Skip to content

Refactor the database modules and move to AVM #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Refactor the database modules and move to AVM #86

wants to merge 19 commits into from

Conversation

tonybaloney
Copy link
Contributor

Purpose

The database code is a spaghetti-code of bicep and Jinja2 templates that makes it hard to read and lint.

This PR refactors them into modules for each purpose then moves the AZD core code to AVM

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 15, 2024
View reviewed changes
{{cookiecutter.__src_folder_name}}/infra/db/cosmos-postgres.bicep Outdated
@secure()
param dbserverPassword string

module dbserver '../core/database/cosmos/cosmos-pg-adapter.bicep' = {

Check failure

Code scanning / templateanalyzer

Administrator Username Types.

Resource properties can be configured using a hardcoded value or Azure Bicep/ template expressions. When specifying sensitive values use secure parameters such as secureString or secureObject. Sensitive values that use deterministic expressions such as hardcodes string literals or variables are not secure.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 15, 2024
View reviewed changes
{{cookiecutter.__src_folder_name}}/infra/db/postgres-addon.bicep
name: containerAppsEnvironmentName
}

resource postgres 'Microsoft.App/containerApps@2023-04-01-preview' = {

Check failure

Code scanning / templateanalyzer

Use managed identity for authentication.

Using managed identities have the following benefits: - Your app connects to resources with the managed identity. You don't need to manage credentials in your container app. - You can use role-based access control to grant specific permissions to a managed identity. - System-assigned identities are automatically created and managed. They're deleted when your container app is deleted. - You can add and delete user-assigned identities and assign them to multiple resources. They're independent of your container app's life cycle. - You can use managed identity to authenticate with a private Azure Container Registry without a username and password to pull containers for your Container App. - You can use managed identity to create connections for Dapr-enabled applications via Dapr components.
@tonybaloney
Copy link
Contributor Author

This is a WIP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tonybaloney