AZD configuration initial commit

dbroeglin · Apr 14, 2024 · 03b19c4 · 03b19c4
1 parent 40c2c90
commit 03b19c4
Show file tree

Hide file tree

Showing 51 changed files with 4,171 additions and 0 deletions.
diff --git a/Gemfile b/Gemfile
@@ -121,3 +121,5 @@ group :test do
  gem "capybara"
  gem "selenium-webdriver"
 end
+
+gem "azd", "~> 0.9.1", :group => :development
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -89,6 +89,8 @@ GEM
  audited (5.4.3)
  activerecord (>= 5.0, < 7.2)
  request_store (~> 1.2)
+ azd (0.9.1)
+ railties (>= 3, < 99)
  base64 (0.2.0)
  bcrypt (3.1.20)
  bigdecimal (3.1.6)
@@ -396,6 +398,7 @@ DEPENDENCIES
  acts_as_list
  apparition
  audited
+ azd (~> 0.9.1)
  bootsnap
  brakeman
  bundler-audit

diff --git a/azure.yaml b/azure.yaml
@@ -0,0 +1,22 @@
+name: pikaichu
+services:
+ app:
+ language: js
+ project: ./
+ host: containerapp
+ docker:
+ path: ./Dockerfile
+ ports:
+ - 80:3000
+hooks:
+ postprovision:
+ windows:
+ shell: pwsh
+ run: $output = azd env get-values; Add-Content -Path .env -Value $output;
+ interactive: true
+ continueOnError: false
+ posix:
+ shell: sh
+ run: azd env get-values > .env
+ interactive: true
+ continueOnError: false
diff --git a/infra/abbreviations.json b/infra/abbreviations.json
@@ -0,0 +1,136 @@
+{
+ "analysisServicesServers": "as",
+ "apiManagementService": "apim-",
+ "appConfigurationStores": "appcs-",
+ "appManagedEnvironments": "cae-",
+ "appContainerApps": "ca-",
+ "authorizationPolicyDefinitions": "policy-",
+ "automationAutomationAccounts": "aa-",
+ "blueprintBlueprints": "bp-",
+ "blueprintBlueprintsArtifacts": "bpa-",
+ "cacheRedis": "redis-",
+ "cdnProfiles": "cdnp-",
+ "cdnProfilesEndpoints": "cdne-",
+ "cognitiveServicesAccounts": "cog-",
+ "cognitiveServicesFormRecognizer": "cog-fr-",
+ "cognitiveServicesTextAnalytics": "cog-ta-",
+ "computeAvailabilitySets": "avail-",
+ "computeCloudServices": "cld-",
+ "computeDiskEncryptionSets": "des",
+ "computeDisks": "disk",
+ "computeDisksOs": "osdisk",
+ "computeGalleries": "gal",
+ "computeSnapshots": "snap-",
+ "computeVirtualMachines": "vm",
+ "computeVirtualMachineScaleSets": "vmss-",
+ "containerInstanceContainerGroups": "ci",
+ "containerRegistryRegistries": "cr",
+ "containerServiceManagedClusters": "aks-",
+ "databricksWorkspaces": "dbw-",
+ "dataFactoryFactories": "adf-",
+ "dataLakeAnalyticsAccounts": "dla",
+ "dataLakeStoreAccounts": "dls",
+ "dataMigrationServices": "dms-",
+ "dBforMySQLServers": "mysql-",
+ "dBforPostgreSQLServers": "psql-",
+ "devicesIotHubs": "iot-",
+ "devicesProvisioningServices": "provs-",
+ "devicesProvisioningServicesCertificates": "pcert-",
+ "documentDBDatabaseAccounts": "cosmos-",
+ "eventGridDomains": "evgd-",
+ "eventGridDomainsTopics": "evgt-",
+ "eventGridEventSubscriptions": "evgs-",
+ "eventHubNamespaces": "evhns-",
+ "eventHubNamespacesEventHubs": "evh-",
+ "hdInsightClustersHadoop": "hadoop-",
+ "hdInsightClustersHbase": "hbase-",
+ "hdInsightClustersKafka": "kafka-",
+ "hdInsightClustersMl": "mls-",
+ "hdInsightClustersSpark": "spark-",
+ "hdInsightClustersStorm": "storm-",
+ "hybridComputeMachines": "arcs-",
+ "insightsActionGroups": "ag-",
+ "insightsComponents": "appi-",
+ "keyVaultVaults": "kv-",
+ "kubernetesConnectedClusters": "arck",
+ "kustoClusters": "dec",
+ "kustoClustersDatabases": "dedb",
+ "loadTesting": "lt-",
+ "logicIntegrationAccounts": "ia-",
+ "logicWorkflows": "logic-",
+ "machineLearningServicesWorkspaces": "mlw-",
+ "managedIdentityUserAssignedIdentities": "id-",
+ "managementManagementGroups": "mg-",
+ "migrateAssessmentProjects": "migr-",
+ "networkApplicationGateways": "agw-",
+ "networkApplicationSecurityGroups": "asg-",
+ "networkAzureFirewalls": "afw-",
+ "networkBastionHosts": "bas-",
+ "networkConnections": "con-",
+ "networkDnsZones": "dnsz-",
+ "networkExpressRouteCircuits": "erc-",
+ "networkFirewallPolicies": "afwp-",
+ "networkFirewallPoliciesWebApplication": "waf",
+ "networkFirewallPoliciesRuleGroups": "wafrg",
+ "networkFrontDoors": "fd-",
+ "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
+ "networkLoadBalancersExternal": "lbe-",
+ "networkLoadBalancersInternal": "lbi-",
+ "networkLoadBalancersInboundNatRules": "rule-",
+ "networkLocalNetworkGateways": "lgw-",
+ "networkNatGateways": "ng-",
+ "networkNetworkInterfaces": "nic-",
+ "networkNetworkSecurityGroups": "nsg-",
+ "networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
+ "networkNetworkWatchers": "nw-",
+ "networkPrivateDnsZones": "pdnsz-",
+ "networkPrivateLinkServices": "pl-",
+ "networkPublicIPAddresses": "pip-",
+ "networkPublicIPPrefixes": "ippre-",
+ "networkRouteFilters": "rf-",
+ "networkRouteTables": "rt-",
+ "networkRouteTablesRoutes": "udr-",
+ "networkTrafficManagerProfiles": "traf-",
+ "networkVirtualNetworkGateways": "vgw-",
+ "networkVirtualNetworks": "vnet-",
+ "networkVirtualNetworksSubnets": "snet-",
+ "networkVirtualNetworksVirtualNetworkPeerings": "peer-",
+ "networkVirtualWans": "vwan-",
+ "networkVpnGateways": "vpng-",
+ "networkVpnGatewaysVpnConnections": "vcn-",
+ "networkVpnGatewaysVpnSites": "vst-",
+ "notificationHubsNamespaces": "ntfns-",
+ "notificationHubsNamespacesNotificationHubs": "ntf-",
+ "operationalInsightsWorkspaces": "log-",
+ "portalDashboards": "dash-",
+ "powerBIDedicatedCapacities": "pbi-",
+ "purviewAccounts": "pview-",
+ "recoveryServicesVaults": "rsv-",
+ "resourcesResourceGroups": "rg-",
+ "searchSearchServices": "srch-",
+ "serviceBusNamespaces": "sb-",
+ "serviceBusNamespacesQueues": "sbq-",
+ "serviceBusNamespacesTopics": "sbt-",
+ "serviceEndPointPolicies": "se-",
+ "serviceFabricClusters": "sf-",
+ "signalRServiceSignalR": "sigr",
+ "sqlManagedInstances": "sqlmi-",
+ "sqlServers": "sql-",
+ "sqlServersDataWarehouse": "sqldw-",
+ "sqlServersDatabases": "sqldb-",
+ "sqlServersDatabasesStretch": "sqlstrdb-",
+ "storageStorageAccounts": "st",
+ "storageStorageAccountsVm": "stvm",
+ "storSimpleManagers": "ssimp",
+ "streamAnalyticsCluster": "asa-",
+ "synapseWorkspaces": "syn",
+ "synapseWorkspacesAnalyticsWorkspaces": "synw",
+ "synapseWorkspacesSqlPoolsDedicated": "syndp",
+ "synapseWorkspacesSqlPoolsSpark": "synsp",
+ "timeSeriesInsightsEnvironments": "tsi-",
+ "webServerFarms": "plan-",
+ "webSitesAppService": "app-",
+ "webSitesAppServiceEnvironment": "ase-",
+ "webSitesFunctions": "func-",
+ "webStaticSites": "stapp-"
+}
diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
@@ -0,0 +1,53 @@
+metadata description = 'Creates an Azure Cognitive Services instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+
+@allowed([ 'Enabled', 'Disabled' ])
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+ name: 'S0'
+}
+
+param allowedIpRules array = []
+param networkAcls object = empty(allowedIpRules) ? {
+ defaultAction: 'Allow'
+} : {
+ ipRules: allowedIpRules
+ defaultAction: 'Deny'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+ name: name
+ location: location
+ tags: tags
+ kind: kind
+ properties: {
+ customSubDomainName: customSubDomainName
+ publicNetworkAccess: publicNetworkAccess
+ networkAcls: networkAcls
+ }
+ sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
+ parent: account
+ name: deployment.name
+ properties: {
+ model: deployment.model
+ raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+ }
+ sku: contains(deployment, 'sku') ? deployment.sku : {
+ name: 'Standard'
+ capacity: 20
+ }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name
diff --git a/infra/core/config/configstore.bicep b/infra/core/config/configstore.bicep
@@ -0,0 +1,48 @@
+metadata description = 'Creates an Azure App Configuration store.'
+
+@description('The name for the Azure App Configuration store')
+param name string
+
+@description('The Azure region/location for the Azure App Configuration store')
+param location string = resourceGroup().location
+
+@description('Custom tags to apply to the Azure App Configuration store')
+param tags object = {}
+
+@description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.')
+param keyValueNames array = []
+
+@description('Specifies the values of the key-value resources.')
+param keyValueValues array = []
+
+@description('The principal ID to grant access to the Azure App Configuration store')
+param principalId string
+
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
+ name: name
+ location: location
+ sku: {
+ name: 'standard'
+ }
+ tags: tags
+}
+
+resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: {
+ parent: configStore
+ name: item
+ properties: {
+ value: keyValueValues[i]
+ tags: tags
+ }
+}]
+
+module configStoreAccess '../security/configstore-access.bicep' = {
+ name: 'app-configuration-access'
+ params: {
+ configStoreName: name
+ principalId: principalId
+ }
+ dependsOn: [configStore]
+}
+
+output endpoint string = configStore.properties.endpoint
diff --git a/infra/core/database/cosmos/cosmos-account.bicep b/infra/core/database/cosmos/cosmos-account.bicep
@@ -0,0 +1,49 @@
+metadata description = 'Creates an Azure Cosmos DB account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param keyVaultName string
+
+@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+param kind string
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+ name: name
+ kind: kind
+ location: location
+ tags: tags
+ properties: {
+ consistencyPolicy: { defaultConsistencyLevel: 'Session' }
+ locations: [
+ {
+ locationName: location
+ failoverPriority: 0
+ isZoneRedundant: false
+ }
+ ]
+ databaseAccountOfferType: 'Standard'
+ enableAutomaticFailover: false
+ enableMultipleWriteLocations: false
+ apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.2' } : {}
+ capabilities: [ { name: 'EnableServerless' } ]
+ }
+}
+
+resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+ parent: keyVault
+ name: connectionStringKey
+ properties: {
+ value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
+ }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+ name: keyVaultName
+}
+
+output connectionStringKey string = connectionStringKey
+output endpoint string = cosmos.properties.documentEndpoint
+output id string = cosmos.id
+output name string = cosmos.name
diff --git a/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep b/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep
@@ -0,0 +1,23 @@
+metadata description = 'Creates an Azure Cosmos DB for MongoDB account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param keyVaultName string
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+ name: 'cosmos-account'
+ params: {
+ name: name
+ location: location
+ connectionStringKey: connectionStringKey
+ keyVaultName: keyVaultName
+ kind: 'MongoDB'
+ tags: tags
+ }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id