feat: remove storage from aca-store-demo, div cleanup

Signed-off-by: Kristina Devochko <[email protected]>
guidemetothemoon · Mar 31, 2024 · 0df21e3 · 0df21e3
1 parent 5798254
commit 0df21e3
Show file tree

Hide file tree

Showing 12 changed files with 135 additions and 319 deletions.
diff --git a/aks-store-on-aca/README.md b/aks-store-on-aca/README.md
@@ -9,9 +9,9 @@ TODO
 Implementation includes following modules: (TODO: add details)
 
 * ```common```
+* ```azure-monitor```
 * ```network```
 * ```keyvault```
-* ```storage```
 * ```ai```
 * ```aca-common```
 * ```aca-public-apps```

diff --git a/aks-store-on-aca/main.bicep b/aks-store-on-aca/main.bicep
@@ -2,7 +2,6 @@ targetScope='subscription'
 
 param acaResourceGroupName string
 param commonResourceGroupName string
-//param commonKeyVaultManagedIdentityName string
 param commonKeyVaultName string
 param environment string
 param location string
@@ -12,6 +11,11 @@ param subnets array
 param tags object
 param vnetIpRange string
 
+resource keyVaultCommon 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  scope: resourceGroup(commonResourceGroupName)
+  name: commonKeyVaultName
+}
+
 resource rg 'Microsoft.Resources/resourceGroups@2022-09-01' = {
   name: acaResourceGroupName
   location: location
@@ -24,11 +28,9 @@ module common 'modules/common.bicep' = {
   scope: rg
   params: {
     environment: environment
-    keyVaultName: keyvault.outputs.keyVaultName
     location: location 
     tags: tags
   }
-  dependsOn: [vnet, keyvault]
 }
 
 /* Network resources, including private DNS zones with virtual network links for the private endpoints */
@@ -54,14 +56,27 @@ module keyvault 'modules/keyvault.bicep' = {
   name: 'keyvault'
   scope: rg
   params: {
-    location: location
-    tags: tags
     dnsZoneKeyVault: vnet.outputs.dnsZoneKeyVaultId
+    location: location
+    managedIdentityName: common.outputs.managedIdentityName
     subnetId: vnet.outputs.acaSubnetId
+    tags: tags
   }
   dependsOn: [vnet]
 }
 
+module azuremonitor 'modules/azure-monitor.bicep' = {
+  name: 'azuremonitor'
+  scope: rg
+  params: {
+    environment: environment
+    keyVaultName: keyvault.outputs.keyVaultName
+    location: location 
+    tags: tags
+  }
+  dependsOn: [vnet, keyvault]
+}
+
 resource keyVaultACAShared 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
   name: keyvault.outputs.keyVaultName
   scope: rg
@@ -75,71 +90,42 @@ module ai 'modules/ai.bicep' = {
     dnsZoneOpenAIId: vnet.outputs.dnsZoneOpenAIId
     keyVaultName: keyvault.outputs.keyVaultName
     location: location
+    managedIdentityId: common.outputs.managedIdentityId
     openAILocation: openAILocation
     subnetId: vnet.outputs.acaSubnetId
     tags: tags    
   }
   dependsOn: [vnet, keyvault]
 }
 
-module storage 'modules/storage.bicep' = {
-  name: 'storage'
-  scope: rg
-  params: {    
-    dnsZoneId: vnet.outputs.dnsZoneFileId
-    dnsZoneName: 'file'
-    fileShareName: 'rabbitmq-data'
-    keyVaultName: keyvault.outputs.keyVaultName
-    location: location
-    logAnalyticsWorkspaceId: common.outputs.logAnalyticsWorkspaceId
-    subnetId: vnet.outputs.acaSubnetId
-    tags: tags
-  }
-  dependsOn: [common, keyvault, vnet]
-}
-
 module acacommon 'modules/aca-common.bicep' = {
   name: 'aca-common'
   scope: rg
   params: {
-    appInsightsConnectionString: keyVaultACAShared.getSecret(common.outputs.appInsightsConnectionString)
+    appInsightsConnectionString: keyVaultACAShared.getSecret(azuremonitor.outputs.appInsightsConnectionString)
     location: location
-    logAnalyticsCustomerId: common.outputs.logAnalyticsCustomerId
-    logAnalyticsKey: keyVaultACAShared.getSecret(common.outputs.logAnalyticsKey)
-    //nsgName: vnet.outputs.nsgName
-    //storageFileShareName: storage.outputs.storageFileShareName
-    //storageName: storage.outputs.storageAccountName
+    logAnalyticsCustomerId: azuremonitor.outputs.logAnalyticsCustomerId
+    logAnalyticsKey: keyVaultACAShared.getSecret(azuremonitor.outputs.logAnalyticsKey)
+    nsgName: vnet.outputs.nsgName
     subnetId: vnet.outputs.acaSubnetId
     tags: tags
   }
-  dependsOn: [common, keyvault, storage, vnet]
-}
-
-resource keyVaultCommon 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
-  scope: resourceGroup(commonResourceGroupName)
-  name: commonKeyVaultName
+  dependsOn: [common, keyvault, vnet]
 }
 
-//resource keyVaultCommonManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
-//  scope: resourceGroup(commonResourceGroupName)
-//  name: commonKeyVaultManagedIdentityName
-//}
-
 module backend 'modules/aca-internal-apps.bicep' = {
   name: 'backend'
   scope: rg
   params: {
     location: location    
     environmentId: acacommon.outputs.environmentId
-    //rabbitmqStorageName: acacommon.outputs.rabbitmqStorageName
-    //managedIdentityId: keyvault.outputs.managedIdentityId
     openAIEndpoint: keyVaultACAShared.getSecret('cogaEndpoint')
     queueUsername: keyVaultCommon.getSecret('queue-username')
     queuePass: keyVaultCommon.getSecret('queue-password')
     subnetIpRange: vnet.outputs.acaSubnetIpRange
     tags: tags
   }
-  dependsOn: [acacommon, keyvault, storage]
+  dependsOn: [acacommon, keyvault]
 }
 
 module frontend 'modules/aca-public-apps.bicep' = {
@@ -150,7 +136,7 @@ module frontend 'modules/aca-public-apps.bicep' = {
     environmentId: acacommon.outputs.environmentId
     location: location
     makelineServiceUri: backend.outputs.makelineServiceUri
-    managedIdentityId: keyvault.outputs.managedIdentityId
+    managedIdentityId: common.outputs.managedIdentityId
     orderServiceUri: backend.outputs.orderServiceUri
     productServiceUri: backend.outputs.productServiceUri
     tags: tags

diff --git a/aks-store-on-aca/modules/aca-common.bicep b/aks-store-on-aca/modules/aca-common.bicep
@@ -1,8 +1,6 @@
 param location string
 param logAnalyticsCustomerId string
-//param nsgName string
-//param storageFileShareName string
-//param storageName string
+param nsgName string
 param subnetId string
 param tags object
 
@@ -34,26 +32,8 @@ resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-
   }
   tags: tags
 }
-/*
-resource acaStorage 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
-  name: storageName
-}
 
-resource rabbitmqStorageMount 'Microsoft.App/managedEnvironments/storages@2023-05-01' = {
-  name: 'rabbitmqstorage'
-  parent: containerAppsEnvironment
-  properties: {
-    azureFile: {
-      accessMode: 'ReadWrite'
-      accountKey: acaStorage.listKeys().keys[0].value
-      accountName: storageName
-      shareName: storageFileShareName
-    }
-  }
-}
-*/
 
-/*
 resource containerAppsInboundNsgRule 'Microsoft.Network/networkSecurityGroups/securityRules@2023-05-01' = {  
   name: '${nsgName}/AllowInternet443FrontendInbound'  
   properties: {
@@ -67,7 +47,6 @@ resource containerAppsInboundNsgRule 'Microsoft.Network/networkSecurityGroups/se
     direction: 'Inbound'
   }
 }
-*/
+
 output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
 output environmentId string = containerAppsEnvironment.id
-//output rabbitmqStorageName string = rabbitmqStorageMount.name
diff --git a/aks-store-on-aca/modules/aca-internal-apps.bicep b/aks-store-on-aca/modules/aca-internal-apps.bicep
@@ -1,7 +1,5 @@
 param environmentId string
 param location string
-
-//param rabbitmqStorageName string
 param subnetIpRange string
 param tags object
 

diff --git a/aks-store-on-aca/modules/ai.bicep b/aks-store-on-aca/modules/ai.bicep
@@ -1,6 +1,7 @@
 param dnsZoneOpenAIId string
 param keyVaultName string
 param location string
+param managedIdentityId string
 param openAILocation string
 param subnetId string
 param tags object
@@ -19,7 +20,10 @@ resource cognitiveAccount 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
   }
   kind: 'OpenAI'
   identity: {
-    type: 'SystemAssigned'
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityId}' : {}
+    }
   }
   properties: {
     customSubDomainName: cognitiveAccountName

diff --git a/aks-store-on-aca/modules/azure-monitor.bicep b/aks-store-on-aca/modules/azure-monitor.bicep
@@ -0,0 +1,76 @@
+param environment string
+param keyVaultName string
+param location string
+param tags object
+
+resource keyVaultACAShared 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: 'log-aca-${environment}'
+  location: location
+  properties: {
+    retentionInDays: 30
+    sku: { 
+      name: 'PerGB2018' 
+    }
+  }
+  tags: tags
+}
+
+resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
+  name: 'appi-aca-${environment}'
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    IngestionMode: 'LogAnalytics'
+    RetentionInDays: 30
+    WorkspaceResourceId: logAnalytics.id    
+  }
+  tags: tags
+}
+
+resource appInsightsConnStringSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+  parent: keyVaultACAShared
+  name: '${appInsights.name}-connection-string'
+  properties: {
+    attributes: {
+      enabled: true
+    }
+    value: appInsights.properties.ConnectionString
+  }
+  tags: tags
+}
+
+resource logAnalyticsKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+  parent: keyVaultACAShared
+  name: '${logAnalytics.name}-key'
+  properties: {
+    attributes: {
+      enabled: true
+    }
+    value: logAnalytics.listKeys().primarySharedKey
+  }
+  tags: tags
+}
+
+resource kvDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: keyVaultName
+  scope: keyVaultACAShared  
+  properties: {
+    workspaceId: logAnalytics.id
+    logs: [
+      {
+        categoryGroup: 'audit'
+        enabled: true
+      }
+    ]
+  }
+}
+
+output appInsightsConnectionString string = appInsightsConnStringSecret.name
+output logAnalyticsWorkspaceId string = logAnalytics.id
+output logAnalyticsCustomerId string = logAnalytics.properties.customerId
+output logAnalyticsKey string = logAnalyticsKeySecret.name