refactor some bicep files (#89)

## Purpose refactor and documents ## Does this introduce a breaking change?  ``` [ ] Yes [x] No ``` ## Pull Request Type What kind of change does this Pull Request introduce?  ``` [ ] Bugfix [ ] Feature [ ] Code style update (formatting, local variables) [x] Refactoring (no functional changes, no api changes) [x] Documentation content changes [ ] Other... Please describe: ```
Azure-Samples · Oct 17, 2024 · 9ada4f0 · 9ada4f0
1 parent aeb8dca
commit 9ada4f0
Show file tree

Hide file tree

Showing 7 changed files with 276 additions and 179 deletions.
diff --git a/docs/07_lab_security/0704.md b/docs/07_lab_security/0704.md
@@ -317,7 +317,7 @@ For making use of internal networking and getting a private inbound IP address f
    ENV_FQDN=$(az containerapp env show \
                  --name $ACA_ENVIRONMENT \
                  --resource-group $RESOURCE_GROUP \
-                 --query properties.defaultDomain | tr -d '"')
+                 --query properties.defaultDomain -o tsv)
 
    echo $ENV_FQDN
 
@@ -342,10 +342,9 @@ For making use of internal networking and getting a private inbound IP address f
    staticIP=$(az containerapp env show \
      --name $ACA_ENVIRONMENT \
      --resource-group $RESOURCE_GROUP \
-     --query properties.staticIp | tr -d '"')
+     --query properties.staticIp -o tsv)
 
    az network private-dns record-set a add-record --resource-group $RESOURCE_GROUP -z $ENV_FQDN --record-set-name "*" --ipv4-address $staticIP
 
    az network private-dns record-set a add-record --resource-group $RESOURCE_GROUP -z $ENV_FQDN --record-set-name "@" --ipv4-address $staticIP
-
    ```
diff --git a/infra/bicep/main.bicep b/infra/bicep/main.bicep
@@ -244,13 +244,14 @@ module managedEnvironment 'modules/containerapps/aca-environment.bicep' = {
   params: {
     name: !empty(managedEnvironmentsName) ? managedEnvironmentsName : 'aca-env-${environmentName}'
     location: location
+    isVnet: true
     vnetEndpointInternal: vnetEndpointInternal
+    vnetSubnetId: first(filter(vnet.outputs.vnetSubnets, x => x.name == infraSubnetName)).id
     userAssignedIdentities: {
       '${acr.outputs.umiAcrPullId}': {}
       '${umiApps.outputs.id}': {}
     }
     diagnosticWorkspaceId: logAnalytics.outputs.logAnalyticsWsId
-    subnetId: first(filter(vnet.outputs.vnetSubnets, x => x.name == infraSubnetName)).id
     tags: tags
   }
 }
@@ -260,10 +261,10 @@ module javaComponents 'modules/containerapps/containerapp-java-components.bicep'
   name: 'javaComponents-${environmentName}'
   scope: rg
   params: {
-    managedEnvironmentsName: managedEnvironment.outputs.containerAppsEnvironmentName
+    containerAppsEnvironmentName: managedEnvironment.outputs.containerAppsEnvironmentName
     configServerGitRepo: configGitRepo
-    configServerGitBranch: configGitBranch
-    configServerGitPath: configGitPath
+    configServerGitLabel: configGitBranch
+    configServerGitSearchPath: configGitPath
   }
 }
 
@@ -290,6 +291,7 @@ module applications 'modules/app/petclinic.bicep' = {
     applicationInsightsConnString: applicationInsights.outputs.connectionString
     enableOpenAi: enableOpenAi
     openAiEndpoint: enableOpenAi ? openai.outputs.endpoint : ''
+    tags: tags
   }
 }
 

diff --git a/infra/bicep/modules/app/petclinic.bicep b/infra/bicep/modules/app/petclinic.bicep
@@ -20,39 +20,52 @@ param visitsServiceImage string
 param adminServerImage string
 param chatAgentImage string
 
-param applicationInsightsConnString string = ''
+param targetPort int = 8080
 
 param enableOpenAi bool
-
 param openAiEndpoint string
 
-param targetPort int = 8080
-
-var env = []
+param applicationInsightsConnString string = ''
 
-resource environment 'Microsoft.App/managedEnvironments@2024-02-02-preview' existing = {
-  name: managedEnvironmentsName
-}
+param tags object = {}
+
+var env = concat([
+    {
+      name: 'SPRING_PROFILES_ACTIVE'
+      value: 'passwordless'
+    }],
+    empty(applicationInsightsConnString) ? [] : [
+    {
+      name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+      value: applicationInsightsConnString
+    }
+  ])
+
+var serviceBindings = [
+    {
+      serviceId: eurekaId
+      name: 'eureka'
+    }
+    {
+      serviceId: configServerId
+      name: 'configserver'
+    }
+  ]
 
 module apiGateway '../containerapps/containerapp.bicep' = {
   name: 'api-gateway'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'api-gateway'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: apiGatewayImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'api-gateway'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
-    umiAppsIdentityId: umiAppsIdentityId
+    imageName: apiGatewayImage
     external: true
     targetPort: targetPort
+    isJava: true
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "api-gateway"}}'
@@ -64,27 +77,20 @@ module apiGateway '../containerapps/containerapp.bicep' = {
 module customersService '../containerapps/containerapp.bicep' = {
   name: 'customers-service'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'customers-service'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: customersServiceImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'customers-service'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
+    imageName: customersServiceImage
     external: false
     targetPort: targetPort
-    sqlConnectionName: mysqlConnectionName
-    mysqlDatabaseId: mysqlDatabaseId
-    umiAppsClientId: umiAppsClientId
+    isJava: true
     umiAppsIdentityId: umiAppsIdentityId
     readinessProbeInitialDelaySeconds: 20
     livenessProbeInitialDelaySeconds: 40
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "customers-service"}}'
@@ -93,28 +99,32 @@ module customersService '../containerapps/containerapp.bicep' = {
   }
 }
 
+module customersServiceConnection '../containerapps/serviceLiner.bicep' = {
+  name: 'customers-service-sql-connection'
+  params: {
+    appName: customersService.outputs.appName
+    containerName: customersService.outputs.appContainerName
+    appClientId: umiAppsClientId
+    connectionName: mysqlConnectionName
+    resourceId: mysqlDatabaseId
+  }
+}
+
 module vetsService '../containerapps/containerapp.bicep' = {
   name: 'vets-service'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'vets-service'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: vetsServiceImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'vets-service'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
+    imageName: vetsServiceImage
     external: false
     targetPort: targetPort
-    sqlConnectionName: mysqlConnectionName
-    mysqlDatabaseId: mysqlDatabaseId
-    umiAppsClientId: umiAppsClientId
+    isJava: true
     umiAppsIdentityId: umiAppsIdentityId
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "vets-service"}}'
@@ -123,28 +133,32 @@ module vetsService '../containerapps/containerapp.bicep' = {
   }
 }
 
+module vetsServiceConnection '../containerapps/serviceLiner.bicep' = {
+  name: 'vets-service-sql-connection'
+  params: {
+    appName: vetsService.outputs.appName
+    containerName: vetsService.outputs.appContainerName
+    appClientId: umiAppsClientId
+    connectionName: mysqlConnectionName
+    resourceId: mysqlDatabaseId
+  }
+}
+
 module visitsService '../containerapps/containerapp.bicep' = {
   name: 'visits-service'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'visits-service'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: visitsServiceImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'visits-service'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
+    imageName: visitsServiceImage
     external: false
     targetPort: targetPort
-    sqlConnectionName: mysqlConnectionName
-    mysqlDatabaseId: mysqlDatabaseId
-    umiAppsClientId: umiAppsClientId
+    isJava: true
     umiAppsIdentityId: umiAppsIdentityId
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "visits-service"}}'
@@ -153,34 +167,40 @@ module visitsService '../containerapps/containerapp.bicep' = {
   }
 }
 
+module visitsServiceConnection '../containerapps/serviceLiner.bicep' = {
+  name: 'visits-service-sql-connection'
+  params: {
+    appName: visitsService.outputs.appName
+    containerName: visitsService.outputs.appContainerName
+    appClientId: umiAppsClientId
+    connectionName: mysqlConnectionName
+    resourceId: mysqlDatabaseId
+  }
+}
+
 // always create this app, conditional azd deploy is not supported yet
 // see https://github.com/Azure/azure-dev/issues/3397
 module chatAgent '../containerapps/containerapp.bicep' = {
   name: 'chat-agent'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'chat-agent'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: chatAgentImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'chat-agent'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
+    imageName: chatAgentImage
     umiAppsIdentityId: umiAppsIdentityId
     external: false
     targetPort: targetPort
+    isJava: true
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env,
       empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "chat-agent"}}'
       }
-    ],
-      !enableOpenAi ? [] : [
+    ], !enableOpenAi ? [] : [
       {
         name: 'SPRING_AI_AZURE_OPENAI_ENDPOINT'
         value: openAiEndpoint
@@ -196,22 +216,17 @@ module chatAgent '../containerapps/containerapp.bicep' = {
 module adminServer '../containerapps/containerapp.bicep' = {
   name: 'admin-server'
   params: {
-    location: environment.location
-    managedEnvironmentId: environment.id
-    appName: 'admin-server'
-    eurekaId: eurekaId
-    configServerId: configServerId
-    registry: acrRegistry
-    image: adminServerImage
+    containerAppsEnvironmentName: managedEnvironmentsName
+    name: 'admin-server'
+    acrName: acrRegistry
     acrIdentityId: acrIdentityId
-    umiAppsIdentityId: umiAppsIdentityId
+    imageName: adminServerImage
     external: true
     targetPort: targetPort
+    isJava: true
+    serviceBinds: serviceBindings
+    tags: tags
     env: concat(env, empty(applicationInsightsConnString) ? [] : [
-      {
-        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
-        value: applicationInsightsConnString
-      }
       {
         name: 'APPLICATIONINSIGHTS_CONFIGURATION_CONTENT'
         value: '{"role": {"name": "admin-server"}}'

diff --git a/infra/bicep/modules/containerapps/aca-environment.bicep b/infra/bicep/modules/containerapps/aca-environment.bicep
@@ -25,14 +25,14 @@ param workloadProfiles array = []
 //   }
 // ]
 
-@description('If true, the endpoint is an internal load balancer. If false the hosted apps are exposed on an internet-accessible IP address ')
-param vnetEndpointInternal bool
+@description('Bool value to indicate if vnet inject required. Default: false')
+param isVnet bool = false
 
-@description('Custome vnet configuration for the nevironment. NOTE: Current GA (Feb 2023): The subnet associated with a Container App Environment requires a CIDR prefix of /23 or larger')
-param subnetId string
+@description('If true, the endpoint is an internal load balancer. If false the hosted apps are exposed on an internet-accessible IP address. Default: false')
+param vnetEndpointInternal bool = false
 
-@description('optional, default is empty. App Insights instrumentation key provided to Dapr for tracing')
-param appInsightsInstrumentationKey string = ''
+@description('Custome vnet configuration for the nevironment. The subnet associated with a Container App Environment requires a CIDR prefix of /23 or larger')
+param vnetSubnetId string = ''
 
 @description('optional, default is empty. Resource group for the infrastructure resources (e.g. load balancer, public IP, etc.)')
 param infrastructureResourceGroupName string = ''
@@ -127,11 +127,10 @@ resource acaEnvironment 'Microsoft.App/managedEnvironments@2024-02-02-preview' =
   identity: identity
   properties: {
     zoneRedundant: zoneRedundant
-    daprAIInstrumentationKey: appInsightsInstrumentationKey
-    vnetConfiguration: {
+    vnetConfiguration: isVnet ? {
       internal: vnetEndpointInternal
-      infrastructureSubnetId: subnetId
-    }
+      infrastructureSubnetId: vnetSubnetId
+    } : null
     workloadProfiles: effectiveWorkloadProfiles
     appLogsConfiguration: {
         destination: 'azure-monitor'