From e9ab7cc10b14fcd02f51c30a0109aba11d3fa5b1 Mon Sep 17 00:00:00 2001 From: "saito.k" Date: Tue, 25 Jul 2023 08:32:57 +0000 Subject: [PATCH] =?UTF-8?q?Merged=20PR=20266:=20Azure=20Notification=20Hub?= =?UTF-8?q?s=E3=81=AE=E3=83=AA=E3=82=BD=E3=83=BC=E3=82=B9=E4=BD=9C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 概要 [Task2253: Azure Notification Hubsのリソース作成](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/2253) - dev-notification-rgとstg-notification-rgのテンプレートを出力するように修正 ## レビューポイント - 特にレビューしてほしい箇所 - 軽微なものや自明なものは記載不要 - 修正範囲が大きい場合などに記載 - 全体的にや仕様を満たしているか等は本当に必要な時のみ記載 ## UIの変更 - Before/Afterのスクショなど - スクショ置き場 ## 動作確認状況 - ローカルで確認、develop環境で確認など ## 補足 - 相談、参考資料などがあれば --- configurations/azure/dev-application-rg.json | 32 ---- configurations/azure/dev-network-rg.json | 102 +++++----- configurations/azure/dev-notification-rg.json | 95 +++++++++ configurations/azure/maintenance-rg.json | 32 ++-- configurations/azure/stg-application-rg.json | 32 ---- configurations/azure/stg-network-rg.json | 181 +++++++++++------- configurations/azure/stg-notification-rg.json | 95 +++++++++ configurations/azure/stg-storage-rg.json | 17 ++ update-azure-resource.bat | 2 + 9 files changed, 386 insertions(+), 202 deletions(-) create mode 100644 configurations/azure/dev-notification-rg.json create mode 100644 configurations/azure/stg-notification-rg.json diff --git a/configurations/azure/dev-application-rg.json b/configurations/azure/dev-application-rg.json index 4093ebc..eeba156 100644 --- a/configurations/azure/dev-application-rg.json +++ b/configurations/azure/dev-application-rg.json @@ -2685,14 +2685,6 @@ "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-09T17_01_49_6538333')]", "type": "Microsoft.Web/sites/snapshots" }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T01_01_49_5751914')]", - "type": "Microsoft.Web/sites/snapshots" - }, { "apiVersion": "2015-08-01", "dependsOn": [ @@ -2701,30 +2693,6 @@ "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T04_01_49_5006919')]", "type": "Microsoft.Web/sites/snapshots" }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T07_01_49_5268512')]", - "type": "Microsoft.Web/sites/snapshots" - }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T10_01_49_4279962')]", - "type": "Microsoft.Web/sites/snapshots" - }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_dev_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_dev_name'), '/2023-07-10T13_01_49_3714251')]", - "type": "Microsoft.Web/sites/snapshots" - }, { "apiVersion": "2015-08-01", "dependsOn": [ diff --git a/configurations/azure/dev-network-rg.json b/configurations/azure/dev-network-rg.json index 7293003..28bb58f 100644 --- a/configurations/azure/dev-network-rg.json +++ b/configurations/azure/dev-network-rg.json @@ -1467,25 +1467,6 @@ "name": "[parameters('networkSecurityGroups_nsg_odms_private_dev_name')]", "properties": { "securityRules": [ - { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowPublicSubnetInbound')]", - "name": "AllowPublicSubnetInbound", - "properties": { - "access": "Allow", - "destinationAddressPrefix": "*", - "destinationAddressPrefixes": [], - "destinationPortRange": "3306", - "destinationPortRanges": [], - "direction": "Inbound", - "priority": 1001, - "protocol": "TCP", - "sourceAddressPrefix": "10.1.2.0/24", - "sourceAddressPrefixes": [], - "sourcePortRange": "*", - "sourcePortRanges": [] - }, - "type": "Microsoft.Network/networkSecurityGroups/securityRules" - }, { "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'bastionVMInbound')]", "name": "bastionVMInbound", @@ -1525,8 +1506,28 @@ "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'DenyTagCustomAnyInbound')]", - "name": "DenyTagCustomAnyInbound", + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowDeployMigrationInbound')]", + "name": "AllowDeployMigrationInbound", + "properties": { + "access": "Allow", + "description": "deploy���̃}�C�O���[�V����������", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "3306", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 1004, + "protocol": "TCP", + "sourceAddressPrefix": "10.0.4.4/32", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, + { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'DenyAllInbound')]", + "name": "DenyAllInbound", "properties": { "access": "Deny", "destinationAddressPrefix": "*", @@ -1534,9 +1535,28 @@ "destinationPortRange": "*", "destinationPortRanges": [], "direction": "Inbound", - "priority": 4090, + "priority": 4096, "protocol": "*", - "sourceAddressPrefix": "AzureLoadBalancer", + "sourceAddressPrefix": "*", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, + { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_dev_name'), 'AllowAppServiceInbound')]", + "name": "AllowAppServiceInbound", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "3306", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 1001, + "protocol": "TCP", + "sourceAddressPrefix": "10.1.10.0/24", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -1548,7 +1568,7 @@ "name": "AllowDeployMigrationInbound", "properties": { "access": "Allow", - "description": "deploỹ}CO[V", + "description": "deploy���̃}�C�O���[�V����������", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "3306", @@ -1582,7 +1602,7 @@ "name": "AllowCidrBlockCustomAnyInbound", "properties": { "access": "Allow", - "description": "10.1.0.0/24iapplication gateway̏Tulbgj̎M‚", + "description": "10.1.0.0/24�iapplication gateway�̏�������T�u�l�b�g�j����̎�M�����‚���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "*", @@ -1911,7 +1931,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_public_dev_name'), '/AllowCidrBlockCustomAnyInbound')]", "properties": { "access": "Allow", - "description": "10.1.0.0/24iapplication gateway̏Tulbgj̎M‚", + "description": "10.1.0.0/24�iapplication gateway�̏�������T�u�l�b�g�j����̎�M�����‚���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "*", @@ -1934,7 +1954,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/AllowDeployMigrationInbound')]", "properties": { "access": "Allow", - "description": "deploỹ}CO[V", + "description": "deploy���̃}�C�O���[�V����������", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "3306", @@ -1971,28 +1991,6 @@ }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, - { - "apiVersion": "2022-11-01", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_dev_name'))]" - ], - "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/AllowPublicSubnetInbound')]", - "properties": { - "access": "Allow", - "destinationAddressPrefix": "*", - "destinationAddressPrefixes": [], - "destinationPortRange": "3306", - "destinationPortRanges": [], - "direction": "Inbound", - "priority": 1001, - "protocol": "TCP", - "sourceAddressPrefix": "10.1.2.0/24", - "sourceAddressPrefixes": [], - "sourcePortRange": "*", - "sourcePortRanges": [] - }, - "type": "Microsoft.Network/networkSecurityGroups/securityRules" - }, { "apiVersion": "2022-11-01", "dependsOn": [ @@ -2020,7 +2018,7 @@ "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_dev_name'))]" ], - "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/DenyTagCustomAnyInbound')]", + "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_dev_name'), '/DenyAllInbound')]", "properties": { "access": "Deny", "destinationAddressPrefix": "*", @@ -2028,9 +2026,9 @@ "destinationPortRange": "*", "destinationPortRanges": [], "direction": "Inbound", - "priority": 4090, + "priority": 4096, "protocol": "*", - "sourceAddressPrefix": "AzureLoadBalancer", + "sourceAddressPrefix": "*", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] diff --git a/configurations/azure/dev-notification-rg.json b/configurations/azure/dev-notification-rg.json new file mode 100644 index 0000000..da734a0 --- /dev/null +++ b/configurations/azure/dev-notification-rg.json @@ -0,0 +1,95 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "namespaces_ntfns_odms_dev_name": { + "type": "String" + } + }, + "resources": [ + { + "apiVersion": "2017-04-01", + "location": "Japan East", + "name": "[parameters('namespaces_ntfns_odms_dev_name')]", + "properties": { + "createdAt": "2023-07-24T01:26:14.6870000Z", + "critical": false, + "enabled": true, + "provisioningState": "Succeeded", + "serviceBusEndpoint": "[concat('https://', parameters('namespaces_ntfns_odms_dev_name'), '.servicebus.windows.net:443/')]", + "status": "Active", + "updatedAt": "2023-07-24T01:26:14.7370000Z" + }, + "sku": { + "name": "Free" + }, + "type": "Microsoft.NotificationHubs/namespaces" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/RootManageSharedAccessKey')]", + "properties": { + "rights": [ + "Manage", + "Listen", + "Send" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev')]", + "properties": { + "authorizationRules": [], + "registrationTtl": "10675199.02:48:05.4775807" + }, + "tags": { + "Project": "OMDS", + "environment": "develop" + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_dev_name'), 'ntf-odms-dev')]", + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev/DefaultFullSharedAccessSignature')]", + "properties": { + "rights": [ + "Manage", + "Listen", + "Send" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_dev_name'), 'ntf-odms-dev')]", + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_dev_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_dev_name'), '/ntf-odms-dev/DefaultListenSharedAccessSignature')]", + "properties": { + "rights": [ + "Listen" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules" + } + ], + "variables": {} +} diff --git a/configurations/azure/maintenance-rg.json b/configurations/azure/maintenance-rg.json index 0b642de..3b261b4 100644 --- a/configurations/azure/maintenance-rg.json +++ b/configurations/azure/maintenance-rg.json @@ -376,7 +376,7 @@ "direction": "Inbound", "priority": 130, "protocol": "TCP", - "sourceAddressPrefix": "175.177.42.29", + "sourceAddressPrefix": "175.177.42.28", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -661,7 +661,7 @@ "name": "DenyCidrBlockCustom4443Outbound", "properties": { "access": "Deny", - "description": "stagingݑ䂩dev‹ւ̃ANZX֎~", + "description": "staging���ݑ䂩��dev�‹��ւ̃A�N�Z�X���֎~", "destinationAddressPrefix": "10.1.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -681,7 +681,7 @@ "name": "DenyCidrBlockCustom4443Outbound_DevToStg", "properties": { "access": "Deny", - "description": "devݑ䂩staging‹ւ̃ANZX֎~", + "description": "dev���ݑ䂩��staging�‹��ւ̃A�N�Z�X���֎~", "destinationAddressPrefix": "10.2.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -701,7 +701,7 @@ "name": "AllowDevAppOutbound", "properties": { "access": "Allow", - "description": "Devݑ䂩Dev‹ւ̃ANZX", + "description": "Dev���ݑ䂩��Dev�‹��ւ̃A�N�Z�X������", "destinationAddressPrefix": "10.1.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -721,7 +721,7 @@ "name": "AllowStgAppOutbound", "properties": { "access": "Allow", - "description": "STGݑ䂩STG‹ւ̃ANZX", + "description": "STG���ݑ䂩��STG�‹��ւ̃A�N�Z�X������", "destinationAddressPrefix": "10.2.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -798,7 +798,7 @@ "name": "AllowStorageAccountEastUSOutbound", "properties": { "access": "Allow", - "description": "USpStorageAccountւ̃ANZX‚", + "description": "US�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.EastUS", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -818,7 +818,7 @@ "name": "AllowStorageAccountNorthEuropeOutbound", "properties": { "access": "Allow", - "description": "EUpStorageAccountւ̃ANZX‚", + "description": "EU�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.NorthEurope", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -838,7 +838,7 @@ "name": "AllowStorageAccountAustraliaEastOutbound", "properties": { "access": "Allow", - "description": "AUpStorageAccountւ̃ANZX‚", + "description": "AU�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.AustraliaEast", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -1817,7 +1817,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowDevAppOutbound')]", "properties": { "access": "Allow", - "description": "Devݑ䂩Dev‹ւ̃ANZX", + "description": "Dev���ݑ䂩��Dev�‹��ւ̃A�N�Z�X������", "destinationAddressPrefix": "10.1.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -2047,7 +2047,7 @@ "direction": "Inbound", "priority": 130, "protocol": "TCP", - "sourceAddressPrefix": "175.177.42.29", + "sourceAddressPrefix": "175.177.42.28", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -2130,7 +2130,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStgAppOutbound')]", "properties": { "access": "Allow", - "description": "STGݑ䂩STG‹ւ̃ANZX", + "description": "STG���ݑ䂩��STG�‹��ւ̃A�N�Z�X������", "destinationAddressPrefix": "10.2.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -2175,7 +2175,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountAustraliaEastOutbound')]", "properties": { "access": "Allow", - "description": "AUpStorageAccountւ̃ANZX‚", + "description": "AU�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.AustraliaEast", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -2198,7 +2198,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountEastUSOutbound')]", "properties": { "access": "Allow", - "description": "USpStorageAccountւ̃ANZX‚", + "description": "US�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.EastUS", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -2221,7 +2221,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/AllowStorageAccountNorthEuropeOutbound')]", "properties": { "access": "Allow", - "description": "EUpStorageAccountւ̃ANZX‚", + "description": "EU�p��StorageAccount�ւ̃A�N�Z�X�����‚���", "destinationAddressPrefix": "Storage.NorthEurope", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -2354,7 +2354,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/DenyCidrBlockCustom4443Outbound')]", "properties": { "access": "Deny", - "description": "stagingݑ䂩dev‹ւ̃ANZX֎~", + "description": "staging���ݑ䂩��dev�‹��ւ̃A�N�Z�X���֎~", "destinationAddressPrefix": "10.1.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", @@ -2377,7 +2377,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_vm_maintenance_name'), '/DenyCidrBlockCustom4443Outbound_DevToStg')]", "properties": { "access": "Deny", - "description": "devݑ䂩staging‹ւ̃ANZX֎~", + "description": "dev���ݑ䂩��staging�‹��ւ̃A�N�Z�X���֎~", "destinationAddressPrefix": "10.2.0.10", "destinationAddressPrefixes": [], "destinationPortRange": "4443", diff --git a/configurations/azure/stg-application-rg.json b/configurations/azure/stg-application-rg.json index 5da8fd8..01d81f6 100644 --- a/configurations/azure/stg-application-rg.json +++ b/configurations/azure/stg-application-rg.json @@ -1970,14 +1970,6 @@ "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-09T17_01_49_6538333')]", "type": "Microsoft.Web/sites/snapshots" }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T01_01_49_5751914')]", - "type": "Microsoft.Web/sites/snapshots" - }, { "apiVersion": "2015-08-01", "dependsOn": [ @@ -1986,30 +1978,6 @@ "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T04_01_49_5006919')]", "type": "Microsoft.Web/sites/snapshots" }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T07_01_49_5268512')]", - "type": "Microsoft.Web/sites/snapshots" - }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T10_01_49_4279962')]", - "type": "Microsoft.Web/sites/snapshots" - }, - { - "apiVersion": "2015-08-01", - "dependsOn": [ - "[resourceId('Microsoft.Web/sites', parameters('sites_app_odms_dictation_stg_name'))]" - ], - "name": "[concat(parameters('sites_app_odms_dictation_stg_name'), '/2023-07-10T13_01_49_3714251')]", - "type": "Microsoft.Web/sites/snapshots" - }, { "apiVersion": "2015-08-01", "dependsOn": [ diff --git a/configurations/azure/stg-network-rg.json b/configurations/azure/stg-network-rg.json index 63f8455..1d4215a 100644 --- a/configurations/azure/stg-network-rg.json +++ b/configurations/azure/stg-network-rg.json @@ -672,7 +672,7 @@ "name": "AllowCidrBlockHTTPSInboundOMDSSC01", "properties": { "access": "Allow", - "description": "SubcontractorFϑ", + "description": "Subcontractor�F�ϑ���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -834,25 +834,6 @@ "name": "[parameters('networkSecurityGroups_nsg_odms_private_stg_name')]", "properties": { "securityRules": [ - { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowPublicSubnetInbound')]", - "name": "AllowPublicSubnetInbound", - "properties": { - "access": "Allow", - "destinationAddressPrefix": "*", - "destinationAddressPrefixes": [], - "destinationPortRange": "3306", - "destinationPortRanges": [], - "direction": "Inbound", - "priority": 1001, - "protocol": "TCP", - "sourceAddressPrefix": "10.2.2.0/24", - "sourceAddressPrefixes": [], - "sourcePortRange": "*", - "sourcePortRanges": [] - }, - "type": "Microsoft.Network/networkSecurityGroups/securityRules" - }, { "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'bastionVMInbound')]", "name": "bastionVMInbound", @@ -891,25 +872,6 @@ }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, - { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'DenyTagCustomAnyInbound')]", - "name": "DenyTagCustomAnyInbound", - "properties": { - "access": "Deny", - "destinationAddressPrefix": "*", - "destinationAddressPrefixes": [], - "destinationPortRange": "*", - "destinationPortRanges": [], - "direction": "Inbound", - "priority": 4090, - "protocol": "*", - "sourceAddressPrefix": "AzureLoadBalancer", - "sourceAddressPrefixes": [], - "sourcePortRange": "*", - "sourcePortRanges": [] - }, - "type": "Microsoft.Network/networkSecurityGroups/securityRules" - }, { "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'bastionStagingVMInbound')]", "name": "bastionStagingVMInbound", @@ -928,6 +890,63 @@ "sourcePortRanges": [] }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, + { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowAppServiceInbound')]", + "name": "AllowAppServiceInbound", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "3306", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 1001, + "protocol": "TCP", + "sourceAddressPrefix": "10.2.4.0/24", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, + { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'DenyAllInbound')]", + "name": "DenyAllInbound", + "properties": { + "access": "Deny", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "*", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 4096, + "protocol": "*", + "sourceAddressPrefix": "*", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, + { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups/securityRules', parameters('networkSecurityGroups_nsg_odms_private_stg_name'), 'AllowDeployMigrationInbound')]", + "name": "AllowDeployMigrationInbound", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "3306", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 1005, + "protocol": "TCP", + "sourceAddressPrefix": "10.0.4.4/32", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" } ] }, @@ -948,7 +967,7 @@ "name": "AllowCidrBlockCustomAnyInbound", "properties": { "access": "Allow", - "description": "10.1.0.0/24iapplication gateway̏Tulbgj̎M‚", + "description": "10.1.0.0/24�iapplication gateway�̏�������T�u�l�b�g�j����̎�M�����‚���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "*", @@ -1249,6 +1268,28 @@ }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, + { + "apiVersion": "2022-11-01", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]" + ], + "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowAppServiceInbound')]", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "3306", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 1001, + "protocol": "TCP", + "sourceAddressPrefix": "10.2.4.0/24", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, { "apiVersion": "2022-11-01", "dependsOn": [ @@ -1257,7 +1298,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_public_stg_name'), '/AllowCidrBlockCustomAnyInbound')]", "properties": { "access": "Allow", - "description": "10.1.0.0/24iapplication gateway̏Tulbgj̎M‚", + "description": "10.1.0.0/24�iapplication gateway�̏�������T�u�l�b�g�j����̎�M�����‚���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "*", @@ -1434,7 +1475,7 @@ "name": "[concat(parameters('networkSecurityGroups_nsg_odms_gateway_stg_name'), '/AllowCidrBlockHTTPSInboundOMDSSC01')]", "properties": { "access": "Allow", - "description": "SubcontractorFϑ", + "description": "Subcontractor�F�ϑ���", "destinationAddressPrefix": "*", "destinationAddressPrefixes": [], "destinationPortRange": "443", @@ -1652,7 +1693,7 @@ "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]" ], - "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPipelineInbound')]", + "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowDeployMigrationInbound')]", "properties": { "access": "Allow", "destinationAddressPrefix": "*", @@ -1660,9 +1701,9 @@ "destinationPortRange": "3306", "destinationPortRanges": [], "direction": "Inbound", - "priority": 1002, + "priority": 1005, "protocol": "TCP", - "sourceAddressPrefix": "10.0.3.4/32", + "sourceAddressPrefix": "10.0.4.4/32", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -1674,7 +1715,7 @@ "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]" ], - "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPublicSubnetInbound')]", + "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/AllowPipelineInbound')]", "properties": { "access": "Allow", "destinationAddressPrefix": "*", @@ -1682,9 +1723,9 @@ "destinationPortRange": "3306", "destinationPortRanges": [], "direction": "Inbound", - "priority": 1001, + "priority": 1002, "protocol": "TCP", - "sourceAddressPrefix": "10.2.2.0/24", + "sourceAddressPrefix": "10.0.3.4/32", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -1757,6 +1798,28 @@ }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, + { + "apiVersion": "2022-11-01", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]" + ], + "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/DenyAllInbound')]", + "properties": { + "access": "Deny", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "*", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 4096, + "protocol": "*", + "sourceAddressPrefix": "*", + "sourceAddressPrefixes": [], + "sourcePortRange": "*", + "sourcePortRanges": [] + }, + "type": "Microsoft.Network/networkSecurityGroups/securityRules" + }, { "apiVersion": "2022-11-01", "dependsOn": [ @@ -1779,28 +1842,6 @@ }, "type": "Microsoft.Network/networkSecurityGroups/securityRules" }, - { - "apiVersion": "2022-11-01", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroups_nsg_odms_private_stg_name'))]" - ], - "name": "[concat(parameters('networkSecurityGroups_nsg_odms_private_stg_name'), '/DenyTagCustomAnyInbound')]", - "properties": { - "access": "Deny", - "destinationAddressPrefix": "*", - "destinationAddressPrefixes": [], - "destinationPortRange": "*", - "destinationPortRanges": [], - "direction": "Inbound", - "priority": 4090, - "protocol": "*", - "sourceAddressPrefix": "AzureLoadBalancer", - "sourceAddressPrefixes": [], - "sourcePortRange": "*", - "sourcePortRanges": [] - }, - "type": "Microsoft.Network/networkSecurityGroups/securityRules" - }, { "apiVersion": "2018-09-01", "dependsOn": [ diff --git a/configurations/azure/stg-notification-rg.json b/configurations/azure/stg-notification-rg.json new file mode 100644 index 0000000..6ab45c5 --- /dev/null +++ b/configurations/azure/stg-notification-rg.json @@ -0,0 +1,95 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "namespaces_ntfns_odms_stg_name": { + "type": "String" + } + }, + "resources": [ + { + "apiVersion": "2017-04-01", + "location": "Japan East", + "name": "[parameters('namespaces_ntfns_odms_stg_name')]", + "properties": { + "createdAt": "2023-07-25T01:57:35.5400000Z", + "critical": false, + "enabled": true, + "provisioningState": "Succeeded", + "serviceBusEndpoint": "[concat('https://', parameters('namespaces_ntfns_odms_stg_name'), '.servicebus.windows.net:443/')]", + "status": "Active", + "updatedAt": "2023-07-25T01:57:35.5970000Z" + }, + "sku": { + "name": "Free" + }, + "type": "Microsoft.NotificationHubs/namespaces" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/RootManageSharedAccessKey')]", + "properties": { + "rights": [ + "Manage", + "Listen", + "Send" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/AuthorizationRules" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg')]", + "properties": { + "authorizationRules": [], + "registrationTtl": "10675199.02:48:05.4775807" + }, + "tags": { + "Project": "OMDS", + "environment": "staging" + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_stg_name'), 'ntf-odms-stg')]", + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg/DefaultFullSharedAccessSignature')]", + "properties": { + "rights": [ + "Manage", + "Listen", + "Send" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules" + }, + { + "apiVersion": "2017-04-01", + "dependsOn": [ + "[resourceId('Microsoft.NotificationHubs/namespaces/NotificationHubs', parameters('namespaces_ntfns_odms_stg_name'), 'ntf-odms-stg')]", + "[resourceId('Microsoft.NotificationHubs/namespaces', parameters('namespaces_ntfns_odms_stg_name'))]" + ], + "location": "Japan East", + "name": "[concat(parameters('namespaces_ntfns_odms_stg_name'), '/ntf-odms-stg/DefaultListenSharedAccessSignature')]", + "properties": { + "rights": [ + "Listen" + ] + }, + "type": "Microsoft.NotificationHubs/namespaces/NotificationHubs/AuthorizationRules" + } + ], + "variables": {} +} diff --git a/configurations/azure/stg-storage-rg.json b/configurations/azure/stg-storage-rg.json index 7e36e08..6d857bc 100644 --- a/configurations/azure/stg-storage-rg.json +++ b/configurations/azure/stg-storage-rg.json @@ -612,6 +612,23 @@ }, "type": "Microsoft.Storage/storageAccounts/blobServices/containers" }, + { + "apiVersion": "2022-09-01", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccounts_saodmsusstg_name'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_saodmsusstg_name'))]" + ], + "name": "[concat(parameters('storageAccounts_saodmsusstg_name'), '/default/account-21')]", + "properties": { + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "immutableStorageWithVersioning": { + "enabled": false + }, + "publicAccess": "None" + }, + "type": "Microsoft.Storage/storageAccounts/blobServices/containers" + }, { "apiVersion": "2022-09-01", "dependsOn": [ diff --git a/update-azure-resource.bat b/update-azure-resource.bat index 9a84530..81ac026 100644 --- a/update-azure-resource.bat +++ b/update-azure-resource.bat @@ -4,11 +4,13 @@ az group export --name dev-application-rg --output json > configurations/azure/d az group export --name dev-database-rg --output json > configurations/azure/dev-database-rg.json && ^ az group export --name dev-network-rg --output json > configurations/azure/dev-network-rg.json && ^ az group export --name dev-storage-rg --output json > configurations/azure/dev-storage-rg.json && ^ +az group export --name dev-notification-rg --output json > configurations/azure/dev-notification-rg.json && ^ az group export --name stg-azureADB2C-rg --output json > configurations/azure/stg-azureADB2C-rg.json && ^ az group export --name stg-application-rg --output json > configurations/azure/stg-application-rg.json && ^ az group export --name stg-database-rg --output json > configurations/azure/stg-database-rg.json && ^ az group export --name stg-network-rg --output json > configurations/azure/stg-network-rg.json && ^ az group export --name stg-storage-rg --output json > configurations/azure/stg-storage-rg.json && ^ +az group export --name stg-notification-rg --output json > configurations/azure/stg-notification-rg.json && ^ az group export --name maintenance-rg --output json > configurations/azure/maintenance-rg.json && ^ az group export --name shared-sendGrid-rg --output json > configurations/azure/shared-sendGrid-rg.json && ^ az group export --name shared-template-rg --output json > configurations/azure/shared-template-rg.json