azd 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +21 -0
  3. data/README.md +2 -0
  4. data/lib/generators/azd/install_generator.rb +14 -0
  5. data/lib/generators/templates/azure.yaml.tt +22 -0
  6. data/lib/generators/templates/infra/abbreviations.json +136 -0
  7. data/lib/generators/templates/infra/core/ai/cognitiveservices.bicep +53 -0
  8. data/lib/generators/templates/infra/core/config/configstore.bicep +48 -0
  9. data/lib/generators/templates/infra/core/database/cosmos/cosmos-account.bicep +49 -0
  10. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-account.bicep +23 -0
  11. data/lib/generators/templates/infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep +47 -0
  12. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-account.bicep +22 -0
  13. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-db.bicep +74 -0
  14. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep +19 -0
  15. data/lib/generators/templates/infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep +30 -0
  16. data/lib/generators/templates/infra/core/database/mysql/flexibleserver.bicep +65 -0
  17. data/lib/generators/templates/infra/core/database/postgresql/flexibleserver.bicep +81 -0
  18. data/lib/generators/templates/infra/core/database/sqlserver/sqlserver.bicep +130 -0
  19. data/lib/generators/templates/infra/core/gateway/apim.bicep +79 -0
  20. data/lib/generators/templates/infra/core/host/aks-agent-pool.bicep +18 -0
  21. data/lib/generators/templates/infra/core/host/aks-managed-cluster.bicep +140 -0
  22. data/lib/generators/templates/infra/core/host/aks.bicep +280 -0
  23. data/lib/generators/templates/infra/core/host/appservice-appsettings.bicep +17 -0
  24. data/lib/generators/templates/infra/core/host/appservice.bicep +123 -0
  25. data/lib/generators/templates/infra/core/host/appserviceplan.bicep +22 -0
  26. data/lib/generators/templates/infra/core/host/container-app-upsert.bicep +109 -0
  27. data/lib/generators/templates/infra/core/host/container-app.bicep +165 -0
  28. data/lib/generators/templates/infra/core/host/container-apps-environment.bicep +41 -0
  29. data/lib/generators/templates/infra/core/host/container-apps.bicep +40 -0
  30. data/lib/generators/templates/infra/core/host/container-registry.bicep +83 -0
  31. data/lib/generators/templates/infra/core/host/functions.bicep +86 -0
  32. data/lib/generators/templates/infra/core/host/staticwebapp.bicep +22 -0
  33. data/lib/generators/templates/infra/core/monitor/applicationinsights-dashboard.bicep +1236 -0
  34. data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep +30 -0
  35. data/lib/generators/templates/infra/core/monitor/loganalytics.bicep +22 -0
  36. data/lib/generators/templates/infra/core/monitor/monitoring.bicep +32 -0
  37. data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep +52 -0
  38. data/lib/generators/templates/infra/core/networking/cdn-profile.bicep +34 -0
  39. data/lib/generators/templates/infra/core/networking/cdn.bicep +42 -0
  40. data/lib/generators/templates/infra/core/search/search-services.bicep +68 -0
  41. data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep +19 -0
  42. data/lib/generators/templates/infra/core/security/configstore-access.bicep +21 -0
  43. data/lib/generators/templates/infra/core/security/keyvault-access.bicep +22 -0
  44. data/lib/generators/templates/infra/core/security/keyvault-secret.bicep +31 -0
  45. data/lib/generators/templates/infra/core/security/keyvault.bicep +31 -0
  46. data/lib/generators/templates/infra/core/security/registry-access.bicep +19 -0
  47. data/lib/generators/templates/infra/core/security/role.bicep +21 -0
  48. data/lib/generators/templates/infra/core/storage/storage-account.bicep +64 -0
  49. data/lib/generators/templates/infra/core/testing/loadtesting.bicep +15 -0
  50. data/lib/generators/templates/infra/identity.bicep +20 -0
  51. data/lib/generators/templates/infra/main.bicep +243 -0
  52. data/lib/generators/templates/infra/main.parameters.json +25 -0
  53. data/lib/generators/templates/infra/rails.bicep +95 -0
  54. metadata +115 -0
@@ -0,0 +1,81 @@
1
+ metadata description = 'Creates an Azure Database for PostgreSQL - Flexible Server.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param sku object
7
+ param storage object
8
+ param administratorLogin string
9
+ @secure()
10
+ param administratorLoginPassword string
11
+ param databaseNames array = []
12
+ param allowAzureIPsFirewall bool = false
13
+ param allowAllIPsFirewall bool = false
14
+ param allowedSingleIPs array = []
15
+ param azureExtensions array = []
16
+
17
+ // PostgreSQL version
18
+ param version string
19
+
20
+ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
21
+ location: location
22
+ tags: tags
23
+ name: name
24
+ sku: sku
25
+ properties: {
26
+ version: version
27
+ administratorLogin: administratorLogin
28
+ administratorLoginPassword: administratorLoginPassword
29
+ storage: storage
30
+ highAvailability: {
31
+ mode: 'Disabled'
32
+ }
33
+
34
+ }
35
+
36
+ resource database 'databases' = [for name in databaseNames: {
37
+ name: name
38
+ }]
39
+ }
40
+
41
+ resource firewall_all 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAllIPsFirewall) {
42
+ name: 'allow-all-IPs'
43
+ parent: postgresServer
44
+ properties: {
45
+ startIpAddress: '0.0.0.0'
46
+ endIpAddress: '255.255.255.255'
47
+ }
48
+ }
49
+
50
+ resource firewall_azure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = if (allowAzureIPsFirewall) {
51
+ name: 'allow-all-azure-internal-IPs'
52
+ parent: postgresServer
53
+ properties: {
54
+ startIpAddress: '0.0.0.0'
55
+ endIpAddress: '0.0.0.0'
56
+ }
57
+ }
58
+
59
+ resource firewall_single 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-03-01-preview' = [for ip in allowedSingleIPs: {
60
+ name: 'allow-single-${replace(ip, '.', '')}'
61
+ parent: postgresServer
62
+ properties: {
63
+ startIpAddress: ip
64
+ endIpAddress: ip
65
+ }
66
+ }]
67
+
68
+ // Workaround issue https://github.com/Azure/bicep-types-az/issues/1507
69
+ resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2023-03-01-preview' = {
70
+ name: 'azure.extensions'
71
+ parent: postgresServer
72
+ properties: {
73
+ value: join(azureExtensions, ',')
74
+ source: 'user-override'
75
+ }
76
+ dependsOn: [
77
+ firewall_all
78
+ ]
79
+ }
80
+
81
+ output POSTGRES_DOMAIN_NAME string = postgresServer.properties.fullyQualifiedDomainName
@@ -0,0 +1,130 @@
1
+ metadata description = 'Creates an Azure SQL Server instance.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ param appUser string = 'appUser'
7
+ param databaseName string
8
+ param keyVaultName string
9
+ param sqlAdmin string = 'sqlAdmin'
10
+ param connectionStringKey string = 'AZURE-SQL-CONNECTION-STRING'
11
+
12
+ @secure()
13
+ param sqlAdminPassword string
14
+ @secure()
15
+ param appUserPassword string
16
+
17
+ resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
18
+ name: name
19
+ location: location
20
+ tags: tags
21
+ properties: {
22
+ version: '12.0'
23
+ minimalTlsVersion: '1.2'
24
+ publicNetworkAccess: 'Enabled'
25
+ administratorLogin: sqlAdmin
26
+ administratorLoginPassword: sqlAdminPassword
27
+ }
28
+
29
+ resource database 'databases' = {
30
+ name: databaseName
31
+ location: location
32
+ }
33
+
34
+ resource firewall 'firewallRules' = {
35
+ name: 'Azure Services'
36
+ properties: {
37
+ // Allow all clients
38
+ // Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
39
+ // This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
40
+ startIpAddress: '0.0.0.1'
41
+ endIpAddress: '255.255.255.254'
42
+ }
43
+ }
44
+ }
45
+
46
+ resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
47
+ name: '${name}-deployment-script'
48
+ location: location
49
+ kind: 'AzureCLI'
50
+ properties: {
51
+ azCliVersion: '2.37.0'
52
+ retentionInterval: 'PT1H' // Retain the script resource for 1 hour after it ends running
53
+ timeout: 'PT5M' // Five minutes
54
+ cleanupPreference: 'OnSuccess'
55
+ environmentVariables: [
56
+ {
57
+ name: 'APPUSERNAME'
58
+ value: appUser
59
+ }
60
+ {
61
+ name: 'APPUSERPASSWORD'
62
+ secureValue: appUserPassword
63
+ }
64
+ {
65
+ name: 'DBNAME'
66
+ value: databaseName
67
+ }
68
+ {
69
+ name: 'DBSERVER'
70
+ value: sqlServer.properties.fullyQualifiedDomainName
71
+ }
72
+ {
73
+ name: 'SQLCMDPASSWORD'
74
+ secureValue: sqlAdminPassword
75
+ }
76
+ {
77
+ name: 'SQLADMIN'
78
+ value: sqlAdmin
79
+ }
80
+ ]
81
+
82
+ scriptContent: '''
83
+ wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
84
+ tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
85
+
86
+ cat <<SCRIPT_END > ./initDb.sql
87
+ drop user if exists ${APPUSERNAME}
88
+ go
89
+ create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
90
+ go
91
+ alter role db_owner add member ${APPUSERNAME}
92
+ go
93
+ SCRIPT_END
94
+
95
+ ./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
96
+ '''
97
+ }
98
+ }
99
+
100
+ resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
101
+ parent: keyVault
102
+ name: 'sqlAdminPassword'
103
+ properties: {
104
+ value: sqlAdminPassword
105
+ }
106
+ }
107
+
108
+ resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
109
+ parent: keyVault
110
+ name: 'appUserPassword'
111
+ properties: {
112
+ value: appUserPassword
113
+ }
114
+ }
115
+
116
+ resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
117
+ parent: keyVault
118
+ name: connectionStringKey
119
+ properties: {
120
+ value: '${connectionString}; Password=${appUserPassword}'
121
+ }
122
+ }
123
+
124
+ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
125
+ name: keyVaultName
126
+ }
127
+
128
+ var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
129
+ output connectionStringKey string = connectionStringKey
130
+ output databaseName string = sqlServer::database.name
@@ -0,0 +1,79 @@
1
+ metadata description = 'Creates an Azure API Management instance.'
2
+ param name string
3
+ param location string = resourceGroup().location
4
+ param tags object = {}
5
+
6
+ @description('The email address of the owner of the service')
7
+ @minLength(1)
8
+ param publisherEmail string = 'noreply@microsoft.com'
9
+
10
+ @description('The name of the owner of the service')
11
+ @minLength(1)
12
+ param publisherName string = 'n/a'
13
+
14
+ @description('The pricing tier of this API Management service')
15
+ @allowed([
16
+ 'Consumption'
17
+ 'Developer'
18
+ 'Standard'
19
+ 'Premium'
20
+ ])
21
+ param sku string = 'Consumption'
22
+
23
+ @description('The instance size of this API Management service.')
24
+ @allowed([ 0, 1, 2 ])
25
+ param skuCount int = 0
26
+
27
+ @description('Azure Application Insights Name')
28
+ param applicationInsightsName string
29
+
30
+ resource apimService 'Microsoft.ApiManagement/service@2021-08-01' = {
31
+ name: name
32
+ location: location
33
+ tags: union(tags, { 'azd-service-name': name })
34
+ sku: {
35
+ name: sku
36
+ capacity: (sku == 'Consumption') ? 0 : ((sku == 'Developer') ? 1 : skuCount)
37
+ }
38
+ properties: {
39
+ publisherEmail: publisherEmail
40
+ publisherName: publisherName
41
+ // Custom properties are not supported for Consumption SKU
42
+ customProperties: sku == 'Consumption' ? {} : {
43
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'false'
44
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'false'
45
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'false'
46
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'false'
47
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'false'
48
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'false'
49
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'false'
50
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'false'
51
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'false'
52
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'false'
53
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'false'
54
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'false'
55
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'false'
56
+ 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'false'
57
+ }
58
+ }
59
+ }
60
+
61
+ resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' = if (!empty(applicationInsightsName)) {
62
+ name: 'app-insights-logger'
63
+ parent: apimService
64
+ properties: {
65
+ credentials: {
66
+ instrumentationKey: applicationInsights.properties.InstrumentationKey
67
+ }
68
+ description: 'Logger to Azure Application Insights'
69
+ isBuffered: false
70
+ loggerType: 'applicationInsights'
71
+ resourceId: applicationInsights.id
72
+ }
73
+ }
74
+
75
+ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
76
+ name: applicationInsightsName
77
+ }
78
+
79
+ output apimServiceName string = apimService.name
@@ -0,0 +1,18 @@
1
+ metadata description = 'Adds an agent pool to an Azure Kubernetes Service (AKS) cluster.'
2
+ param clusterName string
3
+
4
+ @description('The agent pool name')
5
+ param name string
6
+
7
+ @description('The agent pool configuration')
8
+ param config object
9
+
10
+ resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = {
11
+ name: clusterName
12
+ }
13
+
14
+ resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2023-10-02-preview' = {
15
+ parent: aksCluster
16
+ name: name
17
+ properties: config
18
+ }
@@ -0,0 +1,140 @@
1
+ metadata description = 'Creates an Azure Kubernetes Service (AKS) cluster with a system agent pool.'
2
+ @description('The name for the AKS managed cluster')
3
+ param name string
4
+
5
+ @description('The name of the resource group for the managed resources of the AKS cluster')
6
+ param nodeResourceGroupName string = ''
7
+
8
+ @description('The Azure region/location for the AKS resources')
9
+ param location string = resourceGroup().location
10
+
11
+ @description('Custom tags to apply to the AKS resources')
12
+ param tags object = {}
13
+
14
+ @description('Kubernetes Version')
15
+ param kubernetesVersion string = '1.27.7'
16
+
17
+ @description('Whether RBAC is enabled for local accounts')
18
+ param enableRbac bool = true
19
+
20
+ // Add-ons
21
+ @description('Whether web app routing (preview) add-on is enabled')
22
+ param webAppRoutingAddon bool = true
23
+
24
+ // AAD Integration
25
+ @description('Enable Azure Active Directory integration')
26
+ param enableAad bool = false
27
+
28
+ @description('Enable RBAC using AAD')
29
+ param enableAzureRbac bool = false
30
+
31
+ @description('The Tenant ID associated to the Azure Active Directory')
32
+ param aadTenantId string = tenant().tenantId
33
+
34
+ @description('The load balancer SKU to use for ingress into the AKS cluster')
35
+ @allowed([ 'basic', 'standard' ])
36
+ param loadBalancerSku string = 'standard'
37
+
38
+ @description('Network plugin used for building the Kubernetes network.')
39
+ @allowed([ 'azure', 'kubenet', 'none' ])
40
+ param networkPlugin string = 'azure'
41
+
42
+ @description('Network policy used for building the Kubernetes network.')
43
+ @allowed([ 'azure', 'calico' ])
44
+ param networkPolicy string = 'azure'
45
+
46
+ @description('If set to true, getting static credentials will be disabled for this cluster.')
47
+ param disableLocalAccounts bool = false
48
+
49
+ @description('The managed cluster SKU.')
50
+ @allowed([ 'Free', 'Paid', 'Standard' ])
51
+ param sku string = 'Free'
52
+
53
+ @description('Configuration of AKS add-ons')
54
+ param addOns object = {}
55
+
56
+ @description('The log analytics workspace id used for logging & monitoring')
57
+ param workspaceId string = ''
58
+
59
+ @description('The node pool configuration for the System agent pool')
60
+ param systemPoolConfig object
61
+
62
+ @description('The DNS prefix to associate with the AKS cluster')
63
+ param dnsPrefix string = ''
64
+
65
+ resource aks 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' = {
66
+ name: name
67
+ location: location
68
+ tags: tags
69
+ identity: {
70
+ type: 'SystemAssigned'
71
+ }
72
+ sku: {
73
+ name: 'Base'
74
+ tier: sku
75
+ }
76
+ properties: {
77
+ nodeResourceGroup: !empty(nodeResourceGroupName) ? nodeResourceGroupName : 'rg-mc-${name}'
78
+ kubernetesVersion: kubernetesVersion
79
+ dnsPrefix: empty(dnsPrefix) ? '${name}-dns' : dnsPrefix
80
+ enableRBAC: enableRbac
81
+ aadProfile: enableAad ? {
82
+ managed: true
83
+ enableAzureRBAC: enableAzureRbac
84
+ tenantID: aadTenantId
85
+ } : null
86
+ agentPoolProfiles: [
87
+ systemPoolConfig
88
+ ]
89
+ networkProfile: {
90
+ loadBalancerSku: loadBalancerSku
91
+ networkPlugin: networkPlugin
92
+ networkPolicy: networkPolicy
93
+ }
94
+ disableLocalAccounts: disableLocalAccounts && enableAad
95
+ addonProfiles: addOns
96
+ ingressProfile: {
97
+ webAppRouting: {
98
+ enabled: webAppRoutingAddon
99
+ }
100
+ }
101
+ }
102
+ }
103
+
104
+ var aksDiagCategories = [
105
+ 'cluster-autoscaler'
106
+ 'kube-controller-manager'
107
+ 'kube-audit-admin'
108
+ 'guard'
109
+ ]
110
+
111
+ // TODO: Update diagnostics to be its own module
112
+ // Blocking issue: https://github.com/Azure/bicep/issues/622
113
+ // Unable to pass in a `resource` scope or unable to use string interpolation in resource types
114
+ resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
115
+ name: 'aks-diagnostics'
116
+ scope: aks
117
+ properties: {
118
+ workspaceId: workspaceId
119
+ logs: [for category in aksDiagCategories: {
120
+ category: category
121
+ enabled: true
122
+ }]
123
+ metrics: [
124
+ {
125
+ category: 'AllMetrics'
126
+ enabled: true
127
+ }
128
+ ]
129
+ }
130
+ }
131
+
132
+ @description('The resource name of the AKS cluster')
133
+ output clusterName string = aks.name
134
+
135
+ @description('The AKS cluster identity')
136
+ output clusterIdentity object = {
137
+ clientId: aks.properties.identityProfile.kubeletidentity.clientId
138
+ objectId: aks.properties.identityProfile.kubeletidentity.objectId
139
+ resourceId: aks.properties.identityProfile.kubeletidentity.resourceId
140
+ }