Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

switch to bicep template only and bicep refactor #1732

Merged
merged 2 commits into from
Mar 31, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
655 changes: 111 additions & 544 deletions src/deployment/azuredeploy.bicep

Large diffs are not rendered by default.

957 changes: 0 additions & 957 deletions src/deployment/azuredeploy.json

This file was deleted.

69 changes: 69 additions & 0 deletions src/deployment/bicep-templates/autoscale-settings.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
param location string
param server_farm_id string
param owner string

var autoscale_name = 'onefuzz-autoscale-${uniqueString(resourceGroup().id)}'

resource autoscaleSettings 'Microsoft.Insights/autoscalesettings@2015-04-01' = {
name: autoscale_name
location: location
properties: {
name: autoscale_name
enabled: true
targetResourceUri: server_farm_id
targetResourceLocation: location
notifications: []
profiles:[
{
name: 'Auto scale condition'
capacity: {
default: '1'
maximum: '20'
minimum: '1'
}
rules: [
{
metricTrigger: {
metricName: 'CpuPercentage'
metricResourceUri: server_farm_id
operator: 'GreaterThanOrEqual'
statistic: 'Average'
threshold: 20
timeAggregation: 'Average'
timeGrain: 'PT1M'
timeWindow: 'PT1M'
}
scaleAction: {
cooldown: 'PT1M'
direction: 'Increase'
type: 'ChangeCount'
value: '5'
}
}
{
metricTrigger: {
metricName: 'CpuPercentage'
metricResourceUri: server_farm_id
operator: 'LessThan'
statistic: 'Average'
threshold: 20
timeAggregation:'Average'
timeGrain: 'PT1M'
timeWindow: 'PT1M'
}
scaleAction: {
cooldown: 'PT5M'
direction: 'Decrease'
type: 'ChangeCount'
value: '1'
}
}

]
}
]
}
tags: {
OWNER: owner
}
}
41 changes: 41 additions & 0 deletions src/deployment/bicep-templates/event-grid.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
param location string
param storageFuzzId string
param storageFuncId string
param fileChangesQueueName string

var suffix = uniqueString(resourceGroup().id)
var fuzz_blob_topic_name ='fuzz-blob-topic-${suffix}'

resource eventGridSystemTopics 'Microsoft.EventGrid/systemTopics@2021-12-01' = {
name: fuzz_blob_topic_name
location: location
properties: {
source: storageFuzzId
topicType: 'microsoft.storage.storageaccounts'
}
}

resource eventSubscriptions 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2021-12-01' = {
name: 'onefuzz1_subscription'
parent: eventGridSystemTopics
properties: {
destination: {
properties: {
resourceId: storageFuncId
queueName: fileChangesQueueName
}
endpointType: 'StorageQueue'
}
filter: {
includedEventTypes: [
'Microsoft.Storage.BlobCreated'
'Microsoft.Storage.BlobDeleted'
]
}
eventDeliverySchema: 'EventGridSchema'
retryPolicy: {
maxDeliveryAttempts: 30
eventTimeToLiveInMinutes: 1440
}
}
}
39 changes: 39 additions & 0 deletions src/deployment/bicep-templates/keyvaults.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
param tenant_id string
param principal_id string
param location string

var keyVaultName = 'of-kv-${uniqueString(resourceGroup().id)}'

resource keyVault 'Microsoft.KeyVault/vaults@2021-10-01' = {
name: keyVaultName
location: location
properties: {
enabledForDiskEncryption: false
enabledForTemplateDeployment: true
sku: {
family: 'A'
name: 'standard'
}
networkAcls: {
defaultAction: 'Allow'
bypass: 'AzureServices'
}
tenantId: tenant_id
accessPolicies: [
{
objectId: principal_id
tenantId: tenant_id
permissions: {
secrets: [
'get'
'list'
'set'
'delete'
]
}
}
]
}
}

output name string = keyVaultName
167 changes: 167 additions & 0 deletions src/deployment/bicep-templates/operational-insights.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
param name string
param location string
param log_retention int
param owner string
param workbookData object

var monitorAccountName = name

var linuxDataSources = [
{
name: 'syslogDataSourcesKern'
syslogName: 'kern'
kind: 'LinuxSyslog'
}
{
name: 'syslogDataSourcesUser'
syslogName: 'user'
kind: 'LinuxSyslog'
}
{
name: 'syslogDataSourcesCron'
syslogName: 'cron'
kind: 'LinuxSyslog'
}
{
name: 'syslogDataSourcesDaemon'
syslogName: 'daemon'
kind: 'LinuxSyslog'
}
]

var windowsDataSources = [
{
name: 'windowsEventSystem'
eventLogName: 'System'
kind: 'WindowsEvent'
}
{
name: 'windowsEventApplication'
eventLogName: 'Application'
kind: 'WindowsEvent'
}
]

var onefuzz = {
severitiesAtMostInfo: [
{
severity: 'emerg'
}
{
severity: 'alert'
}
{
severity: 'crit'
}
{
severity: 'err'
}
{
severity: 'warning'
}
{
severity: 'notice'
}
{
severity: 'info'
}
]
}


resource insightsMonitorAccount 'Microsoft.OperationalInsights/workspaces@2021-06-01' = {
name: monitorAccountName
location: location
properties: {
sku: {
name: 'PerGB2018'
}
retentionInDays: log_retention
features: {
enableLogAccessUsingOnlyResourcePermissions: true
}
}
resource linux 'dataSources@2020-08-01' = [for d in linuxDataSources : {
name: d.name
kind: d.kind
properties: {
syslogName: d.syslogName
syslogSeverities: onefuzz.severitiesAtMostInfo
}
}]

resource linuxCollection 'dataSources@2020-08-01' = {
name: 'syslogDataSourceCollection'
kind: 'LinuxSyslogCollection'
properties: {
state: 'Enabled'
}
}

resource windows 'dataSources@2020-08-01' = [for d in windowsDataSources : {
name: d.name
kind: d.kind
properties: {
eventLogName: d.eventLogName
eventTypes: [
{
eventType: 'Error'
}
{
eventType: 'Warning'
}
{
eventType: 'Information'
}
]
}
}]
}

resource vmInsights 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = {
name: 'VMInsights(${monitorAccountName})'
location: location
dependsOn: [
insightsMonitorAccount
]
properties: {
workspaceResourceId: resourceId('Microsoft.OperationalInsights/workspaces', monitorAccountName)
}
plan: {
name: 'VMInsights(${monitorAccountName})'
publisher: 'Microsoft'
product: 'OMSGallery/VMInsights'
promotionCode: ''
}
}

resource insightsComponents 'Microsoft.Insights/components@2020-02-02' = {
name: name
location: location
kind: ''
properties: {
Application_Type: 'other'
RetentionInDays: log_retention
WorkspaceResourceId: insightsMonitorAccount.id
}
tags: {
OWNER: owner
}
}

resource insightsWorkbooks 'Microsoft.Insights/workbooks@2021-08-01' = {
name: 'df20765c-ed5b-46f9-a47b-20f4aaf7936d'
location: location
kind: 'shared'
properties: {
displayName: 'Libfuzzer Job Dashboard'
serializedData: workbookData.libFuzzerJob
version: '1.0'
sourceId: insightsComponents.id
category: 'tsg'
}
}

output monitorAccountName string = monitorAccountName
output appInsightsAppId string = insightsComponents.properties.AppId
output appInsightsInstrumentationKey string = insightsComponents.properties.InstrumentationKey
24 changes: 24 additions & 0 deletions src/deployment/bicep-templates/server-farms.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
param server_farm_name string
param owner string
param location string

resource serverFarms 'Microsoft.Web/serverfarms@2021-03-01' = {
name: server_farm_name
location: location
kind: 'linux'
properties: {
reserved: true
}
sku: {
name: 'P2v2'
tier: 'PremiumV2'
family: 'Pv2'
capacity: 1
}
tags: {
OWNER: owner
}
}


output id string = serverFarms.id
34 changes: 34 additions & 0 deletions src/deployment/bicep-templates/signalR.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
param location string

var signalr_name = 'onefuzz-${uniqueString(resourceGroup().id)}'
resource signalR 'Microsoft.SignalRService/signalR@2021-10-01' = {
name: signalr_name
location: location
sku: {
name: 'Standard_S1'
tier: 'Standard'
capacity: 1
}
properties: {
features: [
{
flag: 'ServiceMode'
value: 'Serverless'
properties: {}
}
{
flag: 'EnableConnectivityLogs'
value: 'True'
properties: {}
}
{
flag: 'EnableMessagingLogs'
value: 'False'
properties: {}
}
]
}
}

var connectionString = signalR.listKeys().primaryConnectionString
output connectionString string = connectionString
Loading