-01-preview' = {
	name: 'allowAll'
	properties: {
	startIpAddress: '0.0.0.0'
	endIpAddress: '255.255.255.255'
	}
	}
	}