Add Infra/app files

Azure · Sep 2, 2024 · 785f819 · 785f819
1 parent 9b54ddd
commit 785f819
Show file tree

Hide file tree

Showing 23 changed files with 320 additions and 390 deletions.
diff --git a/templates/todo/api/python/todo/models.py b/templates/todo/api/python/todo/models.py
@@ -31,13 +31,6 @@ def __init__(self, *args, **kwargs):
     AZURE_KEY_VAULT_ENDPOINT: Optional[str] = None
     APPLICATIONINSIGHTS_CONNECTION_STRING: Optional[str] = None
     APPLICATIONINSIGHTS_ROLENAME: Optional[str] = "API"
-    PRIMARY_WRITE_KEY: str = ""
-    PRIMARY_READONLY_KEY: str = ""
-    SECONDARY_WRITE_CONNECTION_STRING: str = ""
-    PRIMARY_READONLY_CONNECTION_STRING: str = ""
-    SECONDARY_WRITE_KEY: str = ""
-    SECONDARY_READONLY_KEY: str = ""
-    SECONDARY_READONLY_CONNECTION_STRING: str = ""
 
     class Config:
         env_file = ".env"

diff --git a/templates/todo/common/infra/bicep/app/api-avm.bicep b/templates/todo/common/infra/bicep/app/api-avm.bicep
@@ -0,0 +1,57 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param allowedOrigins array = []
+param appCommandLine string = ''
+param appInsightResourceId string
+param appServicePlanId string
+@secure()
+param appSettings object = {}
+param siteConfig object = {}
+param serviceName string = 'api'
+param linuxFxVersion string
+
+@description('Required. Type of site to deploy.')
+param kind string
+
+@description('Optional. If client affinity is enabled.')
+param clientAffinityEnabled bool = true
+
+@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.')
+param storageAccountResourceId string?
+
+module api 'br/public:avm/res/web/site:0.6.0' = {
+  name: '${name}-app-module'
+  params: {
+    kind: kind
+    name: name
+    serverFarmResourceId: appServicePlanId
+    tags: union(tags, { 'azd-service-name': serviceName })
+    location: location
+    appInsightResourceId: appInsightResourceId
+    clientAffinityEnabled: clientAffinityEnabled
+    storageAccountResourceId: storageAccountResourceId
+    managedIdentities: {
+      systemAssigned: true
+    }
+    siteConfig: union(siteConfig, {
+      cors: {
+        allowedOrigins: union(['https://portal.azure.com', 'https://ms.portal.azure.com'], allowedOrigins)
+      }
+      linuxFxVersion: linuxFxVersion
+      appCommandLine: appCommandLine
+    })
+    appSettingsKeyValuePairs: union(appSettings, { SCM_DO_BUILD_DURING_DEPLOYMENT: 'True', ENABLE_ORYX_BUILD: 'True' })
+    logsConfiguration: {
+      applicationLogs: { fileSystem: { level: 'Verbose' } }
+      detailedErrorMessages: { enabled: true }
+      failedRequestsTracing: { enabled: true }
+      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+    }
+  }
+}
+
+output SERVICE_API_IDENTITY_PRINCIPAL_ID string = api.outputs.systemAssignedMIPrincipalId
+output SERVICE_API_NAME string = api.outputs.name
+output SERVICE_API_URI string = 'https://${api.outputs.defaultHostname}'
diff --git a/templates/todo/common/infra/bicep/app/web-avm.bicep b/templates/todo/common/infra/bicep/app/web-avm.bicep
@@ -0,0 +1,35 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param serviceName string = 'web'
+param appCommandLine string = 'pm2 serve /home/site/wwwroot --no-daemon --spa'
+param appInsightResourceId string 
+param appServicePlanId string
+param linuxFxVersion string
+
+module web 'br/public:avm/res/web/site:0.6.0' = {
+  name: '${name}-deployment'
+  params: {
+    kind: 'app'
+    name: name
+    serverFarmResourceId: appServicePlanId
+    tags: union(tags, { 'azd-service-name': serviceName })
+    location: location
+    appInsightResourceId: appInsightResourceId
+    siteConfig: {
+      appCommandLine: appCommandLine
+      linuxFxVersion: linuxFxVersion
+      alwaysOn: true
+    }
+    logsConfiguration: {
+      applicationLogs: { fileSystem: { level: 'Verbose' } }
+      detailedErrorMessages: { enabled: true }
+      failedRequestsTracing: { enabled: true }
+      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+    }
+  }
+}
+
+output SERVICE_WEB_IDENTITY_PRINCIPAL_ID string = web.outputs.systemAssignedMIPrincipalId
+output SERVICE_WEB_NAME string = web.outputs.name
+output SERVICE_WEB_URI string = 'https://${web.outputs.defaultHostname}'
diff --git a/templates/todo/projects/csharp-cosmos-sql/.repo/bicep/infra/main.bicep b/templates/todo/projects/csharp-cosmos-sql/.repo/bicep/infra/main.bicep
@@ -41,8 +41,6 @@ var abbrs = loadJsonContent('../../../../../../common/infra/bicep/abbreviations.
 var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
 var tags = { 'azd-env-name': environmentName }
 var actualDatabaseName = !empty(cosmosDatabaseName) ? cosmosDatabaseName : 'Todo'
-var webUri = 'https://${web.outputs.defaultHostname}'
-var apiUri = 'https://${api.outputs.defaultHostname}'
 var apimApiUri = 'https://${apim.outputs.name}.azure-api.net/todo'
 var apimServiceId = useAPIM ? apim.outputs.resourceId : ''
 
@@ -54,67 +52,42 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
 }
 
 // The application frontend
-module web 'br/public:avm/res/web/site:0.3.9' = {
+module web '../../../../../common/infra/bicep/app/web-avm.bicep' = {
   name: 'web'
   scope: rg
   params: {
-    kind: 'app'
     name: !empty(webServiceName) ? webServiceName : '${abbrs.webSitesAppService}web-${resourceToken}'
-    serverFarmResourceId: appServicePlan.outputs.resourceId
-    tags: union(tags, { 'azd-service-name': 'web' })
     location: location
+    tags: tags
+    appServicePlanId: appServicePlan.outputs.resourceId
     appInsightResourceId: applicationInsights.outputs.resourceId
-    siteConfig: {
-      appCommandLine: 'pm2 serve /home/site/wwwroot --no-daemon --spa'
-      linuxFxVersion: 'node|20-lts'
-      alwaysOn: true
-    }
-    logsConfiguration: {
-      applicationLogs: { fileSystem: { level: 'Verbose' } }
-      detailedErrorMessages: { enabled: true }
-      failedRequestsTracing: { enabled: true }
-      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
-    }
+    linuxFxVersion: 'node|20-lts'
   }
 }
 
 // The application backend
-module api 'br/public:avm/res/web/site:0.3.9' = {
+module api '../../../../../common/infra/bicep/app/api-avm.bicep' = {
   name: 'api'
   scope: rg
   params: {
-    kind: 'app'
     name: !empty(apiServiceName) ? apiServiceName : '${abbrs.webSitesAppService}api-${resourceToken}'
-    serverFarmResourceId: appServicePlan.outputs.resourceId
-    tags: union(tags, { 'azd-service-name': 'api' })
     location: location
-    appInsightResourceId: applicationInsights.outputs.resourceId
-    managedIdentities: {
-      systemAssigned: true
-    }
+    tags: tags
+    kind: 'app'
+    appServicePlanId: appServicePlan.outputs.resourceId
     siteConfig: {
-      cors: {
-        allowedOrigins: [ 'https://portal.azure.com', 'https://ms.portal.azure.com' , webUri ]
-      }
       alwaysOn: true
-      linuxFxVersion: 'dotnetcore|8.0'
-      appCommandLine: ''
     }
-    appSettingsKeyValuePairs: {
+    appSettings: {
       AZURE_KEY_VAULT_ENDPOINT: keyVault.outputs.uri
       AZURE_COSMOS_CONNECTION_STRING_KEY: connectionStringKey
       AZURE_COSMOS_DATABASE_NAME: actualDatabaseName
       AZURE_COSMOS_ENDPOINT: cosmos.outputs.endpoint
-      API_ALLOW_ORIGINS: webUri
-      SCM_DO_BUILD_DURING_DEPLOYMENT: 'False'
-      ENABLE_ORYX_BUILD: 'True'
-    }
-    logsConfiguration: {
-      applicationLogs: { fileSystem: { level: 'Verbose' } }
-      detailedErrorMessages: { enabled: true }
-      failedRequestsTracing: { enabled: true }
-      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+      API_ALLOW_ORIGINS: web.outputs.SERVICE_WEB_URI
     }
+    appInsightResourceId: applicationInsights.outputs.resourceId
+    linuxFxVersion: 'dotnetcore|8.0'
+    allowedOrigins: [ web.outputs.SERVICE_WEB_URI ]
   }
 }
 
@@ -137,7 +110,7 @@ module accessKeyVault 'br/public:avm/res/key-vault/vault:0.5.1' = {
         }
       }
       {
-        objectId: api.outputs.systemAssignedMIPrincipalId
+        objectId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
         permissions: {
           secrets: [ 'get', 'list' ]
         }
@@ -147,7 +120,7 @@ module accessKeyVault 'br/public:avm/res/key-vault/vault:0.5.1' = {
 }
 
 // The application database
-module cosmos 'br/public:avm/res/document-db/database-account:0.5.5' = {
+module cosmos 'br/public:avm/res/document-db/database-account:0.6.0' = {
   name: 'cosmos'
   scope: rg
   params: {
@@ -160,8 +133,8 @@ module cosmos 'br/public:avm/res/document-db/database-account:0.5.5' = {
         isZoneRedundant: false
       }
     ]
-    secretsKeyVault: {
-      keyVaultName: keyVault.outputs.name
+    secretsExportConfiguration:{
+      keyVaultResourceId: keyVault.outputs.resourceId
       primaryWriteConnectionStringSecretName: connectionStringKey
     }
     capabilitiesToAdd: [ 'EnableServerless' ] 
@@ -197,7 +170,7 @@ module apiCosmosSqlRoleAssign 'br/public:avm/res/document-db/database-account:0.
   params: {
     name: cosmos.outputs.name
     location: location
-    sqlRoleAssignmentsPrincipalIds: [ api.outputs.systemAssignedMIPrincipalId ]
+    sqlRoleAssignmentsPrincipalIds: [ api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID ]
     sqlRoleDefinitions: [
       {
         name: 'writer'
@@ -340,14 +313,14 @@ module apim 'br/public:avm/res/api-management/service:0.2.0' = if (useAPIM) {
         path: 'todo'
         displayName: 'Simple Todo API'
         apiDescription: 'This is a simple Todo API'
-        serviceUrl: apiUri
+        serviceUrl: api.outputs.SERVICE_API_URI
         subscriptionRequired: false
         protocols: [ 'https' ]
         type: 'http'
         value: loadTextContent('../../../../../api/common/openapi.yaml')
         policies: [
           {
-            value: replace(loadTextContent('../../../../../../common/infra/shared/gateway/apim/apim-api-policy.xml'), '{origin}', webUri)
+            value: replace(loadTextContent('../../../../../../common/infra/shared/gateway/apim/apim-api-policy.xml'), '{origin}', web.outputs.SERVICE_WEB_URI)
             format: 'rawxml'
           }
         ]
@@ -362,7 +335,7 @@ module apiConfig 'br/public:avm/res/web/site:0.3.9' = if (useAPIM) {
   scope: rg
   params: {
     kind: 'app'
-    name: api.outputs.name
+    name: api.outputs.SERVICE_API_NAME
     tags: union(tags, { 'azd-service-name': 'api' })
     serverFarmResourceId: appServicePlan.outputs.resourceId
     location: location
@@ -385,7 +358,7 @@ output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.uri
 output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name
 output AZURE_LOCATION string = location
 output AZURE_TENANT_ID string = tenant().tenantId
-output API_BASE_URL string = useAPIM ? apimApiUri : apiUri
-output REACT_APP_WEB_BASE_URL string = webUri
+output API_BASE_URL string = useAPIM ? apimApiUri : api.outputs.SERVICE_API_URI
+output REACT_APP_WEB_BASE_URL string = web.outputs.SERVICE_WEB_URI
 output USE_APIM bool = useAPIM
-output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApiUri, apiUri ]: []
+output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApiUri, api.outputs.SERVICE_API_URI ]: []
diff --git a/templates/todo/projects/csharp-cosmos-sql/.repo/bicep/repo.yaml b/templates/todo/projects/csharp-cosmos-sql/.repo/bicep/repo.yaml
@@ -118,6 +118,12 @@ repo:
     - from: ../../../../common/infra/bicep/app/applicationinsights-dashboard.bicep
       to: ./infra/app/applicationinsights-dashboard.bicep
 
+    - from: ../../../../common/infra/bicep/app/web-avm.bicep
+      to: ./infra/app/web-avm.bicep
+
+    - from: ../../../../common/infra/bicep/app/api-avm.bicep
+      to: ./infra/app/api-avm.bicep
+
     - from: ./../../
       to: ./
       ignore:

diff --git a/templates/todo/projects/csharp-sql-swa-func/.repo/bicep/infra/main.bicep b/templates/todo/projects/csharp-sql-swa-func/.repo/bicep/infra/main.bicep
@@ -54,7 +54,6 @@ var tags = { 'azd-env-name': environmentName }
 var defaultDatabaseName = 'Todo'
 var actualDatabaseName = !empty(sqlDatabaseName) ? sqlDatabaseName : defaultDatabaseName
 var webUri = 'https://${web.outputs.defaultHostname}'
-var apiUri = 'https://${api.outputs.defaultHostname}'
 var apimApiUri = 'https://${apim.outputs.name}.azure-api.net/todo'
 var apimServiceId = useAPIM ? apim.outputs.resourceId : ''
 
@@ -78,43 +77,27 @@ module web 'br/public:avm/res/web/static-site:0.3.0' = {
 }
 
 // The application backend
-module api 'br/public:avm/res/web/site:0.3.9' = {
+module api '../../../../../common/infra/bicep/app/api-avm.bicep' = {
   name: 'api'
   scope: rg
   params: {
-    kind: 'functionapp'
-    name: !empty(apiServiceName) ? apiServiceName : '${abbrs.webSitesFunctions}api-${resourceToken}'
-    serverFarmResourceId: appServicePlan.outputs.resourceId
-    tags: union(tags, { 'azd-service-name': 'api' })
+    name: !empty(apiServiceName) ? apiServiceName : '${abbrs.webSitesAppService}api-${resourceToken}'
     location: location
-    appInsightResourceId: applicationInsights.outputs.resourceId
-    managedIdentities: {
-      systemAssigned: true
-    }
-    clientAffinityEnabled: false
-    siteConfig: {
-      cors: {
-        allowedOrigins: [ 'https://portal.azure.com', 'https://ms.portal.azure.com' , webUri ]
-      }
-      linuxFxVersion: 'dotnet-isolated|8.0'
-      use32BitWorkerProcess: false
-    }
-    appSettingsKeyValuePairs: {
+    tags: tags
+    kind: 'functionapp'
+    appServicePlanId: appServicePlan.outputs.resourceId
+    appSettings: {
       AZURE_KEY_VAULT_ENDPOINT: keyVault.outputs.uri
       AZURE_SQL_CONNECTION_STRING_KEY: connectionStringKey
       API_ALLOW_ORIGINS: webUri
       FUNCTIONS_EXTENSION_VERSION: '~4'
       FUNCTIONS_WORKER_RUNTIME: 'dotnet-isolated'
-      SCM_DO_BUILD_DURING_DEPLOYMENT: 'False'
-      ENABLE_ORYX_BUILD: 'True'
-    }
-    logsConfiguration: {
-      applicationLogs: { fileSystem: { level: 'Verbose' } }
-      detailedErrorMessages: { enabled: true }
-      failedRequestsTracing: { enabled: true }
-      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
     }
+    appInsightResourceId: applicationInsights.outputs.resourceId
+    linuxFxVersion: 'dotnet-isolated|8.0'
+    allowedOrigins: [ webUri ]
     storageAccountResourceId: storage.outputs.resourceId
+    clientAffinityEnabled: false
   }
 }
 
@@ -137,7 +120,7 @@ module accessKeyVault 'br/public:avm/res/key-vault/vault:0.5.1' = {
         }
       }
       {
-        objectId: api.outputs.systemAssignedMIPrincipalId
+        objectId: api.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
         permissions: {
           secrets: [ 'get', 'list' ]
         }
@@ -353,7 +336,7 @@ module apim 'br/public:avm/res/api-management/service:0.2.0' = if (useAPIM) {
         path: 'todo'
         displayName: 'Simple Todo API'
         apiDescription: 'This is a simple Todo API'
-        serviceUrl: apiUri
+        serviceUrl: api.outputs.SERVICE_API_URI
         subscriptionRequired: false
         protocols: [ 'https' ]
         type: 'http'
@@ -375,7 +358,7 @@ module apiConfig 'br/public:avm/res/web/site:0.3.9' = if (useAPIM) {
   scope: rg
   params: {
     kind: 'functionapp'
-    name: api.outputs.name
+    name: api.outputs.SERVICE_API_NAME
     tags: union(tags, { 'azd-service-name': 'api' })
     siteConfig: {
       cors: {
@@ -403,7 +386,7 @@ output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.uri
 output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name
 output AZURE_LOCATION string = location
 output AZURE_TENANT_ID string = tenant().tenantId
-output API_BASE_URL string = useAPIM ? apimApiUri : apiUri
+output API_BASE_URL string = useAPIM ? apimApiUri : api.outputs.SERVICE_API_URI
 output REACT_APP_WEB_BASE_URL string = webUri
 output USE_APIM bool = useAPIM
-output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApiUri, apiUri ]: []
+output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApiUri, api.outputs.SERVICE_API_URI ]: []
diff --git a/templates/todo/projects/csharp-sql-swa-func/.repo/bicep/repo.yaml b/templates/todo/projects/csharp-sql-swa-func/.repo/bicep/repo.yaml
@@ -121,6 +121,9 @@ repo:
     - from: ../../../../common/infra/bicep/app/sql-deployment-script.bicep
       to: ./infra/app/sql-deployment-script.bicep
 
+    - from: ../../../../common/infra/bicep/app/api-avm.bicep
+      to: ./infra/app/api-avm.bicep
+
     - from: ./../../
       to: ./
       ignore: