Bicep

With Bicep we need only one file which is located in the directory c:\osdcloud\bicep.

Here is the content of the bicep file, we are only interested in line 62-63 we must come here and insert the Technicien Id.

@description('Specifies the name of the Azure Storage account.')
param storageAccountName string ='azosdcloud'

@description('Specifies the name of the Azure Storage account.')
param StorageAccuntList string ='azosdscripts'

@description('Specifies the name of the blob for logs container.')
param containerName string = 'logs'

@description('Specifies the location in which the Azure Storage resources should be deployed.')
param location string = resourceGroup().location

@description('Specifies container object list for wim images.')
param containers object = {
  c1:{
    name: 'server'
    type: 'Container'
  }
  c2:{
    name: 'retail'
    type: 'Container'
  }
  c3:{
    name: 'insiders'
    type: 'Container'
  }
  c4:{
    name: 'driverpack'
    type: 'Container'
  }
  c5:{
    name: 'bootimage'
    type: 'Container'
  }

}
@description('Specifies container object list for powershell scripts, packages, unattend.')
param scripts object = {
  c1:{
    name: 'scripts'
    type: 'Container'
  }
  c2:{
    name: 'packages'
    type: 'Container'
  }
  c3:{
    name: 'unattend'
    type: 'Container'
  }
  c4:{
    name: 'others'
    type: 'Container'
  }
}

@description('This is the built-in Storage Blob Data Reader.')
resource StorageBlobDataReaderDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: subscription()
  name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
}
@description('This is the ID for the AzureADAccount who can access.')
param principalId string = ''

resource AzStorage 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: storageAccountName
  location: location
  tags : {
    OSDCloud :'production' 
  }
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    allowBlobPublicAccess: true
    allowSharedKeyAccess:true
    minimumTlsVersion: 'TLS1_2'
    defaultToOAuthAuthentication: true
    
  }
}
resource AzScripts 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: StorageAccuntList
  location: location
  tags : {
    OSDScripts :'powershell' 
  }
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
    allowBlobPublicAccess: true
    allowSharedKeyAccess:true
    allowCrossTenantReplication: true
    minimumTlsVersion: 'TLS1_2'
    defaultToOAuthAuthentication: true
  }
}

resource log 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = {
  name: '${AzStorage.name}/default/${containerName}'

}

resource containerlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(containers):{
  name:'${AzStorage.name}/default/${cont.value.name}'
  properties: {
    publicAccess: cont.value.type
}
}]

resource containerscriptlist 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' =[for cont in items(scripts):{
  name:'${AzScripts.name}/default/${cont.value.name}'
  properties: {
    publicAccess: cont.value.type
}
}]

resource ActivateFeedStorage 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
  name: 'default'
  parent: AzStorage
  properties: {
    changeFeed: {
      enabled: true
    }
  }
}
resource ActivateFeedScript 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
  name: 'default'
  parent: AzScripts
  properties: {
    changeFeed: {
      enabled: true
    }
  }
}

resource roleAssignmentAzStorage 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
  scope: AzStorage
  name: guid(AzStorage.id, principalId, StorageBlobDataReaderDefinition.id)
  properties: {
    roleDefinitionId: StorageBlobDataReaderDefinition.id
    principalId: principalId
    principalType: 'User'
  }
}
resource roleAssignmentAzSScripts 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
  scope: AzScripts
  name: guid(AzScripts.id, principalId, StorageBlobDataReaderDefinition.id)
  properties: {
    roleDefinitionId: StorageBlobDataReaderDefinition.id
    principalId: principalId
    principalType: 'User'
  }
}

Once this Bicep file is executed your Azure environment will be configured with two storage accounts, one for wim image storage and a second one still expiring for powershell scripts, packages, unattend and others.

Last updated