-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5272 from dfe-analytical-services/dev-into-master
Merging dev into master
- Loading branch information
Showing
247 changed files
with
142,959 additions
and
4,296 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// Originally sourced from https://github.com/Azure-Samples/todo-csharp-sql/blob/main/infra/abbreviations.json. | ||
@export() | ||
var abbreviations = { | ||
appContainerApps: 'ca' | ||
appManagedEnvironments: 'cae' | ||
// TODO - remove the "-flexibleserver" suffix and change the suffix of our PSQL instance to "-01" | ||
dBforPostgreSQLServers: 'psql-flexibleserver' | ||
// 'ai' is non-standard - it should be 'appi' | ||
insightsComponents: 'ai' | ||
managedIdentityUserAssignedIdentities: 'id' | ||
networkApplicationGateways: 'agw' | ||
operationalInsightsWorkspaces: 'log' | ||
// 'sa' is non-standard - it should be 'st' | ||
storageStorageAccounts: 'sa' | ||
// 'fa' is non-standard - it shoule be 'func' | ||
webSitesFunctions: 'fa' | ||
// 'asp' is non-standard - it should be 'plan' | ||
webServerFarms: 'asp' | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
145 changes: 145 additions & 0 deletions
145
infrastructure/templates/public-api/application/public-api/publicApiApp.bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
import { resourceNamesType } from '../../types.bicep' | ||
|
||
@description('Specifies common resource naming variables.') | ||
param resourceNames resourceNamesType | ||
|
||
@description('Specifies the location for all resources.') | ||
param location string | ||
|
||
@description('Specifies the id of the Container App Environment in which to deploy this Container App.') | ||
param containerAppEnvironmentId string | ||
|
||
@description('The tags of the Docker images to deploy.') | ||
param dockerImagesTag string | ||
|
||
@description('The URL of the Public API.') | ||
param publicApiUrl string | ||
|
||
@description('The URL of the Public site.') | ||
param publicSiteUrl string | ||
|
||
@description('The URL of the Content API.') | ||
param contentApiUrl string | ||
|
||
@description('Specifies the Application (Client) Id of the App Registration used to represent the API Container App.') | ||
param apiAppRegistrationClientId string | ||
|
||
@description('Specifies the Application Insights connection string for this Container App to use for its monitoring.') | ||
param appInsightsConnectionString string | ||
|
||
@description('Specifies a set of tags with which to tag the resource in Azure.') | ||
param tagValues object | ||
|
||
var dataFilesFileShareMountPath = '/data/public-api-data' | ||
|
||
resource adminAppService 'Microsoft.Web/sites@2023-12-01' existing = { | ||
name: resourceNames.existingResources.adminApp | ||
} | ||
|
||
resource adminAppServiceIdentity 'Microsoft.ManagedIdentity/identities@2023-01-31' existing = { | ||
scope: adminAppService | ||
name: 'default' | ||
} | ||
|
||
var adminAppClientId = adminAppServiceIdentity.properties.clientId | ||
var adminAppPrincipalId = adminAppServiceIdentity.properties.principalId | ||
|
||
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { | ||
name: resourceNames.existingResources.keyVault | ||
} | ||
|
||
resource apiContainerAppManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = { | ||
name: resourceNames.publicApi.apiAppIdentity | ||
} | ||
|
||
module apiContainerAppModule '../../components/containerApp.bicep' = { | ||
name: 'apiContainerAppDeploy' | ||
params: { | ||
location: location | ||
containerAppName: resourceNames.publicApi.apiApp | ||
acrLoginServer: keyVault.getSecret('DOCKER-REGISTRY-SERVER-DOMAIN') | ||
containerAppImageName: 'ees-public-api/api:${dockerImagesTag}' | ||
dockerPullManagedIdentityClientId: keyVault.getSecret('DOCKER-REGISTRY-SERVER-USERNAME') | ||
dockerPullManagedIdentitySecretValue: keyVault.getSecret('DOCKER-REGISTRY-SERVER-PASSWORD') | ||
userAssignedManagedIdentityId: apiContainerAppManagedIdentity.id | ||
managedEnvironmentId: containerAppEnvironmentId | ||
corsPolicy: { | ||
allowedOrigins: [ | ||
publicSiteUrl | ||
'http://localhost:3000' | ||
'http://127.0.0.1' | ||
] | ||
} | ||
volumeMounts: [ | ||
{ | ||
volumeName: 'public-api-fileshare-mount' | ||
mountPath: dataFilesFileShareMountPath | ||
} | ||
] | ||
volumes: [ | ||
{ | ||
name: 'public-api-fileshare-mount' | ||
storageType: 'AzureFile' | ||
storageName: resourceNames.publicApi.publicApiFileshare | ||
} | ||
] | ||
appSettings: [ | ||
{ | ||
name: 'ConnectionStrings__PublicDataDb' | ||
value: 'Server=${resourceNames.sharedResources.postgreSqlFlexibleServer}.postgres.database.azure.com;Database=public_data;Port=5432;User Id=${resourceNames.publicApi.apiAppIdentity}' | ||
} | ||
{ | ||
// This settings allows the Container App to identify which user-assigned identity it should use in order to | ||
// perform Managed Identity-based authentication and authorization with other Azure services / resources. | ||
// | ||
// It is used in conjunction with the Azure.Identity .NET library to retrieve access tokens for the user-assigned | ||
// identity. | ||
name: 'AZURE_CLIENT_ID' | ||
value: apiContainerAppManagedIdentity.properties.clientId | ||
} | ||
{ | ||
name: 'AppSettings__HostUrl' | ||
value: publicApiUrl | ||
} | ||
{ | ||
name: 'AppInsights__ConnectionString' | ||
value: appInsightsConnectionString | ||
} | ||
{ | ||
name: 'ContentApi__Url' | ||
value: contentApiUrl | ||
} | ||
{ | ||
name: 'MiniProfiler__Enabled' | ||
value: 'true' | ||
} | ||
{ | ||
name: 'DataFiles__BasePath' | ||
value: dataFilesFileShareMountPath | ||
} | ||
{ | ||
name: 'OpenIdConnect__TenantId' | ||
value: tenant().tenantId | ||
} | ||
{ | ||
name: 'OpenIdConnect__ClientId' | ||
value: apiAppRegistrationClientId | ||
} | ||
] | ||
entraIdAuthentication: { | ||
appRegistrationClientId: apiAppRegistrationClientId | ||
allowedClientIds: [ | ||
adminAppClientId | ||
] | ||
allowedPrincipalIds: [ | ||
adminAppPrincipalId | ||
] | ||
requireAuthentication: false | ||
} | ||
tagValues: tagValues | ||
} | ||
} | ||
|
||
output containerAppFqdn string = apiContainerAppModule.outputs.containerAppFqdn | ||
output containerAppName string = apiContainerAppModule.outputs.containerAppName | ||
output containerAppHealthProbeRelativeUrl string = '/docs' |
Oops, something went wrong.