azd 0.9.0

data/lib/generators/templates/infra/core/host/container-app.bicep

@@ -0,0 +1,165 @@
+metadata description = 'Creates a container app in an Azure Container App environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@description('Allowed origins')
+param allowedOrigins array = []
+
+@description('Name of the environment for container apps')
+param containerAppsEnvironmentName string
+
+@description('CPU cores allocated to a single container instance, e.g., 0.5')
+param containerCpuCoreCount string = '0.5'
+
+@description('The maximum number of replicas to run. Must be at least 1.')
+@minValue(1)
+param containerMaxReplicas int = 10
+
+@description('Memory allocated to a single container instance, e.g., 1Gi')
+param containerMemory string = '1.0Gi'
+
+@description('The minimum number of replicas to run. Must be at least 1.')
+param containerMinReplicas int = 1
+
+@description('The name of the container')
+param containerName string = 'main'
+
+@description('The name of the container registry')
+param containerRegistryName string = ''
+
+@description('Hostname suffix for container registry. Set when deploying to sovereign clouds')
+param containerRegistryHostSuffix string = 'azurecr.io'
+
+@description('The protocol used by Dapr to connect to the app, e.g., http or grpc')
+@allowed([ 'http', 'grpc' ])
+param daprAppProtocol string = 'http'
+
+@description('The Dapr app ID')
+param daprAppId string = containerName
+
+@description('Enable Dapr')
+param daprEnabled bool = false
+
+@description('The environment variables for the container')
+param env array = []
+
+@description('Specifies if the resource ingress is exposed externally')
+param external bool = true
+
+@description('The name of the user-assigned identity')
+param identityName string = ''
+
+@description('The type of identity for the resource')
+@allowed([ 'None', 'SystemAssigned', 'UserAssigned' ])
+param identityType string = 'None'
+
+@description('The name of the container image')
+param imageName string = ''
+
+@description('Specifies if Ingress is enabled for the container app')
+param ingressEnabled bool = true
+
+param revisionMode string = 'Single'
+
+@description('The secrets required for the container')
+param secrets array = []
+
+@description('The service binds associated with the container')
+param serviceBinds array = []
+
+@description('The name of the container apps add-on to use. e.g. redis')
+param serviceType string = ''
+
+@description('The target port for the container')
+param targetPort int = 80
+
+resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) {
+  name: identityName
+}
+
+// Private registry support requires both an ACR name and a User Assigned managed identity
+var usePrivateRegistry = !empty(identityName) && !empty(containerRegistryName)
+
+// Automatically set to `UserAssigned` when an `identityName` has been set
+var normalizedIdentityType = !empty(identityName) ? 'UserAssigned' : identityType
+
+module containerRegistryAccess '../security/registry-access.bicep' = if (usePrivateRegistry) {
+  name: '${deployment().name}-registry-access'
+  params: {
+    containerRegistryName: containerRegistryName
+    principalId: usePrivateRegistry ? userIdentity.properties.principalId : ''
+  }
+}
+
+resource app 'Microsoft.App/containerApps@2023-05-02-preview' = {
+  name: name
+  location: location
+  tags: tags
+  // It is critical that the identity is granted ACR pull access before the app is created
+  // otherwise the container app will throw a provision error
+  // This also forces us to use an user assigned managed identity since there would no way to 
+  // provide the system assigned identity with the ACR pull access before the app is created
+  dependsOn: usePrivateRegistry ? [ containerRegistryAccess ] : []
+  identity: {
+    type: normalizedIdentityType
+    userAssignedIdentities: !empty(identityName) && normalizedIdentityType == 'UserAssigned' ? { '${userIdentity.id}': {} } : null
+  }
+  properties: {
+    managedEnvironmentId: containerAppsEnvironment.id
+    configuration: {
+      activeRevisionsMode: revisionMode
+      ingress: ingressEnabled ? {
+        external: external
+        targetPort: targetPort
+        transport: 'auto'
+        corsPolicy: {
+          allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
+        }
+      } : null
+      dapr: daprEnabled ? {
+        enabled: true
+        appId: daprAppId
+        appProtocol: daprAppProtocol
+        appPort: ingressEnabled ? targetPort : 0
+      } : { enabled: false }
+      secrets: secrets
+      service: !empty(serviceType) ? { type: serviceType } : null
+      registries: usePrivateRegistry ? [
+        {
+          server: '${containerRegistryName}.${containerRegistryHostSuffix}'
+          identity: userIdentity.id
+        }
+      ] : []
+    }
+    template: {
+      serviceBinds: !empty(serviceBinds) ? serviceBinds : null
+      containers: [
+        {
+          image: !empty(imageName) ? imageName : 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
+          name: containerName
+          env: env
+          resources: {
+            cpu: json(containerCpuCoreCount)
+            memory: containerMemory
+          }
+        }
+      ]
+      scale: {
+        minReplicas: containerMinReplicas
+        maxReplicas: containerMaxReplicas
+      }
+    }
+  }
+}
+
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' existing = {
+  name: containerAppsEnvironmentName
+}
+
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output identityPrincipalId string = normalizedIdentityType == 'None' ? '' : (empty(identityName) ? app.identity.principalId : userIdentity.properties.principalId)
+output imageName string = imageName
+output name string = app.name
+output serviceBind object = !empty(serviceType) ? { serviceId: app.id, name: name } : {}
+output uri string = ingressEnabled ? 'https://${app.properties.configuration.ingress.fqdn}' : ''

data/lib/generators/templates/infra/core/host/container-apps-environment.bicep

@@ -0,0 +1,41 @@
+metadata description = 'Creates an Azure Container Apps environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@description('Name of the Application Insights resource')
+param applicationInsightsName string = ''
+
+@description('Specifies if Dapr is enabled')
+param daprEnabled bool = false
+
+@description('Name of the Log Analytics workspace')
+param logAnalyticsWorkspaceName string
+
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    appLogsConfiguration: {
+      destination: 'log-analytics'
+      logAnalyticsConfiguration: {
+        customerId: logAnalyticsWorkspace.properties.customerId
+        sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey
+      }
+    }
+    daprAIInstrumentationKey: daprEnabled && !empty(applicationInsightsName) ? applicationInsights.properties.InstrumentationKey : ''
+  }
+}
+
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+  name: logAnalyticsWorkspaceName
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (daprEnabled && !empty(applicationInsightsName)) {
+  name: applicationInsightsName
+}
+
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
+output id string = containerAppsEnvironment.id
+output name string = containerAppsEnvironment.name

data/lib/generators/templates/infra/core/host/container-apps.bicep

@@ -0,0 +1,40 @@
+metadata description = 'Creates an Azure Container Registry and an Azure Container Apps environment.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containerAppsEnvironmentName string
+param containerRegistryName string
+param containerRegistryResourceGroupName string = ''
+param containerRegistryAdminUserEnabled bool = false
+param logAnalyticsWorkspaceName string
+param applicationInsightsName string = ''
+
+module containerAppsEnvironment 'container-apps-environment.bicep' = {
+  name: '${name}-container-apps-environment'
+  params: {
+    name: containerAppsEnvironmentName
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
+    applicationInsightsName: applicationInsightsName
+  }
+}
+
+module containerRegistry 'container-registry.bicep' = {
+  name: '${name}-container-registry'
+  scope: !empty(containerRegistryResourceGroupName) ? resourceGroup(containerRegistryResourceGroupName) : resourceGroup()
+  params: {
+    name: containerRegistryName
+    location: location
+    adminUserEnabled: containerRegistryAdminUserEnabled
+    tags: tags
+  }
+}
+
+output defaultDomain string = containerAppsEnvironment.outputs.defaultDomain
+output environmentName string = containerAppsEnvironment.outputs.name
+output environmentId string = containerAppsEnvironment.outputs.id
+
+output registryLoginServer string = containerRegistry.outputs.loginServer
+output registryName string = containerRegistry.outputs.name

data/lib/generators/templates/infra/core/host/container-registry.bicep

@@ -0,0 +1,83 @@
+metadata description = 'Creates an Azure Container Registry.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@description('Indicates whether admin user is enabled')
+param adminUserEnabled bool = false
+
+@description('Indicates whether anonymous pull is enabled')
+param anonymousPullEnabled bool = false
+
+@description('Indicates whether data endpoint is enabled')
+param dataEndpointEnabled bool = false
+
+@description('Encryption settings')
+param encryption object = {
+  status: 'disabled'
+}
+
+@description('Options for bypassing network rules')
+param networkRuleBypassOptions string = 'AzureServices'
+
+@description('Public network access setting')
+param publicNetworkAccess string = 'Enabled'
+
+@description('SKU settings')
+param sku object = {
+  name: 'Basic'
+}
+
+@description('Zone redundancy setting')
+param zoneRedundancy string = 'Disabled'
+
+@description('The log analytics workspace ID used for logging and monitoring')
+param workspaceId string = ''
+
+// 2023-01-01-preview needed for anonymousPullEnabled
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    adminUserEnabled: adminUserEnabled
+    anonymousPullEnabled: anonymousPullEnabled
+    dataEndpointEnabled: dataEndpointEnabled
+    encryption: encryption
+    networkRuleBypassOptions: networkRuleBypassOptions
+    publicNetworkAccess: publicNetworkAccess
+    zoneRedundancy: zoneRedundancy
+  }
+}
+
+// TODO: Update diagnostics to be its own module
+// Blocking issue: https://github.com/Azure/bicep/issues/622
+// Unable to pass in a `resource` scope or unable to use string interpolation in resource types
+resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) {
+  name: 'registry-diagnostics'
+  scope: containerRegistry
+  properties: {
+    workspaceId: workspaceId
+    logs: [
+      {
+        category: 'ContainerRegistryRepositoryEvents'
+        enabled: true
+      }
+      {
+        category: 'ContainerRegistryLoginEvents'
+        enabled: true
+      }
+    ]
+    metrics: [
+      {
+        category: 'AllMetrics'
+        enabled: true
+        timeGrain: 'PT1M'
+      }
+    ]
+  }
+}
+
+output loginServer string = containerRegistry.properties.loginServer
+output name string = containerRegistry.name

data/lib/generators/templates/infra/core/host/functions.bicep

@@ -0,0 +1,86 @@
+metadata description = 'Creates an Azure Function in an existing Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+// Reference Properties
+param applicationInsightsName string = ''
+param appServicePlanId string
+param keyVaultName string = ''
+param managedIdentity bool = !empty(keyVaultName)
+param storageAccountName string
+
+// Runtime Properties
+@allowed([
+  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
+])
+param runtimeName string
+param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
+param runtimeVersion string
+
+// Function Settings
+@allowed([
+  '~4', '~3', '~2', '~1'
+])
+param extensionVersion string = '~4'
+
+// Microsoft.Web/sites Properties
+param kind string = 'functionapp,linux'
+
+// Microsoft.Web/sites/config
+param allowedOrigins array = []
+param alwaysOn bool = true
+param appCommandLine string = ''
+@secure()
+param appSettings object = {}
+param clientAffinityEnabled bool = false
+param enableOryxBuild bool = contains(kind, 'linux')
+param functionAppScaleLimit int = -1
+param linuxFxVersion string = runtimeNameAndVersion
+param minimumElasticInstanceCount int = -1
+param numberOfWorkers int = -1
+param scmDoBuildDuringDeployment bool = true
+param use32BitWorkerProcess bool = false
+param healthCheckPath string = ''
+
+module functions 'appservice.bicep' = {
+  name: '${name}-functions'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    allowedOrigins: allowedOrigins
+    alwaysOn: alwaysOn
+    appCommandLine: appCommandLine
+    applicationInsightsName: applicationInsightsName
+    appServicePlanId: appServicePlanId
+    appSettings: union(appSettings, {
+        AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}'
+        FUNCTIONS_EXTENSION_VERSION: extensionVersion
+        FUNCTIONS_WORKER_RUNTIME: runtimeName
+      })
+    clientAffinityEnabled: clientAffinityEnabled
+    enableOryxBuild: enableOryxBuild
+    functionAppScaleLimit: functionAppScaleLimit
+    healthCheckPath: healthCheckPath
+    keyVaultName: keyVaultName
+    kind: kind
+    linuxFxVersion: linuxFxVersion
+    managedIdentity: managedIdentity
+    minimumElasticInstanceCount: minimumElasticInstanceCount
+    numberOfWorkers: numberOfWorkers
+    runtimeName: runtimeName
+    runtimeVersion: runtimeVersion
+    runtimeNameAndVersion: runtimeNameAndVersion
+    scmDoBuildDuringDeployment: scmDoBuildDuringDeployment
+    use32BitWorkerProcess: use32BitWorkerProcess
+  }
+}
+
+resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
+  name: storageAccountName
+}
+
+output identityPrincipalId string = managedIdentity ? functions.outputs.identityPrincipalId : ''
+output name string = functions.outputs.name
+output uri string = functions.outputs.uri

data/lib/generators/templates/infra/core/host/staticwebapp.bicep

@@ -0,0 +1,22 @@
+metadata description = 'Creates an Azure Static Web Apps instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param sku object = {
+  name: 'Free'
+  tier: 'Free'
+}
+
+resource web 'Microsoft.Web/staticSites@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  properties: {
+    provider: 'Custom'
+  }
+}
+
+output name string = web.name
+output uri string = 'https://${web.properties.defaultHostname}'