diff --git a/infra/main.bicep b/infra/main.bicep index 9c08bbd..d24fc95 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -18,7 +18,7 @@ param applicationInsightsDashboardName string = '' param applicationInsightsName string = '' param appServicePlanName string = '' param cosmosAccountName string = '' -param cosmosDatabaseName string = '' +param cosmosDatabaseName string = 'Todo' param keyVaultName string = '' param logAnalyticsName string = '' param resourceGroupName string = '' @@ -42,6 +42,8 @@ resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { tags: tags } +// TODO: AVM resource group. Don't exist in CARML + // The application frontend module web './app/web.bicep' = { name: 'web' @@ -99,18 +101,80 @@ module apiKeyVaultAccess './core/security/keyvault-access.bicep' = { } // The application database -module cosmos './app/db.bicep' = { - name: 'cosmos' +// module cosmos './app/db.bicep' = { +// name: 'cosmos' +// scope: rg +// params: { +// accountName: !empty(cosmosAccountName) ? cosmosAccountName : '${abbrs.documentDBDatabaseAccounts}${resourceToken}' +// databaseName: cosmosDatabaseName +// location: location +// tags: tags +// keyVaultName: keyVault.outputs.name +// } +// } + +module cosmos 'br/public:storage/cosmos-db:3.0.2' = { scope: rg + name: 'cosmos' params: { - accountName: !empty(cosmosAccountName) ? cosmosAccountName : '${abbrs.documentDBDatabaseAccounts}${resourceToken}' - databaseName: cosmosDatabaseName + backendApi: 'mongodb' + name: !empty(cosmosAccountName) ? cosmosAccountName : '${abbrs.documentDBDatabaseAccounts}${resourceToken}' location: location tags: tags - keyVaultName: keyVault.outputs.name + enableServerless: true + consistencyPolicy: { + defaultConsistencyLevel: 'Session' + } + isZoneRedundant: false + mongoDBServerVersion: '4.2' + + mongodbDatabases: [ + { + name: cosmosDatabaseName + collections: [ + { + name: 'TodoList' + indexes: [ + { + key: { + keys: [ + '_id' + ] + } + options: { + unique: true + } + } + ] + shardKey: { + _id: 'Hash' + } + } + { + name: 'TodoItem' + indexes: [ + { + key: { + keys: [ + '_id' + ] + } + options: { + unique: true + } + } + ] + shardKey: { + _id: 'Hash' + } + } + ] + } + ] } } + // Create an App Service Plan to group applications under the same payment plan and SKU module appServicePlan './core/host/appserviceplan.bicep' = { name: 'appserviceplan' @@ -126,14 +190,31 @@ module appServicePlan './core/host/appserviceplan.bicep' = { } // Store secrets in a keyvault -module keyVault './core/security/keyvault.bicep' = { +// module keyVault './core/security/keyvault.bicep' = { +// name: 'keyvault' +// scope: rg +// params: { +// name: !empty(keyVaultName) ? keyVaultName : '${abbrs.keyVaultVaults}${resourceToken}' +// location: location +// tags: tags +// principalId: principalId +// } +// } + +module keyVault 'br/public:avm-res-keyvault-vault:0.1.0' = { name: 'keyvault' scope: rg params: { name: !empty(keyVaultName) ? keyVaultName : '${abbrs.keyVaultVaults}${resourceToken}' location: location tags: tags - principalId: principalId + roleAssignments: !empty(principalId) ? [ + { + principalId: principalId + principalType: 'User' + roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6' + } + ] : [] } } @@ -184,7 +265,7 @@ output AZURE_COSMOS_DATABASE_NAME string = cosmos.outputs.databaseName // App outputs output APPLICATIONINSIGHTS_CONNECTION_STRING string = monitoring.outputs.applicationInsightsConnectionString -output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint +output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.uri output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name output AZURE_LOCATION string = location output AZURE_TENANT_ID string = tenant().tenantId @@ -192,4 +273,4 @@ output REACT_APP_API_BASE_URL string = useAPIM ? apimApi.outputs.SERVICE_API_URI output REACT_APP_APPLICATIONINSIGHTS_CONNECTION_STRING string = monitoring.outputs.applicationInsightsConnectionString output REACT_APP_WEB_BASE_URL string = web.outputs.SERVICE_WEB_URI output USE_APIM bool = useAPIM -output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApi.outputs.SERVICE_API_URI, api.outputs.SERVICE_API_URI ]: [] +output SERVICE_API_ENDPOINTS array = useAPIM ? [ apimApi.outputs.SERVICE_API_URI, api.outputs.SERVICE_API_URI ] : []