Merge branch 'main' into feat/copy-from-keyvault-to-appconfig

Altinn · Apr 9, 2024 · 4906d89 · 4906d89
2 parents e8e7a5a + 2f11a16
commit 4906d89
Show file tree

Hide file tree

Showing 106 changed files with 2,061 additions and 500 deletions.
diff --git a/.azure/applications/web-api-migration-job/main.bicep b/.azure/applications/web-api-migration-job/main.bicep
@@ -12,7 +12,7 @@ param location string
 param containerAppEnvironmentName string
 @minLength(3)
 @secure()
-param adoConnectionStringSecretUri string
+param environmentKeyVaultName string
 
 var namePrefix = 'dp-be-${environment}'
 var baseImageUrl = 'ghcr.io/digdir/dialogporten-'
@@ -23,14 +23,41 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2023-05-01'
   name: containerAppEnvironmentName
 }
 
+var containerAppEnvVars = [
+  {
+    name: 'Infrastructure__DialogDbConnectionString'
+    secretRef: 'dbconnectionstring'
+  }
+]
+
+// https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-deployment#example-1
+var keyVaultUrl = 'https://${environmentKeyVaultName}${az.environment().suffixes.keyvaultDns}/secrets/dialogportenAdoConnectionString'
+
+var secrets = [
+  {
+    name: 'dbconnectionstring'
+    keyVaultUrl: keyVaultUrl
+    identity: 'System'
+  }
+]
+
 module migrationJob '../../modules/containerAppJob/main.bicep' = {
   name: name
   params: {
     name: name
     location: location
     image: '${baseImageUrl}migration-bundle:${imageTag}'
     containerAppEnvId: containerAppEnvironment.id
-    adoConnectionStringSecretUri: adoConnectionStringSecretUri
+    environmentVariables: containerAppEnvVars
+    secrets: secrets
+  }
+}
+
+module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
+  name: 'keyVaultReaderAccessPolicy-${name}'
+  params: {
+    keyvaultName: environmentKeyVaultName
+    principalIds: [migrationJob.outputs.identityPrincipalId]
   }
 }
 

diff --git a/.azure/applications/web-api-migration-job/staging.bicepparam b/.azure/applications/web-api-migration-job/staging.bicepparam
@@ -6,4 +6,4 @@ param imageTag = readEnvironmentVariable('IMAGE_TAG')
 
 //secrets
 param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
-param adoConnectionStringSecretUri = readEnvironmentVariable('ADO_CONNECTION_STRING_SECRET_URI')
+param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/applications/web-api-migration-job/test.bicepparam b/.azure/applications/web-api-migration-job/test.bicepparam
@@ -6,4 +6,4 @@ param imageTag = readEnvironmentVariable('IMAGE_TAG')
 
 //secrets
 param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
-param adoConnectionStringSecretUri = readEnvironmentVariable('ADO_CONNECTION_STRING_SECRET_URI')
+param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME')
diff --git a/.azure/modules/containerAppJob/main.bicep b/.azure/modules/containerAppJob/main.bicep
@@ -1,9 +1,9 @@
 param location string
 param name string
 param image string
-param adoConnectionStringSecretUri string
-
 param containerAppEnvId string
+param environmentVariables { name: string, value: string?, secretRef: string? }[] = []
+param secrets { name: string, keyVaultUrl: string, identity: 'System' }[] = []
 
 resource job 'Microsoft.App/jobs@2023-05-01' = {
   name: name
@@ -13,14 +13,7 @@ resource job 'Microsoft.App/jobs@2023-05-01' = {
   }
   properties: {
     configuration: {
-      secrets: [
-        {
-          // todo: move this and refactor into adding this somewhere else
-          name: 'dbconnectionstring'
-          keyVaultUrl: adoConnectionStringSecretUri
-          identity: 'System'
-        }
-      ]
+      secrets: secrets
       manualTriggerConfig: {
         parallelism: 1
         replicaCompletionCount: 1
@@ -33,12 +26,7 @@ resource job 'Microsoft.App/jobs@2023-05-01' = {
     template: {
       containers: [
         {
-          env: [
-            {
-              name: 'Infrastructure__DialogDbConnectionString'
-              secretRef: 'dbconnectionstring'
-            }
-          ]
+          env: environmentVariables
           image: image
           name: name
         }

diff --git a/.env b/.env
@@ -4,8 +4,4 @@ POSTGRES_PASSWORD=supersecret
 POSTGRES_DB=Dialogporten
 DB_CONNECTION_STRING=Server=dialogporten-postgres;Port=5432;Database=${POSTGRES_DB};User ID=${POSTGRES_USER};Password=${POSTGRES_PASSWORD};
 
-RABBITMQ_USER=guest
-RABBITMQ_PASSWORD=guest
-RABBITMQ_HOST=dialogporten-rabbitmq
-
 COMPOSE_PROJECT_NAME=digdir
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,19 @@
+<!--- Provide a general summary of your changes in the Title above -->
+
+## Description
+
+<!--- Describe your changes in detail -->
+
+## Related Issue(s)
+
+- #{issue number}
+
+## Verification
+
+- [ ] **Your** code builds clean without any errors or warnings
+- [ ] Manual testing done (required)
+- [ ] Relevant automated test added (if you find this hard, leave it and we'll help out)
+
+## Documentation
+
+- [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)
diff --git a/.github/workflows/action-deploy-apps.yml b/.github/workflows/action-deploy-apps.yml
@@ -20,8 +20,6 @@ on:
         required: true
       AZURE_APP_CONFIGURATION_NAME:
         required: true
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI:
-        required: true
 
     inputs:
       region:
@@ -73,8 +71,8 @@ jobs:
   #         # parameters
   #         IMAGE_TAG: ${{ inputs.gitShortSha }}
   #         # secrets
-  #         ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
   #         CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
+  #         ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
   #       with:
   #         scope: resourcegroup
   #         template: ./.azure/applications/web-api-migration-job/main.bicep

diff --git a/.github/workflows/action-publish.yml b/.github/workflows/action-publish.yml
@@ -33,8 +33,6 @@ jobs:
             imageName: cdc
           - dockerfile: ./src/Digdir.Domain.Dialogporten.Infrastructure/MigrationBundle.dockerfile
             imageName: migration-bundle
-          - dockerfile: ./RabbitMq/Dockerfile
-            imageName: rabbitmq
 
     permissions:
       contents: read

diff --git a/.github/workflows/ci-cd-main.yml b/.github/workflows/ci-cd-main.yml
@@ -98,7 +98,6 @@ jobs:
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       # todo: consider resolving these in another way since they are created in the infra-step
       AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
       AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
       AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
       AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}

diff --git a/.github/workflows/ci-cd-pull-request-release-please.yml b/.github/workflows/ci-cd-pull-request-release-please.yml
@@ -53,7 +53,6 @@ jobs:
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       # todo: consider resolving these in another way since they are created in the infra-step
       AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
       AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
       AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
       AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}

diff --git a/.github/workflows/ci-cd-staging.yml b/.github/workflows/ci-cd-staging.yml
@@ -59,7 +59,6 @@ jobs:
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       # todo: consider resolving these in another way since they are created in the infra-step
       AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
-      AZURE_ADO_CONNECTION_STRING_SECRET_URI: ${{ secrets.AZURE_ADO_CONNECTION_STRING_SECRET_URI }}
       AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
       AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
       AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}

diff --git a/RabbitMq/Dockerfile b/RabbitMq/Dockerfile
diff --git a/RabbitMq/enabled_plugins b/RabbitMq/enabled_plugins
diff --git a/docker-compose-no-webapi.yml b/docker-compose-no-webapi.yml
@@ -16,20 +16,6 @@ services:
       interval: 2s
       timeout: 20s
       retries: 5
-
-  dialogporten-rabbitmq:
-    build:
-      context: .
-      dockerfile: RabbitMq/Dockerfile
-    restart: always
-    ports:
-      - "5672:5672"
-      - "15672:15672"
-    healthcheck:
-      test: [ "CMD-SHELL", "rabbitmq-diagnostics check_running" ]
-      interval: 5s
-      timeout: 20s
-      retries: 5
 
   dialogporten-redis:
     image: redis:6.0-alpine
@@ -50,14 +36,9 @@ services:
     depends_on:
       dialogporten-postgres:
         condition: service_healthy
-      dialogporten-rabbitmq:
-        condition: service_healthy
     environment:
       - Infrastructure:DialogDbConnectionString=${DB_CONNECTION_STRING}
       - ASPNETCORE_ENVIRONMENT=Development
-      - RabbitMq:Host=${RABBITMQ_HOST}
-      - RabbitMq:Username=${RABBITMQ_USERNAME}
-      - RabbitMq:Password=${RABBITMQ_PASSWORD}
 
   dialogporten-cdc:
     build:
@@ -67,14 +48,9 @@ services:
     depends_on:
       dialogporten-postgres:
         condition: service_healthy
-      dialogporten-rabbitmq:
-        condition: service_healthy
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
       - Infrastructure:DialogDbConnectionString=${DB_CONNECTION_STRING}
       - ReplicationSlotName=outboxmessage_replication_slot
       - PublicationName=outboxmessage_publication
       - TableName=OutboxMessage
-      - RabbitMq:Host=${RABBITMQ_HOST}
-      - RabbitMq:Username=${RABBITMQ_USERNAME}
-      - RabbitMq:Password=${RABBITMQ_PASSWORD}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -25,6 +25,7 @@ services:
     environment:
       - Infrastructure:Redis:ConnectionString=dialogporten-redis:6379
       - Infrastructure:DialogDbConnectionString=${DB_CONNECTION_STRING}
+      - Application:Dialogporten:BaseUri=http://localhost:7214
       - Serilog__WriteTo__0__Name=Console
       - Serilog__MinimumLevel__Default=Debug
       - ASPNETCORE_URLS=http://+:8080