chore(azure): add tags and param-descriptions on all resources (#942)

## Description - Adds tags on all resources with Environment. Might look into adding more tags like version etc eventually. - Adds @description for all params in modules  ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>
Altinn · Jul 30, 2024 · 1834045 · 1834045
1 parent 9e0f436
commit 1834045
Show file tree

Hide file tree

Showing 23 changed files with 322 additions and 50 deletions.
diff --git a/.azure/applications/graphql/main.bicep b/.azure/applications/graphql/main.bicep
@@ -1,23 +1,37 @@
 targetScope = 'resourceGroup'
 
+@description('The tag of the image to be used')
 @minLength(3)
 param imageTag string
+
+@description('The environment for the deployment')
 @minLength(3)
 param environment string
+
+@description('The location where the resources will be deployed')
 @minLength(3)
 param location string
+
+@description('The IP address of the API Management instance')
 @minLength(3)
 param apimIp string
 
+@description('The name of the container app environment')
 @minLength(3)
 @secure()
 param containerAppEnvironmentName string
+
+@description('The connection string for Application Insights')
 @minLength(3)
 @secure()
 param appInsightConnectionString string
+
+@description('The name of the App Configuration store')
 @minLength(5)
 @secure()
 param appConfigurationName string
+
+@description('The name of the Key Vault for the environment')
 @minLength(3)
 @secure()
 param environmentKeyVaultName string

diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep
@@ -1,23 +1,37 @@
 targetScope = 'resourceGroup'
 
+@description('The tag of the image to be used')
 @minLength(3)
 param imageTag string
+
+@description('The environment for the deployment')
 @minLength(3)
 param environment string
+
+@description('The location where the resources will be deployed')
 @minLength(3)
 param location string
+
+@description('The IP address of the API Management instance')
 @minLength(3)
 param apimIp string
 
+@description('The name of the container app environment')
 @minLength(3)
 @secure()
 param containerAppEnvironmentName string
+
+@description('The connection string for Application Insights')
 @minLength(3)
 @secure()
 param appInsightConnectionString string
+
+@description('The name of the App Configuration store')
 @minLength(5)
 @secure()
 param appConfigurationName string
+
+@description('The name of the Key Vault for the environment')
 @minLength(3)
 @secure()
 param environmentKeyVaultName string
@@ -74,15 +88,15 @@ module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep'
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {
     keyvaultName: environmentKeyVaultResource.name
-    principalIds: [ containerApp.outputs.identityPrincipalId ]
+    principalIds: [containerApp.outputs.identityPrincipalId]
   }
 }
 
 module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
   name: 'appConfigReaderAccessPolicy-${containerAppName}'
   params: {
     appConfigurationName: appConfigurationName
-    principalIds: [ containerApp.outputs.identityPrincipalId ]
+    principalIds: [containerApp.outputs.identityPrincipalId]
   }
 }
 

diff --git a/.azure/applications/web-api-migration-job/main.bicep b/.azure/applications/web-api-migration-job/main.bicep
@@ -1,15 +1,23 @@
 targetScope = 'resourceGroup'
 
+@description('The tag of the image to be used')
 @minLength(3)
 param imageTag string
+
+@description('The environment for the deployment')
 @minLength(3)
 param environment string
+
+@description('The location where the resources will be deployed')
 @minLength(3)
 param location string
 
+@description('The name of the container app environment')
 @minLength(3)
 @secure()
 param containerAppEnvironmentName string
+
+@description('The name of the Key Vault for the environment')
 @minLength(3)
 @secure()
 param environmentKeyVaultName string

diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep
@@ -1,23 +1,37 @@
 targetScope = 'resourceGroup'
 
+@description('The tag of the image to be used')
 @minLength(3)
 param imageTag string
+
+@description('The environment for the deployment')
 @minLength(3)
 param environment string
+
+@description('The location where the resources will be deployed')
 @minLength(3)
 param location string
+
+@description('The IP address of the API Management instance')
 @minLength(3)
 param apimIp string
 
+@description('The name of the container app environment')
 @minLength(3)
 @secure()
 param containerAppEnvironmentName string
+
+@description('The connection string for Application Insights')
 @minLength(3)
 @secure()
 param appInsightConnectionString string
+
+@description('The name of the App Configuration store')
 @minLength(5)
 @secure()
 param appConfigurationName string
+
+@description('The name of the Key Vault for the environment')
 @minLength(3)
 @secure()
 param environmentKeyVaultName string
@@ -78,15 +92,15 @@ module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep'
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {
     keyvaultName: environmentKeyVaultResource.name
-    principalIds: [ containerApp.outputs.identityPrincipalId ]
+    principalIds: [containerApp.outputs.identityPrincipalId]
   }
 }
 
 module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
   name: 'appConfigReaderAccessPolicy-${containerAppName}'
   params: {
     appConfigurationName: appConfigurationName
-    principalIds: [ containerApp.outputs.identityPrincipalId ]
+    principalIds: [containerApp.outputs.identityPrincipalId]
   }
 }
 

diff --git a/.azure/functions/resourceName.bicep b/.azure/functions/resourceName.bicep
@@ -1,9 +1,8 @@
-// This function generates a unique string based on the subscription ID and resource group ID
+@description('This function generates a unique string based on the subscription ID and resource group ID')
 @export()
 func uniqueStringBySubscriptionAndResourceGroup() string => uniqueString('${subscription().id}${resourceGroup().id}')
 
-// This function generates a unique resource name by appending a unique string to the given name, ensuring the total length does not exceed the specified limit.
-// It also ensures that the name is always postfixed with the full length of the unique string, which is 13 characters plus a dash.
+@description('This function generates a unique resource name by appending a unique string to the given name, ensuring the total length does not exceed the specified limit. It also ensures that the name is always postfixed with the full length of the unique string, which is 13 characters plus a dash.')
 // Example:
 // uniqueResourceName(name: 'my-resource', limit: 50) => 'my-resource-1234567890123'
 // Example:

diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
@@ -1,20 +1,32 @@
 targetScope = 'subscription'
+
+@description('The environment for the deployment')
 @minLength(3)
 param environment string
+
+@description('The location where the resources will be deployed')
 @minLength(3)
 param location string
 
+@description('Array of all keys in the source Key Vault')
 param keyVaultSourceKeys array
 
+@description('Password for PostgreSQL admin')
 @secure()
 @minLength(3)
 param dialogportenPgAdminPassword string
+
+@description('Subscription ID for the source Key Vault')
 @secure()
 @minLength(3)
 param sourceKeyVaultSubscriptionId string
+
+@description('Resource group for the source Key Vault')
 @secure()
 @minLength(3)
 param sourceKeyVaultResourceGroup string
+
+@description('Name of the source Key Vault')
 @secure()
 @minLength(3)
 param sourceKeyVaultName string
@@ -51,10 +63,15 @@ var secrets = {
 
 var namePrefix = 'dp-be-${environment}'
 
+var tags = {
+  Environment: environment
+}
+
 // Create resource groups
 resource resourceGroup 'Microsoft.Resources/resourceGroups@2024-03-01' = {
   name: '${namePrefix}-rg'
   location: location
+  tags: tags
 }
 
 module environmentKeyVault '../modules/keyvault/create.bicep' = {
@@ -64,6 +81,7 @@ module environmentKeyVault '../modules/keyvault/create.bicep' = {
     namePrefix: namePrefix
     location: location
     sku: keyVaultSku
+    tags: tags
   }
 }
 
@@ -74,6 +92,7 @@ module appConfiguration '../modules/appConfiguration/create.bicep' = {
     namePrefix: namePrefix
     location: location
     sku: appConfigurationSku
+    tags: tags
   }
 }
 
@@ -84,6 +103,7 @@ module appInsights '../modules/applicationInsights/create.bicep' = {
     namePrefix: namePrefix
     location: location
     sku: appInsightsSku
+    tags: tags
   }
 }
 
@@ -96,6 +116,7 @@ module serviceBus '../modules/serviceBus/main.bicep' = {
     sku: serviceBusSku
     subnetId: vnet.outputs.serviceBusSubnetId
     vnetId: vnet.outputs.virtualNetworkId
+    tags: tags
   }
 }
 
@@ -105,6 +126,7 @@ module vnet '../modules/vnet/main.bicep' = {
   params: {
     namePrefix: namePrefix
     location: location
+    tags: tags
   }
 }
 
@@ -135,13 +157,14 @@ module postgresql '../modules/postgreSql/create.bicep' = {
     location: location
     environmentKeyVaultName: environmentKeyVault.outputs.name
     srcKeyVault: srcKeyVault
-    srcSecretName: 'dialogportenPgAdminPassword${environment}'
+    srcKeyVaultAdministratorLoginPasswordKey: 'dialogportenPgAdminPassword${environment}'
     administratorLoginPassword: contains(keyVaultSourceKeys, 'dialogportenPgAdminPassword${environment}')
       ? srcKeyVaultResource.getSecret('dialogportenPgAdminPassword${environment}')
       : secrets.dialogportenPgAdminPassword
     sku: postgresSku
     subnetId: vnet.outputs.postgresqlSubnetId
     vnetId: vnet.outputs.virtualNetworkId
+    tags: tags
   }
 }
 
@@ -156,6 +179,7 @@ module redis '../modules/redis/main.bicep' = {
     version: redisVersion
     subnetId: vnet.outputs.redisSubnetId
     vnetId: vnet.outputs.virtualNetworkId
+    tags: tags
   }
 }
 
@@ -170,6 +194,7 @@ module copyCrossEnvironmentSecrets '../modules/keyvault/copySecrets.bicep' = {
     srcKeyVaultSubId: secrets.sourceKeyVaultSubscriptionId
     destKeyVaultName: environmentKeyVault.outputs.name
     secretPrefix: 'dialogporten--any--'
+    tags: tags
   }
 }
 
@@ -184,6 +209,7 @@ module copyEnvironmentSecrets '../modules/keyvault/copySecrets.bicep' = {
     srcKeyVaultSubId: secrets.sourceKeyVaultSubscriptionId
     destKeyVaultName: environmentKeyVault.outputs.name
     secretPrefix: 'dialogporten--${environment}--'
+    tags: tags
   }
 }
 
@@ -196,6 +222,7 @@ module slackNotifier '../modules/functionApp/slackNotifier.bicep' = {
     namePrefix: namePrefix
     applicationInsightsName: appInsights.outputs.appInsightsName
     sku: slackNotifierSku
+    tags: tags
   }
 }
 
@@ -207,6 +234,7 @@ module containerAppEnv '../modules/containerAppEnv/main.bicep' = {
     location: location
     appInsightWorkspaceName: appInsights.outputs.appInsightsWorkspaceName
     subnetId: vnet.outputs.containerAppEnvironmentSubnetId
+    tags: tags
   }
 }
 
@@ -227,6 +255,7 @@ module postgresConnectionStringAppConfig '../modules/appConfiguration/upsertKeyV
     key: 'Infrastructure:DialogDbConnectionString'
     value: postgresql.outputs.adoConnectionStringSecretUri
     keyValueType: 'keyVaultReference'
+    tags: tags
   }
 }
 
@@ -238,6 +267,7 @@ module redisConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValu
     key: 'Infrastructure:Redis:ConnectionString'
     value: redis.outputs.connectionStringSecretUri
     keyValueType: 'keyVaultReference'
+    tags: tags
   }
 }
 

diff --git a/.azure/modules/appConfiguration/create.bicep b/.azure/modules/appConfiguration/create.bicep
@@ -1,12 +1,20 @@
 import { uniqueResourceName } from '../../functions/resourceName.bicep'
 
+@description('The prefix used for naming resources to ensure unique names')
 param namePrefix string
+
+@description('The location where the resources will be deployed')
 param location string
 
+@description('Tags to apply to resources')
+param tags object
+
 @export()
 type Sku = {
   name: 'standard'
 }
+
+@description('The SKU of the App Configuration')
 param sku Sku
 
 var appConfigNameMaxLength = 63
@@ -26,6 +34,7 @@ resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-03-01' =
       value: '1'
     }
   }
+  tags: tags
 }
 
 output endpoint string = appConfig.properties.endpoint