make changes to main.bicep, less in common components

Azure-Samples · Apr 18, 2024 · e10ec46 · e10ec46
1 parent 3b7c6d6
commit e10ec46
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 7 deletions.
diff --git a/infra/app/api.bicep b/infra/app/api.bicep
@@ -11,9 +11,12 @@ param serviceName string = 'api'
 param corsAcaUrl string
 param exists bool
 
-resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
   name: identityName
-  location: location
+}
+
+resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
+  name: appConfigName
 }
 
 // Give the API access to KeyVault
@@ -71,10 +74,6 @@ module app '../core/host/container-app-upsert.bicep' = {
   }
 }
 
-resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
-  name: appConfigName
-}
-
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = apiIdentity.properties.principalId
 output SERVICE_API_NAME string = app.outputs.name
 output SERVICE_API_URI string = app.outputs.uri

diff --git a/infra/core/config/configstore.bicep b/infra/core/config/configstore.bicep
@@ -15,6 +15,8 @@ param keyValueNames array = []
 @description('Specifies the values of the key-value resources.')
 param keyValueValues array = []
 
+@description('The principal ID to grant access to the Azure App Configuration store')
+param principalId string
 
 resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
   name: name
@@ -34,6 +36,14 @@ resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/key
   }
 }]
 
+module configStoreAccess '../security/configstore-access.bicep' = {
+  name: 'app-configuration-access'
+  params: {
+    configStoreName: name
+    principalId: principalId
+  }
+  dependsOn: [configStore]
+}
 
 output endpoint string = configStore.properties.endpoint
 output name string = name
diff --git a/infra/core/host/container-app-upsert.bicep b/infra/core/host/container-app-upsert.bicep
@@ -81,7 +81,7 @@ module app 'container-app.bicep' = {
     name: name
     location: location
     tags: tags
-    identityType:'UserAssigned' // Enable system-assigned identity
+    identityType:identityType // Enable system-assigned identity
     identityName: identityName // Assign user-assigned identity
     ingressEnabled: ingressEnabled
     containerName: containerName

diff --git a/infra/core/security/user-assigned-managed-identity.bicep b/infra/core/security/user-assigned-managed-identity.bicep
@@ -0,0 +1,12 @@
+metadata description = 'Creates a user assigned managed identity.'
+param identityName string
+param location string = resourceGroup().location
+param tags object = {}
+
+resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: identityName
+  location: location
+  tags: tags
+}
+
+output principalId string = apiIdentity.properties.principalId
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -95,6 +95,16 @@ module web './app/web.bicep' = {
   }
 }
 
+module apiIdentity './core/security/user-assigned-managed-identity.bicep' = {
+  scope: rg
+  name: 'apiIdentity'
+  params: {
+  identityName: '${abbrs.managedIdentityUserAssignedIdentities}web-${resourceToken}'
+  location: location
+  tags: tags
+  }
+}
+
 // Api backend
 module api './app/api.bicep' = {
   name: 'api'
@@ -146,6 +156,7 @@ module appConfig './core/config/configstore.bicep' = {
     name: !empty(appConfigName) ? appConfigName :'${abbrs.appConfigurationStores}${resourceToken}'
     location: location
     tags: tags
+    principalId: apiIdentity.outputs.principalId
   }
 }