RubyGems - azd - Versions diffs - 0.9.0 - Mend

azd 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

data/lib/generators/templates/infra/core/monitor/applicationinsights.bicep ADDED Viewed

@@ -0,0 +1,30 @@
+metadata description = 'Creates an Application Insights instance based on an existing Log Analytics workspace.'
+param name string
+param dashboardName string = ''
+param location string = resourceGroup().location
+param tags object = {}
+param logAnalyticsWorkspaceId string
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+  name: name
+  location: location
+  tags: tags
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    WorkspaceResourceId: logAnalyticsWorkspaceId
+  }
+}
+module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' = if (!empty(dashboardName)) {
+  name: 'application-insights-dashboard'
+  params: {
+    name: dashboardName
+    location: location
+    applicationInsightsName: applicationInsights.name
+  }
+}
+output connectionString string = applicationInsights.properties.ConnectionString
+output instrumentationKey string = applicationInsights.properties.InstrumentationKey
+output name string = applicationInsights.name

data/lib/generators/templates/infra/core/monitor/loganalytics.bicep ADDED Viewed

@@ -0,0 +1,22 @@
+metadata description = 'Creates a Log Analytics workspace.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  properties: any({
+    retentionInDays: 30
+    features: {
+      searchVersion: 1
+    }
+    sku: {
+      name: 'PerGB2018'
+    }
+  })
+}
+output id string = logAnalytics.id
+output name string = logAnalytics.name

data/lib/generators/templates/infra/core/monitor/monitoring.bicep ADDED Viewed

@@ -0,0 +1,32 @@
+metadata description = 'Creates an Application Insights instance and a Log Analytics workspace.'
+param logAnalyticsName string
+param applicationInsightsName string
+param applicationInsightsDashboardName string = ''
+param location string = resourceGroup().location
+param tags object = {}
+module logAnalytics 'loganalytics.bicep' = {
+  name: 'loganalytics'
+  params: {
+    name: logAnalyticsName
+    location: location
+    tags: tags
+  }
+}
+module applicationInsights 'applicationinsights.bicep' = {
+  name: 'applicationinsights'
+  params: {
+    name: applicationInsightsName
+    location: location
+    tags: tags
+    dashboardName: applicationInsightsDashboardName
+    logAnalyticsWorkspaceId: logAnalytics.outputs.id
+  }
+}
+output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString
+output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey
+output applicationInsightsName string = applicationInsights.outputs.name
+output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
+output logAnalyticsWorkspaceName string = logAnalytics.outputs.name

data/lib/generators/templates/infra/core/networking/cdn-endpoint.bicep ADDED Viewed

@@ -0,0 +1,52 @@
+metadata description = 'Adds an endpoint to an Azure CDN profile.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The name of the CDN profile resource')
+@minLength(1)
+param cdnProfileName string
+@description('Delivery policy rules')
+param deliveryPolicyRules array = []
+@description('The origin URL for the endpoint')
+@minLength(1)
+param originUrl string
+resource endpoint 'Microsoft.Cdn/profiles/endpoints@2022-05-01-preview' = {
+  parent: cdnProfile
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    originHostHeader: originUrl
+    isHttpAllowed: false
+    isHttpsAllowed: true
+    queryStringCachingBehavior: 'UseQueryString'
+    optimizationType: 'GeneralWebDelivery'
+    origins: [
+      {
+        name: replace(originUrl, '.', '-')
+        properties: {
+          hostName: originUrl
+          originHostHeader: originUrl
+          priority: 1
+          weight: 1000
+          enabled: true
+        }
+      }
+    ]
+    deliveryPolicy: {
+      rules: deliveryPolicyRules
+    }
+  }
+}
+resource cdnProfile 'Microsoft.Cdn/profiles@2022-05-01-preview' existing = {
+  name: cdnProfileName
+}
+output id string = endpoint.id
+output name string = endpoint.name
+output uri string = 'https://${endpoint.properties.hostName}'

data/lib/generators/templates/infra/core/networking/cdn-profile.bicep ADDED Viewed

@@ -0,0 +1,34 @@
+metadata description = 'Creates an Azure CDN profile.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The pricing tier of this CDN profile')
+@allowed([
+  'Custom_Verizon'
+  'Premium_AzureFrontDoor'
+  'Premium_Verizon'
+  'StandardPlus_955BandWidth_ChinaCdn'
+  'StandardPlus_AvgBandWidth_ChinaCdn'
+  'StandardPlus_ChinaCdn'
+  'Standard_955BandWidth_ChinaCdn'
+  'Standard_Akamai'
+  'Standard_AvgBandWidth_ChinaCdn'
+  'Standard_AzureFrontDoor'
+  'Standard_ChinaCdn'
+  'Standard_Microsoft'
+  'Standard_Verizon'
+])
+param sku string = 'Standard_Microsoft'
+resource profile 'Microsoft.Cdn/profiles@2022-05-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  sku: {
+    name: sku
+  }
+}
+output id string = profile.id
+output name string = profile.name

data/lib/generators/templates/infra/core/networking/cdn.bicep ADDED Viewed

@@ -0,0 +1,42 @@
+metadata description = 'Creates an Azure CDN profile with a single endpoint.'
+param location string = resourceGroup().location
+param tags object = {}
+@description('Name of the CDN endpoint resource')
+param cdnEndpointName string
+@description('Name of the CDN profile resource')
+param cdnProfileName string
+@description('Delivery policy rules')
+param deliveryPolicyRules array = []
+@description('Origin URL for the CDN endpoint')
+param originUrl string
+module cdnProfile 'cdn-profile.bicep' = {
+  name: 'cdn-profile'
+  params: {
+    name: cdnProfileName
+    location: location
+    tags: tags
+  }
+}
+module cdnEndpoint 'cdn-endpoint.bicep' = {
+  name: 'cdn-endpoint'
+  params: {
+    name: cdnEndpointName
+    location: location
+    tags: tags
+    cdnProfileName: cdnProfile.outputs.name
+    originUrl: originUrl
+    deliveryPolicyRules: deliveryPolicyRules
+  }
+}
+output endpointName string = cdnEndpoint.outputs.name
+output endpointId string = cdnEndpoint.outputs.id
+output profileName string = cdnProfile.outputs.name
+output profileId string = cdnProfile.outputs.id
+output uri string = cdnEndpoint.outputs.uri

data/lib/generators/templates/infra/core/search/search-services.bicep ADDED Viewed

@@ -0,0 +1,68 @@
+metadata description = 'Creates an Azure AI Search instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param sku object = {
+  name: 'standard'
+}
+param authOptions object = {}
+param disableLocalAuth bool = false
+param disabledDataExfiltrationOptions array = []
+param encryptionWithCmk object = {
+  enforcement: 'Unspecified'
+}
+@allowed([
+  'default'
+  'highDensity'
+])
+param hostingMode string = 'default'
+param networkRuleSet object = {
+  bypass: 'None'
+  ipRules: []
+}
+param partitionCount int = 1
+@allowed([
+  'enabled'
+  'disabled'
+])
+param publicNetworkAccess string = 'enabled'
+param replicaCount int = 1
+@allowed([
+  'disabled'
+  'free'
+  'standard'
+])
+param semanticSearch string = 'disabled'
+var searchIdentityProvider = (sku.name == 'free') ? null : {
+  type: 'SystemAssigned'
+}
+resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = {
+  name: name
+  location: location
+  tags: tags
+  // The free tier does not support managed identity
+  identity: searchIdentityProvider
+  properties: {
+    authOptions: authOptions
+    disableLocalAuth: disableLocalAuth
+    disabledDataExfiltrationOptions: disabledDataExfiltrationOptions
+    encryptionWithCmk: encryptionWithCmk
+    hostingMode: hostingMode
+    networkRuleSet: networkRuleSet
+    partitionCount: partitionCount
+    publicNetworkAccess: publicNetworkAccess
+    replicaCount: replicaCount
+    semanticSearch: semanticSearch
+  }
+  sku: sku
+}
+output id string = search.id
+output endpoint string = 'https://${name}.search.windows.net/'
+output name string = search.name
+output principalId string = !empty(searchIdentityProvider) ? search.identity.principalId : ''

data/lib/generators/templates/infra/core/security/aks-managed-cluster-access.bicep ADDED Viewed

@@ -0,0 +1,19 @@
+metadata description = 'Assigns RBAC role to the specified AKS cluster and principal.'
+param clusterName string
+param principalId string
+var aksClusterAdminRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b')
+resource aksRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: aksCluster // Use when specifying a scope that is different than the deployment scope
+  name: guid(subscription().id, resourceGroup().id, principalId, aksClusterAdminRole)
+  properties: {
+    roleDefinitionId: aksClusterAdminRole
+    principalType: 'User'
+    principalId: principalId
+  }
+}
+resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-10-02-preview' existing = {
+  name: clusterName
+}

data/lib/generators/templates/infra/core/security/configstore-access.bicep ADDED Viewed

@@ -0,0 +1,21 @@
+@description('Name of Azure App Configuration store')
+param configStoreName string
+@description('The principal ID of the service principal to assign the role to')
+param principalId string
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
+  name: configStoreName
+}
+var configStoreDataReaderRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071')
+resource configStoreDataReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, principalId, configStoreDataReaderRole)
+  scope: configStore
+  properties: {
+    roleDefinitionId: configStoreDataReaderRole
+    principalId: principalId
+    principalType: 'ServicePrincipal'
+  }
+}

data/lib/generators/templates/infra/core/security/keyvault-access.bicep ADDED Viewed

@@ -0,0 +1,22 @@
+metadata description = 'Assigns an Azure Key Vault access policy.'
+param name string = 'add'
+param keyVaultName string
+param permissions object = { secrets: [ 'get', 'list' ] }
+param principalId string
+resource keyVaultAccessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
+  parent: keyVault
+  name: name
+  properties: {
+    accessPolicies: [ {
+        objectId: principalId
+        tenantId: subscription().tenantId
+        permissions: permissions
+      } ]
+  }
+}
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}

data/lib/generators/templates/infra/core/security/keyvault-secret.bicep ADDED Viewed

@@ -0,0 +1,31 @@
+metadata description = 'Creates or updates a secret in an Azure Key Vault.'
+param name string
+param tags object = {}
+param keyVaultName string
+param contentType string = 'string'
+@description('The value of the secret. Provide only derived values like blob storage access, but do not hard code any secrets in your templates')
+@secure()
+param secretValue string
+param enabled bool = true
+param exp int = 0
+param nbf int = 0
+resource keyVaultSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+  name: name
+  tags: tags
+  parent: keyVault
+  properties: {
+    attributes: {
+      enabled: enabled
+      exp: exp
+      nbf: nbf
+    }
+    contentType: contentType
+    value: secretValue
+  }
+}
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}

data/lib/generators/templates/infra/core/security/keyvault.bicep ADDED Viewed

@@ -0,0 +1,31 @@
+metadata description = 'Creates an Azure Key Vault.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param identityName string = ''
+resource userIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(identityName)) {
+  name: identityName
+}
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    tenantId: subscription().tenantId
+    sku: { family: 'A', name: 'standard' }
+    accessPolicies: !empty(userIdentity.properties.principalId) ? [
+      {
+        objectId: userIdentity.properties.principalId
+        permissions: { secrets: [ 'get', 'list' ] }
+        tenantId: subscription().tenantId
+      }
+    ] : []
+  }
+}
+output endpoint string = keyVault.properties.vaultUri
+output name string = keyVault.name
+output principalId string = userIdentity.properties.principalId

data/lib/generators/templates/infra/core/security/registry-access.bicep ADDED Viewed

@@ -0,0 +1,19 @@
+metadata description = 'Assigns ACR Pull permissions to access an Azure Container Registry.'
+param containerRegistryName string
+param principalId string
+var acrPullRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
+resource aksAcrPull 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: containerRegistry // Use when specifying a scope that is different than the deployment scope
+  name: guid(subscription().id, resourceGroup().id, principalId, acrPullRole)
+  properties: {
+    roleDefinitionId: acrPullRole
+    principalType: 'ServicePrincipal'
+    principalId: principalId
+  }
+}
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' existing = {
+  name: containerRegistryName
+}

data/lib/generators/templates/infra/core/security/role.bicep ADDED Viewed

@@ -0,0 +1,21 @@
+metadata description = 'Creates a role assignment for a service principal.'
+param principalId string
+@allowed([
+  'Device'
+  'ForeignGroup'
+  'Group'
+  'ServicePrincipal'
+  'User'
+])
+param principalType string = 'ServicePrincipal'
+param roleDefinitionId string
+resource role 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, principalId, roleDefinitionId)
+  properties: {
+    principalId: principalId
+    principalType: principalType
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+  }
+}

data/lib/generators/templates/infra/core/storage/storage-account.bicep ADDED Viewed

@@ -0,0 +1,64 @@
+metadata description = 'Creates an Azure storage account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@allowed([
+  'Cool'
+  'Hot'
+  'Premium' ])
+param accessTier string = 'Hot'
+param allowBlobPublicAccess bool = true
+param allowCrossTenantReplication bool = true
+param allowSharedKeyAccess bool = true
+param containers array = []
+param defaultToOAuthAuthentication bool = false
+param deleteRetentionPolicy object = {}
+@allowed([ 'AzureDnsZone', 'Standard' ])
+param dnsEndpointType string = 'Standard'
+param kind string = 'StorageV2'
+param minimumTlsVersion string = 'TLS1_2'
+param supportsHttpsTrafficOnly bool = true
+param networkAcls object = {
+  bypass: 'AzureServices'
+  defaultAction: 'Allow'
+}
+@allowed([ 'Enabled', 'Disabled' ])
+param publicNetworkAccess string = 'Enabled'
+param sku object = { name: 'Standard_LRS' }
+resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  sku: sku
+  properties: {
+    accessTier: accessTier
+    allowBlobPublicAccess: allowBlobPublicAccess
+    allowCrossTenantReplication: allowCrossTenantReplication
+    allowSharedKeyAccess: allowSharedKeyAccess
+    defaultToOAuthAuthentication: defaultToOAuthAuthentication
+    dnsEndpointType: dnsEndpointType
+    minimumTlsVersion: minimumTlsVersion
+    networkAcls: networkAcls
+    publicNetworkAccess: publicNetworkAccess
+    supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
+  }
+  resource blobServices 'blobServices' = if (!empty(containers)) {
+    name: 'default'
+    properties: {
+      deleteRetentionPolicy: deleteRetentionPolicy
+    }
+    resource container 'containers' = [for container in containers: {
+      name: container.name
+      properties: {
+        publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None'
+      }
+    }]
+  }
+}
+output name string = storage.name
+output primaryEndpoints object = storage.properties.primaryEndpoints

data/lib/generators/templates/infra/core/testing/loadtesting.bicep ADDED Viewed

@@ -0,0 +1,15 @@
+param name string
+param location string = resourceGroup().location
+param managedIdentity bool = false
+param tags object = {}
+resource loadTest 'Microsoft.LoadTestService/loadTests@2022-12-01' = {
+  name: name
+  location: location
+  tags: tags
+  identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
+  properties: {
+  }
+}
+output loadTestingName string = loadTest.name

data/lib/generators/templates/infra/identity.bicep ADDED Viewed

@@ -0,0 +1,20 @@
+//
+// Module that creates a user assigned managed identity
+//
+@description('Name of the user assigned managed identity to creates')
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+resource webIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: name
+  location: location
+  tags: tags
+}
+@description('Name of the created user managed identity')
+output name string = webIdentity.name
+@description('Principal ID of the created user managed identity')
+output principalId string = webIdentity.properties.principalId