chore(infra): update to latest infra templates

Azure-Samples · Feb 29, 2024 · 8a940fb · 8a940fb
1 parent b2a83c5
commit 8a940fb
Show file tree

Hide file tree

Showing 11 changed files with 39 additions and 24 deletions.
diff --git a/infra/abbreviations.json b/infra/abbreviations.json
@@ -1,7 +1,7 @@
 {
   "analysisServicesServers": "as",
   "apiManagementService": "apim-",
-  "appConfigurationConfigurationStores": "appcs-",
+  "appConfigurationStores": "appcs-",
   "appManagedEnvironments": "cae-",
   "appContainerApps": "ca-",
   "authorizationPolicyDefinitions": "policy-",
@@ -55,6 +55,7 @@
   "kubernetesConnectedClusters": "arck",
   "kustoClusters": "dec",
   "kustoClustersDatabases": "dedb",
+  "loadTesting": "lt-",
   "logicIntegrationAccounts": "ia-",
   "logicWorkflows": "logic-",
   "machineLearningServicesWorkspaces": "mlw-",

diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
@@ -6,11 +6,21 @@ param tags object = {}
 param customSubDomainName string = name
 param deployments array = []
 param kind string = 'OpenAI'
+
+@allowed([ 'Enabled', 'Disabled' ])
 param publicNetworkAccess string = 'Enabled'
 param sku object = {
   name: 'S0'
 }
 
+param allowedIpRules array = []
+param networkAcls object = empty(allowedIpRules) ? {
+  defaultAction: 'Allow'
+} : {
+  ipRules: allowedIpRules
+  defaultAction: 'Deny'
+}
+
 resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
   name: name
   location: location
@@ -19,6 +29,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
   properties: {
     customSubDomainName: customSubDomainName
     publicNetworkAccess: publicNetworkAccess
+    networkAcls: networkAcls
   }
   sku: sku
 }

diff --git a/infra/core/host/container-app.bicep b/infra/core/host/container-app.bicep
@@ -89,7 +89,7 @@ module containerRegistryAccess '../security/registry-access.bicep' = if (usePriv
   }
 }
 
-resource app 'Microsoft.App/containerApps@2023-04-01-preview' = {
+resource app 'Microsoft.App/containerApps@2023-05-02-preview' = {
   name: name
   location: location
   tags: tags
@@ -150,7 +150,7 @@ resource app 'Microsoft.App/containerApps@2023-04-01-preview' = {
   }
 }
 
-resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' existing = {
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' existing = {
   name: containerAppsEnvironmentName
 }
 

diff --git a/infra/core/host/container-apps-environment.bicep b/infra/core/host/container-apps-environment.bicep
@@ -12,7 +12,7 @@ param daprEnabled bool = false
 @description('Name of the Log Analytics workspace')
 param logAnalyticsWorkspaceName string
 
-resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-04-01-preview' = {
+resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = {
   name: name
   location: location
   tags: tags

diff --git a/infra/core/host/container-apps.bicep b/infra/core/host/container-apps.bicep
@@ -6,6 +6,7 @@ param tags object = {}
 param containerAppsEnvironmentName string
 param containerRegistryName string
 param containerRegistryResourceGroupName string = ''
+param containerRegistryAdminUserEnabled bool = false
 param logAnalyticsWorkspaceName string
 param applicationInsightsName string = ''
 
@@ -26,6 +27,7 @@ module containerRegistry 'container-registry.bicep' = {
   params: {
     name: containerRegistryName
     location: location
+    adminUserEnabled: containerRegistryAdminUserEnabled
     tags: tags
   }
 }

diff --git a/infra/core/host/container-registry.bicep b/infra/core/host/container-registry.bicep
@@ -4,7 +4,7 @@ param location string = resourceGroup().location
 param tags object = {}
 
 @description('Indicates whether admin user is enabled')
-param adminUserEnabled bool = true
+param adminUserEnabled bool = false
 
 @description('Indicates whether anonymous pull is enabled')
 param anonymousPullEnabled bool = false
@@ -34,8 +34,8 @@ param zoneRedundancy string = 'Disabled'
 @description('The log analytics workspace ID used for logging and monitoring')
 param workspaceId string = ''
 
-// 2022-02-01-preview needed for anonymousPullEnabled
-resource containerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = {
+// 2023-01-01-preview needed for anonymousPullEnabled
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
   name: name
   location: location
   tags: tags

diff --git a/infra/core/monitor/applicationinsights.bicep b/infra/core/monitor/applicationinsights.bicep
@@ -1,9 +1,8 @@
 metadata description = 'Creates an Application Insights instance based on an existing Log Analytics workspace.'
 param name string
-param dashboardName string
+param dashboardName string = ''
 param location string = resourceGroup().location
 param tags object = {}
-param includeDashboard bool = true
 param logAnalyticsWorkspaceId string
 
 resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
@@ -17,7 +16,7 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
   }
 }
 
-module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' =  if (includeDashboard) {
+module applicationInsightsDashboard 'applicationinsights-dashboard.bicep' = if (!empty(dashboardName)) {
   name: 'application-insights-dashboard'
   params: {
     name: dashboardName

diff --git a/infra/core/monitor/monitoring.bicep b/infra/core/monitor/monitoring.bicep
@@ -1,12 +1,9 @@
 metadata description = 'Creates an Application Insights instance and a Log Analytics workspace.'
 param logAnalyticsName string
 param applicationInsightsName string
-param applicationInsightsDashboardName string
+param applicationInsightsDashboardName string = ''
 param location string = resourceGroup().location
 param tags object = {}
-param includeDashboard bool = true
-
-var useApplicationInsights = !empty(applicationInsightsName)
 
 module logAnalytics 'loganalytics.bicep' = {
   name: 'loganalytics'
@@ -17,20 +14,19 @@ module logAnalytics 'loganalytics.bicep' = {
   }
 }
 
-module applicationInsights 'applicationinsights.bicep' = if (useApplicationInsights) {
+module applicationInsights 'applicationinsights.bicep' = {
   name: 'applicationinsights'
   params: {
     name: applicationInsightsName
     location: location
     tags: tags
     dashboardName: applicationInsightsDashboardName
-    includeDashboard: includeDashboard
     logAnalyticsWorkspaceId: logAnalytics.outputs.id
   }
 }
 
-output applicationInsightsConnectionString string = useApplicationInsights ? applicationInsights.outputs.connectionString : ''
-output applicationInsightsInstrumentationKey string = useApplicationInsights ? applicationInsights.outputs.instrumentationKey : ''
-output applicationInsightsName string = useApplicationInsights ? applicationInsights.outputs.name : ''
+output applicationInsightsConnectionString string = applicationInsights.outputs.connectionString
+output applicationInsightsInstrumentationKey string = applicationInsights.outputs.instrumentationKey
+output applicationInsightsName string = applicationInsights.outputs.name
 output logAnalyticsWorkspaceId string = logAnalytics.outputs.id
 output logAnalyticsWorkspaceName string = logAnalytics.outputs.name
diff --git a/infra/core/search/search-services.bicep b/infra/core/search/search-services.bicep
@@ -1,4 +1,4 @@
-metadata description = 'Creates an Azure Cognitive Search instance.'
+metadata description = 'Creates an Azure AI Search instance.'
 param name string
 param location string = resourceGroup().location
 param tags object = {}
@@ -36,13 +36,16 @@ param replicaCount int = 1
 ])
 param semanticSearch string = 'disabled'
 
+var searchIdentityProvider = (sku.name == 'free') ? null : {
+  type: 'SystemAssigned'
+}
+
 resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = {
   name: name
   location: location
   tags: tags
-  identity: {
-    type: 'SystemAssigned'
-  }
+  // The free tier does not support managed identity
+  identity: searchIdentityProvider
   properties: {
     authOptions: authOptions
     disableLocalAuth: disableLocalAuth
@@ -61,3 +64,5 @@ resource search 'Microsoft.Search/searchServices@2021-04-01-preview' = {
 output id string = search.id
 output endpoint string = 'https://${name}.search.windows.net/'
 output name string = search.name
+output principalId string = !empty(searchIdentityProvider) ? search.identity.principalId : ''
+
diff --git a/infra/core/security/registry-access.bicep b/infra/core/security/registry-access.bicep
@@ -14,6 +14,6 @@ resource aksAcrPull 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   }
 }
 
-resource containerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = {
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' existing = {
   name: containerRegistryName
 }
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -132,6 +132,7 @@ module containerApps './core/host/container-apps.bicep' = {
     location: location
     tags: tags
     logAnalyticsWorkspaceName: monitoring.outputs.logAnalyticsWorkspaceName
+    containerRegistryAdminUserEnabled: true
   }
 }