Skip to content

Commit

Permalink
updated environment definitions
Browse files Browse the repository at this point in the history
  • Loading branch information
markweitzel committed Mar 4, 2024
1 parent 6f7cf58 commit 53b7688
Show file tree
Hide file tree
Showing 286 changed files with 48,437 additions and 0 deletions.
136 changes: 136 additions & 0 deletions Environments/App-Base-WebApp-ACA/abbreviations.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
{
"analysisServicesServers": "as",
"apiManagementService": "apim-",
"appConfigurationConfigurationStores": "appcs-",
"appManagedEnvironments": "cae-",
"appContainerApps": "ca-",
"authorizationPolicyDefinitions": "policy-",
"automationAutomationAccounts": "aa-",
"blueprintBlueprints": "bp-",
"blueprintBlueprintsArtifacts": "bpa-",
"cacheRedis": "redis-",
"cdnProfiles": "cdnp-",
"cdnProfilesEndpoints": "cdne-",
"cognitiveServicesAccounts": "cog-",
"cognitiveServicesFormRecognizer": "cog-fr-",
"cognitiveServicesTextAnalytics": "cog-ta-",
"computeAvailabilitySets": "avail-",
"computeCloudServices": "cld-",
"computeDiskEncryptionSets": "des",
"computeDisks": "disk",
"computeDisksOs": "osdisk",
"computeGalleries": "gal",
"computeSnapshots": "snap-",
"computeVirtualMachines": "vm",
"computeVirtualMachineScaleSets": "vmss-",
"containerInstanceContainerGroups": "ci",
"containerRegistryRegistries": "cr",
"containerServiceManagedClusters": "aks-",
"databricksWorkspaces": "dbw-",
"dataFactoryFactories": "adf-",
"dataLakeAnalyticsAccounts": "dla",
"dataLakeStoreAccounts": "dls",
"dataMigrationServices": "dms-",
"dBforMySQLServers": "mysql-",
"dBforPostgreSQLServers": "psql-",
"devicesIotHubs": "iot-",
"devicesProvisioningServices": "provs-",
"devicesProvisioningServicesCertificates": "pcert-",
"documentDBDatabaseAccounts": "cosmos-",
"eventGridDomains": "evgd-",
"eventGridDomainsTopics": "evgt-",
"eventGridEventSubscriptions": "evgs-",
"eventHubNamespaces": "evhns-",
"eventHubNamespacesEventHubs": "evh-",
"hdInsightClustersHadoop": "hadoop-",
"hdInsightClustersHbase": "hbase-",
"hdInsightClustersKafka": "kafka-",
"hdInsightClustersMl": "mls-",
"hdInsightClustersSpark": "spark-",
"hdInsightClustersStorm": "storm-",
"hybridComputeMachines": "arcs-",
"insightsActionGroups": "ag-",
"insightsComponents": "appi-",
"keyVaultVaults": "kv-",
"kubernetesConnectedClusters": "arck",
"kustoClusters": "dec",
"kustoClustersDatabases": "dedb",
"loadTesting": "lt-",
"logicIntegrationAccounts": "ia-",
"logicWorkflows": "logic-",
"machineLearningServicesWorkspaces": "mlw-",
"managedIdentityUserAssignedIdentities": "id-",
"managementManagementGroups": "mg-",
"migrateAssessmentProjects": "migr-",
"networkApplicationGateways": "agw-",
"networkApplicationSecurityGroups": "asg-",
"networkAzureFirewalls": "afw-",
"networkBastionHosts": "bas-",
"networkConnections": "con-",
"networkDnsZones": "dnsz-",
"networkExpressRouteCircuits": "erc-",
"networkFirewallPolicies": "afwp-",
"networkFirewallPoliciesWebApplication": "waf",
"networkFirewallPoliciesRuleGroups": "wafrg",
"networkFrontDoors": "fd-",
"networkFrontdoorWebApplicationFirewallPolicies": "fdfp-",
"networkLoadBalancersExternal": "lbe-",
"networkLoadBalancersInternal": "lbi-",
"networkLoadBalancersInboundNatRules": "rule-",
"networkLocalNetworkGateways": "lgw-",
"networkNatGateways": "ng-",
"networkNetworkInterfaces": "nic-",
"networkNetworkSecurityGroups": "nsg-",
"networkNetworkSecurityGroupsSecurityRules": "nsgsr-",
"networkNetworkWatchers": "nw-",
"networkPrivateDnsZones": "pdnsz-",
"networkPrivateLinkServices": "pl-",
"networkPublicIPAddresses": "pip-",
"networkPublicIPPrefixes": "ippre-",
"networkRouteFilters": "rf-",
"networkRouteTables": "rt-",
"networkRouteTablesRoutes": "udr-",
"networkTrafficManagerProfiles": "traf-",
"networkVirtualNetworkGateways": "vgw-",
"networkVirtualNetworks": "vnet-",
"networkVirtualNetworksSubnets": "snet-",
"networkVirtualNetworksVirtualNetworkPeerings": "peer-",
"networkVirtualWans": "vwan-",
"networkVpnGateways": "vpng-",
"networkVpnGatewaysVpnConnections": "vcn-",
"networkVpnGatewaysVpnSites": "vst-",
"notificationHubsNamespaces": "ntfns-",
"notificationHubsNamespacesNotificationHubs": "ntf-",
"operationalInsightsWorkspaces": "log-",
"portalDashboards": "dash-",
"powerBIDedicatedCapacities": "pbi-",
"purviewAccounts": "pview-",
"recoveryServicesVaults": "rsv-",
"resourcesResourceGroups": "rg-",
"searchSearchServices": "srch-",
"serviceBusNamespaces": "sb-",
"serviceBusNamespacesQueues": "sbq-",
"serviceBusNamespacesTopics": "sbt-",
"serviceEndPointPolicies": "se-",
"serviceFabricClusters": "sf-",
"signalRServiceSignalR": "sigr",
"sqlManagedInstances": "sqlmi-",
"sqlServers": "sql-",
"sqlServersDataWarehouse": "sqldw-",
"sqlServersDatabases": "sqldb-",
"sqlServersDatabasesStretch": "sqlstrdb-",
"storageStorageAccounts": "st",
"storageStorageAccountsVm": "stvm",
"storSimpleManagers": "ssimp",
"streamAnalyticsCluster": "asa-",
"synapseWorkspaces": "syn",
"synapseWorkspacesAnalyticsWorkspaces": "synw",
"synapseWorkspacesSqlPoolsDedicated": "syndp",
"synapseWorkspacesSqlPoolsSpark": "synsp",
"timeSeriesInsightsEnvironments": "tsi-",
"webServerFarms": "plan-",
"webSitesAppService": "app-",
"webSitesAppServiceEnvironment": "ase-",
"webSitesFunctions": "func-",
"webStaticSites": "stapp-"
}
75 changes: 75 additions & 0 deletions Environments/App-Base-WebApp-ACA/app/api.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
param name string
param location string = resourceGroup().location
param tags object = {}

param identityName string
param applicationInsightsName string
param containerAppsEnvironmentName string
param containerRegistryName string
param keyVaultName string
param serviceName string = 'api'
param corsAcaUrl string
param exists bool

resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: identityName
location: location
}

// Give the API access to KeyVault
module apiKeyVaultAccess '../core/security/keyvault-access.bicep' = {
name: 'api-keyvault-access'
params: {
keyVaultName: keyVaultName
principalId: apiIdentity.properties.principalId
}
}

module app '../core/host/container-app-upsert.bicep' = {
name: '${serviceName}-container-app'
dependsOn: [ apiKeyVaultAccess ]
params: {
name: name
location: location
tags: union(tags, { 'azd-service-name': serviceName })
identityType: 'UserAssigned'
identityName: apiIdentity.name
exists: exists
containerAppsEnvironmentName: containerAppsEnvironmentName
containerRegistryName: containerRegistryName
containerCpuCoreCount: '1.0'
containerMemory: '2.0Gi'
env: [
{
name: 'AZURE_CLIENT_ID'
value: apiIdentity.properties.clientId
}
{
name: 'AZURE_KEY_VAULT_ENDPOINT'
value: keyVault.properties.vaultUri
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: applicationInsights.properties.ConnectionString
}
{
name: 'API_ALLOW_ORIGINS'
value: corsAcaUrl
}
]
targetPort: 3100
}
}

resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = {
name: applicationInsightsName
}

resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}

output SERVICE_API_IDENTITY_PRINCIPAL_ID string = apiIdentity.properties.principalId
output SERVICE_API_NAME string = app.outputs.name
output SERVICE_API_URI string = app.outputs.uri
output SERVICE_API_IMAGE_NAME string = app.outputs.imageName
92 changes: 92 additions & 0 deletions Environments/App-Base-WebApp-ACA/app/apim-api-policy.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
<!-- Policy configuration for the API. Explore other sample policies at https://learn.microsoft.com/en-us/azure/api-management/policies/ -->
<policies>
<inbound>
<base />
<!-- This policy is needed to handle preflight requests using the OPTIONS method. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies -->
<cors allow-credentials="false">
<allowed-origins>
<origin>{origin}</origin>
</allowed-origins>
<allowed-methods>
<method>PUT</method>
<method>GET</method>
<method>POST</method>
<method>DELETE</method>
<method>PATCH</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<!-- Optional policy to validate the request content. Learn more at https://learn.microsoft.com/en-us/azure/api-management/validation-policies#validate-content -->
<validate-content unspecified-content-type-action="ignore" max-size="1024" size-exceeded-action="detect" errors-variable-name="requestBodyValidation">
<content type="application/json" validate-as="json" action="detect" />
</validate-content>
<!-- Optional policy to send custom trace telemetry to Application Insights. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#Trace -->
<trace source="@(context.Api.Name)" severity="verbose">
<message>Call to the @(context.Api.Name)</message>
<metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent",""))" />
<metadata name="Operation Method" value="@(context.Request.Method)" />
<metadata name="Host" value="@(context.Request.Url.Host)" />
<metadata name="Path" value="@(context.Request.Url.Path)" />
</trace>
</inbound>
<backend>
<limit-concurrency key="@(context.Request.IpAddress)" max-count="3">
<forward-request timeout="120" />
</limit-concurrency>
</backend>
<outbound>
<base />
<!-- Optional policy to validate the response headers. Learn more at https://learn.microsoft.com/en-us/azure/api-management/validation-policies#validate-headers -->
<validate-headers specified-header-action="ignore" unspecified-header-action="ignore" errors-variable-name="responseHeadersValidation" />
<!-- Optional policy to to send custom metrics to Application Insights. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#emit-metrics -->
<choose>
<when condition="@(context.Response.StatusCode >= 200 && context.Response.StatusCode < 300)">
<emit-metric name="Successful requests" value="1" namespace="apim-metrics">
<dimension name="API" value="@(context.Api.Name)" />
<dimension name="Client IP" value="@(context.Request.IpAddress)" />
<dimension name="Status Code" value="@((String)context.Response.StatusCode.ToString())" />
<dimension name="Status Reason" value="@(context.Response.StatusReason)" />
</emit-metric>
</when>
<when condition="@(context.Response.StatusCode >= 400 && context.Response.StatusCode < 600)">
<emit-metric name="Failed requests" value="1" namespace="apim-metrics">
<dimension name="API" value="@(context.Api.Name)" />
<dimension name="Client IP" value="@(context.Request.IpAddress)" />
<dimension name="Status Code" value="@(context.Response.StatusCode.ToString())" />
<dimension name="Status Reason" value="@(context.Response.StatusReason)" />
<dimension name="Error Source" value="backend" />
</emit-metric>
</when>
</choose>
</outbound>
<on-error>
<base />
<!-- Optional policy to handle errors. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-error-handling-policies -->
<trace source="@(context.Api.Name)" severity="error">
<message>Failed to process the @(context.Api.Name)</message>
<metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent",""))" />
<metadata name="Operation Method" value="@(context.Request.Method)" />
<metadata name="Host" value="@(context.Request.Url.Host)" />
<metadata name="Path" value="@(context.Request.Url.Path)" />
<metadata name="Error Reason" value="@(context.LastError.Reason)" />
<metadata name="Error Message" value="@(context.LastError.Message)" />
</trace>
<emit-metric name="Failed requests" value="1" namespace="apim-metrics">
<dimension name="API" value="@(context.Api.Name)" />
<dimension name="Client IP" value="@(context.Request.IpAddress)" />
<dimension name="Status Code" value="500" />
<dimension name="Status Reason" value="@(context.LastError.Reason)" />
<dimension name="Error Source" value="gateway" />
</emit-metric>
<!-- Optional policy to hide error details and provide a custom generic message. Learn more at https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#ReturnResponse -->
<return-response>
<set-status code="500" reason="Internal Server Error" />
<set-body>An unexpected error has occurred.</set-body>
</return-response>
</on-error>
</policies>
Loading

0 comments on commit 53b7688

Please sign in to comment.