Merge branch 'main' into fix/handle-admin-scope

.azure/infrastructure/main.bicep

@@ -55,9 +55,11 @@ import { Sku as SlackNotifierSku } from '../modules/functionApp/slackNotifier.bi
 param slackNotifierSku SlackNotifierSku
 
 import { Sku as PostgresSku } from '../modules/postgreSql/create.bicep'
+import { StorageConfiguration as PostgresStorageConfig } from '../modules/postgreSql/create.bicep'
 
 param postgresConfiguration {
   sku: PostgresSku
+  storage: PostgresStorageConfig
   enableIndexTuning: bool
   enableQueryPerformanceInsight: bool
 }
@@ -215,6 +217,7 @@ module postgresql '../modules/postgreSql/create.bicep' = {
       ? srcKeyVaultResource.getSecret('dialogportenPgAdminPassword${environment}')
       : secrets.dialogportenPgAdminPassword
     sku: postgresConfiguration.sku
+    storage: postgresConfiguration.storage
     appInsightWorkspaceName: appInsights.outputs.appInsightsWorkspaceName
     enableIndexTuning: postgresConfiguration.enableIndexTuning
     enableQueryPerformanceInsight: postgresConfiguration.enableQueryPerformanceInsight
@@ -282,18 +285,40 @@ module slackNotifier '../modules/functionApp/slackNotifier.bicep' = {
   }
 }
 
+module containerAppIdentity '../modules/managedIdentity/main.bicep' = {
+  scope: resourceGroup
+  name: 'containerAppIdentity'
+  params: {
+    name: '${namePrefix}-cae-id'
+     location: location
+    tags: tags
+  }
+}
+
 module containerAppEnv '../modules/containerAppEnv/main.bicep' = {
   scope: resourceGroup
   name: 'containerAppEnv'
   params: {
     namePrefix: namePrefix
     location: location
     appInsightWorkspaceName: appInsights.outputs.appInsightsWorkspaceName
+    appInsightsConnectionString: appInsights.outputs.connectionString
+    monitorMetricsIngestionEndpoint: monitorWorkspace.outputs.containerAppEnvironmentMetricsIngestionEndpoint
+    userAssignedIdentityId: containerAppIdentity.outputs.managedIdentityId
     subnetId: vnet.outputs.containerAppEnvironmentSubnetId
     tags: tags
   }
 }
 
+module monitorMetricsPublisherRoles '../modules/monitor-workspace/addMetricsPublisherRoles.bicep' = {
+  scope: resourceGroup
+  name: 'monitorMetricsPublisherRoles'
+  params: {
+    monitorWorkspaceName: monitorWorkspace.outputs.monitorWorkspaceName
+    principalIds: [containerAppIdentity.outputs.managedIdentityPrincipalId]
+  }
+}
+
 module appInsightsReaderAccessPolicy '../modules/applicationInsights/addReaderRoles.bicep' = {
   scope: resourceGroup
   name: 'appInsightsReaderAccessPolicy'

.azure/infrastructure/prod.bicepparam

@@ -31,11 +31,16 @@ param slackNotifierSku = {
 }
 param postgresConfiguration = {
   sku: {
-    name: 'Standard_D4ads_v5'
+    name: 'Standard_D8ads_v5'
     tier: 'GeneralPurpose'
   }
-  enableQueryPerformanceInsight: false
+  storage: {
+    storageSizeGB: 256
+    autoGrow: 'Enabled'
+    type: 'Premium_LRS'
+  }
   enableIndexTuning: false
+  enableQueryPerformanceInsight: false
 }
 
 param redisSku = {

.azure/infrastructure/staging.bicepparam

@@ -34,6 +34,11 @@ param postgresConfiguration = {
     name: 'Standard_B1ms'
     tier: 'Burstable'
   }
+  storage: {
+    storageSizeGB: 32
+    autoGrow: 'Enabled'
+    type: 'Premium_LRS'
+  }
   enableIndexTuning: false
   enableQueryPerformanceInsight: true
 }

.azure/infrastructure/test.bicepparam

@@ -34,6 +34,11 @@ param postgresConfiguration = {
     name: 'Standard_B2s'
     tier: 'Burstable'
   }
+  storage: {
+    storageSizeGB: 32
+    autoGrow: 'Enabled'
+    type: 'Premium_LRS'
+  }
   enableIndexTuning: false
   enableQueryPerformanceInsight: true
 }

.azure/infrastructure/yt01.bicepparam

@@ -31,9 +31,14 @@ param slackNotifierSku = {
 }
 param postgresConfiguration = {
   sku: {
-    name: 'Standard_D4ads_v5'
+    name: 'Standard_D8ads_v5'
     tier: 'GeneralPurpose'
   }
+  storage: {
+    storageSizeGB: 256
+    autoGrow: 'Enabled'
+    type: 'Premium_LRS'
+  }
   enableIndexTuning: true
   enableQueryPerformanceInsight: true
 }

.azure/modules/containerAppEnv/main.bicep

@@ -13,13 +13,28 @@ param tags object
 @description('The name of the Application Insights workspace')
 param appInsightWorkspaceName string
 
+@description('The Application Insights connection string')
+param appInsightsConnectionString string
+
+@description('The metrics ingestion endpoint of the Azure Monitor workspace')
+param monitorMetricsIngestionEndpoint string
+
+@description('The ID of the user-assigned managed identity')
+param userAssignedIdentityId string
+
 resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
   name: appInsightWorkspaceName
 }
 
-resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-03-01' = {
+resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-02-02-preview' = {
   name: '${namePrefix}-cae'
   location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${userAssignedIdentityId}': {}
+    }
+  }
   properties: {
     appLogsConfiguration: {
       destination: 'log-analytics'
@@ -32,6 +47,29 @@ resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-03-01' = {
       infrastructureSubnetId: subnetId
       internal: false
     }
+    appInsightsConfiguration: {
+      connectionString: appInsightsConnectionString
+    }
+    openTelemetryConfiguration: {
+      tracesConfiguration: {
+        destinations: ['appInsights']
+      }
+      logsConfiguration: {
+        destinations: ['appInsights']
+      }
+      metricsConfiguration: {
+        destinations: ['metrics-ingestion']
+      }
+      destinationsConfiguration: {
+        otlpConfigurations: [
+          {
+            endpoint: monitorMetricsIngestionEndpoint
+            name: 'metrics-ingestion'
+            insecure: false
+          }
+        ]
+      }
+    }
   }
   tags: tags
 }

.azure/modules/managedIdentity/main.bicep

@@ -0,0 +1,17 @@
+@description('The location where the resources will be deployed')
+param location string
+
+@description('The name of the managed identity')
+param name string
+
+@description('Tags to apply to resources')
+param tags object
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: name
+  location: location
+  tags: tags
+}
+
+output managedIdentityId string = managedIdentity.id
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId 

.azure/modules/monitor-workspace/addMetricsPublisherRoles.bicep

@@ -0,0 +1,25 @@
+@description('The name of the Monitor workspace')
+param monitorWorkspaceName string
+
+@description('Array of principal IDs to assign the Monitoring Metrics Publisher role to')
+param principalIds array
+
+resource monitorWorkspace 'Microsoft.Monitor/accounts@2023-04-03' existing = {
+  name: monitorWorkspaceName
+}
+
+@description('This is the built-in Monitoring Metrics Publisher role. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#monitoring-metrics-publisher')
+resource monitoringMetricsPublisherRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  scope: subscription()
+  name: '3913510d-42f4-4e42-8a64-420c390055eb'
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: {
+  scope: monitorWorkspace
+  name: guid(monitorWorkspace.id, principalId, monitoringMetricsPublisherRole.id)
+  properties: {
+    roleDefinitionId: monitoringMetricsPublisherRole.id
+    principalId: principalId
+    principalType: 'ServicePrincipal'
+  }
+}] 

.azure/modules/monitor-workspace/main.bicep

@@ -17,5 +17,57 @@ resource monitorWorkspace 'Microsoft.Monitor/accounts@2023-04-03' = {
   tags: tags
 }
 
+resource containerAppEnvironmentDataCollectionEndpoint 'Microsoft.Insights/dataCollectionEndpoints@2023-03-11' = {
+  name: '${namePrefix}-cae-dce'
+  location: location
+  properties: {
+    description: 'DCE for Container App Environment'
+    networkAcls: {
+      publicNetworkAccess: 'Enabled'
+    }
+  }
+  tags: tags
+}
+
+resource containerAppEnvironmentDataCollectionRule 'Microsoft.Insights/dataCollectionRules@2023-03-11' = {
+  name: '${namePrefix}-cae-dcr'
+  location: location
+  properties: {
+    description: 'DCR for Container App Environment'
+    dataCollectionEndpointId: containerAppEnvironmentDataCollectionEndpoint.id
+    dataSources: {
+      prometheusForwarder: [
+        {
+          streams: [
+            'Microsoft-PrometheusMetrics'
+          ]
+          name: 'PrometheusDataSource'
+        }
+      ]
+    }
+    destinations: {
+      monitoringAccounts: [
+        {
+          accountResourceId: monitorWorkspace.id
+          name: 'MonitoringAccountDestination'
+        }
+      ]
+    }
+    dataFlows: [
+      {
+        streams: [
+          'Microsoft-PrometheusMetrics'
+        ]
+        destinations: [
+          'MonitoringAccountDestination'
+        ]
+      }
+    ]
+  }
+  tags: tags
+}
+
 output monitorWorkspaceId string = monitorWorkspace.id
 output monitorWorkspaceName string = monitorWorkspace.name
+output containerAppEnvironmentMetricsIngestionEndpoint string = containerAppEnvironmentDataCollectionEndpoint.properties.metricsIngestion.endpoint
+output containerAppEnvironmentLogsIngestionEndpoint string = containerAppEnvironmentDataCollectionEndpoint.properties.logsIngestion.endpoint

.azure/modules/postgreSql/create.bicep

@@ -24,13 +24,25 @@ param tags object
 
 @export()
 type Sku = {
-  name: 'Standard_B1ms' | 'Standard_B2s' | 'Standard_B4ms' | 'Standard_B8ms' | 'Standard_B12ms' | 'Standard_B16ms' | 'Standard_B20ms' | 'Standard_D4ads_v5'
+  name: 'Standard_B1ms' | 'Standard_B2s' | 'Standard_B4ms' | 'Standard_B8ms' | 'Standard_B12ms' | 'Standard_B16ms' | 'Standard_B20ms' | 'Standard_D4ads_v5' | 'Standard_D8ads_v5'
   tier: 'Burstable' | 'GeneralPurpose' | 'MemoryOptimized'
 }
 
 @description('The SKU of the PostgreSQL server')
 param sku Sku
 
+@export()
+type StorageConfiguration = {
+  @minValue(32)
+  storageSizeGB: int
+  autoGrow: 'Enabled' | 'Disabled'
+  @description('The type of storage account to use. Default is Premium_LRS.')
+  type: 'Premium_LRS' | 'PremiumV2_LRS'
+}
+
+@description('The storage configuration for the PostgreSQL server')
+param storage StorageConfiguration
+
 @description('Enable query performance insight')
 param enableQueryPerformanceInsight bool
 
@@ -94,7 +106,11 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
     version: '15'
     administratorLogin: administratorLogin
     administratorLoginPassword: administratorLoginPassword
-    storage: { storageSizeGB: 32 }
+    storage: {
+      storageSizeGB: storage.storageSizeGB
+      autoGrow: storage.autoGrow
+      type: storage.type
+    }
     dataEncryption: {
       type: 'SystemManaged'
     }

.github/workflows/ci-cd-pull-request-release-please.yml

@@ -79,7 +79,7 @@ jobs:
         id: slack
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-        uses: slackapi/slack-github-action@v1.27.0
+        uses: slackapi/slack-github-action@v1.27.1
         with:
           channel-id: ${{ secrets.SLACK_CHANNEL_ID_FOR_RELEASES }}
           payload: |

.github/workflows/workflow-send-ci-cd-status-slack-message.yml

@@ -85,7 +85,7 @@ jobs:
           SCHEMA_NPM_STATUS: "${{ steps.status-emojis.outputs.SCHEMA_NPM_EMOJI }}"
           PUBLISH_STATUS: "${{ steps.status-emojis.outputs.PUBLISH_EMOJI }}"
           BUILD_AND_TEST_STATUS: "${{ steps.status-emojis.outputs.BUILD_AND_TEST_EMOJI }}"
-        uses: slackapi/slack-github-action@v1.27.0
+        uses: slackapi/slack-github-action@v1.27.1
         with:
           channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
           payload-file-path: "./.github/slack-templates/pipeline-failed.json"

CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+## [1.39.0](https://github.com/digdir/dialogporten/compare/v1.38.0...v1.39.0) (2024-11-22)
+
+
+### Features
+
+* **azure:** adjust SKU and storage for yt01 and prod ([b7e4909](https://github.com/digdir/dialogporten/commit/b7e490930261ca3470a8bb7da3715529dbe9f445))
+* **azure:** adjust SKU and storage for yt01 and prod ([#1508](https://github.com/digdir/dialogporten/issues/1508)) ([5478275](https://github.com/digdir/dialogporten/commit/5478275de065ba59bca864e3808718231b3725b0))
+* **graphql:** Create separate type for sub-parties ([#1510](https://github.com/digdir/dialogporten/issues/1510)) ([9c75f11](https://github.com/digdir/dialogporten/commit/9c75f113acc77afd27b08199a0b1e4bd49778e53))
+
+
+### Bug Fixes
+
+* **azure:** ensure correct properties are used when adjusting SKU and storage for postgres ([#1514](https://github.com/digdir/dialogporten/issues/1514)) ([c51d2f5](https://github.com/digdir/dialogporten/commit/c51d2f5131a6dc73e1bba61d71550e5e046cfa70))
+* Reenable party list cache, log party name look failure with negative cache TTL ([#1395](https://github.com/digdir/dialogporten/issues/1395)) ([d18bb76](https://github.com/digdir/dialogporten/commit/d18bb76c07bebee46adb447f0b11f614f2851ce4))
+
+## [1.38.0](https://github.com/digdir/dialogporten/compare/v1.37.0...v1.38.0) (2024-11-21)
+
+
+### Features
+
+* **azure:** connect cae to azure monitor ([#1486](https://github.com/digdir/dialogporten/issues/1486)) ([cf18b90](https://github.com/digdir/dialogporten/commit/cf18b90e6a3f950e6f0f7bb539e799058e136312))
+
 ## [1.37.0](https://github.com/digdir/dialogporten/compare/v1.36.0...v1.37.0) (2024-11-20)
 
 

docs/schema/V1/schema.verified.graphql

@@ -66,6 +66,19 @@ type AttachmentUrl {
 }
 
 type AuthorizedParty {
+  subParties: [AuthorizedSubParty!]
+  party: String!
+  name: String!
+  partyType: String!
+  isDeleted: Boolean!
+  hasKeyRole: Boolean!
+  isCurrentEndUser: Boolean!
+  isMainAdministrator: Boolean!
+  isAccessManager: Boolean!
+  hasOnlyAccessToSubParties: Boolean!
+}
+
+type AuthorizedSubParty {
   party: String!
   name: String!
   partyType: String!
@@ -75,7 +88,6 @@ type AuthorizedParty {
   isMainAdministrator: Boolean!
   isAccessManager: Boolean!
   hasOnlyAccessToSubParties: Boolean!
-  subParties: [AuthorizedParty!]
 }
 
 type Content {