Merge branch 'main' into performance/create-transmissions

Altinn · Jan 8, 2025 · 96adc8d · 96adc8d
2 parents aa658af + 6603948
commit 96adc8d
Show file tree

Hide file tree

Showing 120 changed files with 4,321 additions and 967 deletions.
diff --git a/.azure/applications/graphql/main.bicep b/.azure/applications/graphql/main.bicep
@@ -61,6 +61,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-graphql-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'ASPNETCORE_ENVIRONMENT'
@@ -74,6 +80,10 @@ var containerAppEnvVars = [
     name: 'AZURE_APPCONFIG_URI'
     value: appConfiguration.properties.endpoint
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 var port = 8080
@@ -157,22 +167,23 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     probes: probes
     port: port
     scale: scale
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {
     keyvaultName: environmentKeyVaultResource.name
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 
 module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
   name: 'appConfigReaderAccessPolicy-${containerAppName}'
   params: {
     appConfigurationName: appConfigurationName
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 

diff --git a/.azure/applications/sync-resource-policy-information-job/main.bicep b/.azure/applications/sync-resource-policy-information-job/main.bicep
@@ -46,6 +46,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-sync-rp-info-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'Infrastructure__DialogDbConnectionString'
@@ -63,6 +69,10 @@ var containerAppEnvVars = [
     name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
     value: appInsightConnectionString
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 // Base URL for accessing secrets in the Key Vault
@@ -94,6 +104,7 @@ module migrationJob '../../modules/containerAppJob/main.bicep' = {
     tags: tags
     cronExpression: jobSchedule
     args: 'sync-resource-policy-information'
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 

diff --git a/.azure/applications/sync-subject-resource-mappings-job/main.bicep b/.azure/applications/sync-subject-resource-mappings-job/main.bicep
@@ -46,6 +46,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-sync-sr-mappings-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'Infrastructure__DialogDbConnectionString'
@@ -63,6 +69,10 @@ var containerAppEnvVars = [
     name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
     value: appInsightConnectionString
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 // Base URL for accessing secrets in the Key Vault
@@ -94,16 +104,17 @@ module migrationJob '../../modules/containerAppJob/main.bicep' = {
     tags: tags
     cronExpression: jobSchedule
     args: 'sync-subject-resource-mappings'
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${name}'
   params: {
     keyvaultName: environmentKeyVaultName
-    principalIds: [migrationJob.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 
-output identityPrincipalId string = migrationJob.outputs.identityPrincipalId
+output identityPrincipalId string = managedIdentity.properties.principalId
 output name string = migrationJob.outputs.name
diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep
@@ -60,6 +60,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-webapi-eu-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'ASPNETCORE_ENVIRONMENT'
@@ -77,6 +83,10 @@ var containerAppEnvVars = [
     name: 'ASPNETCORE_URLS'
     value: 'http://+:8080'
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 @description('The scaling configuration for the container app')
@@ -159,22 +169,23 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     probes: probes
     revisionSuffix: revisionSuffix
     scale: scale
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {
     keyvaultName: environmentKeyVaultResource.name
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 
 module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
   name: 'appConfigReaderAccessPolicy-${containerAppName}'
   params: {
     appConfigurationName: appConfigurationName
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 

diff --git a/.azure/applications/web-api-migration-job/main.bicep b/.azure/applications/web-api-migration-job/main.bicep
@@ -34,11 +34,21 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-migration-job-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'Infrastructure__DialogDbConnectionString'
     secretRef: 'dbconnectionstring'
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 // https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-deployment#example-1
@@ -62,16 +72,17 @@ module migrationJob '../../modules/containerAppJob/main.bicep' = {
     environmentVariables: containerAppEnvVars
     secrets: secrets
     tags: tags
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${name}'
   params: {
     keyvaultName: environmentKeyVaultName
-    principalIds: [migrationJob.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 
-output identityPrincipalId string = migrationJob.outputs.identityPrincipalId
+output identityPrincipalId string = managedIdentity.properties.principalId
 output name string = migrationJob.outputs.name
diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep
@@ -88,6 +88,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-webapi-so-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'ASPNETCORE_ENVIRONMENT'
@@ -105,6 +111,10 @@ var containerAppEnvVars = [
     name: 'ASPNETCORE_URLS'
     value: 'http://+:8080'
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
@@ -160,22 +170,23 @@ module containerApp '../../modules/containerApp/main.bicep' = {
     port: port
     revisionSuffix: revisionSuffix
     scale: scale
+    userAssignedIdentityId: managedIdentity.id
   }
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {
     keyvaultName: environmentKeyVaultResource.name
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 
 module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
   name: 'appConfigReaderAccessPolicy-${containerAppName}'
   params: {
     appConfigurationName: appConfigurationName
-    principalIds: [containerApp.outputs.identityPrincipalId]
+    principalIds: [managedIdentity.properties.principalId]
   }
 }
 

diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
@@ -51,9 +51,6 @@ param appConfigurationSku AppConfigurationSku
 import { Sku as AppInsightsSku } from '../modules/applicationInsights/create.bicep'
 param appInsightsSku AppInsightsSku
 
-import { Sku as SlackNotifierSku } from '../modules/functionApp/slackNotifier.bicep'
-param slackNotifierSku SlackNotifierSku
-
 import { Sku as PostgresSku } from '../modules/postgreSql/create.bicep'
 import { StorageConfiguration as PostgresStorageConfig } from '../modules/postgreSql/create.bicep'
 
@@ -127,16 +124,6 @@ module appInsights '../modules/applicationInsights/create.bicep' = {
   }
 }
 
-module monitorWorkspace '../modules/monitor-workspace/main.bicep' = {
-  scope: resourceGroup
-  name: 'monitorWorkspace'
-  params: {
-    namePrefix: namePrefix
-    location: location
-    tags: tags
-  }
-}
-
 module apimAvailabilityTest '../modules/applicationInsights/availabilityTest.bicep' = {
   scope: resourceGroup
   name: 'apimAvailabilityTest'
@@ -272,19 +259,6 @@ module copyEnvironmentSecrets '../modules/keyvault/copySecrets.bicep' = {
   }
 }
 
-module slackNotifier '../modules/functionApp/slackNotifier.bicep' = {
-  name: 'slackNotifier'
-  scope: resourceGroup
-  params: {
-    location: location
-    keyVaultName: environmentKeyVault.outputs.name
-    namePrefix: namePrefix
-    applicationInsightsName: appInsights.outputs.appInsightsName
-    sku: slackNotifierSku
-    tags: tags
-  }
-}
-
 module containerAppIdentity '../modules/managedIdentity/main.bicep' = {
   scope: resourceGroup
   name: 'containerAppIdentity'
@@ -303,31 +277,12 @@ module containerAppEnv '../modules/containerAppEnv/main.bicep' = {
     location: location
     appInsightWorkspaceName: appInsights.outputs.appInsightsWorkspaceName
     appInsightsConnectionString: appInsights.outputs.connectionString
-    monitorMetricsIngestionEndpoint: monitorWorkspace.outputs.containerAppEnvironmentMetricsIngestionEndpoint
     userAssignedIdentityId: containerAppIdentity.outputs.managedIdentityId
     subnetId: vnet.outputs.containerAppEnvironmentSubnetId
     tags: tags
   }
 }
 
-module monitorMetricsPublisherRoles '../modules/monitor-workspace/addMetricsPublisherRoles.bicep' = {
-  scope: resourceGroup
-  name: 'monitorMetricsPublisherRoles'
-  params: {
-    monitorWorkspaceName: monitorWorkspace.outputs.monitorWorkspaceName
-    principalIds: [containerAppIdentity.outputs.managedIdentityPrincipalId]
-  }
-}
-
-module appInsightsReaderAccessPolicy '../modules/applicationInsights/addReaderRoles.bicep' = {
-  scope: resourceGroup
-  name: 'appInsightsReaderAccessPolicy'
-  params: {
-    appInsightsName: appInsights.outputs.appInsightsName
-    principalIds: [slackNotifier.outputs.functionAppPrincipalId]
-  }
-}
-
 module postgresConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValue.bicep' = {
   scope: resourceGroup
   name: 'AppConfig_Add_DialogDbConnectionString'
@@ -352,15 +307,6 @@ module redisConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValu
   }
 }
 
-module keyVaultReaderAccessPolicy '../modules/keyvault/addReaderRoles.bicep' = {
-  scope: resourceGroup
-  name: 'keyVaultReaderAccessPolicyFunctions'
-  params: {
-    keyvaultName: environmentKeyVault.outputs.name
-    principalIds: [slackNotifier.outputs.functionAppPrincipalId]
-  }
-}
-
 output resourceGroupName string = resourceGroup.name
 output containerAppEnvId string = containerAppEnv.outputs.containerAppEnvId
 output environmentKeyVaultName string = environmentKeyVault.outputs.name
diff --git a/.azure/infrastructure/prod.bicepparam b/.azure/infrastructure/prod.bicepparam
@@ -24,11 +24,6 @@ param appConfigurationSku = {
 param appInsightsSku = {
   name: 'PerGB2018'
 }
-param slackNotifierSku = {
-  storageAccountName: 'Standard_LRS'
-  applicationServicePlanName: 'Y1'
-  applicationServicePlanTier: 'Dynamic'
-}
 param postgresConfiguration = {
   sku: {
     name: 'Standard_D8ads_v5'

diff --git a/.azure/infrastructure/staging.bicepparam b/.azure/infrastructure/staging.bicepparam
@@ -24,11 +24,6 @@ param appConfigurationSku = {
 param appInsightsSku = {
   name: 'PerGB2018'
 }
-param slackNotifierSku = {
-  storageAccountName: 'Standard_LRS'
-  applicationServicePlanName: 'Y1'
-  applicationServicePlanTier: 'Dynamic'
-}
 param postgresConfiguration = {
   sku: {
     name: 'Standard_D4ads_v5'

diff --git a/.azure/infrastructure/test.bicepparam b/.azure/infrastructure/test.bicepparam
@@ -24,11 +24,6 @@ param appConfigurationSku = {
 param appInsightsSku = {
   name: 'PerGB2018'
 }
-param slackNotifierSku = {
-  storageAccountName: 'Standard_LRS'
-  applicationServicePlanName: 'Y1'
-  applicationServicePlanTier: 'Dynamic'
-}
 param postgresConfiguration = {
   sku: {
     name: 'Standard_B2s'