Provide "Deploy To Azure" button for Azure Key Vault background job (#27)

tomkerkhove · web-flow · commit 2c424ce9c2b5 · 2020-02-21T14:50:04.000+01:00
* Ignore docs/_site

* WIP

* Initial test

* First working version, but still fixed

* Finalize template

* Provide deploy button

* Switch to correct repo
diff --git a/deploy/arm/azure-key-vault-job.json b/deploy/arm/azure-key-vault-job.json
@@ -0,0 +1,86 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "EventGrid.Subscription.Name": {
+            "defaultValue": "Arcus-Background-Jobs-Secret-Renewed",
+            "minLength": 3,
+            "maxLength": 64,
+            "type": "String",
+            "metadata": {
+                "description": "Name of the subscription to create"
+            }
+        },
+        "KeyVault.Name": {
+            "type": "String",
+            "metadata": {
+                "description": "Name of the Azure Key Vault"
+            }
+        },
+        "ServiceBus.Namespace.Name": {
+            "minLength": 6,
+            "maxLength": 50,
+            "type": "String",
+            "metadata": {
+                "description": "Name of the Service Bus namespace"
+            }
+        },
+        "ServiceBus.Topic.Name": {
+            "type": "String",
+            "metadata": {
+                "description": "Name of the Topic"
+            }
+        }
+    },
+    "variables": {},
+    "resources": [
+        {
+            "type": "Microsoft.KeyVault/vaults/providers/eventSubscriptions",
+            "apiVersion": "2020-01-01-preview",
+            "name": "[concat(parameters('KeyVault.Name'), 'arcus-sandbox/Microsoft.EventGrid/', parameters('EventGrid.Subscription.Name'))]",
+            "dependsOn": [
+                "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('ServiceBus.Namespace.Name'), parameters('ServiceBus.Topic.Name'))]"
+            ],
+            "properties": {
+                "destination": {
+                    "endpointType": "ServiceBusTopic",
+                    "properties": {
+                        "resourceId": "[resourceId('Microsoft.ServiceBus/namespaces/topics', parameters('ServiceBus.Namespace.Name'), parameters('ServiceBus.Topic.Name'))]"
+                    }
+                },
+                "filter": {
+                    "includedEventTypes": [
+                        "Microsoft.KeyVault.SecretNewVersionCreated"
+                    ],
+                    "advancedFilters": []
+                },
+                "labels": [],
+                "eventDeliverySchema": "CloudEventSchemaV1_0"
+            }
+        },
+        {
+            "type": "Microsoft.ServiceBus/namespaces",
+            "apiVersion": "2017-04-01",
+            "name": "[parameters('ServiceBus.Namespace.Name')]",
+            "location": "[resourceGroup().location]",
+            "sku": {
+                "name": "Standard"
+            },
+            "resources": [
+                {
+                    "type": "topics",
+                    "apiVersion": "2017-04-01",
+                    "name": "[parameters('ServiceBus.Topic.Name')]",
+                    "dependsOn": [
+                        "[concat('Microsoft.ServiceBus/namespaces/', parameters('ServiceBus.Namespace.Name'))]"
+                    ],
+                    "properties": {
+                        "enablePartitioning": "true"
+                    },
+                    "resources": []
+                }
+            ]
+        }
+    ],
+    "outputs": {}
+}
diff --git a/deploy/arm/azure-key-vault-job.parameters.json b/deploy/arm/azure-key-vault-job.parameters.json
@@ -0,0 +1,18 @@
+{
+    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "EventGrid.Subscription.Name": {
+            "value": "Arcus-Background-Jobs-Secret-Renewed"
+        },
+        "ServiceBus.Namespace.Name": {
+            "value": ""
+        },
+        "ServiceBus.Topic.Name": {
+            "value": ""
+        },
+        "KeyVault.Name": {
+            "value": ""
+        }
+    }
+}
diff --git a/docs/features/security/auto-invalidate-secrets.md b/docs/features/security/auto-invalidate-secrets.md
@@ -9,6 +9,11 @@ The `Arcus.BackgroundJobs.KeyVault` library provides a background job to automat
 
 ## How does it work?
 
+<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Farcus.azure%2Farcus.backgroundjobs%2Fmaster%2Fdeploy%2Farm%2Fazure-key-vault-job.json" target="_blank">
+    <img src="https://azuredeploy.net/deploybutton.png"/>
+</a>
+
+
 This automation works by subscribing on the `SecretNewVersionCreated` event of an Azure Key Vault resource and placing those events on a Azure Service Bus Topic; which we process in our background job.
 
 ![Automatically Invalidate Azure Key Vault Secrets](/media/Azure-Key-Vault-Job.png)
