Updated ADF templates

Author: alrios-ms

Deployment/adfHRResources.bicep

@@ -5,6 +5,20 @@ param solutionAbbreviation string
 param tenantId string
 
 var sqlServerName = '${solutionAbbreviation}-data-${environmentAbbreviation}'
+var sqlDataBaseName = '${solutionAbbreviation}-data-${environmentAbbreviation}-hr'
+
+module sqlForHRData '../Infrastructure/adf/sql/template.bicep' = {
+  name: 'sqlForHRDataTemplate'
+  params: {
+    location: location
+    environmentAbbreviation: environmentAbbreviation
+    solutionAbbreviation: solutionAbbreviation
+    tenantId: tenantId
+    sqlServerName: sqlServerName
+    sqlDataBaseName: sqlDataBaseName
+  }
+}
+
 module adfForHRData '../Infrastructure/adf/pipeline/template.bicep' = {
   name: 'adfForHRDataTemplate'
   params: {
@@ -13,5 +27,9 @@ module adfForHRData '../Infrastructure/adf/pipeline/template.bicep' = {
     solutionAbbreviation: solutionAbbreviation
     tenantId: tenantId
     sqlServerName: sqlServerName
+    sqlDataBaseName: sqlDataBaseName
   }
+  dependsOn: [
+    sqlForHRData
+  ]
 }

Infrastructure/adf/pipeline/azureDataFactory.bicep

@@ -10,8 +10,8 @@ param location string
 @description('Name of SQL Server')
 param sqlServerName string
 
-@secure()
-param sqlAdminPassword string
+@description('Name of SQL Server')
+param sqlDataBaseName string
 
 @description('AzureUserReader function url.')
 @secure()
@@ -25,6 +25,9 @@ param azureUserReaderFunctionKey string
 @secure()
 param storageAccountConnectionString string
 
+var sqlServerUrl = 'Server=tcp:${sqlServerName}${environment().suffixes.sqlServerHostname},1433'
+
+
 resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' = {
   name: factoryName
   identity: {
@@ -61,7 +64,7 @@ resource linkedService_DestinationDatabase 'Microsoft.DataFactory/factories/link
     annotations: []
     type: 'SqlServer'
     typeProperties: {
-      connectionString: 'Server=tcp:${sqlServerName}.database.windows.net,1433;Initial Catalog=${sqlServerName};Persist Security Info=False;User ID=SQLDBAdmin;Password=${sqlAdminPassword};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;'
+      connectionString: '${sqlServerUrl};${sqlDataBaseName};Authentication=Active Directory Default;TrustServerCertificate=True;Encrypt=True;Connection Timeout=90;'
     }
   }
   dependsOn: [

Infrastructure/adf/pipeline/template.bicep

@@ -15,7 +15,10 @@ param location string
 param tenantId string
 
 @description('Name of SQL Server')
-param sqlServerName string = '${solutionAbbreviation}-data-${environmentAbbreviation}-destination'
+param sqlServerName string = '${solutionAbbreviation}-data-${environmentAbbreviation}'
+
+@description('Name of SQL Server')
+param sqlDataBaseName string = '${solutionAbbreviation}-data-${environmentAbbreviation}-destination'
 
 @description('Name of Azure Data Factory')
 param azureDataFactoryName string = '${solutionAbbreviation}-data-${environmentAbbreviation}-adf'
@@ -33,10 +36,10 @@ module azureDataFactoryTemplate 'azureDataFactory.bicep' = {
 		factoryName: azureDataFactoryName
 		environmentAbbreviation: environmentAbbreviation
 		location: location
-		sqlAdminPassword: dataKeyVault.getSecret('sqlAdminPassword')
 		sqlServerName: sqlServerName
+		sqlDataBaseName: sqlDataBaseName
 		azureUserReaderUrl: dataKeyVault.getSecret('azureUserReaderUrl')
 		azureUserReaderFunctionKey: dataKeyVault.getSecret('azureUserReaderKey')
-		storageAccountConnectionString: dataKeyVault.getSecret('storageAccountConnectionString')
+		storageAccountConnectionString: dataKeyVault.getSecret('adfStorageAccountConnectionString')
 	}
 }

Infrastructure/adf/sql/sqlServer.bicep

@@ -1,85 +1,14 @@
-@minLength(2)
-@maxLength(3)
-@description('Enter an abbreviation for the solution.')
-param solutionAbbreviation string
-
-@minLength(2)
-@maxLength(6)
-@description('Enter an abbreviation for the environment.')
-param environmentAbbreviation string
-
 @description('Resource location.')
 param location string
 
-@description('Tenant Id.')
-param tenantId string
-
 @description('Name of SQL Server')
 param sqlServerName string
 
 @description('Name of SQL Database')
 param sqlDatabaseName string
 
-@description('Administrator user name')
-param sqlAdminUserName string
-
-@secure()
-@description('Administrator password')
-param sqlAdminPassword string
-
-@description('Administrators Azure AD Group Object Id')
-param sqlAdministratorsGroupId string
-
-@description('Administrators Azure AD Group Name')
-param sqlAdministratorsGroupName string
-
-@description('Key vault name.')
-param keyVaultName string
-
-var logAnalyticsName = '${solutionAbbreviation}-data-${environmentAbbreviation}'
-var sqlServerUrl = 'Server=tcp:${sqlServerName}${environment().suffixes.sqlServerHostname},1433;'
-var sqlServerDataBaseName = 'Initial Catalog=${sqlDatabaseName};'
-var sqlServerAdditionalSettings = 'MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=90;'
-
-resource sqlServer 'Microsoft.Sql/servers@2022-11-01-preview' = {
+resource sqlServer 'Microsoft.Sql/servers@2022-11-01-preview' existing = {
   name: sqlServerName
-  location: location
-  identity: {
-    type: 'SystemAssigned'
-  }
-  properties: {
-    administratorLogin: sqlAdminUserName
-    administratorLoginPassword: sqlAdminPassword
-    administrators: {
-      administratorType: 'ActiveDirectory'
-      principalType: 'Group'
-      login: sqlAdministratorsGroupName
-      sid: sqlAdministratorsGroupId
-      tenantId: tenantId
-    }
-  }
-
-  resource sqlServerFirewall 'firewallRules@2022-11-01-preview' = {
-    name: 'AllowAllWindowsAzureIps'
-    properties: {
-      startIpAddress: '0.0.0.0'
-      endIpAddress: '0.0.0.0'
-    }
-  }
-
-  resource masterDataBase 'databases@2022-11-01-preview' = {
-    location: location
-    name: 'master'
-    properties: {}
-  }
-
-  resource auditingSettings 'auditingSettings@2022-11-01-preview' = {
-    name: 'default'
-    properties: {
-      state: 'Enabled'
-      isAzureMonitorTargetEnabled: true
-    }
-  }
 }
 
 resource sqlDatabase 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
@@ -93,51 +22,3 @@ resource sqlDatabase 'Microsoft.Sql/servers/databases@2021-02-01-preview' = {
     capacity: 0
   }
 }
-
-resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
-  name: logAnalyticsName
-}
-
-resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
-  scope: sqlServer::masterDataBase
-  name: 'diagnosticSettings'
-  properties: {
-    workspaceId: logAnalytics.id
-    logs: [
-      {
-        category: 'SQLSecurityAuditEvents'
-        enabled: true
-        retentionPolicy: {
-          days: 0
-          enabled: false
-        }
-      }
-    ]
-  }
-  dependsOn: [
-    sqlServer
-  ]
-}
-
-module secureKeyvaultSecrets 'keyVaultSecretsSecure.bicep' = {
-  name: 'secureKeyvaultSecrets'
-  params: {
-    keyVaultName: keyVaultName
-    keyVaultSecrets: {
-      secrets: [
-        {
-          name: 'sqlAdminUserName'
-          value: sqlAdminUserName
-        }
-        {
-          name: 'sqlAdminPassword'
-          value: sqlAdminPassword
-        }
-        {
-          name: 'sqlServerBasicConnectionString'
-          value: '${sqlServerUrl}${sqlServerDataBaseName}${sqlServerAdditionalSettings}'
-        }
-      ]
-    }
-  }
-}

Infrastructure/adf/sql/storageAccount.bicep

@@ -44,7 +44,7 @@ module secureSecretsTemplate 'keyVaultSecretsSecure.bicep' = {
     keyVaultSecrets: {
       secrets: [
         {
-          name: 'storageAccountConnectionString'
+          name: 'adfStorageAccountConnectionString'
           value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value}'
         }
       ]

Infrastructure/adf/sql/template.bicep

@@ -30,37 +30,19 @@ param storageAccountSku string = 'Standard_LRS'
 param storageAccountContainerName string = 'csvcontainer'
 
 @description('Name of SQL Server')
-param sqlServerName string = '${solutionAbbreviation}-data-${environmentAbbreviation}-destination'
+param sqlServerName string = '${solutionAbbreviation}-data-${environmentAbbreviation}'
 
-@description('Administrator user name')
-param sqlAdminUserName string = 'SQLDBAdmin'
-
-@secure()
-@description('Administrator password')
-param sqlAdminPassword string = 'ADMN${toLower(newGuid())}!$#'
-
-@description('Administrators Azure AD Group Object Id')
-param sqlAdministratorsGroupId string
-
-@description('Administrators Azure AD Group Name')
-param sqlAdministratorsGroupName string
+@description('Name of SQL Server')
+param sqlDataBaseName string = '${solutionAbbreviation}-data-${environmentAbbreviation}-destination'
 
 var dataKeyVaultName = '${solutionAbbreviation}-data-${environmentAbbreviation}'
 
 module sqlServer 'sqlServer.bicep' =  {
   name: 'sqlServerTemplate'
   params: {
-    environmentAbbreviation: environmentAbbreviation
     location: location
-    solutionAbbreviation: solutionAbbreviation
-    keyVaultName: dataKeyVaultName
     sqlServerName: sqlServerName
-    sqlDatabaseName: sqlServerName
-    sqlAdminUserName:  sqlAdminUserName
-    sqlAdminPassword: sqlAdminPassword
-    sqlAdministratorsGroupId: sqlAdministratorsGroupId
-    sqlAdministratorsGroupName: sqlAdministratorsGroupName
-    tenantId: tenantId
+    sqlDatabaseName: sqlDataBaseName
   }
 }