Skip to content

Commit

Permalink
Merge pull request #20 from seesharprun/rework-fixed
Browse files Browse the repository at this point in the history
Rework project
  • Loading branch information
seesharprun authored Oct 16, 2024
2 parents 0dd1abb + 1a5f1bf commit f9773e2
Show file tree
Hide file tree
Showing 33 changed files with 268 additions and 1,119 deletions.
22 changes: 0 additions & 22 deletions .github/workflows/validate.yml

This file was deleted.

6 changes: 4 additions & 2 deletions infra/abbreviations.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{
{
"logAnalyticsWorkspace": "log-analytics",
"containerRegistry": "containerreg",
"containerAppsEnv": "container-env",
"containerAppsApp": "container-app",
"cosmosDbAccount": "cosmos-db-nosql"
"cosmosDbAccount": "cosmos-db-nosql",
"userAssignedIdentity": "managed-identity"
}
50 changes: 0 additions & 50 deletions infra/app/data.bicep

This file was deleted.

59 changes: 57 additions & 2 deletions infra/app/database.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,69 @@ param accountName string
param location string = resourceGroup().location
param tags object = {}

module cosmosDbAccount '../core/database/cosmos-db/nosql/account.bicep' = {
@description('Id of the service principals to assign database and application roles.')
param appPrincipalId string

@description('Id of the user principals to assign database and application roles.')
param userPrincipalId string = ''

var database = {
name: 'cosmicworks' // Based on AdventureWorksLT data set
}

var containers = [
{
name: 'products' // Set of products
partitionKeyPaths: [
'/category' // Partition on the product category
]
autoscale: true // Scale at the container level
throughput: 1000 // Enable autoscale with a minimum of 100 RUs and a maximum of 1,000 RUs
}
]

module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' = {
name: 'cosmos-db-account'
params: {
name: accountName
location: location
tags: tags
disableKeyBasedMetadataWriteAccess: true
disableLocalAuth: true
sqlRoleDefinitions: [
{
name: 'nosql-data-plane-contributor'
dataAction: [
'Microsoft.DocumentDB/databaseAccounts/readMetadata' // Read account metadata
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*' // Create items
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*' // Manage items
]
}
]
sqlRoleAssignmentsPrincipalIds: union(
[
appPrincipalId
],
!empty(userPrincipalId)
? [
userPrincipalId
]
: []
)
sqlDatabases: [
{
name: database.name
containers: [
for container in containers: {
name: container.name
paths: container.partitionKeyPaths
autoscaleSettingsMaxThroughput: container.throughput
}
]
}
]
}
}

output name string = cosmosDbAccount.outputs.name
output endpoint string = cosmosDbAccount.outputs.endpoint
output accountName string = cosmosDbAccount.outputs.name
16 changes: 0 additions & 16 deletions infra/app/environment.bicep

This file was deleted.

19 changes: 19 additions & 0 deletions infra/app/identity.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
metadata description = 'Create identity resources.'

param identityName string
param location string = resourceGroup().location
param tags object = {}

module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.0' = {
name: 'user-assigned-identity'
params: {
name: identityName
location: location
tags: tags
}
}

output name string = userAssignedIdentity.outputs.name
output resourceId string = userAssignedIdentity.outputs.resourceId
output principalId string = userAssignedIdentity.outputs.principalId
output clientId string = userAssignedIdentity.outputs.clientId
25 changes: 20 additions & 5 deletions infra/app/registry.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,33 @@ param registryName string
param location string = resourceGroup().location
param tags object = {}

module containerRegistry '../core/host/container-registry/registry.bicep' = {
@description('Id of the user principals to assign database and application roles.')
param userPrincipalId string = ''

module containerRegistry 'br/public:avm/res/container-registry/registry:0.5.1' = {
name: 'container-registry'
params: {
name: registryName
location: location
tags: tags
adminUserEnabled: false
acrAdminUserEnabled: false
anonymousPullEnabled: true
publicNetworkAccessEnabled: true
skuName: 'Standard'
publicNetworkAccess: 'Enabled'
acrSku: 'Standard'
}
}

module registryUserAssignment 'br/public:avm/ptn/authorization/resource-role-assignment:0.1.1' = if (!empty(userPrincipalId)) {
name: 'container-registry-role-assignment-push-user'
params: {
principalId: userPrincipalId
resourceId: containerRegistry.outputs.resourceId
roleDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'8311e382-0749-4cb8-b61a-304f252e45ec' // AcrPush built-in role
)
}
}

output endpoint string = containerRegistry.outputs.endpoint
output name string = containerRegistry.outputs.name
output endpoint string = containerRegistry.outputs.loginServer
59 changes: 0 additions & 59 deletions infra/app/security.bicep

This file was deleted.

Loading

0 comments on commit f9773e2

Please sign in to comment.