-
Notifications
You must be signed in to change notification settings - Fork 407
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: migrate database to Azure Cosmos DB for NoSQL (#94)
* feat: migrate infra to cosmosdb nosql * feat: migrate code to CosmosDB NoSQL * chore: remove ai search template * docs: update docs * fix: remove key vault references
- Loading branch information
Showing
17 changed files
with
438 additions
and
138 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
metadata description = 'Creates an Azure Cosmos DB account.' | ||
param name string | ||
param location string = resourceGroup().location | ||
param tags object = {} | ||
|
||
@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ]) | ||
param kind string | ||
|
||
param disableLocalAuth bool = false | ||
|
||
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = { | ||
name: name | ||
kind: kind | ||
location: location | ||
tags: tags | ||
properties: { | ||
consistencyPolicy: { defaultConsistencyLevel: 'Session' } | ||
locations: [ | ||
{ | ||
locationName: location | ||
failoverPriority: 0 | ||
isZoneRedundant: false | ||
} | ||
] | ||
databaseAccountOfferType: 'Standard' | ||
enableAutomaticFailover: false | ||
enableMultipleWriteLocations: false | ||
apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {} | ||
capabilities: [ | ||
{ name: 'EnableServerless' } | ||
{ name: 'EnableNoSQLVectorSearch' } | ||
] | ||
minimalTlsVersion: 'Tls12' | ||
disableLocalAuth: disableLocalAuth | ||
} | ||
} | ||
|
||
output endpoint string = cosmos.properties.documentEndpoint | ||
output id string = cosmos.id | ||
output name string = cosmos.name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
metadata description = 'Creates an Azure Cosmos DB for NoSQL account.' | ||
param name string | ||
param location string = resourceGroup().location | ||
param tags object = {} | ||
|
||
param disableLocalAuth bool = false | ||
|
||
module cosmos '../../cosmos/cosmos-account.bicep' = { | ||
name: 'cosmos-account' | ||
params: { | ||
name: name | ||
location: location | ||
tags: tags | ||
kind: 'GlobalDocumentDB' | ||
disableLocalAuth: disableLocalAuth | ||
} | ||
} | ||
|
||
output endpoint string = cosmos.outputs.endpoint | ||
output id string = cosmos.outputs.id | ||
output name string = cosmos.outputs.name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.' | ||
param accountName string | ||
param databaseName string | ||
param location string = resourceGroup().location | ||
param tags object = {} | ||
|
||
param containers array = [] | ||
param principalIds array = [] | ||
param disableLocalAuth bool = false | ||
|
||
module cosmos 'cosmos-sql-account.bicep' = { | ||
name: 'cosmos-sql-account' | ||
params: { | ||
name: accountName | ||
location: location | ||
tags: tags | ||
disableLocalAuth: disableLocalAuth | ||
} | ||
} | ||
|
||
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = { | ||
name: '${accountName}/${databaseName}' | ||
properties: { | ||
resource: { id: databaseName } | ||
} | ||
|
||
resource list 'containers' = [for container in containers: { | ||
name: container.name | ||
properties: { | ||
resource: { | ||
id: container.id | ||
partitionKey: { paths: [ container.partitionKey ] } | ||
} | ||
options: {} | ||
} | ||
}] | ||
|
||
dependsOn: [ | ||
cosmos | ||
] | ||
} | ||
|
||
module roleDefinition 'cosmos-sql-role-def.bicep' = { | ||
name: 'cosmos-sql-role-definition' | ||
params: { | ||
accountName: accountName | ||
} | ||
dependsOn: [ | ||
cosmos | ||
database | ||
] | ||
} | ||
|
||
// We need batchSize(1) here because sql role assignments have to be done sequentially | ||
@batchSize(1) | ||
module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) { | ||
name: 'cosmos-sql-user-role-${uniqueString(principalId)}' | ||
params: { | ||
accountName: accountName | ||
roleDefinitionId: roleDefinition.outputs.id | ||
principalId: principalId | ||
} | ||
dependsOn: [ | ||
cosmos | ||
database | ||
] | ||
}] | ||
|
||
output accountId string = cosmos.outputs.id | ||
output accountName string = cosmos.outputs.name | ||
output databaseName string = databaseName | ||
output endpoint string = cosmos.outputs.endpoint | ||
output roleDefinitionId string = roleDefinition.outputs.id |
19 changes: 19 additions & 0 deletions
19
infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.' | ||
param accountName string | ||
|
||
param roleDefinitionId string | ||
param principalId string = '' | ||
|
||
resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = { | ||
parent: cosmos | ||
name: guid(roleDefinitionId, principalId, cosmos.id) | ||
properties: { | ||
principalId: principalId | ||
roleDefinitionId: roleDefinitionId | ||
scope: cosmos.id | ||
} | ||
} | ||
|
||
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = { | ||
name: accountName | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
metadata description = 'Creates a SQL role definition under an Azure Cosmos DB account.' | ||
param accountName string | ||
|
||
resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = { | ||
parent: cosmos | ||
name: guid(cosmos.id, accountName, 'sql-role') | ||
properties: { | ||
assignableScopes: [ | ||
cosmos.id | ||
] | ||
permissions: [ | ||
{ | ||
dataActions: [ | ||
'Microsoft.DocumentDB/databaseAccounts/readMetadata' | ||
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*' | ||
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*' | ||
] | ||
notDataActions: [] | ||
} | ||
] | ||
roleName: 'Reader Writer' | ||
type: 'CustomRole' | ||
} | ||
} | ||
|
||
resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = { | ||
name: accountName | ||
} | ||
|
||
output id string = roleDefinition.id |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.