forked from Azure/deployment-environments
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6f7cf58
commit 53b7688
Showing
286 changed files
with
48,437 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
{ | ||
"analysisServicesServers": "as", | ||
"apiManagementService": "apim-", | ||
"appConfigurationConfigurationStores": "appcs-", | ||
"appManagedEnvironments": "cae-", | ||
"appContainerApps": "ca-", | ||
"authorizationPolicyDefinitions": "policy-", | ||
"automationAutomationAccounts": "aa-", | ||
"blueprintBlueprints": "bp-", | ||
"blueprintBlueprintsArtifacts": "bpa-", | ||
"cacheRedis": "redis-", | ||
"cdnProfiles": "cdnp-", | ||
"cdnProfilesEndpoints": "cdne-", | ||
"cognitiveServicesAccounts": "cog-", | ||
"cognitiveServicesFormRecognizer": "cog-fr-", | ||
"cognitiveServicesTextAnalytics": "cog-ta-", | ||
"computeAvailabilitySets": "avail-", | ||
"computeCloudServices": "cld-", | ||
"computeDiskEncryptionSets": "des", | ||
"computeDisks": "disk", | ||
"computeDisksOs": "osdisk", | ||
"computeGalleries": "gal", | ||
"computeSnapshots": "snap-", | ||
"computeVirtualMachines": "vm", | ||
"computeVirtualMachineScaleSets": "vmss-", | ||
"containerInstanceContainerGroups": "ci", | ||
"containerRegistryRegistries": "cr", | ||
"containerServiceManagedClusters": "aks-", | ||
"databricksWorkspaces": "dbw-", | ||
"dataFactoryFactories": "adf-", | ||
"dataLakeAnalyticsAccounts": "dla", | ||
"dataLakeStoreAccounts": "dls", | ||
"dataMigrationServices": "dms-", | ||
"dBforMySQLServers": "mysql-", | ||
"dBforPostgreSQLServers": "psql-", | ||
"devicesIotHubs": "iot-", | ||
"devicesProvisioningServices": "provs-", | ||
"devicesProvisioningServicesCertificates": "pcert-", | ||
"documentDBDatabaseAccounts": "cosmos-", | ||
"eventGridDomains": "evgd-", | ||
"eventGridDomainsTopics": "evgt-", | ||
"eventGridEventSubscriptions": "evgs-", | ||
"eventHubNamespaces": "evhns-", | ||
"eventHubNamespacesEventHubs": "evh-", | ||
"hdInsightClustersHadoop": "hadoop-", | ||
"hdInsightClustersHbase": "hbase-", | ||
"hdInsightClustersKafka": "kafka-", | ||
"hdInsightClustersMl": "mls-", | ||
"hdInsightClustersSpark": "spark-", | ||
"hdInsightClustersStorm": "storm-", | ||
"hybridComputeMachines": "arcs-", | ||
"insightsActionGroups": "ag-", | ||
"insightsComponents": "appi-", | ||
"keyVaultVaults": "kv-", | ||
"kubernetesConnectedClusters": "arck", | ||
"kustoClusters": "dec", | ||
"kustoClustersDatabases": "dedb", | ||
"loadTesting": "lt-", | ||
"logicIntegrationAccounts": "ia-", | ||
"logicWorkflows": "logic-", | ||
"machineLearningServicesWorkspaces": "mlw-", | ||
"managedIdentityUserAssignedIdentities": "id-", | ||
"managementManagementGroups": "mg-", | ||
"migrateAssessmentProjects": "migr-", | ||
"networkApplicationGateways": "agw-", | ||
"networkApplicationSecurityGroups": "asg-", | ||
"networkAzureFirewalls": "afw-", | ||
"networkBastionHosts": "bas-", | ||
"networkConnections": "con-", | ||
"networkDnsZones": "dnsz-", | ||
"networkExpressRouteCircuits": "erc-", | ||
"networkFirewallPolicies": "afwp-", | ||
"networkFirewallPoliciesWebApplication": "waf", | ||
"networkFirewallPoliciesRuleGroups": "wafrg", | ||
"networkFrontDoors": "fd-", | ||
"networkFrontdoorWebApplicationFirewallPolicies": "fdfp-", | ||
"networkLoadBalancersExternal": "lbe-", | ||
"networkLoadBalancersInternal": "lbi-", | ||
"networkLoadBalancersInboundNatRules": "rule-", | ||
"networkLocalNetworkGateways": "lgw-", | ||
"networkNatGateways": "ng-", | ||
"networkNetworkInterfaces": "nic-", | ||
"networkNetworkSecurityGroups": "nsg-", | ||
"networkNetworkSecurityGroupsSecurityRules": "nsgsr-", | ||
"networkNetworkWatchers": "nw-", | ||
"networkPrivateDnsZones": "pdnsz-", | ||
"networkPrivateLinkServices": "pl-", | ||
"networkPublicIPAddresses": "pip-", | ||
"networkPublicIPPrefixes": "ippre-", | ||
"networkRouteFilters": "rf-", | ||
"networkRouteTables": "rt-", | ||
"networkRouteTablesRoutes": "udr-", | ||
"networkTrafficManagerProfiles": "traf-", | ||
"networkVirtualNetworkGateways": "vgw-", | ||
"networkVirtualNetworks": "vnet-", | ||
"networkVirtualNetworksSubnets": "snet-", | ||
"networkVirtualNetworksVirtualNetworkPeerings": "peer-", | ||
"networkVirtualWans": "vwan-", | ||
"networkVpnGateways": "vpng-", | ||
"networkVpnGatewaysVpnConnections": "vcn-", | ||
"networkVpnGatewaysVpnSites": "vst-", | ||
"notificationHubsNamespaces": "ntfns-", | ||
"notificationHubsNamespacesNotificationHubs": "ntf-", | ||
"operationalInsightsWorkspaces": "log-", | ||
"portalDashboards": "dash-", | ||
"powerBIDedicatedCapacities": "pbi-", | ||
"purviewAccounts": "pview-", | ||
"recoveryServicesVaults": "rsv-", | ||
"resourcesResourceGroups": "rg-", | ||
"searchSearchServices": "srch-", | ||
"serviceBusNamespaces": "sb-", | ||
"serviceBusNamespacesQueues": "sbq-", | ||
"serviceBusNamespacesTopics": "sbt-", | ||
"serviceEndPointPolicies": "se-", | ||
"serviceFabricClusters": "sf-", | ||
"signalRServiceSignalR": "sigr", | ||
"sqlManagedInstances": "sqlmi-", | ||
"sqlServers": "sql-", | ||
"sqlServersDataWarehouse": "sqldw-", | ||
"sqlServersDatabases": "sqldb-", | ||
"sqlServersDatabasesStretch": "sqlstrdb-", | ||
"storageStorageAccounts": "st", | ||
"storageStorageAccountsVm": "stvm", | ||
"storSimpleManagers": "ssimp", | ||
"streamAnalyticsCluster": "asa-", | ||
"synapseWorkspaces": "syn", | ||
"synapseWorkspacesAnalyticsWorkspaces": "synw", | ||
"synapseWorkspacesSqlPoolsDedicated": "syndp", | ||
"synapseWorkspacesSqlPoolsSpark": "synsp", | ||
"timeSeriesInsightsEnvironments": "tsi-", | ||
"webServerFarms": "plan-", | ||
"webSitesAppService": "app-", | ||
"webSitesAppServiceEnvironment": "ase-", | ||
"webSitesFunctions": "func-", | ||
"webStaticSites": "stapp-" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
param name string | ||
param location string = resourceGroup().location | ||
param tags object = {} | ||
|
||
param identityName string | ||
param applicationInsightsName string | ||
param containerAppsEnvironmentName string | ||
param containerRegistryName string | ||
param keyVaultName string | ||
param serviceName string = 'api' | ||
param corsAcaUrl string | ||
param exists bool | ||
|
||
resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { | ||
name: identityName | ||
location: location | ||
} | ||
|
||
// Give the API access to KeyVault | ||
module apiKeyVaultAccess '../core/security/keyvault-access.bicep' = { | ||
name: 'api-keyvault-access' | ||
params: { | ||
keyVaultName: keyVaultName | ||
principalId: apiIdentity.properties.principalId | ||
} | ||
} | ||
|
||
module app '../core/host/container-app-upsert.bicep' = { | ||
name: '${serviceName}-container-app' | ||
dependsOn: [ apiKeyVaultAccess ] | ||
params: { | ||
name: name | ||
location: location | ||
tags: union(tags, { 'azd-service-name': serviceName }) | ||
identityType: 'UserAssigned' | ||
identityName: apiIdentity.name | ||
exists: exists | ||
containerAppsEnvironmentName: containerAppsEnvironmentName | ||
containerRegistryName: containerRegistryName | ||
containerCpuCoreCount: '1.0' | ||
containerMemory: '2.0Gi' | ||
env: [ | ||
{ | ||
name: 'AZURE_CLIENT_ID' | ||
value: apiIdentity.properties.clientId | ||
} | ||
{ | ||
name: 'AZURE_KEY_VAULT_ENDPOINT' | ||
value: keyVault.properties.vaultUri | ||
} | ||
{ | ||
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING' | ||
value: applicationInsights.properties.ConnectionString | ||
} | ||
{ | ||
name: 'API_ALLOW_ORIGINS' | ||
value: corsAcaUrl | ||
} | ||
] | ||
targetPort: 3100 | ||
} | ||
} | ||
|
||
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = { | ||
name: applicationInsightsName | ||
} | ||
|
||
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { | ||
name: keyVaultName | ||
} | ||
|
||
output SERVICE_API_IDENTITY_PRINCIPAL_ID string = apiIdentity.properties.principalId | ||
output SERVICE_API_NAME string = app.outputs.name | ||
output SERVICE_API_URI string = app.outputs.uri | ||
output SERVICE_API_IMAGE_NAME string = app.outputs.imageName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
<!-- Policy configuration for the API. Explore other sample policies at https://learn.microsoft.com/en-us/azure/api-management/policies/ --> | ||
<policies> | ||
<inbound> | ||
<base /> | ||
<!-- This policy is needed to handle preflight requests using the OPTIONS method. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies --> | ||
<cors allow-credentials="false"> | ||
<allowed-origins> | ||
<origin>{origin}</origin> | ||
</allowed-origins> | ||
<allowed-methods> | ||
<method>PUT</method> | ||
<method>GET</method> | ||
<method>POST</method> | ||
<method>DELETE</method> | ||
<method>PATCH</method> | ||
</allowed-methods> | ||
<allowed-headers> | ||
<header>*</header> | ||
</allowed-headers> | ||
<expose-headers> | ||
<header>*</header> | ||
</expose-headers> | ||
</cors> | ||
<!-- Optional policy to validate the request content. Learn more at https://learn.microsoft.com/en-us/azure/api-management/validation-policies#validate-content --> | ||
<validate-content unspecified-content-type-action="ignore" max-size="1024" size-exceeded-action="detect" errors-variable-name="requestBodyValidation"> | ||
<content type="application/json" validate-as="json" action="detect" /> | ||
</validate-content> | ||
<!-- Optional policy to send custom trace telemetry to Application Insights. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#Trace --> | ||
<trace source="@(context.Api.Name)" severity="verbose"> | ||
<message>Call to the @(context.Api.Name)</message> | ||
<metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent",""))" /> | ||
<metadata name="Operation Method" value="@(context.Request.Method)" /> | ||
<metadata name="Host" value="@(context.Request.Url.Host)" /> | ||
<metadata name="Path" value="@(context.Request.Url.Path)" /> | ||
</trace> | ||
</inbound> | ||
<backend> | ||
<limit-concurrency key="@(context.Request.IpAddress)" max-count="3"> | ||
<forward-request timeout="120" /> | ||
</limit-concurrency> | ||
</backend> | ||
<outbound> | ||
<base /> | ||
<!-- Optional policy to validate the response headers. Learn more at https://learn.microsoft.com/en-us/azure/api-management/validation-policies#validate-headers --> | ||
<validate-headers specified-header-action="ignore" unspecified-header-action="ignore" errors-variable-name="responseHeadersValidation" /> | ||
<!-- Optional policy to to send custom metrics to Application Insights. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#emit-metrics --> | ||
<choose> | ||
<when condition="@(context.Response.StatusCode >= 200 && context.Response.StatusCode < 300)"> | ||
<emit-metric name="Successful requests" value="1" namespace="apim-metrics"> | ||
<dimension name="API" value="@(context.Api.Name)" /> | ||
<dimension name="Client IP" value="@(context.Request.IpAddress)" /> | ||
<dimension name="Status Code" value="@((String)context.Response.StatusCode.ToString())" /> | ||
<dimension name="Status Reason" value="@(context.Response.StatusReason)" /> | ||
</emit-metric> | ||
</when> | ||
<when condition="@(context.Response.StatusCode >= 400 && context.Response.StatusCode < 600)"> | ||
<emit-metric name="Failed requests" value="1" namespace="apim-metrics"> | ||
<dimension name="API" value="@(context.Api.Name)" /> | ||
<dimension name="Client IP" value="@(context.Request.IpAddress)" /> | ||
<dimension name="Status Code" value="@(context.Response.StatusCode.ToString())" /> | ||
<dimension name="Status Reason" value="@(context.Response.StatusReason)" /> | ||
<dimension name="Error Source" value="backend" /> | ||
</emit-metric> | ||
</when> | ||
</choose> | ||
</outbound> | ||
<on-error> | ||
<base /> | ||
<!-- Optional policy to handle errors. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-error-handling-policies --> | ||
<trace source="@(context.Api.Name)" severity="error"> | ||
<message>Failed to process the @(context.Api.Name)</message> | ||
<metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent",""))" /> | ||
<metadata name="Operation Method" value="@(context.Request.Method)" /> | ||
<metadata name="Host" value="@(context.Request.Url.Host)" /> | ||
<metadata name="Path" value="@(context.Request.Url.Path)" /> | ||
<metadata name="Error Reason" value="@(context.LastError.Reason)" /> | ||
<metadata name="Error Message" value="@(context.LastError.Message)" /> | ||
</trace> | ||
<emit-metric name="Failed requests" value="1" namespace="apim-metrics"> | ||
<dimension name="API" value="@(context.Api.Name)" /> | ||
<dimension name="Client IP" value="@(context.Request.IpAddress)" /> | ||
<dimension name="Status Code" value="500" /> | ||
<dimension name="Status Reason" value="@(context.LastError.Reason)" /> | ||
<dimension name="Error Source" value="gateway" /> | ||
</emit-metric> | ||
<!-- Optional policy to hide error details and provide a custom generic message. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#ReturnResponse --> | ||
<return-response> | ||
<set-status code="500" reason="Internal Server Error" /> | ||
<set-body>An unexpected error has occurred.</set-body> | ||
</return-response> | ||
</on-error> | ||
</policies> |
Oops, something went wrong.