config sqlAdmin string {
	__logicalName = "sqlAdmin"
	default = "pulumi"
}

blobAccessToken = secret(invoke("azure-native:storage:listStorageAccountServiceSAS", {
	accountName = sa.name,
	protocols = "https",
	sharedAccessStartTime = "2022-01-01",
	sharedAccessExpiryTime = "2030-01-01",
	resource = "c",
	resourceGroupName = appservicegroup.name,
	permissions = "r",
	canonicalizedResource = "/blob/${sa.name}/${container.name}",
	contentType = "application/json",
	cacheControl = "max-age=5",
	contentDisposition = "inline",
	contentEncoding = "deflate"
}).serviceSasToken)

resource appservicegroup "azure-native:resources:ResourceGroup" {
	__logicalName = "appservicegroup"
}

resource sa "azure-native:storage:StorageAccount" {
	__logicalName = "sa"
	resourceGroupName = appservicegroup.name
	kind = "StorageV2"
	sku = {
		name = "Standard_LRS"
	}
}

resource appserviceplan "azure-native:web:AppServicePlan" {
	__logicalName = "appserviceplan"
	resourceGroupName = appservicegroup.name
	kind = "App"
	sku = {
		name = "B1",
		tier = "Basic"
	}
}

resource container "azure-native:storage:BlobContainer" {
	__logicalName = "container"
	resourceGroupName = appservicegroup.name
	accountName = sa.name
	publicAccess = "None"
}

resource blob "azure-native:storage:Blob" {
	__logicalName = "blob"
	resourceGroupName = appservicegroup.name
	accountName = sa.name
	containerName = container.name
	type = "Block"
	source = fileArchive("./www")
}

resource appInsights "azure-native:insights:Component" {
	__logicalName = "appInsights"
	resourceGroupName = appservicegroup.name
	applicationType = "web"
	kind = "web"
}

resource sqlPassword "random:index/randomPassword:RandomPassword" {
	__logicalName = "sqlPassword"
	length = 16
	special = true
}

resource sqlServer "azure-native:sql:Server" {
	__logicalName = "sqlServer"
	resourceGroupName = appservicegroup.name
	administratorLogin = sqlAdmin
	administratorLoginPassword = sqlPassword.result
	version = "12.0"
}

resource db "azure-native:sql:Database" {
	__logicalName = "db"
	resourceGroupName = appservicegroup.name
	serverName = sqlServer.name
	sku = {
		name = "S0"
	}
}

resource app "azure-native:web:WebApp" {
	__logicalName = "app"
	resourceGroupName = appservicegroup.name
	serverFarmId = appserviceplan.id
	siteConfig = {
		appSettings = [
			{
				name = "WEBSITE_RUN_FROM_PACKAGE",
				value = "https://${sa.name}.blob.core.windows.net/${container.name}/${blob.name}?${blobAccessToken}"
			},
			{
				name = "APPINSIGHTS_INSTRUMENTATIONKEY",
				value = appInsights.instrumentationKey
			},
			{
				name = "APPLICATIONINSIGHTS_CONNECTION_STRING",
				value = "InstrumentationKey=${appInsights.instrumentationKey}"
			},
			{
				name = "ApplicationInsightsAgent_EXTENSION_VERSION",
				value = "~2"
			}
		],
		connectionStrings = [{
			name = "db",
			type = "SQLAzure",
			connectionString = "Server= tcp:${sqlServer.name}.database.windows.net;initial catalog=${db.name};userID=${sqlAdmin};password=${sqlPassword.result};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;"
		}]
	}
}

output endpoint {
	__logicalName = "endpoint"
	value = app.defaultHostName
}