split into 2 script files

cbellee · Jan 2, 2025 · c3b6936 · c3b6936
1 parent 30bcc8a
commit c3b6936
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 52 deletions.
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -9,7 +9,8 @@ param githubUsername string = 'cbellee'
 param utcValue string = utcNow()
 param cloudFlareZoneId string
 param cloudFlareApiToken string
-param scriptUri string = 'https://github.com/cbellee/photo-api/blob/main/scripts/cloudflare.ps1'
+param dnsScriptUri string = 'https://github.com/cbellee/photo-api/blob/main/scripts/cloudflare-dns.ps1'
+param cloudConnectorScriptUri string = 'https://github.com/cbellee/photo-api/blob/main/scripts/cloudflare-connector-rule.ps1'
 
 @secure()
 param ghcrPullToken string
@@ -507,10 +508,10 @@ module daprComponentUploadsStorageBlob 'modules/daprComponent.bicep' = {
   ]
 }
 
-resource enableCustomDomainAndCloudConnector 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-  name: 'enableCustomDomain'
+resource enableCustomDomainNotProxied 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: 'enableCustomDomainNotProxied'
   location: resourceGroup().location
-  kind:  'AzurePowerShell'
+  kind: 'AzurePowerShell'
   properties: {
     forceUpdateTag: utcValue
     azPowerShellVersion: '7.0'
@@ -520,7 +521,25 @@ resource enableCustomDomainAndCloudConnector 'Microsoft.Resources/deploymentScri
       storageAccountName: storageAccountName
       storageAccountKey: storage.outputs.key
     }
-    primaryScriptUri: scriptUri
+    primaryScriptUri: dnsScriptUri
+    arguments: '-cloudFlareApiToken ${cloudFlareApiToken} -storageAccountWebEndpoint ${storage.outputs.webEndpoint} -cloudFlareZoneId ${cloudFlareZoneId} -cName ${cNameRecord} -isDnsProxied ${false}'
+  }
+}
+
+resource enableCloudConnector 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: 'enableCloudConnector'
+  location: resourceGroup().location
+  kind: 'AzurePowerShell'
+  properties: {
+    forceUpdateTag: utcValue
+    azPowerShellVersion: '7.0'
+    timeout: 'PT5M'
+    retentionInterval: 'PT1H'
+    storageAccountSettings: {
+      storageAccountName: storageAccountName
+      storageAccountKey: storage.outputs.key
+    }
+    primaryScriptUri: cloudConnectorScriptUri
     arguments: '-cloudFlareApiToken ${cloudFlareApiToken} -storageAccountWebEndpoint ${storage.outputs.webEndpoint} -cloudFlareZoneId ${cloudFlareZoneId} -cName ${cNameRecord}'
   }
 }
@@ -538,10 +557,29 @@ module storageCustomDomain './modules/stor.bicep' = {
     deployCustomDomain: true
   }
   dependsOn: [
-    enableCustomDomainAndCloudConnector
+    enableCustomDomainNotProxied
+    enableCloudConnector
   ]
 }
 
+resource enableCustomDomainProxied 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: 'enableCustomDomainProxied'
+  location: resourceGroup().location
+  kind: 'AzurePowerShell'
+  properties: {
+    forceUpdateTag: utcValue
+    azPowerShellVersion: '7.0'
+    timeout: 'PT5M'
+    retentionInterval: 'PT1H'
+    storageAccountSettings: {
+      storageAccountName: storageAccountName
+      storageAccountKey: storage.outputs.key
+    }
+    primaryScriptUri: dnsScriptUri
+    arguments: '-cloudFlareApiToken ${cloudFlareApiToken} -storageAccountWebEndpoint ${storage.outputs.webEndpoint} -cloudFlareZoneId ${cloudFlareZoneId} -cName ${cNameRecord} -isDnsProxied ${true}'
+  }
+}
+
 output storageAccountName string = storage.outputs.name
 output photoApiEndpoint string = photoApi.properties.configuration.ingress.fqdn
 output resizeApiEndpoint string = resizeApi.properties.configuration.ingress.fqdn
diff --git a/scripts/cloudflare.ps1 → scripts/cloudflare-connector-rule.ps1 b/scripts/cloudflare.ps1 → scripts/cloudflare-connector-rule.ps1
@@ -6,47 +6,16 @@ param (
   [string]
   $storageAccountWebEndpoint,
   [string]
-  $cName
+  $cName,
+  [boolean]
+  $isDnsProxied = $false
 )
 
 $ErrorActionPreference = 'Continue'
 
 # Set common header
 $headers = @{"Authorization" = "Bearer $cloudFlareApiToken"; "Content-Type" = "application/json" }
 
-# Add CNAME DNS Record
-$uri = "https://api.cloudflare.com/client/v4/zones/$cloudFlareZoneId/dns_records"
-
-$params = @{
-  Uri     = $uri
-  Headers = $headers
-  Method  = 'POST'
-  Body    = 
-  @"
-      {
-          "comment": "CNAME record",
-          "content": "$storageAccountWebEndpoint",
-          "name": "$cName",
-          "proxied": true,
-          "ttl": 3600,
-          "type": "CNAME"
-      }
-"@
-}
-
-#try {
-  $resp = Invoke-WebRequest @params -SkipHttpErrorCheck
-  if ($resp.StatusCode -ne 200) {
-    Write-Output "Failed to add DNS Record. Code: $($resp.StatusCode) Desc: $($resp.StatusDescription)"
-  }
-  else {
-    Write-Output "DNS Record added successfully"
-  }
-<# }
-catch {
-  Write-Output "Failed to add DNS Record. $($_.Exception.Message)"
-} #>
-
 # Get existing Cloud Connector Rules
 $uri = "https://api.cloudflare.com/client/v4/zones/$cloudFlareZoneId/cloud_connector/rules"
 $rules = @()
@@ -60,7 +29,8 @@ $params = @{
 $resp = Invoke-WebRequest @params -SkipHttpErrorCheck
 if ($resp.StatusCode -ne 200) {
   throw "Failed to get Cloud Connector rules. Code: $($resp.StatusCode) Desc: $($resp.StatusDescription)"
-} else {
+}
+else {
   Write-Output "Cloud Connector rules fetched successfully"
   $rules += ($resp.Content | ConvertFrom-Json -Depth 10).result
 }
@@ -88,17 +58,6 @@ $params = @{
   Headers = $headers
   Method  = 'PUT'
   Body    = $rules | ConvertTo-Json -Depth 10
-  <# @"
-    [
-      {
-          "enabled": true,
-          "expression": "(http.request.full_uri wildcard \u0022\u0022)",
-          "provider": "azure_storage",
-          "description": "Connect to Azure storage container",
-          "parameters": {"host": "$storageAccountWebEndpoint"}
-      }
-    ]
-"@ #>
 }
 
 $resp = Invoke-WebRequest @params -SkipHttpErrorCheck

diff --git a/scripts/cloudflare-dns.ps1 b/scripts/cloudflare-dns.ps1
@@ -0,0 +1,45 @@
+param (
+  [string]
+  $cloudFlareApiToken,
+  [string]
+  $cloudFlareZoneId,
+  [string]
+  $storageAccountWebEndpoint,
+  [string]
+  $cName,
+  [boolean]
+  $isDnsProxied = $false
+)
+
+$ErrorActionPreference = 'Continue'
+
+# Set common header
+$headers = @{"Authorization" = "Bearer $cloudFlareApiToken"; "Content-Type" = "application/json" }
+
+# Add CNAME DNS Record
+$uri = "https://api.cloudflare.com/client/v4/zones/$cloudFlareZoneId/dns_records"
+
+$params = @{
+  Uri     = $uri
+  Headers = $headers
+  Method  = 'POST'
+  Body    = 
+  @"
+      {
+          "comment": "CNAME record",
+          "content": "$storageAccountWebEndpoint",
+          "name": "$cName",
+          "proxied": $isDnsProxied,
+          "ttl": 3600,
+          "type": "CNAME"
+      }
+"@
+}
+
+$resp = Invoke-WebRequest @params -SkipHttpErrorCheck
+if ($resp.StatusCode -ne 200) {
+  Write-Output "Failed to add DNS Record. Code: $($resp.StatusCode) Desc: $($resp.StatusDescription)"
+}
+else {
+  Write-Output "DNS Record added successfully"
+}