Update the infra/core modules to AVM modules (#3976)

* Convert infra/core to AVM * Add the modification of repo.yaml * Modify parameter description, spaces, etc. * Standard parameter naming * modify models.py modify models.py modify parameter name modify parameter name * fix pr2016 and pr2103 * update apim service toavm module * Add useAPIM conditional judgment update formate * update web site config to avm * add api tags * update keyvault sku * disable purge protection * disable purge protection * Add Infra/app files update function app kind update function app kind update SCM_DO_BUILD_DURING_DEPLOYMENT * modify parameters * Modify api-avm parameters * update apimapi to use ptn module * update db to infra/app * Update apim parameter, cosmos-sql * Update cosmos-mongo module name * delete the redundant parameter connectionStringKey * add monitor ptn module * add container pth module * update cosmos-mongo-db-avm output * update aks and aca to avm * Update appservice with App Insights env var * Update module name * Update module container-app-upsert version * update nodeResourceGroupName parameter * update aks * Remove redundant parameters
Azure · Feb 19, 2025 · d280c2f · d280c2f
1 parent f0f52ea
commit d280c2f
Show file tree

Hide file tree

Showing 29 changed files with 1,709 additions and 563 deletions.
diff --git a/templates/todo/common/infra/bicep/app/api-appservice-avm.bicep b/templates/todo/common/infra/bicep/app/api-appservice-avm.bicep
@@ -0,0 +1,58 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param allowedOrigins array = []
+param appCommandLine string?
+param appInsightResourceId string
+param appServicePlanId string
+@secure()
+param appSettings object = {}
+param siteConfig object = {}
+param serviceName string = 'api'
+
+@description('Required. Type of site to deploy.')
+param kind string
+
+@description('Optional. If client affinity is enabled.')
+param clientAffinityEnabled bool = true
+
+@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.')
+param storageAccountResourceId string?
+
+module api 'br/public:avm/res/web/site:0.6.0' = {
+  name: '${name}-app-module'
+  params: {
+    kind: kind
+    name: name
+    serverFarmResourceId: appServicePlanId
+    tags: union(tags, { 'azd-service-name': serviceName })
+    location: location
+    appInsightResourceId: appInsightResourceId
+    clientAffinityEnabled: clientAffinityEnabled
+    storageAccountResourceId: storageAccountResourceId
+    managedIdentities: {
+      systemAssigned: true
+    }
+    siteConfig: union(siteConfig, {
+      cors: {
+        allowedOrigins: union(['https://portal.azure.com', 'https://ms.portal.azure.com'], allowedOrigins)
+      }
+      appCommandLine: appCommandLine
+    })
+    appSettingsKeyValuePairs: union(
+      appSettings,
+      { ENABLE_ORYX_BUILD: true, ApplicationInsightsAgent_EXTENSION_VERSION: contains(kind, 'linux') ? '~3' : '~2' }
+    )
+    logsConfiguration: {
+      applicationLogs: { fileSystem: { level: 'Verbose' } }
+      detailedErrorMessages: { enabled: true }
+      failedRequestsTracing: { enabled: true }
+      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+    }
+  }
+}
+
+output SERVICE_API_IDENTITY_PRINCIPAL_ID string = api.outputs.systemAssignedMIPrincipalId
+output SERVICE_API_NAME string = api.outputs.name
+output SERVICE_API_URI string = 'https://${api.outputs.defaultHostname}'
diff --git a/templates/todo/common/infra/bicep/app/cosmos-mongo-db-avm.bicep b/templates/todo/common/infra/bicep/app/cosmos-mongo-db-avm.bicep
@@ -0,0 +1,77 @@
+param accountName string
+param location string = resourceGroup().location
+param tags object = {}
+param cosmosDatabaseName string = ''
+param keyVaultResourceId string
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param collections array = [
+  {
+    name: 'TodoList'
+    id: 'TodoList'
+    shardKey: {
+      keys: [
+        'Hash'
+      ]
+    }
+    indexes: [
+      {
+        key: {
+          keys: [
+            '_id'
+          ]
+        }
+      }
+    ]
+  }
+  {
+    name: 'TodoItem'
+    id: 'TodoItem'
+    shardKey: {
+      keys: [
+        'Hash'
+      ]
+    }
+    indexes: [
+      {
+        key: {
+          keys: [
+            '_id'
+          ]
+        }
+      }
+    ]
+  }
+]
+
+var defaultDatabaseName = 'Todo'
+var actualDatabaseName = !empty(cosmosDatabaseName) ? cosmosDatabaseName : defaultDatabaseName
+
+module cosmos 'br/public:avm/res/document-db/database-account:0.6.0' = {
+  name: 'cosmos-mongo'
+  params: {
+    locations: [
+      {
+        failoverPriority: 0
+        isZoneRedundant: false
+        locationName: location
+      }
+    ]
+    name: accountName
+    location: location
+    mongodbDatabases: [
+      {
+        name: actualDatabaseName
+        tags: tags
+        collections: collections
+      }
+    ]
+    secretsExportConfiguration: {
+      keyVaultResourceId: keyVaultResourceId
+      primaryWriteConnectionStringSecretName: connectionStringKey
+    }
+  }
+}
+
+output connectionStringKey string = connectionStringKey
+output databaseName string = actualDatabaseName
+output endpoint string = cosmos.outputs.endpoint
diff --git a/templates/todo/common/infra/bicep/app/cosmos-sql-db-avm.bicep b/templates/todo/common/infra/bicep/app/cosmos-sql-db-avm.bicep
@@ -0,0 +1,66 @@
+param accountName string
+param location string = resourceGroup().location
+param tags object = {}
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+param databaseName string = ''
+param keyVaultResourceId string
+param principalId string = ''
+
+@allowed([
+  'Periodic'
+  'Continuous'
+])
+@description('Optional. Default to Continuous. Describes the mode of backups. Periodic backup must be used if multiple write locations are used.')
+param backupPolicyType string = 'Continuous'
+
+var defaultDatabaseName = 'Todo'
+var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName
+
+module cosmos 'br/public:avm/res/document-db/database-account:0.6.0' = {
+  name: 'cosmos-sql'
+  params: {
+    name: accountName
+    location: location
+    tags: tags
+    backupPolicyType: backupPolicyType
+    locations: [
+      {
+        failoverPriority: 0
+        locationName: location
+        isZoneRedundant: false
+      }
+    ]
+    secretsExportConfiguration:{
+      keyVaultResourceId: keyVaultResourceId
+      primaryWriteConnectionStringSecretName: connectionStringKey
+    }
+    capabilitiesToAdd: [ 'EnableServerless' ] 
+    automaticFailover: false
+    sqlDatabases: [
+      {
+        name: actualDatabaseName
+        containers: [
+          {
+            name: 'TodoList'
+            paths: [ 'id' ]
+          }
+          {
+            name: 'TodoItem'
+            paths: [ 'id' ]
+          }
+        ]
+      }
+    ] 
+    sqlRoleAssignmentsPrincipalIds: [ principalId ]
+    sqlRoleDefinitions: [
+      {
+        name: 'writer'
+      }
+    ]
+  }
+}
+
+output accountName string = cosmos.outputs.name
+output connectionStringKey string = connectionStringKey
+output databaseName string = actualDatabaseName
+output endpoint string = cosmos.outputs.endpoint
diff --git a/templates/todo/common/infra/bicep/app/sqlserver-avm.bicep b/templates/todo/common/infra/bicep/app/sqlserver-avm.bicep
@@ -0,0 +1,109 @@
+param location string = resourceGroup().location
+
+@description('Application user name')
+param appUser string 
+
+@description('SQL Server administrator name')
+param sqlAdmin string = 'sqlAdmin'
+
+@description('The name for sql database ')
+param sqlDatabaseName string = ''
+
+@description('Resource name for sql service')
+param sqlServiceName string
+
+@secure()
+@description('SQL Server administrator password')
+param sqlAdminPassword string
+
+@secure()
+@description('Application user password')
+param appUserPassword string
+
+param tags object = {}
+
+var defaultDatabaseName = 'Todo'
+var actualDatabaseName = !empty(sqlDatabaseName) ? sqlDatabaseName : defaultDatabaseName
+
+module sqlServer 'br/public:avm/res/sql/server:0.2.0' = {
+  name: 'sqlservice'
+  params: {
+    name: sqlServiceName
+    administratorLogin: sqlAdmin
+    administratorLoginPassword: sqlAdminPassword
+    location: location
+    tags: tags
+    publicNetworkAccess: 'Enabled'
+    databases: [
+      {
+        name: actualDatabaseName
+      }
+    ]
+    firewallRules: [
+      {
+        name: 'Azure Services'
+        startIpAddress: '0.0.0.1'
+        endIpAddress: '255.255.255.254'
+      }
+    ]
+  }
+}
+
+module deploymentScript 'br/public:avm/res/resources/deployment-script:0.1.3' = {
+  name: 'deployment-script'
+  params: {
+    kind: 'AzureCLI'
+    name: 'deployment-script'
+    azCliVersion: '2.37.0'
+    location: location
+    retentionInterval: 'PT1H'
+    timeout: 'PT5M'
+    cleanupPreference: 'OnSuccess'
+    environmentVariables:{
+      secureList: [
+        {
+          name: 'APPUSERNAME'
+          value: appUser
+        }
+        {
+          name: 'APPUSERPASSWORD'
+          secureValue: appUserPassword
+        }
+        {
+          name: 'DBNAME'
+          value: actualDatabaseName
+        }
+        {
+          name: 'DBSERVER'
+          value: '${sqlServer.outputs.name}${environment().suffixes.sqlServerHostname}'
+        }
+        {
+          name: 'SQLCMDPASSWORD'
+          secureValue: sqlAdminPassword
+        }
+        {
+          name: 'SQLADMIN'
+          value: sqlAdmin
+        }
+      ]
+    }
+    scriptContent: '''
+wget https://github.com/microsoft/go-sqlcmd/releases/download/v0.8.1/sqlcmd-v0.8.1-linux-x64.tar.bz2
+tar x -f sqlcmd-v0.8.1-linux-x64.tar.bz2 -C .
+
+cat <<SCRIPT_END > ./initDb.sql
+drop user if exists ${APPUSERNAME}
+go
+create user ${APPUSERNAME} with password = '${APPUSERPASSWORD}'
+go
+alter role db_owner add member ${APPUSERNAME}
+go
+SCRIPT_END
+
+./sqlcmd -S ${DBSERVER} -d ${DBNAME} -U ${SQLADMIN} -i ./initDb.sql
+    '''
+  }
+}
+
+output databaseName string = actualDatabaseName
+output sqlServerName string = sqlServer.outputs.name
diff --git a/templates/todo/common/infra/bicep/app/web-appservice-avm.bicep b/templates/todo/common/infra/bicep/app/web-appservice-avm.bicep
@@ -0,0 +1,37 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+param serviceName string = 'web'
+param appCommandLine string = 'pm2 serve /home/site/wwwroot --no-daemon --spa'
+param appInsightResourceId string
+param appServicePlanId string
+param linuxFxVersion string
+param kind string = 'app,linux'
+
+module web 'br/public:avm/res/web/site:0.6.0' = {
+  name: '${name}-deployment'
+  params: {
+    kind: kind
+    name: name
+    serverFarmResourceId: appServicePlanId
+    tags: union(tags, { 'azd-service-name': serviceName })
+    location: location
+    appInsightResourceId: appInsightResourceId
+    siteConfig: {
+      appCommandLine: appCommandLine
+      linuxFxVersion: linuxFxVersion
+      alwaysOn: true
+    }
+    logsConfiguration: {
+      applicationLogs: { fileSystem: { level: 'Verbose' } }
+      detailedErrorMessages: { enabled: true }
+      failedRequestsTracing: { enabled: true }
+      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+    }
+    appSettingsKeyValuePairs: { ApplicationInsightsAgent_EXTENSION_VERSION: contains(kind, 'linux') ? '~3' : '~2' }
+  }
+}
+
+output SERVICE_WEB_IDENTITY_PRINCIPAL_ID string = web.outputs.systemAssignedMIPrincipalId
+output SERVICE_WEB_NAME string = web.outputs.name
+output SERVICE_WEB_URI string = 'https://${web.outputs.defaultHostname}'