From f671b5d3df6ca3e2ef8977c72320b7f6bdbd33bb Mon Sep 17 00:00:00 2001 From: Are Almaas Date: Tue, 5 Mar 2024 15:10:53 +0100 Subject: [PATCH] chore: restructure bicepparams (#517) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A precursor for https://github.com/digdir/dialogporten/issues/275 - Use objects and user defined types: - Exporting types in order to make it cleaner and to add additional validation. Validation was not taken place for the module itself, but only in the main bicep file. Now we have validation all the way from bicepparam to the module in use. - Add biceppconfig with some sane lint rules --------- Co-authored-by: Ole Jørgen Skogstad --- .azure/bicepconfig.json | 32 +++++++ .azure/infrastructure/main.bicep | 89 ++++--------------- .azure/infrastructure/production.bicepparam | 28 ++++-- .azure/infrastructure/soak.bicepparam | 28 ++++-- .azure/infrastructure/staging.bicepparam | 28 ++++-- .azure/infrastructure/test.bicepparam | 28 ++++-- .azure/modules/appConfiguration/create.bicep | 35 ++++---- .../modules/applicationInsights/create.bicep | 11 ++- .../modules/functionApp/slackNotifier.bicep | 17 ++-- .azure/modules/keyvault/create.bicep | 14 +-- .azure/modules/postgreSql/create.bicep | 14 +-- 11 files changed, 180 insertions(+), 144 deletions(-) create mode 100644 .azure/bicepconfig.json diff --git a/.azure/bicepconfig.json b/.azure/bicepconfig.json new file mode 100644 index 000000000..dd1d4865e --- /dev/null +++ b/.azure/bicepconfig.json @@ -0,0 +1,32 @@ +{ + // See https://aka.ms/bicep/config for more information on Bicep configuration options + // Press CTRL+SPACE/CMD+SPACE at any location to see Intellisense suggestions + "analyzers": { + "core": { + "rules": { + "no-unused-params": { + "level": "error" + }, + "no-unused-vars": { + "level": "error" + }, + "no-hardcoded-env-urls": { + "level": "error" + }, + "secure-secrets-in-params": { + "level": "error" + }, + "no-unnecessary-dependson": { + "level": "error" + }, + "outputs-should-not-contain-secrets": { + "level": "error" + } + } + } + }, + "experimentalFeaturesEnabled": { + "compileTimeImports": true, + "userDefinedFunctions": false + } +} \ No newline at end of file diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep index 4ad48b15a..cb1a7a642 100644 --- a/.azure/infrastructure/main.bicep +++ b/.azure/infrastructure/main.bicep @@ -19,67 +19,20 @@ param sourceKeyVaultResourceGroup string @minLength(3) param sourceKeyVaultName string -@allowed( - [ - 'premium' - 'standard' - ] -) -param keyVaultSKUName string - -@allowed([ - 'A' -]) -param keyVaultSKUFamily string - -@allowed([ - 'standard' -]) -param appConfigurationSKUName string - -@allowed([ - 'CapacityReservation' - 'Free' - 'LACluster' - 'PerGB2018' - 'PerNode' - 'Premium' - 'Standalone' - 'Standard' -]) -param appInsightsSKUName string - -@allowed([ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_RAGRS' - 'Standard_ZRS' - 'Premium_LRS' - 'Premium_ZRS' -]) -param slackNotifierStorageAccountSKUName string - -@allowed([ - 'Y1' -]) -param slackNotifierApplicationServicePlanSKUName string - -@allowed([ - 'Dynamic' - -]) -param slackNotifierApplicationServicePlanSKUTier string - -@allowed([ - 'Standard_B1ms' -]) -param postgresServerSKUName string -@allowed([ - 'Burstable' - 'GeneralPurpose' - 'MemoryOptimized' -]) -param postgresServerSKUTier string +import {Sku as KeyVaultSku} from '../modules/keyvault/create.bicep' +param keyVaultSku KeyVaultSku + +import {Sku as AppConfigurationSku} from '../modules/appConfiguration/create.bicep' +param appConfigurationSku AppConfigurationSku + +import {Sku as AppInsightsSku} from '../modules/applicationInsights/create.bicep' +param appInsightsSku AppInsightsSku + +import {Sku as SlackNotifierSku} from '../modules/functionApp/slackNotifier.bicep' +param slackNotifierSku SlackNotifierSku + +import {Sku as PostgresSku} from '../modules/postgreSql/create.bicep' +param postgresSku PostgresSku var secrets = { dialogportenPgAdminPassword: dialogportenPgAdminPassword @@ -102,8 +55,7 @@ module keyVaultModule '../modules/keyvault/create.bicep' = { params: { namePrefix: namePrefix location: location - skuName: keyVaultSKUName - skuFamily: keyVaultSKUFamily + sku: keyVaultSku } } @@ -113,7 +65,7 @@ module appConfiguration '../modules/appConfiguration/create.bicep' = { params: { namePrefix: namePrefix location: location - skuName: appConfigurationSKUName + sku: appConfigurationSku } } @@ -123,7 +75,7 @@ module appInsights '../modules/applicationInsights/create.bicep' = { params: { namePrefix: namePrefix location: location - skuName: appInsightsSKUName + sku: appInsightsSku } } @@ -156,8 +108,7 @@ module postgresql '../modules/postgreSql/create.bicep' = { srcKeyVault: srcKeyVault srcSecretName: 'dialogportenPgAdminPassword${environment}' administratorLoginPassword: contains(keyVaultSourceKeys, 'dialogportenPgAdminPassword${environment}') ? srcKeyVaultResource.getSecret('dialogportenPgAdminPassword${environment}') : secrets.dialogportenPgAdminPassword - skuName: postgresServerSKUName - skuTier: postgresServerSKUTier + sku: postgresSku } } @@ -194,9 +145,7 @@ module slackNotifier '../modules/functionApp/slackNotifier.bicep' = { keyVaultName: keyVaultModule.outputs.name namePrefix: namePrefix applicationInsightsName: appInsights.outputs.appInsightsName - storageAccountSKUName: slackNotifierStorageAccountSKUName - applicationServicePlanSKUName: slackNotifierApplicationServicePlanSKUName - applicationServicePlanSKUTier: slackNotifierApplicationServicePlanSKUTier + sku: slackNotifierSku } } diff --git a/.azure/infrastructure/production.bicepparam b/.azure/infrastructure/production.bicepparam index 66f2a64b2..63a21d428 100644 --- a/.azure/infrastructure/production.bicepparam +++ b/.azure/infrastructure/production.bicepparam @@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME') // SKUs -param keyVaultSKUName = 'standard' -param keyVaultSKUFamily = 'A' -param appConfigurationSKUName = 'standard' -param appInsightsSKUName = 'PerGB2018' -param slackNotifierStorageAccountSKUName = 'Standard_LRS' -param slackNotifierApplicationServicePlanSKUName = 'Y1' -param slackNotifierApplicationServicePlanSKUTier = 'Dynamic' -param postgresServerSKUName = 'Standard_B1ms' -param postgresServerSKUTier = 'Burstable' +param keyVaultSku = { + name: 'standard' + family: 'A' +} +param appConfigurationSku = { + name: 'standard' +} +param appInsightsSku = { + name: 'PerGB2018' +} +param slackNotifierSku = { + storageAccountName: 'Standard_LRS' + applicationServicePlanName: 'Y1' + applicationServicePlanTier: 'Dynamic' +} +param postgresSku = { + name: 'Standard_B1ms' + tier: 'Burstable' +} diff --git a/.azure/infrastructure/soak.bicepparam b/.azure/infrastructure/soak.bicepparam index effbfebd5..609096cf1 100644 --- a/.azure/infrastructure/soak.bicepparam +++ b/.azure/infrastructure/soak.bicepparam @@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME') // SKUs -param keyVaultSKUName = 'standard' -param keyVaultSKUFamily = 'A' -param appConfigurationSKUName = 'standard' -param appInsightsSKUName = 'PerGB2018' -param slackNotifierStorageAccountSKUName = 'Standard_LRS' -param slackNotifierApplicationServicePlanSKUName = 'Y1' -param slackNotifierApplicationServicePlanSKUTier = 'Dynamic' -param postgresServerSKUName = 'Standard_B1ms' -param postgresServerSKUTier = 'Burstable' +param keyVaultSku = { + name: 'standard' + family: 'A' +} +param appConfigurationSku = { + name: 'standard' +} +param appInsightsSku = { + name: 'PerGB2018' +} +param slackNotifierSku = { + storageAccountName: 'Standard_LRS' + applicationServicePlanName: 'Y1' + applicationServicePlanTier: 'Dynamic' +} +param postgresSku = { + name: 'Standard_B1ms' + tier: 'Burstable' +} diff --git a/.azure/infrastructure/staging.bicepparam b/.azure/infrastructure/staging.bicepparam index 301897e84..07b54f198 100644 --- a/.azure/infrastructure/staging.bicepparam +++ b/.azure/infrastructure/staging.bicepparam @@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME') // SKUs -param keyVaultSKUName = 'standard' -param keyVaultSKUFamily = 'A' -param appConfigurationSKUName = 'standard' -param appInsightsSKUName = 'PerGB2018' -param slackNotifierStorageAccountSKUName = 'Standard_LRS' -param slackNotifierApplicationServicePlanSKUName = 'Y1' -param slackNotifierApplicationServicePlanSKUTier = 'Dynamic' -param postgresServerSKUName = 'Standard_B1ms' -param postgresServerSKUTier = 'Burstable' +param keyVaultSku = { + name: 'standard' + family: 'A' +} +param appConfigurationSku = { + name: 'standard' +} +param appInsightsSku = { + name: 'PerGB2018' +} +param slackNotifierSku = { + storageAccountName: 'Standard_LRS' + applicationServicePlanName: 'Y1' + applicationServicePlanTier: 'Dynamic' +} +param postgresSku = { + name: 'Standard_B1ms' + tier: 'Burstable' +} diff --git a/.azure/infrastructure/test.bicepparam b/.azure/infrastructure/test.bicepparam index 618cd5046..19b5e658c 100644 --- a/.azure/infrastructure/test.bicepparam +++ b/.azure/infrastructure/test.bicepparam @@ -11,12 +11,22 @@ param sourceKeyVaultResourceGroup = readEnvironmentVariable('SOURCE_KEY_VAULT_RE param sourceKeyVaultName = readEnvironmentVariable('SOURCE_KEY_VAULT_NAME') // SKUs -param keyVaultSKUName = 'standard' -param keyVaultSKUFamily = 'A' -param appConfigurationSKUName = 'standard' -param appInsightsSKUName = 'PerGB2018' -param slackNotifierStorageAccountSKUName = 'Standard_LRS' -param slackNotifierApplicationServicePlanSKUName = 'Y1' -param slackNotifierApplicationServicePlanSKUTier = 'Dynamic' -param postgresServerSKUName = 'Standard_B1ms' -param postgresServerSKUTier = 'Burstable' +param keyVaultSku = { + name: 'standard' + family: 'A' +} +param appConfigurationSku = { + name: 'standard' +} +param appInsightsSku = { + name: 'PerGB2018' +} +param slackNotifierSku = { + storageAccountName: 'Standard_LRS' + applicationServicePlanName: 'Y1' + applicationServicePlanTier: 'Dynamic' +} +param postgresSku = { + name: 'Standard_B1ms' + tier: 'Burstable' +} diff --git a/.azure/modules/appConfiguration/create.bicep b/.azure/modules/appConfiguration/create.bicep index 3e82fb0ad..459502c3b 100644 --- a/.azure/modules/appConfiguration/create.bicep +++ b/.azure/modules/appConfiguration/create.bicep @@ -1,23 +1,26 @@ param namePrefix string param location string -param skuName string + +@export() +type Sku = { + name: 'standard' +} +param sku Sku resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = { - name: '${namePrefix}-appConfiguration' - location: location - sku: { - name: skuName - } - properties: { - // TODO: Remove - enablePurgeProtection: false - } - resource configStoreKeyValue 'keyValues' = { - name: 'Sentinel' - properties: { - value: '1' - } - } + name: '${namePrefix}-appConfiguration' + location: location + sku: sku + properties: { + // TODO: Remove + enablePurgeProtection: false + } + resource configStoreKeyValue 'keyValues' = { + name: 'Sentinel' + properties: { + value: '1' + } + } } output endpoint string = appConfig.properties.endpoint diff --git a/.azure/modules/applicationInsights/create.bicep b/.azure/modules/applicationInsights/create.bicep index a53081493..8b3350328 100644 --- a/.azure/modules/applicationInsights/create.bicep +++ b/.azure/modules/applicationInsights/create.bicep @@ -1,15 +1,18 @@ param namePrefix string param location string -param skuName string + +@export() +type Sku = { + name: 'PerGB2018' | 'CapacityReservation' | 'Free' | 'LACluster' | 'PerGB2018' | 'PerNode' | 'Premium' | 'Standalone' | 'Standard' +} +param sku Sku resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: '${namePrefix}-insightsWorkspace' location: location properties: { retentionInDays: 30 - sku: { - name: skuName - } + sku: sku workspaceCapping: { dailyQuotaGb: -1 } diff --git a/.azure/modules/functionApp/slackNotifier.bicep b/.azure/modules/functionApp/slackNotifier.bicep index 1ab9b8132..3519a95ee 100644 --- a/.azure/modules/functionApp/slackNotifier.bicep +++ b/.azure/modules/functionApp/slackNotifier.bicep @@ -2,9 +2,14 @@ param location string param applicationInsightsName string param namePrefix string param keyVaultName string -param storageAccountSKUName string -param applicationServicePlanSKUName string -param applicationServicePlanSKUTier string + +@export() +type Sku = { + storageAccountName: 'Standard_LRS' | 'Standard_GRS' | 'Standard_RAGRS' | 'Standard_ZRS' | 'Premium_LRS' | 'Premium_ZRS' + applicationServicePlanName: 'F1' | 'D1' | 'B1' | 'B2' | 'B3' | 'S1' | 'S2' | 'S3' | 'P1' | 'P2' | 'P3' | 'P1V2' | 'P2V2' | 'P3V2' | 'I1' | 'I2' | 'I3' | 'Y1' | 'Y2' | 'Y3' | 'Y1v2' | 'Y2v2' | 'Y3v2' | 'Y1v2Isolated' | 'Y2v2Isolated' | 'Y3v2Isolated' + applicationServicePlanTier: 'Free' | 'Shared' | 'Basic' | 'Dynamic' | 'Standard' | 'Premium' | 'Isolated' +} +param sku Sku // Storage account names only supports lower case and numbers // todo: add name of function as param and turn this into a reusable module @@ -14,7 +19,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: storageAccountName location: location sku: { - name: storageAccountSKUName + name: sku.storageAccountName } kind: 'Storage' properties: { @@ -27,8 +32,8 @@ resource applicationServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = { name: '${namePrefix}-slacknotifier-asp' location: location sku: { - name: applicationServicePlanSKUName - tier: applicationServicePlanSKUTier + name: sku.applicationServicePlanName + tier: sku.applicationServicePlanTier } properties: {} } diff --git a/.azure/modules/keyvault/create.bicep b/.azure/modules/keyvault/create.bicep index 96701d3ca..b69896bd0 100644 --- a/.azure/modules/keyvault/create.bicep +++ b/.azure/modules/keyvault/create.bicep @@ -1,7 +1,12 @@ param namePrefix string param location string -param skuName string -param skuFamily string + +@export() +type Sku = { + name: 'premium' | 'standard' + family: 'A' +} +param sku Sku var keyVaultName = take('${namePrefix}-kv-${uniqueString(resourceGroup().id)}', 24) @@ -12,10 +17,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = { // TODO: Remove, https://github.com/digdir/dialogporten/issues/229 enablePurgeProtection: null // Null is the same as false and false is invalid for some reason enabledForTemplateDeployment: false - sku: { - name: skuName - family: skuFamily - } + sku: sku tenantId: subscription().tenantId accessPolicies: [] } diff --git a/.azure/modules/postgreSql/create.bicep b/.azure/modules/postgreSql/create.bicep index d7481f22c..37e2301e3 100644 --- a/.azure/modules/postgreSql/create.bicep +++ b/.azure/modules/postgreSql/create.bicep @@ -2,8 +2,13 @@ param namePrefix string param location string param keyVaultName string param srcSecretName string -param skuName string -param skuTier string + +@export() +type Sku = { + name: 'Standard_B1ms' + tier: 'Burstable' | 'GeneralPurpose' | 'MemoryOptimized' +} +param sku Sku @secure() param srcKeyVault object @@ -50,10 +55,7 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = { } replicationRole: 'Primary' } - sku: { - name: skuName - tier: skuTier - } + sku: sku resource database 'databases' = { name: databaseName properties: {