From 173bf789c84f954a22a2cca7db4bd43fccdf2e47 Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 10:13:14 +0200 Subject: [PATCH 1/6] feat(service): deploy application in container apps --- .azure/applications/service/main.bicep | 161 ++++++++++++++++++ .azure/applications/service/prod.bicepparam | 12 ++ .../applications/service/staging.bicepparam | 12 ++ .azure/applications/service/test.bicepparam | 12 ++ .azure/modules/containerApp/main.bicep | 23 ++- .github/workflows/workflow-deploy-apps.yml | 1 + 6 files changed, 217 insertions(+), 4 deletions(-) create mode 100644 .azure/applications/service/main.bicep create mode 100644 .azure/applications/service/prod.bicepparam create mode 100644 .azure/applications/service/staging.bicepparam create mode 100644 .azure/applications/service/test.bicepparam diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep new file mode 100644 index 000000000..6720067b1 --- /dev/null +++ b/.azure/applications/service/main.bicep @@ -0,0 +1,161 @@ +targetScope = 'resourceGroup' + +@description('The tag of the image to be used') +@minLength(3) +param imageTag string + +@description('The environment for the deployment') +@minLength(3) +param environment string + +@description('The location where the resources will be deployed') +@minLength(3) +param location string + +@description('The suffix for the revision of the container app') +@minLength(3) +param revisionSuffix string + +@description('CPU and memory resources for the container app') +param resources object? + +@description('The name of the container app environment') +@minLength(3) +@secure() +param containerAppEnvironmentName string + +@description('The connection string for Application Insights') +@minLength(3) +@secure() +param appInsightConnectionString string + +@description('The name of the App Configuration store') +@minLength(5) +@secure() +param appConfigurationName string + +@description('The name of the Key Vault for the environment') +@minLength(3) +@secure() +param environmentKeyVaultName string + +var namePrefix = 'dp-be-${environment}' +var baseImageUrl = 'ghcr.io/digdir/dialogporten-' +var tags = { + Environment: environment + Product: 'Dialogporten' +} + +resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = { + name: appConfigurationName +} + +resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01' existing = { + name: containerAppEnvironmentName +} + +var containerAppEnvVars = [ + { + name: 'ASPNETCORE_ENVIRONMENT' + value: environment + } + { + name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' + value: appInsightConnectionString + } + { + name: 'AZURE_APPCONFIG_URI' + value: appConfiguration.properties.endpoint + } + { + name: 'ASPNETCORE_URLS' + value: 'http://+:8080' + } +] + +resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = { + name: environmentKeyVaultName +} + +var serviceName = 'service' + +var containerAppName = '${namePrefix}-${serviceName}' + +var port = 8080 + +var probes = [ + { + periodSeconds: 5 + initialDelaySeconds: 2 + type: 'Liveness' + httpGet: { + path: '/health/liveness' + port: port + } + } + { + periodSeconds: 5 + initialDelaySeconds: 2 + type: 'Readiness' + httpGet: { + path: '/health/readiness' + port: port + } + } + { + periodSeconds: 5 + initialDelaySeconds: 2 + type: 'Startup' + httpGet: { + path: '/health/startup' + port: port + } + } +] + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: '${namePrefix}-service-identity' + location: location + tags: tags +} + +module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = { + name: 'keyVaultReaderAccessPolicy-${containerAppName}' + params: { + keyvaultName: environmentKeyVaultResource.name + principalIds: [managedIdentity.properties.principalId] + } +} + +module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = { + name: 'appConfigReaderAccessPolicy-${containerAppName}' + params: { + appConfigurationName: appConfigurationName + principalIds: [managedIdentity.properties.principalId] + } +} + +module containerApp '../../modules/containerApp/main.bicep' = { + name: containerAppName + params: { + name: containerAppName + image: '${baseImageUrl}${serviceName}:${imageTag}' + location: location + envVariables: containerAppEnvVars + containerAppEnvId: containerAppEnvironment.id + tags: tags + resources: resources + probes: probes + port: port + revisionSuffix: revisionSuffix + userAssignedIdentityId: managedIdentity.id + // TODO: Once all container apps use user-assigned identities, remove this comment and ensure userAssignedIdentityId is always provided + } + dependsOn: [ + keyVaultReaderAccessPolicy + appConfigReaderAccessPolicy + ] +} + +output name string = containerApp.outputs.name +output revisionName string = containerApp.outputs.revisionName diff --git a/.azure/applications/service/prod.bicepparam b/.azure/applications/service/prod.bicepparam new file mode 100644 index 000000000..7abc5dfbb --- /dev/null +++ b/.azure/applications/service/prod.bicepparam @@ -0,0 +1,12 @@ +using './main.bicep' + +param environment = 'prod' +param location = 'norwayeast' +param imageTag = readEnvironmentVariable('IMAGE_TAG') +param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX') + +// secrets +param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') +param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') +param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') +param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') diff --git a/.azure/applications/service/staging.bicepparam b/.azure/applications/service/staging.bicepparam new file mode 100644 index 000000000..8f45eca13 --- /dev/null +++ b/.azure/applications/service/staging.bicepparam @@ -0,0 +1,12 @@ +using './main.bicep' + +param environment = 'staging' +param location = 'norwayeast' +param imageTag = readEnvironmentVariable('IMAGE_TAG') +param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX') + +// secrets +param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') +param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') +param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') +param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') diff --git a/.azure/applications/service/test.bicepparam b/.azure/applications/service/test.bicepparam new file mode 100644 index 000000000..b3f5fed67 --- /dev/null +++ b/.azure/applications/service/test.bicepparam @@ -0,0 +1,12 @@ +using './main.bicep' + +param environment = 'test' +param location = 'norwayeast' +param imageTag = readEnvironmentVariable('IMAGE_TAG') +param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX') + +// secrets +param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') +param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') +param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') +param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') diff --git a/.azure/modules/containerApp/main.bicep b/.azure/modules/containerApp/main.bicep index 7eb404bef..503a56da9 100644 --- a/.azure/modules/containerApp/main.bicep +++ b/.azure/modules/containerApp/main.bicep @@ -31,6 +31,10 @@ param revisionSuffix string @description('The probes for the container app') param probes array = [] +// TODO: Refactor to make userAssignedIdentityId a required parameter once all container apps use user-assigned identities +@description('The ID of the user-assigned managed identity (optional)') +param userAssignedIdentityId string = '' + // Container app revision name does not allow '.' character var cleanedRevisionSuffix = replace(revisionSuffix, '.', '-') @@ -50,12 +54,19 @@ var ingress = { ipSecurityRestrictions: ipSecurityRestrictions } +var identityConfig = empty(userAssignedIdentityId) ? { + type: 'SystemAssigned' +} : { + type: 'UserAssigned' + userAssignedIdentities: { + '${userAssignedIdentityId}': {} + } +} + resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { name: name location: location - identity: { - type: 'SystemAssigned' - } + identity: identityConfig properties: { configuration: { ingress: ingress @@ -81,6 +92,10 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { tags: tags } -output identityPrincipalId string = containerApp.identity.principalId +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(userAssignedIdentityId)) { + name: last(split(userAssignedIdentityId, '/')) +} + +output identityPrincipalId string = empty(userAssignedIdentityId) ? containerApp.identity.principalId : managedIdentity.properties.principalId output name string = containerApp.name output revisionName string = containerApp.properties.latestRevisionName diff --git a/.github/workflows/workflow-deploy-apps.yml b/.github/workflows/workflow-deploy-apps.yml index 79a87e76f..4caf110ff 100644 --- a/.github/workflows/workflow-deploy-apps.yml +++ b/.github/workflows/workflow-deploy-apps.yml @@ -145,6 +145,7 @@ jobs: - name: web-api-eu - name: web-api-so - name: graphql + - name: service environment: ${{ inputs.environment }} permissions: id-token: write From c1ce84b9d9a36bf9146c7834eb62d4a394d3051a Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 10:18:49 +0200 Subject: [PATCH 2/6] cleanup --- .azure/applications/service/main.bicep | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep index 6720067b1..33ab5e65e 100644 --- a/.azure/applications/service/main.bicep +++ b/.azure/applications/service/main.bicep @@ -139,7 +139,9 @@ module containerApp '../../modules/containerApp/main.bicep' = { name: containerAppName params: { name: containerAppName - image: '${baseImageUrl}${serviceName}:${imageTag}' + // todo: make this dynamic based on service name. Using webapi for now. + // image: '${baseImageUrl}${serviceName}:${imageTag}' + image: '${baseImageUrl}webapi:${imageTag}' location: location envVariables: containerAppEnvVars containerAppEnvId: containerAppEnvironment.id From f8b40f52344f21e596a35b58d9e51a6a74e113ca Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 10:45:19 +0200 Subject: [PATCH 3/6] cleanup --- .azure/applications/service/main.bicep | 2 -- 1 file changed, 2 deletions(-) diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep index 33ab5e65e..d037ce8fe 100644 --- a/.azure/applications/service/main.bicep +++ b/.azure/applications/service/main.bicep @@ -31,12 +31,10 @@ param appInsightConnectionString string @description('The name of the App Configuration store') @minLength(5) -@secure() param appConfigurationName string @description('The name of the Key Vault for the environment') @minLength(3) -@secure() param environmentKeyVaultName string var namePrefix = 'dp-be-${environment}' From e21ac765d0e5dc08b0d09602b9f89b7ea67565f9 Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 12:52:26 +0200 Subject: [PATCH 4/6] feat(service): add permissions for service-bus --- .azure/applications/service/main.bicep | 14 +++++++++- .../applications/service/staging.bicepparam | 7 ++--- .azure/applications/service/test.bicepparam | 7 ++--- .../modules/serviceBus/addReaderRoles.bicep | 27 +++++++++++++++++++ .github/workflows/ci-cd-main.yml | 1 + .github/workflows/ci-cd-prod.yml | 2 ++ .../ci-cd-pull-request-release-please.yml | 1 + .github/workflows/ci-cd-pull-request.yml | 1 + .github/workflows/ci-cd-staging.yml | 1 + .github/workflows/dispatch-apps.yml | 1 + 10 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 .azure/modules/serviceBus/addReaderRoles.bicep diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep index d037ce8fe..4b8a0dbd1 100644 --- a/.azure/applications/service/main.bicep +++ b/.azure/applications/service/main.bicep @@ -21,9 +21,12 @@ param resources object? @description('The name of the container app environment') @minLength(3) -@secure() param containerAppEnvironmentName string +@description('The name of the Service Bus namespace') +@minLength(3) +param serviceBusNamespaceName string + @description('The connection string for Application Insights') @minLength(3) @secure() @@ -133,6 +136,14 @@ module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRole } } +module serviceBusOwnerAccessPolicy '../../modules/serviceBus/addReaderRoles.bicep' = { + name: 'serviceBusOwnerAccessPolicy-${containerAppName}' + params: { + serviceBusNamespaceName: serviceBusNamespaceName + principalIds: [managedIdentity.properties.principalId] + } +} + module containerApp '../../modules/containerApp/main.bicep' = { name: containerAppName params: { @@ -154,6 +165,7 @@ module containerApp '../../modules/containerApp/main.bicep' = { dependsOn: [ keyVaultReaderAccessPolicy appConfigReaderAccessPolicy + serviceBusOwnerAccessPolicy ] } diff --git a/.azure/applications/service/staging.bicepparam b/.azure/applications/service/staging.bicepparam index 8f45eca13..f1c8a3305 100644 --- a/.azure/applications/service/staging.bicepparam +++ b/.azure/applications/service/staging.bicepparam @@ -4,9 +4,10 @@ param environment = 'staging' param location = 'norwayeast' param imageTag = readEnvironmentVariable('IMAGE_TAG') param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX') - -// secrets param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') +param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') +param serviceBusNamespaceName = readEnvironmentVariable('AZURE_SERVICE_BUS_NAMESPACE_NAME') + +// secrets param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') -param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') diff --git a/.azure/applications/service/test.bicepparam b/.azure/applications/service/test.bicepparam index b3f5fed67..87c700860 100644 --- a/.azure/applications/service/test.bicepparam +++ b/.azure/applications/service/test.bicepparam @@ -4,9 +4,10 @@ param environment = 'test' param location = 'norwayeast' param imageTag = readEnvironmentVariable('IMAGE_TAG') param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX') - -// secrets param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') +param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') +param serviceBusNamespaceName = readEnvironmentVariable('AZURE_SERVICE_BUS_NAMESPACE_NAME') + +// secrets param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') -param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME') diff --git a/.azure/modules/serviceBus/addReaderRoles.bicep b/.azure/modules/serviceBus/addReaderRoles.bicep new file mode 100644 index 000000000..fe263062a --- /dev/null +++ b/.azure/modules/serviceBus/addReaderRoles.bicep @@ -0,0 +1,27 @@ +@description('The name of the Service Bus namespace') +param serviceBusNamespaceName string + +@description('Array of principal IDs to assign the Azure Service Bus Data Owner role to') +param principalIds array + +resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' existing = { + name: serviceBusNamespaceName +} + +@description('This is the built-in Azure Service Bus Data Owner role. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#azure-service-bus-data-owner') +resource serviceBusDataOwnerRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { + scope: subscription() + name: '090c5cfd-751d-490a-894a-3ce6f1109419' +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ + for principalId in principalIds: { + scope: serviceBusNamespace + name: guid(serviceBusNamespace.id, principalId, serviceBusDataOwnerRoleDefinition.id) + properties: { + roleDefinitionId: serviceBusDataOwnerRoleDefinition.id + principalId: principalId + principalType: 'ServicePrincipal' + } + } +] diff --git a/.github/workflows/ci-cd-main.yml b/.github/workflows/ci-cd-main.yml index 8918519ae..350c80019 100644 --- a/.github/workflows/ci-cd-main.yml +++ b/.github/workflows/ci-cd-main.yml @@ -101,6 +101,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: test region: norwayeast diff --git a/.github/workflows/ci-cd-prod.yml b/.github/workflows/ci-cd-prod.yml index 9189675f2..37fefee08 100644 --- a/.github/workflows/ci-cd-prod.yml +++ b/.github/workflows/ci-cd-prod.yml @@ -73,6 +73,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: prod region: norwayeast @@ -96,6 +97,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: prod region: norwayeast diff --git a/.github/workflows/ci-cd-pull-request-release-please.yml b/.github/workflows/ci-cd-pull-request-release-please.yml index 8f559d143..f6a73c4ce 100644 --- a/.github/workflows/ci-cd-pull-request-release-please.yml +++ b/.github/workflows/ci-cd-pull-request-release-please.yml @@ -58,6 +58,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: staging region: norwayeast diff --git a/.github/workflows/ci-cd-pull-request.yml b/.github/workflows/ci-cd-pull-request.yml index 523f85e78..85909d889 100644 --- a/.github/workflows/ci-cd-pull-request.yml +++ b/.github/workflows/ci-cd-pull-request.yml @@ -82,6 +82,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: test region: norwayeast diff --git a/.github/workflows/ci-cd-staging.yml b/.github/workflows/ci-cd-staging.yml index c1a818358..9ae57c024 100644 --- a/.github/workflows/ci-cd-staging.yml +++ b/.github/workflows/ci-cd-staging.yml @@ -65,6 +65,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: staging region: norwayeast diff --git a/.github/workflows/dispatch-apps.yml b/.github/workflows/dispatch-apps.yml index cadcfc066..a23fe7999 100644 --- a/.github/workflows/dispatch-apps.yml +++ b/.github/workflows/dispatch-apps.yml @@ -54,6 +54,7 @@ jobs: AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }} AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: environment: ${{ inputs.environment }} region: norwayeast From 30a5520bab42aa3a9e45797185e9e7c87c998596 Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 13:06:52 +0200 Subject: [PATCH 5/6] cleanup --- .github/workflows/workflow-deploy-apps.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/workflow-deploy-apps.yml b/.github/workflows/workflow-deploy-apps.yml index 4caf110ff..0fc5048cf 100644 --- a/.github/workflows/workflow-deploy-apps.yml +++ b/.github/workflows/workflow-deploy-apps.yml @@ -20,6 +20,8 @@ on: required: true AZURE_APP_CONFIGURATION_NAME: required: true + AZURE_SERVICE_BUS_NAMESPACE_NAME: + required: true inputs: region: @@ -175,6 +177,7 @@ jobs: AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: scope: resourcegroup template: ./.azure/applications/${{ matrix.name }}/main.bicep @@ -199,6 +202,7 @@ jobs: AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }} AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }} AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }} + AZURE_SERVICE_BUS_NAMESPACE_NAME: ${{ secrets.AZURE_SERVICE_BUS_NAMESPACE_NAME }} with: scope: resourcegroup template: ./.azure/applications/${{ matrix.name }}/main.bicep From 4473e2e98a280310ed9bb5e1ad27dd36b9787a5e Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Wed, 16 Oct 2024 13:27:39 +0200 Subject: [PATCH 6/6] cleanup --- .azure/applications/service/main.bicep | 2 +- .../{addReaderRoles.bicep => addDataOwnerRoles.bicep} | 0 README.md | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename .azure/modules/serviceBus/{addReaderRoles.bicep => addDataOwnerRoles.bicep} (100%) diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep index b53f0bbb3..1d170855f 100644 --- a/.azure/applications/service/main.bicep +++ b/.azure/applications/service/main.bicep @@ -140,7 +140,7 @@ module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRole } } -module serviceBusOwnerAccessPolicy '../../modules/serviceBus/addReaderRoles.bicep' = { +module serviceBusOwnerAccessPolicy '../../modules/serviceBus/addDataOwnerRoles.bicep' = { name: 'serviceBusOwnerAccessPolicy-${containerAppName}' params: { serviceBusNamespaceName: serviceBusNamespaceName diff --git a/.azure/modules/serviceBus/addReaderRoles.bicep b/.azure/modules/serviceBus/addDataOwnerRoles.bicep similarity index 100% rename from .azure/modules/serviceBus/addReaderRoles.bicep rename to .azure/modules/serviceBus/addDataOwnerRoles.bicep diff --git a/README.md b/README.md index 09f6fdc17..9744e5000 100644 --- a/README.md +++ b/README.md @@ -347,7 +347,7 @@ Ensure you have followed the steps in [Deploying a new infrastructure environmen Use the following steps: -- From the infrastructure resources created, add the following GitHub secrets in the new environment (this will not be necessary in the future as secrets would be added directly from infrastructure deployment): `AZURE_APP_CONFIGURATION_NAME`, `AZURE_APP_INSIGHTS_CONNECTION_STRING`, `AZURE_CONTAINER_APP_ENVIRONMENT_NAME`, `AZURE_ENVIRONMENT_KEY_VAULT_NAME`, `AZURE_REDIS_NAME`, `AZURE_RESOURCE_GROUP_NAME` and `AZURE_SLACK_NOTIFIER_FUNCTION_APP_NAME` +- From the infrastructure resources created, add the following GitHub secrets in the new environment (this will not be necessary in the future as secrets would be added directly from infrastructure deployment): `AZURE_APP_CONFIGURATION_NAME`, `AZURE_APP_INSIGHTS_CONNECTION_STRING`, `AZURE_CONTAINER_APP_ENVIRONMENT_NAME`, `AZURE_ENVIRONMENT_KEY_VAULT_NAME`, `AZURE_REDIS_NAME`, `AZURE_RESOURCE_GROUP_NAME`, `AZURE_SERVICE_BUS_NAMESPACE_NAME` and `AZURE_SLACK_NOTIFIER_FUNCTION_APP_NAME` - Add new parameter files for the environment in all applications `.azure/applications/*/.bicepparam`