From c4cbad199d0e93d8e41d04a8f55892bd341d3fda Mon Sep 17 00:00:00 2001
From: Michael Flanakin <micflan@microsoft.com>
Date: Wed, 9 Apr 2025 00:02:47 -0700
Subject: [PATCH] Create basic hub-storage module for extensibility

---
 docs-mslearn/toolkit/changelog.md             |  2 +
 .../finops-hub/modules/hub-storage.bicep      | 43 +++++++++++++++++++
 .../finops-hub/modules/storage.bicep          | 40 ++++++++---------
 3 files changed, 64 insertions(+), 21 deletions(-)
 create mode 100644 src/templates/finops-hub/modules/hub-storage.bicep

diff --git a/docs-mslearn/toolkit/changelog.md b/docs-mslearn/toolkit/changelog.md
index a74212f41..bcee73e48 100644
--- a/docs-mslearn/toolkit/changelog.md
+++ b/docs-mslearn/toolkit/changelog.md
@@ -32,6 +32,8 @@ The following section lists features and enhancements that are currently in deve
 
 - **Added**
   - Added mslearn docs for Add-FinOpsServicePrincipal powershell command.
+  - Created a new bicep modules to support extensibility:
+    - The **hub-storage** module creates containers in the hub storage account.
 
 <br><a name="latest"></a>
 
diff --git a/src/templates/finops-hub/modules/hub-storage.bicep b/src/templates/finops-hub/modules/hub-storage.bicep
new file mode 100644
index 000000000..92ad90e20
--- /dev/null
+++ b/src/templates/finops-hub/modules/hub-storage.bicep
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+//==============================================================================
+// Parameters
+//==============================================================================
+
+@description('Required. Name of the publisher-specific storage account to create or update.')
+param storageAccountName string
+
+@description('Required. Name of the storage container to create or update.')
+param container string
+
+
+//==============================================================================
+// Resources
+//==============================================================================
+
+// Get storage account instance
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
+  name: storageAccountName
+  
+  resource blobService 'blobServices@2022-09-01' = {
+    name: 'default'
+
+    resource configContainer 'containers@2022-09-01' = {
+      name: container
+      properties: {
+        publicAccess: 'None'
+        metadata: {}
+      }
+    }
+  }
+}
+
+// TODO: Upload files
+// TODO: Enforce retention
+
+//==============================================================================
+// Outputs
+//==============================================================================
+
+output containerName string = storageAccount::blobService::configContainer.name
diff --git a/src/templates/finops-hub/modules/storage.bicep b/src/templates/finops-hub/modules/storage.bicep
index 5c14c8fac..c7e426026 100644
--- a/src/templates/finops-hub/modules/storage.bicep
+++ b/src/templates/finops-hub/modules/storage.bicep
@@ -94,6 +94,7 @@ var blobUploadRbacRoles = [
 // Resources
 //==============================================================================
 
+// TODO: Move storage account creation to the hub-app module + output SA name
 resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
   name: storageAccountName
   location: location
@@ -344,30 +345,27 @@ resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01'
   name: 'default'
 }
 
-resource configContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
-  parent: blobService
-  name: 'config'
-  properties: {
-    publicAccess: 'None'
-    metadata: {}
+module configContainer 'hub-storage.bicep' = {
+  name: 'configContainer'
+  params: {
+    storageAccountName: storageAccount.name
+    container: 'config'
   }
 }
 
-resource exportContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
-  parent: blobService
-  name: 'msexports'
-  properties: {
-    publicAccess: 'None'
-    metadata: {}
+module exportContainer 'hub-storage.bicep' = {
+  name: 'exportContainer'
+  params: {
+    storageAccountName: storageAccount.name
+    container: 'msexports'
   }
 }
 
-resource ingestionContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
-  parent: blobService
-  name: 'ingestion'
-  properties: {
-    publicAccess: 'None'
-    metadata: {}
+module ingestionContainer 'hub-storage.bicep' = {
+  name: 'ingestionContainer'
+  params: {
+    storageAccountName: storageAccount.name
+    container: 'ingestion'
   }
 }
 
@@ -489,10 +487,10 @@ output scriptStorageAccountResourceId string = scriptStorageAccount.id
 output scriptStorageAccountName string = scriptStorageAccount.name
 
 @description('The name of the container used for configuration settings.')
-output configContainer string = configContainer.name
+output configContainer string = configContainer.outputs.containerName
 
 @description('The name of the container used for Cost Management exports.')
-output exportContainer string = exportContainer.name
+output exportContainer string = exportContainer.outputs.containerName
 
 @description('The name of the container used for normalized data ingestion.')
-output ingestionContainer string = ingestionContainer.name
+output ingestionContainer string = ingestionContainer.outputs.containerName