Created
April 27, 2019 13:45
-
-
Save tspascoal/8664ddd5ff4032d61c7632875d9f0397 to your computer and use it in GitHub Desktop.
Function app with a key vault for secrets and referencing a secret from another keyvault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"skuName": { | |
"type": "string", | |
"defaultValue": "F1", | |
"allowedValues": [ | |
"F1", | |
"D1", | |
"B1", | |
"B2", | |
"B3", | |
"S1", | |
"S2", | |
"S3", | |
"P1", | |
"P2", | |
"P3", | |
"P4" | |
] | |
}, | |
"skuCapacity": { | |
"type": "int", | |
"defaultValue": 1, | |
"minValue": 1, | |
"metadata": { | |
"description": "Plan instance count" | |
} | |
}, | |
"websiteName": { | |
"type": "string", | |
"defaultValue": "myWebSite" | |
}, | |
"ADTenantId": { | |
"type": "string" | |
}, | |
"sharedKeyVaultRG": { | |
"type": "string", | |
"defaultValue": "[resourceGroup().name]" | |
}, | |
"SharedKeyVaultName": { | |
"type": "string" | |
}, | |
"SecretName": { | |
"type": "string" | |
} | |
}, | |
"variables": { | |
"storageConnectionString": "[concat(parameters('websiteName') , 'storageConnection')]", | |
"keyVaultName": "[concat(parameters('websiteName') ,'vault')]", | |
"hostingPlanName": "[concat(parameters('websiteName'),'-plan-', uniquestring(resourceGroup().id))]", | |
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'azfunctions')]", | |
"storageAccountid": "[concat(resourceGroup().id,'/providers/','Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" | |
}, | |
"resources": [ | |
{ | |
"name": "[variables('keyVaultName')]", | |
"type": "Microsoft.KeyVault/vaults", | |
"apiVersion": "2016-10-01", | |
"location": "West Europe", | |
"dependsOn": [ | |
"[resourceId('Microsoft.Web/sites/', parameters('webSiteName'))]" | |
], | |
"properties": { | |
"tenantId": "[parameters('ADTenantId')]", | |
"sku": { | |
"family": "A", | |
"name": "standard" | |
}, | |
"accessPolicies": [ | |
{ | |
"tenantId": "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.tenantId]", | |
"objectId": "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.principalId]", | |
"permissions": { | |
"keys": [], | |
"secrets": ["get"], | |
"certificates": [], | |
"storage": [] | |
} | |
} | |
], | |
"enabledForTemplateDeployment": true | |
} | |
}, | |
{ | |
"name": "[concat(variables('keyVaultName'), '/', variables('storageConnectionString'))]", | |
"type": "Microsoft.KeyVault/vaults/secrets", | |
"apiVersion": "2018-02-14", | |
"dependsOn": [ | |
"[resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]", | |
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" | |
], | |
"properties": { | |
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountid'),'2015-06-15').key1)]" | |
} | |
}, | |
{ | |
"apiVersion": "2015-08-01", | |
"name": "[variables('hostingPlanName')]", | |
"type": "Microsoft.Web/serverfarms", | |
"location": "[resourceGroup().location]", | |
"sku": { | |
"name": "[parameters('skuName')]", | |
"capacity": "[parameters('skuCapacity')]" | |
}, | |
"properties": { | |
"name": "[variables('hostingPlanName')]" | |
} | |
}, | |
{ | |
"apiVersion": "2018-02-01", | |
"name": "[parameters('webSiteName')]", | |
"type": "Microsoft.Web/sites", | |
"kind": "functionapp", | |
"location": "[resourceGroup().location]", | |
"identity": { | |
"type": "SystemAssigned" | |
}, | |
"dependsOn": [ | |
"[resourceId('Microsoft.Web/serverFarms/', variables('hostingPlanName'))]", | |
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" | |
], | |
"properties": { | |
"name": "[parameters('webSiteName')]", | |
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]" | |
}, | |
"resources": [ | |
{ | |
"name": "appSettings", | |
"type": "config", | |
"apiVersion": "2015-08-01", | |
"dependsOn": [ | |
"[resourceId('Microsoft.Web/Sites/', parameters('webSiteName'))]", | |
"[resourceId('Microsoft.KeyVault/vaults/', variables('keyVaultName'))]", | |
"[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), variables('storageConnectionString'))]" | |
], | |
"properties": { | |
"AzureWebJobsStorage": "[concat('@Microsoft.KeyVault(SecretUri=', reference(resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), variables('storageConnectionString'))).secretUriWithVersion, ')')]", | |
"ValueFromSharedKeyVault": "[concat('@Microsoft.KeyVault(SecretUri=', reference(resourceId(parameters('sharedKeyVaultRG'),'Microsoft.KeyVault/vaults/secrets', parameters('SharedKeyVaultName'), parameters('SecretName')), '2016-10-01').secretUriWithVersion, ')')]" | |
} | |
} | |
] | |
}, | |
{ | |
"type": "Microsoft.Storage/storageAccounts", | |
"name": "[variables('storageAccountName')]", | |
"apiVersion": "2015-06-15", | |
"location": "[resourceGroup().location]", | |
"properties": { | |
"accountType": "Standard_LRS" | |
} | |
} | |
], | |
"outputs": { | |
"managedIdentity" : { | |
"type": "object", | |
"value": { | |
"tenantId" : "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.tenantId]", | |
"principalId" : "[reference(concat('Microsoft.Web/sites/', parameters('webSiteName')), '2018-02-01', 'Full').identity.principalId]" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment