RubyGems - azd - Versions diffs - 0.9.0 - Mend

azd 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

data/lib/generators/templates/infra/core/host/container-app.bicep ADDED Viewed

@@ -0,0 +1,165 @@
+metadata description = 'Creates a container app in an Azure Container App environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('Allowed origins')
+param allowedOrigins array = []
+@description('Name of the environment for container apps')
+param containerAppsEnvironmentName string
+@description('CPU cores allocated to a single container instance, e.g., 0.5')
+param containerCpuCoreCount string = '0.5'
+@description('The maximum number of replicas to run. Must be at least 1.')
+@minValue(1)
+param containerMaxReplicas int = 10
+@description('Memory allocated to a single container instance, e.g., 1Gi')
+param containerMemory string = '1.0Gi'
+@description('The minimum number of replicas to run. Must be at least 1.')
+param containerMinReplicas int = 1
+@description('The name of the container')
+param containerName string = 'main'
+@description('The name of the container registry')
+param containerRegistryName string = ''
+@description('Hostname suffix for container registry. Set when deploying to sovereign clouds')
+param containerRegistryHostSuffix string = 'azurecr.io'
+@description('The protocol used by Dapr to connect to the app, e.g., http or grpc')
+@allowed([ 'http', 'grpc' ])
+param daprAppProtocol string = 'http'
+@description('The Dapr app ID')
+param daprAppId string = containerName
+@description('Enable Dapr')
+param daprEnabled bool = false
+@description('The environment variables for the container')
+param env array = []
+@description('Specifies if the resource ingress is exposed externally')
+param external bool = true
+@description('The name of the user-assigned identity')
+param identityName string = ''
+@description('The type of identity for the resource')
+@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ])
+param identityType string = 'None'
+@description('The name of the container image')
+param imageName string = ''
+@description('Specifies if Ingress is enabled for the container app')
+param ingressEnabled bool = true
+param revisionMode string = 'Single'
+@description('The secrets required for the container')
+param secrets array = []
+@description('The service binds associated with the container')
+param serviceBinds array = []
+@description('The name of the container apps add-on to use. e.g. redis')
+param serviceType string = ''
+@description('The target port for the container')
+param targetPort int = 80
+resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) {
+  name: identityName
+}
+// Private registry support requires both an ACR name and a User Assigned managed identity
+var usePrivateRegistry = !empty(identityName) && !empty(containerRegistryName)
+// Automatically set to `UserAssigned` when an `identityName` has been set
+var normalizedIdentityType = !empty(identityName) ? 'UserAssigned' : identityType
+module containerRegistryAccess '../security/registry-access.bicep' = if (usePrivateRegistry) {
+  name: '${deployment().name}-registry-access'
+  params: {
+    containerRegistryName: containerRegistryName
+    principalId: usePrivateRegistry ? userIdentity.properties.principalId : ''
+  }
+}
+resource app 'Microsoft.App/containerApps@2023-05-02-preview' = {
+  name: name
+  location: location
+  tags: tags
+  // It is critical that the identity is granted ACR pull access before the app is created
+  // otherwise the container app will throw a provision error
+  // This also forces us to use an user assigned managed identity since there would no way to
+  // provide the system assigned identity with the ACR pull access before the app is created
+  dependsOn: usePrivateRegistry ? [ containerRegistryAccess ] : []
+  identity: {
+    type: normalizedIdentityType
+    userAssignedIdentities: !empty(identityName) && normalizedIdentityType == 'UserAssigned' ? { '${userIdentity.id}': {} } : null
+  }
+  properties: {
+    managedEnvironmentId: containerAppsEnvironment.id
+    configuration: {
+      activeRevisionsMode: revisionMode
+      ingress: ingressEnabled ? {
+        external: external
+        targetPort: targetPort
+        transport: 'auto'
+        corsPolicy: {
+          allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
+        }
+      } : null
+      dapr: daprEnabled ? {
+        enabled: true
+        appId: daprAppId
+        appProtocol: daprAppProtocol
+        appPort: ingressEnabled ? targetPort : 0
+      } : { enabled: false }
+      secrets: secrets
+      service: !empty(serviceType) ? { type: serviceType } : null
+      registries: usePrivateRegistry ? [
+        {
+          server: '${containerRegistryName}.${containerRegistryHostSuffix}'
+          identity: userIdentity.id
+        }
+      ] : []
+    }
+    template: {
+      serviceBinds: !empty(serviceBinds) ? serviceBinds : null
+      containers: [
+        {
+          image: !empty(imageName) ? imageName : 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+          name: containerName
+          env: env
+          resources: {
+            cpu: json(containerCpuCoreCount)
+            memory: containerMemory
+          }
+        }
+      ]
+      scale: {
+        minReplicas: containerMinReplicas
+        maxReplicas: containerMaxReplicas
+      }
+    }
+  }
+}
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' existing = {
+  name: containerAppsEnvironmentName
+}
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output identityPrincipalId string = normalizedIdentityType == 'None' ? '' : (empty(identityName) ? app.identity.principalId : userIdentity.properties.principalId)
+output imageName string = imageName
+output name string = app.name
+output serviceBind object = !empty(serviceType) ? { serviceId: app.id, name: name } : {}
+output uri string = ingressEnabled ? 'https://${app.properties.configuration.ingress.fqdn}' : ''

data/lib/generators/templates/infra/core/host/container-apps-environment.bicep ADDED Viewed

@@ -0,0 +1,41 @@
+metadata description = 'Creates an Azure Container Apps environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('Name of the Application Insights resource')
+param applicationInsightsName string = ''
+@description('Specifies if Dapr is enabled')
+param daprEnabled bool = false
+@description('Name of the Log Analytics workspace')
+param logAnalyticsWorkspaceName string
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: logAnalyticsWorkspace.properties.customerId
+        sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey
+      }
+    }
+    daprAIInstrumentationKey: daprEnabled && !empty(applicationInsightsName) ? applicationInsights.properties.InstrumentationKey : ''
+  }
+}
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+  name: logAnalyticsWorkspaceName
+}
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (daprEnabled && !empty(applicationInsightsName)) {
+  name: applicationInsightsName
+}
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output id string = containerAppsEnvironment.id
+output name string = containerAppsEnvironment.name

data/lib/generators/templates/infra/core/host/container-apps.bicep ADDED Viewed

@@ -0,0 +1,40 @@
+metadata description = 'Creates an Azure Container Registry and an Azure Container Apps environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param containerAppsEnvironmentName string
+param containerRegistryName string
+param containerRegistryResourceGroupName string = ''
+param containerRegistryAdminUserEnabled bool = false
+param logAnalyticsWorkspaceName string
+param applicationInsightsName string = ''
+module containerAppsEnvironment 'container-apps-environment.bicep' = {
+  name: '${name}-container-apps-environment'
+  params: {
+    name: containerAppsEnvironmentName
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
+    applicationInsightsName: applicationInsightsName
+  }
+}
+module containerRegistry 'container-registry.bicep' = {
+  name: '${name}-container-registry'
+  scope: !empty(containerRegistryResourceGroupName) ? resourceGroup(containerRegistryResourceGroupName) : resourceGroup()
+  params: {
+    name: containerRegistryName
+    location: location
+    adminUserEnabled: containerRegistryAdminUserEnabled
+    tags: tags
+  }
+}
+output defaultDomain string = containerAppsEnvironment.outputs.defaultDomain
+output environmentName string = containerAppsEnvironment.outputs.name
+output environmentId string = containerAppsEnvironment.outputs.id
+output registryLoginServer string = containerRegistry.outputs.loginServer
+output registryName string = containerRegistry.outputs.name

data/lib/generators/templates/infra/core/host/container-registry.bicep ADDED Viewed

@@ -0,0 +1,83 @@
+metadata description = 'Creates an Azure Container Registry.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('Indicates whether admin user is enabled')
+param adminUserEnabled bool = false
+@description('Indicates whether anonymous pull is enabled')
+param anonymousPullEnabled bool = false
+@description('Indicates whether data endpoint is enabled')
+param dataEndpointEnabled bool = false
+@description('Encryption settings')
+param encryption object = {
+  status: 'disabled'
+}
+@description('Options for bypassing network rules')
+param networkRuleBypassOptions string = 'AzureServices'
+@description('Public network access setting')
+param publicNetworkAccess string = 'Enabled'
+@description('SKU settings')
+param sku object = {
+  name: 'Basic'
+}
+@description('Zone redundancy setting')
+param zoneRedundancy string = 'Disabled'
+@description('The log analytics workspace ID used for logging and monitoring')
+param workspaceId string = ''
+// 2023-01-01-preview needed for anonymousPullEnabled
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    adminUserEnabled: adminUserEnabled
+    anonymousPullEnabled: anonymousPullEnabled
+    dataEndpointEnabled: dataEndpointEnabled
+    encryption: encryption
+    networkRuleBypassOptions: networkRuleBypassOptions
+    publicNetworkAccess: publicNetworkAccess
+    zoneRedundancy: zoneRedundancy
+  }
+}
+// TODO: Update diagnostics to be its own module
+// Blocking issue: https://github.com/Azure/bicep/issues/622
+// Unable to pass in a `resource` scope or unable to use string interpolation in resource types
+resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
+  name: 'registry-diagnostics'
+  scope: containerRegistry
+  properties: {
+    workspaceId: workspaceId
+    logs: [
+      {
+        category: 'ContainerRegistryRepositoryEvents'
+        enabled: true
+      }
+      {
+        category: 'ContainerRegistryLoginEvents'
+        enabled: true
+      }
+    ]
+    metrics: [
+      {
+        category: 'AllMetrics'
+        enabled: true
+        timeGrain: 'PT1M'
+      }
+    ]
+  }
+}
+output loginServer string = containerRegistry.properties.loginServer
+output name string = containerRegistry.name

data/lib/generators/templates/infra/core/host/functions.bicep ADDED Viewed

@@ -0,0 +1,86 @@
+metadata description = 'Creates an Azure Function in an existing Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+// Reference Properties
+param applicationInsightsName string = ''
+param appServicePlanId string
+param keyVaultName string = ''
+param managedIdentity bool = !empty(keyVaultName)
+param storageAccountName string
+// Runtime Properties
+@allowed([
+  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
+])
+param runtimeName string
+param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
+param runtimeVersion string
+// Function Settings
+@allowed([
+  '~4', '~3', '~2', '~1'
+])
+param extensionVersion string = '~4'
+// Microsoft.Web/sites Properties
+param kind string = 'functionapp,linux'
+// Microsoft.Web/sites/config
+param allowedOrigins array = []
+param alwaysOn bool = true
+param appCommandLine string = ''
+@secure()
+param appSettings object = {}
+param clientAffinityEnabled bool = false
+param enableOryxBuild bool = contains(kind, 'linux')
+param functionAppScaleLimit int = -1
+param linuxFxVersion string = runtimeNameAndVersion
+param minimumElasticInstanceCount int = -1
+param numberOfWorkers int = -1
+param scmDoBuildDuringDeployment bool = true
+param use32BitWorkerProcess bool = false
+param healthCheckPath string = ''
+module functions 'appservice.bicep' = {
+  name: '${name}-functions'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    allowedOrigins: allowedOrigins
+    alwaysOn: alwaysOn
+    appCommandLine: appCommandLine
+    applicationInsightsName: applicationInsightsName
+    appServicePlanId: appServicePlanId
+    appSettings: union(appSettings, {
+        AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}'
+        FUNCTIONS_EXTENSION_VERSION: extensionVersion
+        FUNCTIONS_WORKER_RUNTIME: runtimeName
+      })
+    clientAffinityEnabled: clientAffinityEnabled
+    enableOryxBuild: enableOryxBuild
+    functionAppScaleLimit: functionAppScaleLimit
+    healthCheckPath: healthCheckPath
+    keyVaultName: keyVaultName
+    kind: kind
+    linuxFxVersion: linuxFxVersion
+    managedIdentity: managedIdentity
+    minimumElasticInstanceCount: minimumElasticInstanceCount
+    numberOfWorkers: numberOfWorkers
+    runtimeName: runtimeName
+    runtimeVersion: runtimeVersion
+    runtimeNameAndVersion: runtimeNameAndVersion
+    scmDoBuildDuringDeployment: scmDoBuildDuringDeployment
+    use32BitWorkerProcess: use32BitWorkerProcess
+  }
+}
+resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
+  name: storageAccountName
+}
+output identityPrincipalId string = managedIdentity ? functions.outputs.identityPrincipalId : ''
+output name string = functions.outputs.name
+output uri string = functions.outputs.uri

data/lib/generators/templates/infra/core/host/staticwebapp.bicep ADDED Viewed

@@ -0,0 +1,22 @@
+metadata description = 'Creates an Azure Static Web Apps instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param sku object = {
+  name: 'Free'
+  tier: 'Free'
+}
+resource web 'Microsoft.Web/staticSites@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    provider: 'Custom'
+  }
+}
+output name string = web.name
+output uri string = 'https://${web.properties.defaultHostname}'