From e75c4d6aafa9a90ff83fdf0cc38bf2e5a07c0ef3 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Thu, 11 Sep 2025 20:27:11 -0700 Subject: [PATCH 1/6] Refreshed bicep --- .azure/modules/api-appservice.bicep | 4 +- .azure/modules/func-functionsapp.bicep | 18 ++-- .azure/modules/kv-keyvault.bicep | 9 +- .azure/modules/plan-appserviceplan.bicep | 2 +- .azure/modules/sql-sqlserverdatabase.bicep | 11 ++- .azure/modules/st-storageaccount.bicep | 6 +- .azure/modules/stapp-staticwebapp.bicep | 13 ++- .azure/modules/web-appservice.bicep | 48 +++++++++++ .../templates/landingzone-appservicesql.bicep | 1 - .../landingzone-blazor-api-sql.bicep | 83 ++++++++++++++++++ .azure/templates/landingzone-blazor-api.bicep | 63 ++++++++++++++ .azure/templates/landingzone-blazor-sql.bicep | 69 +++++++++++++++ .azure/templates/landingzone-blazor.bicep | 49 +++++++++++ .azure/templates/landingzone-function.bicep | 86 +++++++++++++++++++ .azure/templates/landingzone-minimal.bicep | 60 +++++++++++++ .azure/templates/landingzone-shared.bicep | 8 +- .azure/templates/landingzone-sharedsql.bicep | 47 ++++++++++ .azure/templates/landingzone-stapp.bicep | 73 ++++++++++++++++ ...dingzone-appservice-development.bicepparam | 7 +- ...ndingzone-appservice-production.bicepparam | 7 +- ...gzone-appservicesql-development.bicepparam | 9 +- ...ngzone-appservicesql-production.bicepparam | 9 +- ...dingzone-blazor-api-development.bicepparam | 24 ++++++ ...ndingzone-blazor-api-production.bicepparam | 24 ++++++ ...zone-blazor-api-sql-development.bicepparam | 31 +++++++ ...gzone-blazor-api-sql-production.bicepparam | 31 +++++++ .../landingzone-blazor-development.bicepparam | 23 +++++ .../landingzone-blazor-production.bicepparam | 23 +++++ ...dingzone-blazor-sql-development.bicepparam | 30 +++++++ ...ndingzone-blazor-sql-production.bicepparam | 30 +++++++ ...andingzone-function-development.bicepparam | 42 +++++++++ ...landingzone-function-production.bicepparam | 41 +++++++++ ...landingzone-minimal-development.bicepparam | 34 ++++++++ .../landingzone-minimal-production.bicepparam | 34 ++++++++ .../landingzone-stapp-development.bicepparam | 27 ++++++ .../landingzone-stapp-production.bicepparam | 27 ++++++ 36 files changed, 1056 insertions(+), 47 deletions(-) create mode 100644 .azure/modules/web-appservice.bicep create mode 100644 .azure/templates/landingzone-blazor-api-sql.bicep create mode 100644 .azure/templates/landingzone-blazor-api.bicep create mode 100644 .azure/templates/landingzone-blazor-sql.bicep create mode 100644 .azure/templates/landingzone-blazor.bicep create mode 100644 .azure/templates/landingzone-function.bicep create mode 100644 .azure/templates/landingzone-minimal.bicep create mode 100644 .azure/templates/landingzone-sharedsql.bicep create mode 100644 .azure/templates/landingzone-stapp.bicep create mode 100644 .azure/variables/landingzone-blazor-api-development.bicepparam create mode 100644 .azure/variables/landingzone-blazor-api-production.bicepparam create mode 100644 .azure/variables/landingzone-blazor-api-sql-development.bicepparam create mode 100644 .azure/variables/landingzone-blazor-api-sql-production.bicepparam create mode 100644 .azure/variables/landingzone-blazor-development.bicepparam create mode 100644 .azure/variables/landingzone-blazor-production.bicepparam create mode 100644 .azure/variables/landingzone-blazor-sql-development.bicepparam create mode 100644 .azure/variables/landingzone-blazor-sql-production.bicepparam create mode 100644 .azure/variables/landingzone-function-development.bicepparam create mode 100644 .azure/variables/landingzone-function-production.bicepparam create mode 100644 .azure/variables/landingzone-minimal-development.bicepparam create mode 100644 .azure/variables/landingzone-minimal-production.bicepparam create mode 100644 .azure/variables/landingzone-stapp-development.bicepparam create mode 100644 .azure/variables/landingzone-stapp-production.bicepparam diff --git a/.azure/modules/api-appservice.bicep b/.azure/modules/api-appservice.bicep index f64597b..fe42b42 100644 --- a/.azure/modules/api-appservice.bicep +++ b/.azure/modules/api-appservice.bicep @@ -1,4 +1,3 @@ - param name string param location string param tags object @@ -38,6 +37,9 @@ resource apiResource 'Microsoft.Web/sites@2023-12-01' = { ] } } + identity: { + type: 'SystemAssigned' + } } output id string = apiResource.id diff --git a/.azure/modules/func-functionsapp.bicep b/.azure/modules/func-functionsapp.bicep index 8644e14..b401a7d 100644 --- a/.azure/modules/func-functionsapp.bicep +++ b/.azure/modules/func-functionsapp.bicep @@ -1,7 +1,10 @@ param name string param location string +param tags object param planId string param stName string +param stSubscriptionId string = subscription().subscriptionId +param stResourceGroupName string = resourceGroup().name param appiKey string param appiConnection string param use32BitWorkerProcess bool = true @@ -29,14 +32,17 @@ param funcRuntime string = 'dotnet' ]) param funcVersion int = 4 +param alwaysOn bool = false + resource functionapp 'Microsoft.Web/sites@2023-12-01' = { name: name kind: 'functionapp' location: location - tags: {} + tags: tags properties: { serverFarmId: planId siteConfig: { + alwaysOn: alwaysOn appSettings: [ { name: 'FUNCTIONS_EXTENSION_VERSION' @@ -56,11 +62,11 @@ resource functionapp 'Microsoft.Web/sites@2023-12-01' = { } { name: 'AzureWebJobsStorage' - value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' + value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(stSubscriptionId, stResourceGroupName, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' } { name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING' - value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(subscription().subscriptionId, resourceGroup().name, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' + value: 'DefaultEndpointsProtocol=https;AccountName=${stName};AccountKey=${listKeys(resourceId(stSubscriptionId, stResourceGroupName, 'Microsoft.Storage/storageAccounts', stName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net' } { name: 'WEBSITE_CONTENTSHARE' @@ -76,7 +82,9 @@ resource functionapp 'Microsoft.Web/sites@2023-12-01' = { } ] use32BitWorkerProcess: use32BitWorkerProcess - } - + } + } + identity: { + type: 'SystemAssigned' } } diff --git a/.azure/modules/kv-keyvault.bicep b/.azure/modules/kv-keyvault.bicep index 53a721f..20aa92d 100644 --- a/.azure/modules/kv-keyvault.bicep +++ b/.azure/modules/kv-keyvault.bicep @@ -1,7 +1,4 @@ -@description('Name of the Key Vault. (kv)') -@minLength(3) -@maxLength(24) -param name string +param name string param location string @@ -11,6 +8,8 @@ param tenantId string param tags object +param accessPolicies array = [] + resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: name location: location @@ -21,11 +20,11 @@ resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { enabledForTemplateDeployment: true tenantId: tenantId publicNetworkAccess:'Enabled' - accessPolicies: [] sku: { name: sku family: 'A' } + accessPolicies: accessPolicies networkAcls: { defaultAction: 'Allow' bypass: 'AzureServices' diff --git a/.azure/modules/plan-appserviceplan.bicep b/.azure/modules/plan-appserviceplan.bicep index c6a295d..6071637 100644 --- a/.azure/modules/plan-appserviceplan.bicep +++ b/.azure/modules/plan-appserviceplan.bicep @@ -4,7 +4,7 @@ param location string param sku string param tags object -resource planResource 'Microsoft.Web/serverfarms@2023-12-01' = { +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' = { name: name kind:'Windows' location: location diff --git a/.azure/modules/sql-sqlserverdatabase.bicep b/.azure/modules/sql-sqlserverdatabase.bicep index 81ecc0d..39cbc02 100644 --- a/.azure/modules/sql-sqlserverdatabase.bicep +++ b/.azure/modules/sql-sqlserverdatabase.bicep @@ -17,6 +17,7 @@ param endIpAddress string = '0.0.0.0' @minLength(1) @maxLength(60) param sqldbName string +param sqlCapacity int = 5 param collation string = 'SQL_Latin1_General_CP1_CI_AS' @allowed([ 'Basic' @@ -24,7 +25,6 @@ param collation string = 'SQL_Latin1_General_CP1_CI_AS' 'Premium' ]) param sku string = 'Basic' -param sqlCapacity int = 5 param maxSizeBytes int = 1073741824 resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = { @@ -47,6 +47,7 @@ resource sqlServerFirewall 'Microsoft.Sql/servers/firewallRules@2023-08-01-previ } output id string = sqlServer.id +output name string = sqlServer.name resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { parent: sqlServer @@ -57,14 +58,12 @@ resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { } sku: { name: sku - tier: sku // (e.g., Basic, GeneralPurpose, BusinessCritical) - //family: 'skuFamily' // e.g., Gen4, Gen5) - capacity: sqlCapacity // (e.g., 5) + tier: sku // Replace with the desired SKU tier (e.g., Basic, GeneralPurpose, BusinessCritical) + //family: 'skuFamily' // Replace with the desired SKU family (e.g., Gen4, Gen5) + capacity: sqlCapacity // Replace with the desired capacity (e.g., 1, 2, 4) } properties: { collation: collation maxSizeBytes: maxSizeBytes } } - -output sqldbId string = sqlDatabase.id diff --git a/.azure/modules/st-storageaccount.bicep b/.azure/modules/st-storageaccount.bicep index 41abbd6..85e71d8 100644 --- a/.azure/modules/st-storageaccount.bicep +++ b/.azure/modules/st-storageaccount.bicep @@ -1,10 +1,6 @@ -@description('Name of the Storage Account. (st)') -@minLength(3) -@maxLength(24) -param name string - param location string param tags object +param name string param sku string resource stResource 'Microsoft.Storage/storageAccounts@2023-01-01' = { diff --git a/.azure/modules/stapp-staticwebapp.bicep b/.azure/modules/stapp-staticwebapp.bicep index 44eeb0a..c635b40 100644 --- a/.azure/modules/stapp-staticwebapp.bicep +++ b/.azure/modules/stapp-staticwebapp.bicep @@ -13,7 +13,13 @@ param sku string = 'Free' @description('Tags to add to the resources') param tags object = {} -resource name_resource 'Microsoft.Web/staticSites@2023-12-01' = { +@description('Git Repository URL') +param repositoryUrl string + +@description('Git Branch') +param branch string = 'main' + +resource name_resource 'Microsoft.Web/staticSites@2022-09-01' = { name: name location: location tags: tags @@ -21,4 +27,9 @@ resource name_resource 'Microsoft.Web/staticSites@2023-12-01' = { tier: sku name: sku } + properties: { + repositoryUrl: repositoryUrl + branch: branch + } } + diff --git a/.azure/modules/web-appservice.bicep b/.azure/modules/web-appservice.bicep new file mode 100644 index 0000000..8258cca --- /dev/null +++ b/.azure/modules/web-appservice.bicep @@ -0,0 +1,48 @@ +param name string +param location string +param tags object +@allowed(['Development', 'QA', 'Staging', 'Production']) +param environment string = 'Development' +param appiKey string +param appiConnection string +param planId string +@allowed(['api', 'app', 'app,linux', 'functionapp', 'functionapp,linux']) +param kind string = 'app' +@allowed(['v4.8', 'v6.0', 'v7.0', 'v8.0', 'v9.0']) +param dotnetVersion string = 'v8.0' + +resource webAppResource 'Microsoft.Web/sites@2023-12-01' = { + name: name + location: location + kind: kind + tags: tags + properties: { + serverFarmId: planId + siteConfig: { + netFrameworkVersion: dotnetVersion + appSettings: [ + { + name: 'APPINSIGHTS_INSTRUMENTATIONKEY' + value: appiKey + } + { + name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' + value: appiConnection + } + { + name: 'ASPNETCORE_ENVIRONMENT' + value: environment + } + { + name: 'WEBSITE_RUN_FROM_PACKAGE' + value: '1' + } + ] + } + } + identity: { + type: 'SystemAssigned' + } +} + +output id string = webAppResource.id diff --git a/.azure/templates/landingzone-appservicesql.bicep b/.azure/templates/landingzone-appservicesql.bicep index 5cc2594..0dd2316 100644 --- a/.azure/templates/landingzone-appservicesql.bicep +++ b/.azure/templates/landingzone-appservicesql.bicep @@ -99,4 +99,3 @@ module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { sku: sqldbSku } } - diff --git a/.azure/templates/landingzone-blazor-api-sql.bicep b/.azure/templates/landingzone-blazor-api-sql.bicep new file mode 100644 index 0000000..0e1d2d9 --- /dev/null +++ b/.azure/templates/landingzone-blazor-api-sql.bicep @@ -0,0 +1,83 @@ +targetScope='resourceGroup' + +// Common +param location string = resourceGroup().location +param sharedSubscriptionId string = subscription().subscriptionId +param sharedResourceGroupName string +param environmentApp string +param tags object +// Azure Monitor +param appiName string +// Storage Account +param stName string +param stSku string +// App Service +param planName string +param webName string +param apiName string +// Sql Server +param sqlName string +param sqlAdminUser string +@secure() +param sqlAdminPassword string +param sqldbName string +param sqldbSku string + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { + name: appiName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { + name: planName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module apiModule '../modules/api-appservice.bicep' = { + name: 'apiModuleName' + params:{ + name: apiName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} + +module webModule '../modules/web-webapp.bicep' = { + name: 'webModuleName' + params:{ + name: webName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} + +module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { + name: 'sqlModuleName' + params:{ + name: sqlName + location: location + tags: tags + adminLogin: sqlAdminUser + adminPassword: sqlAdminPassword + sqldbName: sqldbName + sku: sqldbSku + } +} diff --git a/.azure/templates/landingzone-blazor-api.bicep b/.azure/templates/landingzone-blazor-api.bicep new file mode 100644 index 0000000..3601dab --- /dev/null +++ b/.azure/templates/landingzone-blazor-api.bicep @@ -0,0 +1,63 @@ +targetScope='resourceGroup' + +// Common +param location string = resourceGroup().location +param sharedSubscriptionId string = subscription().subscriptionId +param sharedResourceGroupName string +param environmentApp string +param tags object +// Azure Monitor +param appiName string +// Storage Account +param stName string +param stSku string +// App Service +param planName string +param webName string +param apiName string + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { + name: appiName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { + name: planName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module apiModule '../modules/api-appservice.bicep' = { + name: 'apiModuleName' + params:{ + name: apiName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} + +module webModule '../modules/web-webapp.bicep' = { + name: 'webModuleName' + params:{ + name: webName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} diff --git a/.azure/templates/landingzone-blazor-sql.bicep b/.azure/templates/landingzone-blazor-sql.bicep new file mode 100644 index 0000000..fbcfbf2 --- /dev/null +++ b/.azure/templates/landingzone-blazor-sql.bicep @@ -0,0 +1,69 @@ +targetScope='resourceGroup' + +// Common +param location string = resourceGroup().location +param sharedSubscriptionId string = subscription().subscriptionId +param sharedResourceGroupName string +param environmentApp string +param tags object +// Azure Monitor +param appiName string +// Storage Account +param stName string +param stSku string +// App Service +param planName string +param webName string +// Sql Server +param sqlName string +param sqlAdminUser string +@secure() +param sqlAdminPassword string +param sqldbName string +param sqldbSku string + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { + name: appiName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { + name: planName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module webModule '../modules/web-webapp.bicep' = { + name: 'webModuleName' + params:{ + name: webName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} + +module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { + name: 'sqlModuleName' + params:{ + name: sqlName + location: location + tags: tags + adminLogin: sqlAdminUser + adminPassword: sqlAdminPassword + sqldbName: sqldbName + sku: sqldbSku + } +} diff --git a/.azure/templates/landingzone-blazor.bicep b/.azure/templates/landingzone-blazor.bicep new file mode 100644 index 0000000..97bd4e3 --- /dev/null +++ b/.azure/templates/landingzone-blazor.bicep @@ -0,0 +1,49 @@ +targetScope='resourceGroup' + +// Common +param location string = resourceGroup().location +param sharedSubscriptionId string = subscription().subscriptionId +param sharedResourceGroupName string +param environmentApp string +param tags object +// Azure Monitor +param appiName string +// Storage Account +param stName string +param stSku string +// App Service +param planName string +param webName string + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { + name: appiName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { + name: planName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module webModule '../modules/web-webapp.bicep' = { + name: 'webModuleName' + params:{ + name: webName + location: location + tags: tags + environment: environmentApp + appiKey:appiResource.properties.InstrumentationKey + appiConnection:appiResource.properties.ConnectionString + planId: planResource.id + } +} diff --git a/.azure/templates/landingzone-function.bicep b/.azure/templates/landingzone-function.bicep new file mode 100644 index 0000000..f007416 --- /dev/null +++ b/.azure/templates/landingzone-function.bicep @@ -0,0 +1,86 @@ +targetScope='resourceGroup' + +// Common +param tenantId string +param location string +param tags object +param environmentApp string +param sharedSubscriptionId string +param sharedResourceGroupName string +// Azure Monitor +param appiName string +param Application_Type string +param Flow_Type string +// Key Vault +param kvName string +param kvSku string +param accessPolicies array +// Storage Account +param stName string +param stSku string +// workspace +param workName string +// function +param funcName string +param planName string +param alwaysOn bool = false + + +resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { + name: workName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module appiModule '../modules/appi-applicationinsights.bicep' = { + name: 'appiModuleName' + params:{ + location: location + tags: tags + name: appiName + Application_Type: Application_Type + Flow_Type: Flow_Type + workResourceId: workResource.id + } +} + +module kvModule '../modules/kv-keyvault.bicep'= { + name:'kvModuleName' + params:{ + location: location + tags: tags + name: kvName + sku: kvSku + tenantId: tenantId + accessPolicies: accessPolicies + } +} + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { + name: planName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module funcModule '../modules/func-functionsapp.bicep' = { + name: 'funcModuleName' + params:{ + name: funcName + location: location + tags: tags + environmentApp: environmentApp + appiKey:appiModule.outputs.InstrumentationKey + appiConnection:appiModule.outputs.Connectionstring + planId: planResource.id + stName: stName + alwaysOn: alwaysOn + } +} diff --git a/.azure/templates/landingzone-minimal.bicep b/.azure/templates/landingzone-minimal.bicep new file mode 100644 index 0000000..cd8dcf6 --- /dev/null +++ b/.azure/templates/landingzone-minimal.bicep @@ -0,0 +1,60 @@ +targetScope='resourceGroup' + +// Common +param tenantId string +param location string +param tags object +param sharedSubscriptionId string +param sharedResourceGroupName string +// Azure Monitor +param appiName string +param Application_Type string +param Flow_Type string +// Key Vault +param kvName string +param kvSku string +param accessPolicies array +// Storage Account +param stName string +param stSku string +// workspace +param workName string + +resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { + name: workName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module appiModule '../modules/appi-applicationinsights.bicep' = { + name: 'appiName' + params:{ + location: location + tags: tags + name: appiName + Application_Type: Application_Type + Flow_Type: Flow_Type + workResourceId: workResource.id + } +} + +module kvModule '../modules/kv-keyvault.bicep'= { + name:'kvName' + params:{ + location: location + tags: tags + name: kvName + sku: kvSku + tenantId: tenantId + accessPolicies: accessPolicies + } +} + +module stModule '../modules/st-storageaccount.bicep' = { + name:'storagename' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} diff --git a/.azure/templates/landingzone-shared.bicep b/.azure/templates/landingzone-shared.bicep index b53be4e..b16de31 100644 --- a/.azure/templates/landingzone-shared.bicep +++ b/.azure/templates/landingzone-shared.bicep @@ -1,8 +1,8 @@ targetScope='resourceGroup' // Common -param location string = resourceGroup().location -param tags object +param tags object +param location string // Workspace param workName string param workSku string @@ -11,7 +11,7 @@ param planName string param planSku string module workModule '../modules/work-loganalyticsworkspace.bicep' = { - name: 'workModuleName' + name: 'logAnalyticsWorkspaceName' params: { name: workName location: location @@ -21,7 +21,7 @@ module workModule '../modules/work-loganalyticsworkspace.bicep' = { } module planModule '../modules/plan-appserviceplan.bicep' = { - name: 'planModuleName' + name: 'appservicename' params: { name: planName sku: planSku diff --git a/.azure/templates/landingzone-sharedsql.bicep b/.azure/templates/landingzone-sharedsql.bicep new file mode 100644 index 0000000..fd4d7ee --- /dev/null +++ b/.azure/templates/landingzone-sharedsql.bicep @@ -0,0 +1,47 @@ +targetScope='resourceGroup' + +// Common +param location string = resourceGroup().location +param tags object +// Workspace +param workName string +param workSku string +// App Service Plan +param planName string +param planSku string +// Sql Server +param sqlName string +param sqlAdminUser string +@secure() +param sqlAdminPassword string + +module workModule '../modules/work-loganalyticsworkspace.bicep' = { + name: 'workModuleName' + params: { + name: workName + location: location + tags: tags + sku: workSku + } +} + +module planModule '../modules/plan-appserviceplan.bicep' = { + name: 'planModuleName' + params: { + name: planName + sku: planSku + tags: tags + location: location + } +} + +module sqlServerModule '../modules/sql-sqlserver.bicep' = { + name: 'sqlModuleName' + params: { + name: sqlName + location: location + tags: tags + adminLogin: sqlAdminUser + adminPassword: sqlAdminPassword + } +} diff --git a/.azure/templates/landingzone-stapp.bicep b/.azure/templates/landingzone-stapp.bicep new file mode 100644 index 0000000..67fb135 --- /dev/null +++ b/.azure/templates/landingzone-stapp.bicep @@ -0,0 +1,73 @@ +targetScope='resourceGroup' + +// Common +param tenantId string = tenant().tenantId +param location string = resourceGroup().location +param sharedSubscriptionId string = subscription().subscriptionId +param sharedResourceGroupName string +param tags object +// Azure Monitor +param appiName string +param Application_Type string +param Flow_Type string +// Key Vault +param kvName string +param kvSku string +// Storage Account +param stName string +param stSku string +// Static Web App +param stappName string +param repositoryUrl string +param branch string = 'main' +// workspace +param workName string + +resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { + name: workName + scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) +} + +module appiModule '../modules/appi-applicationinsights.bicep' = { + name: 'appiModuleName' + params:{ + location: location + tags: tags + name: appiName + Application_Type: Application_Type + Flow_Type: Flow_Type + workResourceId: workResource.id + } +} + +module kvModule '../modules/kv-keyvault.bicep'= { + name:'kvModuleName' + params:{ + location: location + tags: tags + name: kvName + sku: kvSku + tenantId: tenantId + } +} + +module stModule '../modules/st-storageaccount.bicep' = { + name:'stModuleName' + params:{ + tags: tags + location: location + name: stName + sku: stSku + } +} + +module apiModule '../modules/stapp-staticwebapp.bicep' = { + name: 'stappModuleName' + params:{ + name: stappName + location: location + tags: tags + repositoryUrl: repositoryUrl + branch: branch + } +} diff --git a/.azure/variables/landingzone-appservice-development.bicepparam b/.azure/variables/landingzone-appservice-development.bicepparam index 8b7eb8a..f596f91 100644 --- a/.azure/variables/landingzone-appservice-development.bicepparam +++ b/.azure/variables/landingzone-appservice-development.bicepparam @@ -1,14 +1,13 @@ using '../templates/landingzone-appservice.bicep' // Common var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'devtest' +var productName = 'PRODUCT' var environmentIac = 'dev' param environmentApp = 'Development' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -21,7 +20,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' +param kvName = 'kv-${productName}-${environmentIac}-001' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-appservice-production.bicepparam b/.azure/variables/landingzone-appservice-production.bicepparam index 6c81cfe..a14845c 100644 --- a/.azure/variables/landingzone-appservice-production.bicepparam +++ b/.azure/variables/landingzone-appservice-production.bicepparam @@ -1,14 +1,13 @@ using '../templates/landingzone-appservice.bicep' // Common var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'production' +var productName = 'PRODUCT' var environmentIac = 'prod' param environmentApp = 'Production' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -21,7 +20,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' +param kvName = 'kv-${productName}-${environmentIac}-001' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-appservicesql-development.bicepparam b/.azure/variables/landingzone-appservicesql-development.bicepparam index 20ae3d9..8f274da 100644 --- a/.azure/variables/landingzone-appservicesql-development.bicepparam +++ b/.azure/variables/landingzone-appservicesql-development.bicepparam @@ -1,14 +1,13 @@ using '../templates/landingzone-appservicesql.bicep' // Common var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'devtest' -param environmentApp = 'Development' +var productName = 'PRODUCT' var environmentIac = 'dev' +param environmentApp = 'Development' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -21,7 +20,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' +param kvName = 'kv-${productName}-${environmentIac}-001' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-appservicesql-production.bicepparam b/.azure/variables/landingzone-appservicesql-production.bicepparam index 0bb69bd..c0b1e52 100644 --- a/.azure/variables/landingzone-appservicesql-production.bicepparam +++ b/.azure/variables/landingzone-appservicesql-production.bicepparam @@ -1,14 +1,13 @@ using '../templates/landingzone-appservicesql.bicep' // Common var organizationName = 'gtc' -var productName = 'semkernel' -var subscriptionName = 'production' -param environmentApp = 'Production' +var productName = 'PRODUCT' var environmentIac = 'prod' +param environmentApp = 'Production' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -21,7 +20,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-002' +param kvName = 'kv-${productName}-${environmentIac}-001' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-blazor-api-development.bicepparam b/.azure/variables/landingzone-blazor-api-development.bicepparam new file mode 100644 index 0000000..c4732f2 --- /dev/null +++ b/.azure/variables/landingzone-blazor-api-development.bicepparam @@ -0,0 +1,24 @@ +using '../templates/landingzone-blazor-api.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param environmentApp = 'Development' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param apiName = 'api-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-api-production.bicepparam b/.azure/variables/landingzone-blazor-api-production.bicepparam new file mode 100644 index 0000000..cf0bbb9 --- /dev/null +++ b/.azure/variables/landingzone-blazor-api-production.bicepparam @@ -0,0 +1,24 @@ +using '../templates/landingzone-blazor-api.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param environmentApp = 'Production' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param apiName = 'api-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-api-sql-development.bicepparam b/.azure/variables/landingzone-blazor-api-sql-development.bicepparam new file mode 100644 index 0000000..e576436 --- /dev/null +++ b/.azure/variables/landingzone-blazor-api-sql-development.bicepparam @@ -0,0 +1,31 @@ +using '../templates/landingzone-blazor-api-sql.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param environmentApp = 'Development' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param apiName = 'api-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' + +// SQL Server +param sqlName = 'sql-${productName}-${environmentIac}-001' +param sqlAdminUser = '' +param sqlAdminPassword = '' +param sqldbName = 'sqldb-${productName}-${environmentIac}-001' +param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-api-sql-production.bicepparam b/.azure/variables/landingzone-blazor-api-sql-production.bicepparam new file mode 100644 index 0000000..dbe5453 --- /dev/null +++ b/.azure/variables/landingzone-blazor-api-sql-production.bicepparam @@ -0,0 +1,31 @@ +using '../templates/landingzone-blazor-api-sql.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param environmentApp = 'Production' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param apiName = 'api-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' + +// SQL Server +param sqlName = 'sql-${productName}-${environmentIac}-001' +param sqlAdminUser = '' +param sqlAdminPassword = '' +param sqldbName = 'sqldb-${productName}-${environmentIac}-001' +param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-development.bicepparam b/.azure/variables/landingzone-blazor-development.bicepparam new file mode 100644 index 0000000..c86b994 --- /dev/null +++ b/.azure/variables/landingzone-blazor-development.bicepparam @@ -0,0 +1,23 @@ +using '../templates/landingzone-blazor.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param environmentApp = 'Development' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-production.bicepparam b/.azure/variables/landingzone-blazor-production.bicepparam new file mode 100644 index 0000000..3df8736 --- /dev/null +++ b/.azure/variables/landingzone-blazor-production.bicepparam @@ -0,0 +1,23 @@ +using '../templates/landingzone-blazor.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param environmentApp = 'Production' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-sql-development.bicepparam b/.azure/variables/landingzone-blazor-sql-development.bicepparam new file mode 100644 index 0000000..38020e2 --- /dev/null +++ b/.azure/variables/landingzone-blazor-sql-development.bicepparam @@ -0,0 +1,30 @@ +using '../templates/landingzone-blazor-sql.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param environmentApp = 'Development' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' + +// SQL Server +param sqlName = 'sql-${productName}-${environmentIac}-001' +param sqlAdminUser = '' +param sqlAdminPassword = '' +param sqldbName = 'sqldb-${productName}-${environmentIac}-001' +param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-sql-production.bicepparam b/.azure/variables/landingzone-blazor-sql-production.bicepparam new file mode 100644 index 0000000..4e30701 --- /dev/null +++ b/.azure/variables/landingzone-blazor-sql-production.bicepparam @@ -0,0 +1,30 @@ +using '../templates/landingzone-blazor-sql.bicep' +// Common +var organizationName = 'COMPANY' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param environmentApp = 'Production' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } + +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// App Service +var planSku = 'F1' +param webName = 'web-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' + +// SQL Server +param sqlName = 'sql-${productName}-${environmentIac}-001' +param sqlAdminUser = '' +param sqlAdminPassword = '' +param sqldbName = 'sqldb-${productName}-${environmentIac}-001' +param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-function-development.bicepparam b/.azure/variables/landingzone-function-development.bicepparam new file mode 100644 index 0000000..400d1e6 --- /dev/null +++ b/.azure/variables/landingzone-function-development.bicepparam @@ -0,0 +1,42 @@ +using '../templates/landingzone-function.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param environmentApp = 'Development' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param tenantId = '00000000-0000-0000-0000-000000000000' +param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' +param accessPolicies = [ + { + tenantId: tenantId + objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' + permissions: { + secrets: ['Get', 'List'] + } + } +] + +// Azure Functions +var planSku = 'F1' +param funcName = 'func-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' +param alwaysOn = true + diff --git a/.azure/variables/landingzone-function-production.bicepparam b/.azure/variables/landingzone-function-production.bicepparam new file mode 100644 index 0000000..5772ffa --- /dev/null +++ b/.azure/variables/landingzone-function-production.bicepparam @@ -0,0 +1,41 @@ +using '../templates/landingzone-function.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param environmentApp = 'Production' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param tenantId = '00000000-0000-0000-0000-000000000000' +param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' +param accessPolicies = [ + { + tenantId: tenantId + objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' + permissions: { + secrets: ['Get', 'List'] + } + } +] + +// Azure Functions +var planSku = 'F1' +param funcName = 'func-${productName}-${environmentIac}-001' +param planName = 'plan-shared-${planSku}-${environmentIac}-001' +param alwaysOn = true diff --git a/.azure/variables/landingzone-minimal-development.bicepparam b/.azure/variables/landingzone-minimal-development.bicepparam new file mode 100644 index 0000000..7572c65 --- /dev/null +++ b/.azure/variables/landingzone-minimal-development.bicepparam @@ -0,0 +1,34 @@ +using '../templates/landingzone-minimal.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param tenantId = '00000000-0000-0000-0000-000000000000' +param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' +param accessPolicies = [ + { + tenantId: tenantId + objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' + permissions: { + secrets: ['Get', 'List'] + } + } +] diff --git a/.azure/variables/landingzone-minimal-production.bicepparam b/.azure/variables/landingzone-minimal-production.bicepparam new file mode 100644 index 0000000..fe9d20e --- /dev/null +++ b/.azure/variables/landingzone-minimal-production.bicepparam @@ -0,0 +1,34 @@ +using '../templates/landingzone-minimal.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param tenantId = '00000000-0000-0000-0000-000000000000' +param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' +param accessPolicies = [ + { + tenantId: tenantId + objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' + permissions: { + secrets: ['Get', 'List'] + } + } +] diff --git a/.azure/variables/landingzone-stapp-development.bicepparam b/.azure/variables/landingzone-stapp-development.bicepparam new file mode 100644 index 0000000..5f0a0a5 --- /dev/null +++ b/.azure/variables/landingzone-stapp-development.bicepparam @@ -0,0 +1,27 @@ +using '../templates/landingzone-stapp.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'dev' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' + +// App Service +param stappName = 'stapp-${productName}-${environmentIac}-001' +param repositoryUrl = '' diff --git a/.azure/variables/landingzone-stapp-production.bicepparam b/.azure/variables/landingzone-stapp-production.bicepparam new file mode 100644 index 0000000..9478af4 --- /dev/null +++ b/.azure/variables/landingzone-stapp-production.bicepparam @@ -0,0 +1,27 @@ +using '../templates/landingzone-stapp.bicep' +// Common +var organizationName = 'gtc' +var productName = 'PRODUCT' +var environmentIac = 'prod' +param location = 'West US 2' +param tags = { Environment: environmentIac, CostCenter: '0000' } +// Workspace +param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param workName = 'work-shared-${environmentIac}-001' + +// Azure Monitor +param appiName = 'appi-${productName}-${environmentIac}-001' +param Flow_Type = 'Bluefield' +param Application_Type = 'web' + +// Storage +param stName = 'st${productName}${environmentIac}001' +param stSku = 'Standard_LRS' + +// Key Vault +param kvName = 'kv-${productName}-${environmentIac}-001' +param kvSku = 'standard' + +// App Service +param stappName = 'stapp-${productName}-${environmentIac}-001' +param repositoryUrl = '' From 4fe0e6e02361393d7a1ecf2c8b68caf369f33493 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Fri, 12 Sep 2025 14:47:08 -0700 Subject: [PATCH 2/6] az what-if passes --- .azure/modules/api-apiapp.bicep | 48 ----------- .azure/modules/api-appservice.bicep | 4 +- .../appcs-appconfigurationsetting.bicep | 2 +- .../modules/appcs-appconfigurationstore.bicep | 2 +- .azure/modules/appi-applicationinsights.bicep | 4 +- .azure/modules/func-functionsapp.bicep | 4 +- .azure/modules/kv-keyvault.bicep | 15 ++-- .azure/modules/plan-appserviceplan.bicep | 4 +- .azure/modules/rg-resourcegroup.bicep | 4 +- .azure/modules/sql-sqlserver.bicep | 4 +- .azure/modules/sql-sqlserverdatabase.bicep | 4 +- .azure/modules/sqldb-sqldatabase.bicep | 4 +- .azure/modules/st-storageaccount.bicep | 4 +- .azure/modules/stapp-staticwebapp.bicep | 2 +- .azure/modules/wcert-webcertificate.bicep | 4 +- .azure/modules/web-appservice.bicep | 4 +- .azure/modules/web-webapp.bicep | 21 ----- .../modules/work-loganalyticsworkspace.bicep | 5 +- .azure/templates/landingzone-appservice.bicep | 80 ----------------- .../templates/landingzone-appservicesql.bicep | 2 +- .../landingzone-blazor-api-sql.bicep | 83 ------------------ .azure/templates/landingzone-blazor-api.bicep | 63 -------------- .azure/templates/landingzone-blazor-sql.bicep | 69 --------------- .azure/templates/landingzone-blazor.bicep | 49 ----------- .azure/templates/landingzone-function.bicep | 86 ------------------- .azure/templates/landingzone-minimal.bicep | 60 ------------- .azure/templates/landingzone-shared.bicep | 8 +- .azure/templates/landingzone-sharedsql.bicep | 47 ---------- .azure/templates/landingzone-stapp.bicep | 73 ---------------- ...dingzone-appservice-development.bicepparam | 29 ------- ...ndingzone-appservice-production.bicepparam | 29 ------- ...gzone-appservicesql-development.bicepparam | 9 +- ...ngzone-appservicesql-production.bicepparam | 9 +- ...dingzone-blazor-api-development.bicepparam | 24 ------ ...ndingzone-blazor-api-production.bicepparam | 24 ------ ...zone-blazor-api-sql-development.bicepparam | 31 ------- ...gzone-blazor-api-sql-production.bicepparam | 31 ------- .../landingzone-blazor-development.bicepparam | 23 ----- .../landingzone-blazor-production.bicepparam | 23 ----- ...dingzone-blazor-sql-development.bicepparam | 30 ------- ...ndingzone-blazor-sql-production.bicepparam | 30 ------- ...andingzone-function-development.bicepparam | 42 --------- ...landingzone-function-production.bicepparam | 41 --------- ...landingzone-minimal-development.bicepparam | 34 -------- .../landingzone-minimal-production.bicepparam | 34 -------- .../landingzone-stapp-development.bicepparam | 27 ------ .../landingzone-stapp-production.bicepparam | 27 ------ 47 files changed, 48 insertions(+), 1208 deletions(-) delete mode 100644 .azure/modules/api-apiapp.bicep delete mode 100644 .azure/modules/web-webapp.bicep delete mode 100644 .azure/templates/landingzone-appservice.bicep delete mode 100644 .azure/templates/landingzone-blazor-api-sql.bicep delete mode 100644 .azure/templates/landingzone-blazor-api.bicep delete mode 100644 .azure/templates/landingzone-blazor-sql.bicep delete mode 100644 .azure/templates/landingzone-blazor.bicep delete mode 100644 .azure/templates/landingzone-function.bicep delete mode 100644 .azure/templates/landingzone-minimal.bicep delete mode 100644 .azure/templates/landingzone-sharedsql.bicep delete mode 100644 .azure/templates/landingzone-stapp.bicep delete mode 100644 .azure/variables/landingzone-appservice-development.bicepparam delete mode 100644 .azure/variables/landingzone-appservice-production.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-api-development.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-api-production.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-api-sql-development.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-api-sql-production.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-development.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-production.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-sql-development.bicepparam delete mode 100644 .azure/variables/landingzone-blazor-sql-production.bicepparam delete mode 100644 .azure/variables/landingzone-function-development.bicepparam delete mode 100644 .azure/variables/landingzone-function-production.bicepparam delete mode 100644 .azure/variables/landingzone-minimal-development.bicepparam delete mode 100644 .azure/variables/landingzone-minimal-production.bicepparam delete mode 100644 .azure/variables/landingzone-stapp-development.bicepparam delete mode 100644 .azure/variables/landingzone-stapp-production.bicepparam diff --git a/.azure/modules/api-apiapp.bicep b/.azure/modules/api-apiapp.bicep deleted file mode 100644 index c166ca6..0000000 --- a/.azure/modules/api-apiapp.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@minLength(1) -param planName string - -@minLength(1) -param name string -param appiKey string -param appiConnection string - -@minLength(1) -@allowed([ - 'Development' - 'QA' - 'Staging' - 'Production' -]) -param environmentApp string - -var webSiteName_var = name - -resource webSiteName 'Microsoft.Web/sites@2022-03-01' = { - name: webSiteName_var - kind: 'app' - location: resourceGroup().location - tags: { - 'hidden-related:${resourceGroup().id}/providers/Microsoft.Web/serverfarms/${planName}': 'Resource' - displayName: 'Website' - } - properties: { - name: webSiteName_var - serverFarmId: resourceId('Microsoft.Web/serverfarms', planName) - siteConfig: { - appSettings: [ - { - name: 'APPINSIGHTS_INSTRUMENTATIONKEY' - value: appiKey - } - { - name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' - value: appiConnection - } - { - name: 'ASPNETCORE_ENVIRONMENT' - value: environmentApp - } - ] - } - } -} diff --git a/.azure/modules/api-appservice.bicep b/.azure/modules/api-appservice.bicep index fe42b42..92e7dcc 100644 --- a/.azure/modules/api-appservice.bicep +++ b/.azure/modules/api-appservice.bicep @@ -1,6 +1,6 @@ param name string param location string -param tags object +param tags object = {} @minLength(1) @allowed(['Development', 'QA', 'Staging', 'Production']) param environment string = 'Development' @@ -16,7 +16,7 @@ resource apiResource 'Microsoft.Web/sites@2023-12-01' = { name: name location: location kind: kind - tags: tags + tags: empty(tags) ? null : tags properties: { serverFarmId: planId siteConfig: { diff --git a/.azure/modules/appcs-appconfigurationsetting.bicep b/.azure/modules/appcs-appconfigurationsetting.bicep index 11e3a23..4cfa993 100644 --- a/.azure/modules/appcs-appconfigurationsetting.bicep +++ b/.azure/modules/appcs-appconfigurationsetting.bicep @@ -27,7 +27,7 @@ resource name_appcsKeys 'Microsoft.AppConfiguration/configurationStores/keyValue properties: { value: appcsValues[i] contentType: contentType - tags: tags + tags: empty(tags) ? null : tags } }] diff --git a/.azure/modules/appcs-appconfigurationstore.bicep b/.azure/modules/appcs-appconfigurationstore.bicep index 3fcac45..ad3b74c 100644 --- a/.azure/modules/appcs-appconfigurationstore.bicep +++ b/.azure/modules/appcs-appconfigurationstore.bicep @@ -45,7 +45,7 @@ resource name_appcsKeys 'Microsoft.AppConfiguration/configurationStores/keyValue properties: { value: appcsValues[i] contentType: contentType - tags: tags + tags: empty(tags) ? null : tags } dependsOn: [ name_resource diff --git a/.azure/modules/appi-applicationinsights.bicep b/.azure/modules/appi-applicationinsights.bicep index ea6ba8c..b69eb6b 100644 --- a/.azure/modules/appi-applicationinsights.bicep +++ b/.azure/modules/appi-applicationinsights.bicep @@ -1,6 +1,6 @@ param location string -param tags object +param tags object = {} param name string param Application_Type string param Flow_Type string @@ -9,7 +9,7 @@ param workResourceId string resource appiResource 'Microsoft.Insights/components@2020-02-02' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags kind:'web' properties: { Application_Type: Application_Type diff --git a/.azure/modules/func-functionsapp.bicep b/.azure/modules/func-functionsapp.bicep index b401a7d..10de799 100644 --- a/.azure/modules/func-functionsapp.bicep +++ b/.azure/modules/func-functionsapp.bicep @@ -1,6 +1,6 @@ param name string param location string -param tags object +param tags object = {} param planId string param stName string param stSubscriptionId string = subscription().subscriptionId @@ -38,7 +38,7 @@ resource functionapp 'Microsoft.Web/sites@2023-12-01' = { name: name kind: 'functionapp' location: location - tags: tags + tags: empty(tags) ? null : tags properties: { serverFarmId: planId siteConfig: { diff --git a/.azure/modules/kv-keyvault.bicep b/.azure/modules/kv-keyvault.bicep index 20aa92d..f1a6b01 100644 --- a/.azure/modules/kv-keyvault.bicep +++ b/.azure/modules/kv-keyvault.bicep @@ -1,30 +1,25 @@ param name string - param location string - param sku string - param tenantId string - -param tags object - +param tags object = {} param accessPolicies array = [] resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { enabledForDeployment: true enabledForDiskEncryption: true enabledForTemplateDeployment: true tenantId: tenantId - publicNetworkAccess:'Enabled' + publicNetworkAccess: 'Enabled' sku: { name: sku family: 'A' - } - accessPolicies: accessPolicies + } + accessPolicies: accessPolicies == [] ? null : accessPolicies networkAcls: { defaultAction: 'Allow' bypass: 'AzureServices' diff --git a/.azure/modules/plan-appserviceplan.bicep b/.azure/modules/plan-appserviceplan.bicep index 6071637..86c6511 100644 --- a/.azure/modules/plan-appserviceplan.bicep +++ b/.azure/modules/plan-appserviceplan.bicep @@ -2,13 +2,13 @@ param name string param location string param sku string -param tags object +param tags object = {} resource planResource 'Microsoft.Web/serverfarms@2023-01-01' = { name: name kind:'Windows' location: location - tags: tags + tags: empty(tags) ? null : tags properties: { reserved: false } diff --git a/.azure/modules/rg-resourcegroup.bicep b/.azure/modules/rg-resourcegroup.bicep index c24df75..d71eb61 100644 --- a/.azure/modules/rg-resourcegroup.bicep +++ b/.azure/modules/rg-resourcegroup.bicep @@ -2,10 +2,10 @@ targetScope='subscription' param name string param location string -param tags object +param tags object = {} resource rgResource 'Microsoft.Resources/resourceGroups@2024-03-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags } diff --git a/.azure/modules/sql-sqlserver.bicep b/.azure/modules/sql-sqlserver.bicep index 88aa05c..9bfb674 100644 --- a/.azure/modules/sql-sqlserver.bicep +++ b/.azure/modules/sql-sqlserver.bicep @@ -4,7 +4,7 @@ param name string param location string = resourceGroup().location -param tags object +param tags object = {} @minLength(1) @maxLength(60) @@ -24,7 +24,7 @@ var nameLower = toLower(name) resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = { name: nameLower location: location - tags: tags + tags: empty(tags) ? null : tags properties: { administratorLogin: adminLogin administratorLoginPassword: adminPassword diff --git a/.azure/modules/sql-sqlserverdatabase.bicep b/.azure/modules/sql-sqlserverdatabase.bicep index 39cbc02..f5c95a3 100644 --- a/.azure/modules/sql-sqlserverdatabase.bicep +++ b/.azure/modules/sql-sqlserverdatabase.bicep @@ -3,7 +3,7 @@ @maxLength(60) param name string param location string = resourceGroup().location -param tags object +param tags object = {} @minLength(1) @maxLength(60) param adminLogin string @@ -30,7 +30,7 @@ param maxSizeBytes int = 1073741824 resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { administratorLogin: adminLogin administratorLoginPassword: adminPassword diff --git a/.azure/modules/sqldb-sqldatabase.bicep b/.azure/modules/sqldb-sqldatabase.bicep index 5d65f03..92726fa 100644 --- a/.azure/modules/sqldb-sqldatabase.bicep +++ b/.azure/modules/sqldb-sqldatabase.bicep @@ -2,7 +2,7 @@ @maxLength(60) param name string param location string = resourceGroup().location -param tags object +param tags object = {} @description('Sku for the database') @allowed([ 'Basic' @@ -18,7 +18,7 @@ param sqlName string resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-08-01-preview' = { name: '${sqlName}/${name}' location: location - tags: tags + tags: empty(tags) ? null : tags sku: { name: sku tier: sku // (e.g., Basic, GeneralPurpose, BusinessCritical) diff --git a/.azure/modules/st-storageaccount.bicep b/.azure/modules/st-storageaccount.bicep index 85e71d8..113208c 100644 --- a/.azure/modules/st-storageaccount.bicep +++ b/.azure/modules/st-storageaccount.bicep @@ -1,12 +1,12 @@ param location string -param tags object +param tags object = {} param name string param sku string resource stResource 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags sku: { name: sku } diff --git a/.azure/modules/stapp-staticwebapp.bicep b/.azure/modules/stapp-staticwebapp.bicep index c635b40..0620df5 100644 --- a/.azure/modules/stapp-staticwebapp.bicep +++ b/.azure/modules/stapp-staticwebapp.bicep @@ -22,7 +22,7 @@ param branch string = 'main' resource name_resource 'Microsoft.Web/staticSites@2022-09-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags sku: { tier: sku name: sku diff --git a/.azure/modules/wcert-webcertificate.bicep b/.azure/modules/wcert-webcertificate.bicep index e20e2d3..a38c345 100644 --- a/.azure/modules/wcert-webcertificate.bicep +++ b/.azure/modules/wcert-webcertificate.bicep @@ -1,5 +1,5 @@ param name string -param tags object +param tags object = {} param password string param keyVaultId string param keyVaultSecretName string @@ -14,7 +14,7 @@ var location = resourceGroup().location resource name_resource 'Microsoft.Web/certificates@2023-12-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { hostNames: [ hostnames diff --git a/.azure/modules/web-appservice.bicep b/.azure/modules/web-appservice.bicep index 8258cca..a5d2485 100644 --- a/.azure/modules/web-appservice.bicep +++ b/.azure/modules/web-appservice.bicep @@ -1,6 +1,6 @@ param name string param location string -param tags object +param tags object = {} @allowed(['Development', 'QA', 'Staging', 'Production']) param environment string = 'Development' param appiKey string @@ -15,7 +15,7 @@ resource webAppResource 'Microsoft.Web/sites@2023-12-01' = { name: name location: location kind: kind - tags: tags + tags: empty(tags) ? null : tags properties: { serverFarmId: planId siteConfig: { diff --git a/.azure/modules/web-webapp.bicep b/.azure/modules/web-webapp.bicep deleted file mode 100644 index a8163af..0000000 --- a/.azure/modules/web-webapp.bicep +++ /dev/null @@ -1,21 +0,0 @@ -@minLength(1) -@maxLength(60) -param name string - -@minLength(1) -@maxLength(60) -param planName string - -resource name_resource 'Microsoft.Web/sites@2023-12-01' = { - name: name - location: resourceGroup().location - tags: { - 'hidden-related:${resourceGroup().id}/providers/Microsoft.Web/serverfarms/${planName}': 'Resource' - displayName: 'Website' - } - properties: { - name: name - serverFarmId: resourceId('Microsoft.Web/serverfarms', planName) - } - dependsOn: [] -} diff --git a/.azure/modules/work-loganalyticsworkspace.bicep b/.azure/modules/work-loganalyticsworkspace.bicep index 28e65ad..53372c2 100644 --- a/.azure/modules/work-loganalyticsworkspace.bicep +++ b/.azure/modules/work-loganalyticsworkspace.bicep @@ -1,16 +1,17 @@ param name string param location string param sku string -param tags object +param tags object = {} resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { name: name location: location - tags: tags + tags: empty(tags) ? null : tags properties: { sku: { name: sku } + retentionInDays: 30 } } diff --git a/.azure/templates/landingzone-appservice.bicep b/.azure/templates/landingzone-appservice.bicep deleted file mode 100644 index 7c8e853..0000000 --- a/.azure/templates/landingzone-appservice.bicep +++ /dev/null @@ -1,80 +0,0 @@ -targetScope='resourceGroup' - -// Common -param tenantId string = tenant().tenantId -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -param Application_Type string -param Flow_Type string -// Key Vault -param kvName string -param kvSku string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param appName string -// workspace -param workName string - -resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { - name: workName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module appiModule '../modules/appi-applicationinsights.bicep' = { - name: 'appiModuleName' - params:{ - location: location - tags: tags - name: appiName - Application_Type: Application_Type - Flow_Type: Flow_Type - workResourceId: workResource.id - } -} - -module kvModule '../modules/kv-keyvault.bicep'= { - name:'kvModuleName' - params:{ - location: location - tags: tags - name: kvName - sku: kvSku - tenantId: tenantId - } -} - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module apiModule '../modules/api-appservice.bicep' = { - name: 'apiModuleName' - params:{ - name: appName - location: location - tags: tags - environment: environmentApp - appiKey:appiModule.outputs.InstrumentationKey - appiConnection:appiModule.outputs.Connectionstring - planId: planResource.id - } -} diff --git a/.azure/templates/landingzone-appservicesql.bicep b/.azure/templates/landingzone-appservicesql.bicep index 0dd2316..443c399 100644 --- a/.azure/templates/landingzone-appservicesql.bicep +++ b/.azure/templates/landingzone-appservicesql.bicep @@ -92,7 +92,7 @@ module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { params:{ name: sqlName location: location - tags: tags + tags: tags adminLogin: sqlAdminUser adminPassword: sqlAdminPassword sqldbName: sqldbName diff --git a/.azure/templates/landingzone-blazor-api-sql.bicep b/.azure/templates/landingzone-blazor-api-sql.bicep deleted file mode 100644 index 0e1d2d9..0000000 --- a/.azure/templates/landingzone-blazor-api-sql.bicep +++ /dev/null @@ -1,83 +0,0 @@ -targetScope='resourceGroup' - -// Common -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param webName string -param apiName string -// Sql Server -param sqlName string -param sqlAdminUser string -@secure() -param sqlAdminPassword string -param sqldbName string -param sqldbSku string - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { - name: appiName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module apiModule '../modules/api-appservice.bicep' = { - name: 'apiModuleName' - params:{ - name: apiName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} - -module webModule '../modules/web-webapp.bicep' = { - name: 'webModuleName' - params:{ - name: webName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} - -module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { - name: 'sqlModuleName' - params:{ - name: sqlName - location: location - tags: tags - adminLogin: sqlAdminUser - adminPassword: sqlAdminPassword - sqldbName: sqldbName - sku: sqldbSku - } -} diff --git a/.azure/templates/landingzone-blazor-api.bicep b/.azure/templates/landingzone-blazor-api.bicep deleted file mode 100644 index 3601dab..0000000 --- a/.azure/templates/landingzone-blazor-api.bicep +++ /dev/null @@ -1,63 +0,0 @@ -targetScope='resourceGroup' - -// Common -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param webName string -param apiName string - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { - name: appiName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module apiModule '../modules/api-appservice.bicep' = { - name: 'apiModuleName' - params:{ - name: apiName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} - -module webModule '../modules/web-webapp.bicep' = { - name: 'webModuleName' - params:{ - name: webName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} diff --git a/.azure/templates/landingzone-blazor-sql.bicep b/.azure/templates/landingzone-blazor-sql.bicep deleted file mode 100644 index fbcfbf2..0000000 --- a/.azure/templates/landingzone-blazor-sql.bicep +++ /dev/null @@ -1,69 +0,0 @@ -targetScope='resourceGroup' - -// Common -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param webName string -// Sql Server -param sqlName string -param sqlAdminUser string -@secure() -param sqlAdminPassword string -param sqldbName string -param sqldbSku string - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { - name: appiName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module webModule '../modules/web-webapp.bicep' = { - name: 'webModuleName' - params:{ - name: webName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} - -module sqlModule '../modules/sql-sqlserverdatabase.bicep' = { - name: 'sqlModuleName' - params:{ - name: sqlName - location: location - tags: tags - adminLogin: sqlAdminUser - adminPassword: sqlAdminPassword - sqldbName: sqldbName - sku: sqldbSku - } -} diff --git a/.azure/templates/landingzone-blazor.bicep b/.azure/templates/landingzone-blazor.bicep deleted file mode 100644 index 97bd4e3..0000000 --- a/.azure/templates/landingzone-blazor.bicep +++ /dev/null @@ -1,49 +0,0 @@ -targetScope='resourceGroup' - -// Common -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param environmentApp string -param tags object -// Azure Monitor -param appiName string -// Storage Account -param stName string -param stSku string -// App Service -param planName string -param webName string - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource appiResource 'Microsoft.Insights/components@2020-02-02' existing = { - name: appiName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module webModule '../modules/web-webapp.bicep' = { - name: 'webModuleName' - params:{ - name: webName - location: location - tags: tags - environment: environmentApp - appiKey:appiResource.properties.InstrumentationKey - appiConnection:appiResource.properties.ConnectionString - planId: planResource.id - } -} diff --git a/.azure/templates/landingzone-function.bicep b/.azure/templates/landingzone-function.bicep deleted file mode 100644 index f007416..0000000 --- a/.azure/templates/landingzone-function.bicep +++ /dev/null @@ -1,86 +0,0 @@ -targetScope='resourceGroup' - -// Common -param tenantId string -param location string -param tags object -param environmentApp string -param sharedSubscriptionId string -param sharedResourceGroupName string -// Azure Monitor -param appiName string -param Application_Type string -param Flow_Type string -// Key Vault -param kvName string -param kvSku string -param accessPolicies array -// Storage Account -param stName string -param stSku string -// workspace -param workName string -// function -param funcName string -param planName string -param alwaysOn bool = false - - -resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { - name: workName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module appiModule '../modules/appi-applicationinsights.bicep' = { - name: 'appiModuleName' - params:{ - location: location - tags: tags - name: appiName - Application_Type: Application_Type - Flow_Type: Flow_Type - workResourceId: workResource.id - } -} - -module kvModule '../modules/kv-keyvault.bicep'= { - name:'kvModuleName' - params:{ - location: location - tags: tags - name: kvName - sku: kvSku - tenantId: tenantId - accessPolicies: accessPolicies - } -} - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -resource planResource 'Microsoft.Web/serverfarms@2023-01-01' existing = { - name: planName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module funcModule '../modules/func-functionsapp.bicep' = { - name: 'funcModuleName' - params:{ - name: funcName - location: location - tags: tags - environmentApp: environmentApp - appiKey:appiModule.outputs.InstrumentationKey - appiConnection:appiModule.outputs.Connectionstring - planId: planResource.id - stName: stName - alwaysOn: alwaysOn - } -} diff --git a/.azure/templates/landingzone-minimal.bicep b/.azure/templates/landingzone-minimal.bicep deleted file mode 100644 index cd8dcf6..0000000 --- a/.azure/templates/landingzone-minimal.bicep +++ /dev/null @@ -1,60 +0,0 @@ -targetScope='resourceGroup' - -// Common -param tenantId string -param location string -param tags object -param sharedSubscriptionId string -param sharedResourceGroupName string -// Azure Monitor -param appiName string -param Application_Type string -param Flow_Type string -// Key Vault -param kvName string -param kvSku string -param accessPolicies array -// Storage Account -param stName string -param stSku string -// workspace -param workName string - -resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { - name: workName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module appiModule '../modules/appi-applicationinsights.bicep' = { - name: 'appiName' - params:{ - location: location - tags: tags - name: appiName - Application_Type: Application_Type - Flow_Type: Flow_Type - workResourceId: workResource.id - } -} - -module kvModule '../modules/kv-keyvault.bicep'= { - name:'kvName' - params:{ - location: location - tags: tags - name: kvName - sku: kvSku - tenantId: tenantId - accessPolicies: accessPolicies - } -} - -module stModule '../modules/st-storageaccount.bicep' = { - name:'storagename' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} diff --git a/.azure/templates/landingzone-shared.bicep b/.azure/templates/landingzone-shared.bicep index b16de31..5f2d4ba 100644 --- a/.azure/templates/landingzone-shared.bicep +++ b/.azure/templates/landingzone-shared.bicep @@ -1,7 +1,7 @@ targetScope='resourceGroup' // Common -param tags object +param tags object param location string // Workspace param workName string @@ -11,17 +11,17 @@ param planName string param planSku string module workModule '../modules/work-loganalyticsworkspace.bicep' = { - name: 'logAnalyticsWorkspaceName' + name: 'workModuleName' params: { name: workName location: location - tags: tags + tags: tags sku: workSku } } module planModule '../modules/plan-appserviceplan.bicep' = { - name: 'appservicename' + name: 'planModuleName' params: { name: planName sku: planSku diff --git a/.azure/templates/landingzone-sharedsql.bicep b/.azure/templates/landingzone-sharedsql.bicep deleted file mode 100644 index fd4d7ee..0000000 --- a/.azure/templates/landingzone-sharedsql.bicep +++ /dev/null @@ -1,47 +0,0 @@ -targetScope='resourceGroup' - -// Common -param location string = resourceGroup().location -param tags object -// Workspace -param workName string -param workSku string -// App Service Plan -param planName string -param planSku string -// Sql Server -param sqlName string -param sqlAdminUser string -@secure() -param sqlAdminPassword string - -module workModule '../modules/work-loganalyticsworkspace.bicep' = { - name: 'workModuleName' - params: { - name: workName - location: location - tags: tags - sku: workSku - } -} - -module planModule '../modules/plan-appserviceplan.bicep' = { - name: 'planModuleName' - params: { - name: planName - sku: planSku - tags: tags - location: location - } -} - -module sqlServerModule '../modules/sql-sqlserver.bicep' = { - name: 'sqlModuleName' - params: { - name: sqlName - location: location - tags: tags - adminLogin: sqlAdminUser - adminPassword: sqlAdminPassword - } -} diff --git a/.azure/templates/landingzone-stapp.bicep b/.azure/templates/landingzone-stapp.bicep deleted file mode 100644 index 67fb135..0000000 --- a/.azure/templates/landingzone-stapp.bicep +++ /dev/null @@ -1,73 +0,0 @@ -targetScope='resourceGroup' - -// Common -param tenantId string = tenant().tenantId -param location string = resourceGroup().location -param sharedSubscriptionId string = subscription().subscriptionId -param sharedResourceGroupName string -param tags object -// Azure Monitor -param appiName string -param Application_Type string -param Flow_Type string -// Key Vault -param kvName string -param kvSku string -// Storage Account -param stName string -param stSku string -// Static Web App -param stappName string -param repositoryUrl string -param branch string = 'main' -// workspace -param workName string - -resource workResource 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = { - name: workName - scope: resourceGroup(sharedSubscriptionId, sharedResourceGroupName) -} - -module appiModule '../modules/appi-applicationinsights.bicep' = { - name: 'appiModuleName' - params:{ - location: location - tags: tags - name: appiName - Application_Type: Application_Type - Flow_Type: Flow_Type - workResourceId: workResource.id - } -} - -module kvModule '../modules/kv-keyvault.bicep'= { - name:'kvModuleName' - params:{ - location: location - tags: tags - name: kvName - sku: kvSku - tenantId: tenantId - } -} - -module stModule '../modules/st-storageaccount.bicep' = { - name:'stModuleName' - params:{ - tags: tags - location: location - name: stName - sku: stSku - } -} - -module apiModule '../modules/stapp-staticwebapp.bicep' = { - name: 'stappModuleName' - params:{ - name: stappName - location: location - tags: tags - repositoryUrl: repositoryUrl - branch: branch - } -} diff --git a/.azure/variables/landingzone-appservice-development.bicepparam b/.azure/variables/landingzone-appservice-development.bicepparam deleted file mode 100644 index f596f91..0000000 --- a/.azure/variables/landingzone-appservice-development.bicepparam +++ /dev/null @@ -1,29 +0,0 @@ -using '../templates/landingzone-appservice.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' - -// App Service -var planSku = 'F1' -param appName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-appservice-production.bicepparam b/.azure/variables/landingzone-appservice-production.bicepparam deleted file mode 100644 index a14845c..0000000 --- a/.azure/variables/landingzone-appservice-production.bicepparam +++ /dev/null @@ -1,29 +0,0 @@ -using '../templates/landingzone-appservice.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' - -// App Service -var planSku = 'F1' -param appName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-appservicesql-development.bicepparam b/.azure/variables/landingzone-appservicesql-development.bicepparam index 8f274da..20ae3d9 100644 --- a/.azure/variables/landingzone-appservicesql-development.bicepparam +++ b/.azure/variables/landingzone-appservicesql-development.bicepparam @@ -1,13 +1,14 @@ using '../templates/landingzone-appservicesql.bicep' // Common var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'dev' +var productName = 'semkernel' +var subscriptionName = 'devtest' param environmentApp = 'Development' +var environmentIac = 'dev' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -20,7 +21,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' +param kvName = 'kv-${productName}-${environmentIac}-002' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-appservicesql-production.bicepparam b/.azure/variables/landingzone-appservicesql-production.bicepparam index c0b1e52..0bb69bd 100644 --- a/.azure/variables/landingzone-appservicesql-production.bicepparam +++ b/.azure/variables/landingzone-appservicesql-production.bicepparam @@ -1,13 +1,14 @@ using '../templates/landingzone-appservicesql.bicep' // Common var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'prod' +var productName = 'semkernel' +var subscriptionName = 'production' param environmentApp = 'Production' +var environmentIac = 'prod' param location = 'West US 2' param tags = { Environment: environmentIac, CostCenter: '0000' } // Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' +param sharedResourceGroupName = '${organizationName}-rg-${subscriptionName}-shared-${environmentIac}-001' param workName = 'work-shared-${environmentIac}-001' // Azure Monitor @@ -20,7 +21,7 @@ param stName = 'st${productName}${environmentIac}001' param stSku = 'Standard_LRS' // Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' +param kvName = 'kv-${productName}-${environmentIac}-002' param kvSku = 'standard' // App Service diff --git a/.azure/variables/landingzone-blazor-api-development.bicepparam b/.azure/variables/landingzone-blazor-api-development.bicepparam deleted file mode 100644 index c4732f2..0000000 --- a/.azure/variables/landingzone-blazor-api-development.bicepparam +++ /dev/null @@ -1,24 +0,0 @@ -using '../templates/landingzone-blazor-api.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param apiName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-api-production.bicepparam b/.azure/variables/landingzone-blazor-api-production.bicepparam deleted file mode 100644 index cf0bbb9..0000000 --- a/.azure/variables/landingzone-blazor-api-production.bicepparam +++ /dev/null @@ -1,24 +0,0 @@ -using '../templates/landingzone-blazor-api.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param apiName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-api-sql-development.bicepparam b/.azure/variables/landingzone-blazor-api-sql-development.bicepparam deleted file mode 100644 index e576436..0000000 --- a/.azure/variables/landingzone-blazor-api-sql-development.bicepparam +++ /dev/null @@ -1,31 +0,0 @@ -using '../templates/landingzone-blazor-api-sql.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param apiName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' - -// SQL Server -param sqlName = 'sql-${productName}-${environmentIac}-001' -param sqlAdminUser = '' -param sqlAdminPassword = '' -param sqldbName = 'sqldb-${productName}-${environmentIac}-001' -param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-api-sql-production.bicepparam b/.azure/variables/landingzone-blazor-api-sql-production.bicepparam deleted file mode 100644 index dbe5453..0000000 --- a/.azure/variables/landingzone-blazor-api-sql-production.bicepparam +++ /dev/null @@ -1,31 +0,0 @@ -using '../templates/landingzone-blazor-api-sql.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param apiName = 'api-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' - -// SQL Server -param sqlName = 'sql-${productName}-${environmentIac}-001' -param sqlAdminUser = '' -param sqlAdminPassword = '' -param sqldbName = 'sqldb-${productName}-${environmentIac}-001' -param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-development.bicepparam b/.azure/variables/landingzone-blazor-development.bicepparam deleted file mode 100644 index c86b994..0000000 --- a/.azure/variables/landingzone-blazor-development.bicepparam +++ /dev/null @@ -1,23 +0,0 @@ -using '../templates/landingzone-blazor.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-production.bicepparam b/.azure/variables/landingzone-blazor-production.bicepparam deleted file mode 100644 index 3df8736..0000000 --- a/.azure/variables/landingzone-blazor-production.bicepparam +++ /dev/null @@ -1,23 +0,0 @@ -using '../templates/landingzone-blazor.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' diff --git a/.azure/variables/landingzone-blazor-sql-development.bicepparam b/.azure/variables/landingzone-blazor-sql-development.bicepparam deleted file mode 100644 index 38020e2..0000000 --- a/.azure/variables/landingzone-blazor-sql-development.bicepparam +++ /dev/null @@ -1,30 +0,0 @@ -using '../templates/landingzone-blazor-sql.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' - -// SQL Server -param sqlName = 'sql-${productName}-${environmentIac}-001' -param sqlAdminUser = '' -param sqlAdminPassword = '' -param sqldbName = 'sqldb-${productName}-${environmentIac}-001' -param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-blazor-sql-production.bicepparam b/.azure/variables/landingzone-blazor-sql-production.bicepparam deleted file mode 100644 index 4e30701..0000000 --- a/.azure/variables/landingzone-blazor-sql-production.bicepparam +++ /dev/null @@ -1,30 +0,0 @@ -using '../templates/landingzone-blazor-sql.bicep' -// Common -var organizationName = 'COMPANY' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } - -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// App Service -var planSku = 'F1' -param webName = 'web-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' - -// SQL Server -param sqlName = 'sql-${productName}-${environmentIac}-001' -param sqlAdminUser = '' -param sqlAdminPassword = '' -param sqldbName = 'sqldb-${productName}-${environmentIac}-001' -param sqldbSku = 'Basic' diff --git a/.azure/variables/landingzone-function-development.bicepparam b/.azure/variables/landingzone-function-development.bicepparam deleted file mode 100644 index 400d1e6..0000000 --- a/.azure/variables/landingzone-function-development.bicepparam +++ /dev/null @@ -1,42 +0,0 @@ -using '../templates/landingzone-function.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param environmentApp = 'Development' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param tenantId = '00000000-0000-0000-0000-000000000000' -param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' -param accessPolicies = [ - { - tenantId: tenantId - objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' - permissions: { - secrets: ['Get', 'List'] - } - } -] - -// Azure Functions -var planSku = 'F1' -param funcName = 'func-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' -param alwaysOn = true - diff --git a/.azure/variables/landingzone-function-production.bicepparam b/.azure/variables/landingzone-function-production.bicepparam deleted file mode 100644 index 5772ffa..0000000 --- a/.azure/variables/landingzone-function-production.bicepparam +++ /dev/null @@ -1,41 +0,0 @@ -using '../templates/landingzone-function.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param environmentApp = 'Production' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param tenantId = '00000000-0000-0000-0000-000000000000' -param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' -param accessPolicies = [ - { - tenantId: tenantId - objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' - permissions: { - secrets: ['Get', 'List'] - } - } -] - -// Azure Functions -var planSku = 'F1' -param funcName = 'func-${productName}-${environmentIac}-001' -param planName = 'plan-shared-${planSku}-${environmentIac}-001' -param alwaysOn = true diff --git a/.azure/variables/landingzone-minimal-development.bicepparam b/.azure/variables/landingzone-minimal-development.bicepparam deleted file mode 100644 index 7572c65..0000000 --- a/.azure/variables/landingzone-minimal-development.bicepparam +++ /dev/null @@ -1,34 +0,0 @@ -using '../templates/landingzone-minimal.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param tenantId = '00000000-0000-0000-0000-000000000000' -param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' -param accessPolicies = [ - { - tenantId: tenantId - objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' - permissions: { - secrets: ['Get', 'List'] - } - } -] diff --git a/.azure/variables/landingzone-minimal-production.bicepparam b/.azure/variables/landingzone-minimal-production.bicepparam deleted file mode 100644 index fe9d20e..0000000 --- a/.azure/variables/landingzone-minimal-production.bicepparam +++ /dev/null @@ -1,34 +0,0 @@ -using '../templates/landingzone-minimal.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param tenantId = '00000000-0000-0000-0000-000000000000' -param sharedSubscriptionId = '00000000-0000-0000-0000-000000000000' -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' -param accessPolicies = [ - { - tenantId: tenantId - objectId: 'PIPELINE_PRINCIPLE_OBJECT_ID' - permissions: { - secrets: ['Get', 'List'] - } - } -] diff --git a/.azure/variables/landingzone-stapp-development.bicepparam b/.azure/variables/landingzone-stapp-development.bicepparam deleted file mode 100644 index 5f0a0a5..0000000 --- a/.azure/variables/landingzone-stapp-development.bicepparam +++ /dev/null @@ -1,27 +0,0 @@ -using '../templates/landingzone-stapp.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'dev' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' - -// App Service -param stappName = 'stapp-${productName}-${environmentIac}-001' -param repositoryUrl = '' diff --git a/.azure/variables/landingzone-stapp-production.bicepparam b/.azure/variables/landingzone-stapp-production.bicepparam deleted file mode 100644 index 9478af4..0000000 --- a/.azure/variables/landingzone-stapp-production.bicepparam +++ /dev/null @@ -1,27 +0,0 @@ -using '../templates/landingzone-stapp.bicep' -// Common -var organizationName = 'gtc' -var productName = 'PRODUCT' -var environmentIac = 'prod' -param location = 'West US 2' -param tags = { Environment: environmentIac, CostCenter: '0000' } -// Workspace -param sharedResourceGroupName = '${organizationName}-rg-shared-${environmentIac}-001' -param workName = 'work-shared-${environmentIac}-001' - -// Azure Monitor -param appiName = 'appi-${productName}-${environmentIac}-001' -param Flow_Type = 'Bluefield' -param Application_Type = 'web' - -// Storage -param stName = 'st${productName}${environmentIac}001' -param stSku = 'Standard_LRS' - -// Key Vault -param kvName = 'kv-${productName}-${environmentIac}-001' -param kvSku = 'standard' - -// App Service -param stappName = 'stapp-${productName}-${environmentIac}-001' -param repositoryUrl = '' From 37125c209fb332442255968e1509ca1d8b322fd7 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Fri, 12 Sep 2025 14:53:50 -0700 Subject: [PATCH 3/6] kv to rbac --- .azure/modules/bot-botservice.bicep | 2 +- .azure/modules/kv-keyvault.bicep | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.azure/modules/bot-botservice.bicep b/.azure/modules/bot-botservice.bicep index 00391b5..26937d7 100644 --- a/.azure/modules/bot-botservice.bicep +++ b/.azure/modules/bot-botservice.bicep @@ -30,7 +30,7 @@ resource keyVaultName 'Microsoft.KeyVault/vaults@2023-07-01' = { family: 'A' name: 'standard' } - accessPolicies: [] + enableRbacAuthorization: true enabledForTemplateDeployment: true } } diff --git a/.azure/modules/kv-keyvault.bicep b/.azure/modules/kv-keyvault.bicep index f1a6b01..09fbcc2 100644 --- a/.azure/modules/kv-keyvault.bicep +++ b/.azure/modules/kv-keyvault.bicep @@ -3,7 +3,6 @@ param location string param sku string param tenantId string param tags object = {} -param accessPolicies array = [] resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: name @@ -19,7 +18,7 @@ resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: sku family: 'A' } - accessPolicies: accessPolicies == [] ? null : accessPolicies + enableRbacAuthorization: true networkAcls: { defaultAction: 'Allow' bypass: 'AzureServices' From 582262233593f89bba3304b82cd6951d6db2aec6 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Fri, 12 Sep 2025 15:06:13 -0700 Subject: [PATCH 4/6] kv to rbac group az role assignment create --- .azure/modules/kv-keyvault.bicep | 5 ++++- .github/workflows/gtc-rg-semkernel-iac.yml | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.azure/modules/kv-keyvault.bicep b/.azure/modules/kv-keyvault.bicep index 09fbcc2..88187b7 100644 --- a/.azure/modules/kv-keyvault.bicep +++ b/.azure/modules/kv-keyvault.bicep @@ -3,6 +3,8 @@ param location string param sku string param tenantId string param tags object = {} +param accessPolicies array = [] +param enableRbacAuthorization bool = true resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: name @@ -18,7 +20,8 @@ resource kvResource 'Microsoft.KeyVault/vaults@2023-07-01' = { name: sku family: 'A' } - enableRbacAuthorization: true + accessPolicies: accessPolicies == [] && enableRbacAuthorization == true ? null : accessPolicies + enableRbacAuthorization: enableRbacAuthorization networkAcls: { defaultAction: 'Allow' bypass: 'AzureServices' diff --git a/.github/workflows/gtc-rg-semkernel-iac.yml b/.github/workflows/gtc-rg-semkernel-iac.yml index f6be173..e59abb4 100644 --- a/.github/workflows/gtc-rg-semkernel-iac.yml +++ b/.github/workflows/gtc-rg-semkernel-iac.yml @@ -94,5 +94,5 @@ jobs: uses: Azure/cli@v2.1.0 with: inlineScript: | - az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} - az keyvault set-policy --name '${{ env.KEYVAULT_NAME }}' --object-id ${{ secrets.AZURE_SERVICE_PRINCIPAL_OBJECTID }} --secret-permissions get list + az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} + az role assignment create --assignee ${{ secrets.AZURE_SERVICE_PRINCIPAL_OBJECTID }} --role "Key Vault Secrets User" --scope "/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.PRODUCT_RG_NAME }}/providers/Microsoft.KeyVault/vaults/${{ env.KEYVAULT_NAME }}" From e03201295089e1edb4ca01e75423d7a85dfe0111 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Fri, 12 Sep 2025 15:24:33 -0700 Subject: [PATCH 5/6] removed rbac assign --- .github/workflows/gtc-rg-semkernel-iac.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/gtc-rg-semkernel-iac.yml b/.github/workflows/gtc-rg-semkernel-iac.yml index e59abb4..78fba74 100644 --- a/.github/workflows/gtc-rg-semkernel-iac.yml +++ b/.github/workflows/gtc-rg-semkernel-iac.yml @@ -94,5 +94,4 @@ jobs: uses: Azure/cli@v2.1.0 with: inlineScript: | - az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} - az role assignment create --assignee ${{ secrets.AZURE_SERVICE_PRINCIPAL_OBJECTID }} --role "Key Vault Secrets User" --scope "/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.PRODUCT_RG_NAME }}/providers/Microsoft.KeyVault/vaults/${{ env.KEYVAULT_NAME }}" + az deployment group create --resource-group ${{ env.PRODUCT_RG_NAME }} --template-file ${{ env.PRODUCT_BICEP_TEMPLATE }} --parameters ${{ env.PRODUCT_BICEP_PARAMETERS }} --parameters sqlAdminUser=${{ secrets.SQL_ADMIN_USER }} sqlAdminPassword=${{ secrets.SQL_ADMIN_PASSWORD }} \ No newline at end of file From e7fb9dd61971dcadca0ebdec8fb5b355c56639b7 Mon Sep 17 00:00:00 2001 From: Robert Good Date: Fri, 12 Sep 2025 15:30:46 -0700 Subject: [PATCH 6/6] will run code ci/cd as part of PR for codeql check --- .github/workflows/gtc-rg-semkernel-api-ci-cd.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml b/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml index e867c83..f8e3c99 100644 --- a/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml +++ b/.github/workflows/gtc-rg-semkernel-api-ci-cd.yml @@ -7,12 +7,18 @@ on: paths: - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml - src/** + - .github/workflows/gtc-rg-semkernel-iac.yml + - .azure/**/*.bicep + - .azure/**/*.bicepparams push: branches: - - main + - main paths: - - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml - - src/** + - .github/workflows/gtc-rg-semkernel-api-ci-cd.yml + - src/** + - .github/workflows/gtc-rg-semkernel-iac.yml + - .azure/**/*.bicep + - .azure/**/*.bicepparams workflow_dispatch: inputs: environment: