chore: restructure bicepparams (#517)

A precursor for #275

- Use objects and user defined types:
<https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/user-defined-data-types>
- Exporting types in order to make it cleaner and to add additional
validation. Validation was not taken place for the module itself, but
only in the main bicep file. Now we have validation all the way from
bicepparam to the module in use.
<https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-import#import-user-defined-data-types-preview>
- Add biceppconfig with some sane lint rules

---------

Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>

.azure/bicepconfig.json

@@ -0,0 +1,32 @@
+{
+  // See https://aka.ms/bicep/config for more information on Bicep configuration options
+  // Press CTRL+SPACE/CMD+SPACE at any location to see Intellisense suggestions
+  "analyzers": {
+    "core": {
+      "rules": {
+        "no-unused-params": {
+          "level": "error"
+        },
+        "no-unused-vars": {
+          "level": "error"
+        },
+        "no-hardcoded-env-urls": {
+          "level": "error"
+        },
+        "secure-secrets-in-params": {
+          "level": "error"
+        },
+        "no-unnecessary-dependson": {
+          "level": "error"
+        },
+        "outputs-should-not-contain-secrets": {
+          "level": "error"
+        }
+      }
+    }
+  },
+  "experimentalFeaturesEnabled": {
+    "compileTimeImports": true,
+    "userDefinedFunctions": false
+  }
+}

.azure/infrastructure/main.bicep

@@ -19,67 +19,20 @@ param sourceKeyVaultResourceGroup string
 @minLength(3)
 param sourceKeyVaultName string
 
-@allowed(
-  [
-    'premium'
-    'standard'
-  ]
-)
-param keyVaultSKUName string
-
-@allowed([
-  'A'
-])
-param keyVaultSKUFamily string
-
-@allowed([
-  'standard'
-])
-param appConfigurationSKUName string
-
-@allowed([
-  'CapacityReservation'
-  'Free'
-  'LACluster'
-  'PerGB2018'
-  'PerNode'
-  'Premium'
-  'Standalone'
-  'Standard'
-])
-param appInsightsSKUName string
-
-@allowed([
-  'Standard_LRS'
-  'Standard_GRS'
-  'Standard_RAGRS'
-  'Standard_ZRS'
-  'Premium_LRS'
-  'Premium_ZRS'
-])
-param slackNotifierStorageAccountSKUName string
-
-@allowed([
-  'Y1'
-])
-param slackNotifierApplicationServicePlanSKUName string
-
-@allowed([
-  'Dynamic'
-
-])
-param slackNotifierApplicationServicePlanSKUTier string
-
-@allowed([
-  'Standard_B1ms'
-])
-param postgresServerSKUName string
-@allowed([
-  'Burstable'
-  'GeneralPurpose'
-  'MemoryOptimized'
-])
-param postgresServerSKUTier string
+import {Sku as KeyVaultSku} from '../modules/keyvault/create.bicep'
+param keyVaultSku KeyVaultSku
+
+import {Sku as AppConfigurationSku} from '../modules/appConfiguration/create.bicep'
+param appConfigurationSku AppConfigurationSku
+
+import {Sku as AppInsightsSku} from '../modules/applicationInsights/create.bicep'
+param appInsightsSku AppInsightsSku
+
+import {Sku as SlackNotifierSku} from '../modules/functionApp/slackNotifier.bicep'
+param slackNotifierSku SlackNotifierSku
+
+import {Sku as PostgresSku} from '../modules/postgreSql/create.bicep'
+param postgresSku PostgresSku
 
 var secrets = {
   dialogportenPgAdminPassword: dialogportenPgAdminPassword
@@ -102,8 +55,7 @@ module keyVaultModule '../modules/keyvault/create.bicep' = {
   params: {
     namePrefix: namePrefix
     location: location
-    skuName: keyVaultSKUName
-    skuFamily: keyVaultSKUFamily
+    sku: keyVaultSku
   }
 }
 
@@ -113,7 +65,7 @@ module appConfiguration '../modules/appConfiguration/create.bicep' = {
   params: {
     namePrefix: namePrefix
     location: location
-    skuName: appConfigurationSKUName
+    sku: appConfigurationSku
   }
 }
 
@@ -123,7 +75,7 @@ module appInsights '../modules/applicationInsights/create.bicep' = {
   params: {
     namePrefix: namePrefix
     location: location
-    skuName: appInsightsSKUName
+    sku: appInsightsSku
   }
 }
 
@@ -156,8 +108,7 @@ module postgresql '../modules/postgreSql/create.bicep' = {
     srcKeyVault: srcKeyVault
     srcSecretName: 'dialogportenPgAdminPassword${environment}'
     administratorLoginPassword: contains(keyVaultSourceKeys, 'dialogportenPgAdminPassword${environment}') ? srcKeyVaultResource.getSecret('dialogportenPgAdminPassword${environment}') : secrets.dialogportenPgAdminPassword
-    skuName: postgresServerSKUName
-    skuTier: postgresServerSKUTier
+    sku: postgresSku
   }
 }
 
@@ -194,9 +145,7 @@ module slackNotifier '../modules/functionApp/slackNotifier.bicep' = {
     keyVaultName: keyVaultModule.outputs.name
     namePrefix: namePrefix
     applicationInsightsName: appInsights.outputs.appInsightsName
-    storageAccountSKUName: slackNotifierStorageAccountSKUName
-    applicationServicePlanSKUName: slackNotifierApplicationServicePlanSKUName
-    applicationServicePlanSKUTier: slackNotifierApplicationServicePlanSKUTier
+    sku: slackNotifierSku
   }
 }
 

.azure/infrastructure/production.bicepparam

@@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
 
 // SKUs
-param keyVaultSKUName = 'standard'
-param keyVaultSKUFamily = 'A'
-param appConfigurationSKUName = 'standard'
-param appInsightsSKUName = 'PerGB2018'
-param slackNotifierStorageAccountSKUName = 'Standard_LRS'
-param slackNotifierApplicationServicePlanSKUName = 'Y1'
-param slackNotifierApplicationServicePlanSKUTier = 'Dynamic'
-param postgresServerSKUName = 'Standard_B1ms'
-param postgresServerSKUTier = 'Burstable'
+param keyVaultSku = {
+  name: 'standard'
+  family: 'A'
+}
+param appConfigurationSku = {
+  name: 'standard'
+}
+param appInsightsSku = {
+  name: 'PerGB2018'
+}
+param slackNotifierSku = {
+  storageAccountName: 'Standard_LRS'
+  applicationServicePlanName: 'Y1'
+  applicationServicePlanTier: 'Dynamic'
+}
+param postgresSku = {
+  name: 'Standard_B1ms'
+  tier: 'Burstable'
+}

.azure/infrastructure/soak.bicepparam

@@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
 
 // SKUs
-param keyVaultSKUName = 'standard'
-param keyVaultSKUFamily = 'A'
-param appConfigurationSKUName = 'standard'
-param appInsightsSKUName = 'PerGB2018'
-param slackNotifierStorageAccountSKUName = 'Standard_LRS'
-param slackNotifierApplicationServicePlanSKUName = 'Y1'
-param slackNotifierApplicationServicePlanSKUTier = 'Dynamic'
-param postgresServerSKUName = 'Standard_B1ms'
-param postgresServerSKUTier = 'Burstable'
+param keyVaultSku = {
+  name: 'standard'
+  family: 'A'
+}
+param appConfigurationSku = {
+  name: 'standard'
+}
+param appInsightsSku = {
+  name: 'PerGB2018'
+}
+param slackNotifierSku = {
+  storageAccountName: 'Standard_LRS'
+  applicationServicePlanName: 'Y1'
+  applicationServicePlanTier: 'Dynamic'
+}
+param postgresSku = {
+  name: 'Standard_B1ms'
+  tier: 'Burstable'
+}

.azure/infrastructure/staging.bicepparam

@@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
 
 // SKUs
-param keyVaultSKUName = 'standard'
-param keyVaultSKUFamily = 'A'
-param appConfigurationSKUName = 'standard'
-param appInsightsSKUName = 'PerGB2018'
-param slackNotifierStorageAccountSKUName = 'Standard_LRS'
-param slackNotifierApplicationServicePlanSKUName = 'Y1'
-param slackNotifierApplicationServicePlanSKUTier = 'Dynamic'
-param postgresServerSKUName = 'Standard_B1ms'
-param postgresServerSKUTier = 'Burstable'
+param keyVaultSku = {
+  name: 'standard'
+  family: 'A'
+}
+param appConfigurationSku = {
+  name: 'standard'
+}
+param appInsightsSku = {
+  name: 'PerGB2018'
+}
+param slackNotifierSku = {
+  storageAccountName: 'Standard_LRS'
+  applicationServicePlanName: 'Y1'
+  applicationServicePlanTier: 'Dynamic'
+}
+param postgresSku = {
+  name: 'Standard_B1ms'
+  tier: 'Burstable'
+}

.azure/infrastructure/test.bicepparam

@@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE
 param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME')
 
 // SKUs
-param keyVaultSKUName = 'standard'
-param keyVaultSKUFamily = 'A'
-param appConfigurationSKUName = 'standard'
-param appInsightsSKUName = 'PerGB2018'
-param slackNotifierStorageAccountSKUName = 'Standard_LRS'
-param slackNotifierApplicationServicePlanSKUName = 'Y1'
-param slackNotifierApplicationServicePlanSKUTier = 'Dynamic'
-param postgresServerSKUName = 'Standard_B1ms'
-param postgresServerSKUTier = 'Burstable'
+param keyVaultSku = {
+  name: 'standard'
+  family: 'A'
+}
+param appConfigurationSku = {
+  name: 'standard'
+}
+param appInsightsSku = {
+  name: 'PerGB2018'
+}
+param slackNotifierSku = {
+  storageAccountName: 'Standard_LRS'
+  applicationServicePlanName: 'Y1'
+  applicationServicePlanTier: 'Dynamic'
+}
+param postgresSku = {
+  name: 'Standard_B1ms'
+  tier: 'Burstable'
+}

.azure/modules/appConfiguration/create.bicep

@@ -1,23 +1,26 @@
 param namePrefix string
 param location string
-param skuName string
+
+@export()
+type Sku = {
+  name: 'standard'
+}
+param sku Sku
 
 resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
-	name: '${namePrefix}-appConfiguration'
-	location: location
-	sku: {
-		name: skuName
-	}
-	properties: {
-		// TODO: Remove
-		enablePurgeProtection: false
-	}
-	resource configStoreKeyValue 'keyValues' = {
-		name: 'Sentinel'
-		properties: {
-			value: '1'
-		}
-	}
+  name: '${namePrefix}-appConfiguration'
+  location: location
+  sku: sku
+  properties: {
+    // TODO: Remove
+    enablePurgeProtection: false
+  }
+  resource configStoreKeyValue 'keyValues' = {
+    name: 'Sentinel'
+    properties: {
+      value: '1'
+    }
+  }
 }
 
 output endpoint string = appConfig.properties.endpoint

.azure/modules/applicationInsights/create.bicep

@@ -1,15 +1,18 @@
 param namePrefix string
 param location string
-param skuName string
+
+@export()
+type Sku = {
+    name: 'PerGB2018' | 'CapacityReservation' | 'Free' | 'LACluster' | 'PerGB2018' | 'PerNode' | 'Premium' | 'Standalone' | 'Standard'
+}
+param sku Sku
 
 resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
     name: '${namePrefix}-insightsWorkspace'
     location: location
     properties: {
         retentionInDays: 30
-        sku: {
-            name: skuName
-        }
+        sku: sku
         workspaceCapping: {
             dailyQuotaGb: -1
         }

.azure/modules/functionApp/slackNotifier.bicep

@@ -2,9 +2,14 @@ param location string
 param applicationInsightsName string
 param namePrefix string
 param keyVaultName string
-param storageAccountSKUName string
-param applicationServicePlanSKUName string
-param applicationServicePlanSKUTier string
+
+@export()
+type Sku = {
+    storageAccountName: 'Standard_LRS' | 'Standard_GRS' | 'Standard_RAGRS' | 'Standard_ZRS' | 'Premium_LRS' | 'Premium_ZRS'
+    applicationServicePlanName: 'F1' | 'D1' | 'B1' | 'B2' | 'B3' | 'S1' | 'S2' | 'S3' | 'P1' | 'P2' | 'P3' | 'P1V2' | 'P2V2' | 'P3V2' | 'I1' | 'I2' | 'I3' | 'Y1' | 'Y2' | 'Y3' | 'Y1v2' | 'Y2v2' | 'Y3v2' | 'Y1v2Isolated' | 'Y2v2Isolated' | 'Y3v2Isolated'
+    applicationServicePlanTier: 'Free' | 'Shared' | 'Basic' | 'Dynamic' | 'Standard' | 'Premium' | 'Isolated'
+}
+param sku Sku
 
 // Storage account names only supports lower case and numbers
 // todo: add name of function as param and turn this into a reusable module
@@ -14,7 +19,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
     name: storageAccountName
     location: location
     sku: {
-        name: storageAccountSKUName
+        name: sku.storageAccountName
     }
     kind: 'Storage'
     properties: {
@@ -27,8 +32,8 @@ resource applicationServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
     name: '${namePrefix}-slacknotifier-asp'
     location: location
     sku: {
-        name: applicationServicePlanSKUName
-        tier: applicationServicePlanSKUTier
+        name: sku.applicationServicePlanName
+        tier: sku.applicationServicePlanTier
     }
     properties: {}
 }