Skip to content

Commit 73d38cc

Browse files
christianaccachristianacca
committed
chore: reorganise infra scripts
1 parent a33d02c commit 73d38cc

File tree

1 file changed

+25
-22
lines changed

1 file changed

+25
-22
lines changed

tools/infrastructure/arm-templates/main.bicep

+25-22
Original file line numberDiff line numberDiff line change
@@ -110,22 +110,7 @@ module pbiReportStorage 'br/public:avm/res/storage/storage-account:0.14.3' = {
110110
}
111111
}
112112

113-
resource acaEnvManagedId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
114-
name: settings.SubProducts.Aca.ManagedIdentity
115-
location: location
116-
}
117-
118-
var certSettings = settings.TlsCertificates.Current
119-
module acaEnvCertPermission 'keyvault-cert-role-assignment.bicep' = if (settings.SubProducts.Aca.IsCustomDomainEnabled) {
120-
name: '${uniqueString(deployment().name, location)}-AcaEnvCertPermission'
121-
scope: resourceGroup((certSettings.KeyVault.SubscriptionId ?? subscription().subscriptionId), certSettings.KeyVault.ResourceGroupName)
122-
params: {
123-
certificateName: certSettings.ResourceName
124-
keyVaultName: certSettings.KeyVault.ResourceName
125-
principalId: acaEnvManagedId.properties.principalId
126-
roleDefinitionId: '4633458b-17de-408a-b874-0445c86b69e6' // 'Key Vault Secrets User'
127-
}
128-
}
113+
// ---------- Begin: Container registeries -----------
129114

130115
resource acrPullManagedId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
131116
name: settings.SubProducts.AcrPull.ResourceName
@@ -144,9 +129,33 @@ module acrPullPermissions 'acr-role-assignment.bicep' = [for (registry, index) i
144129
}
145130
}]
146131

132+
var acaContainerRegistries = map(containerRegistries, registry => ({
133+
server: '${registry.ResourceName}.azurecr.io'
134+
identity: acrPullManagedId.id
135+
}))
136+
137+
// ---------- End: Container registeries -----------
138+
147139

148140
// ---------- Begin: ACA environments -----------
149141

142+
resource acaEnvManagedId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
143+
name: settings.SubProducts.Aca.ManagedIdentity
144+
location: location
145+
}
146+
147+
var certSettings = settings.TlsCertificates.Current
148+
module acaEnvCertPermission 'keyvault-cert-role-assignment.bicep' = if (settings.SubProducts.Aca.IsCustomDomainEnabled) {
149+
name: '${uniqueString(deployment().name, location)}-AcaEnvCertPermission'
150+
scope: resourceGroup((certSettings.KeyVault.SubscriptionId ?? subscription().subscriptionId), certSettings.KeyVault.ResourceGroupName)
151+
params: {
152+
certificateName: certSettings.ResourceName
153+
keyVaultName: certSettings.KeyVault.ResourceName
154+
principalId: acaEnvManagedId.properties.principalId
155+
roleDefinitionId: '4633458b-17de-408a-b874-0445c86b69e6' // 'Key Vault Secrets User'
156+
}
157+
}
158+
150159
var acaEnvSharedSettings = {
151160
certSettings: settings.TlsCertificates.Current
152161
isCustomDomainEnabled: settings.SubProducts.Aca.IsCustomDomainEnabled
@@ -179,12 +188,6 @@ var acaFailoverDomain = !empty(settings.SubProducts.Aca.Failover ?? {}) ? acaEnv
179188
// ---------- End: ACA environments -----------
180189

181190

182-
var acaContainerRegistries = map(containerRegistries, registry => ({
183-
server: '${registry.ResourceName}.azurecr.io'
184-
identity: acrPullManagedId.id
185-
}))
186-
187-
188191
// ---------- Begin: Template.Api -----------
189192

190193
resource apiManagedId 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {

0 commit comments

Comments
 (0)