From ae63c385708a77ab9818f34f0908f71716ef1fc6 Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:26:15 +0200 Subject: [PATCH 01/11] parameterize diagsettings for appservice --- deploy/modules/appService.bicep | 71 ++++++--------------------------- 1 file changed, 13 insertions(+), 58 deletions(-) diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index ed24516..70871e9 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -4,6 +4,17 @@ param appServiceName string @description('App Service Plan Name') param appServicePlanName string +param appServiceDiagSettingsLogCategory string[] = [ + 'AppServiceAntivirusScanAuditLogs' + 'AppServiceHTTPLogs' + 'AppServiceConsoleLogs' + 'AppServiceAppLogs' + 'AppServiceFileAuditLogs' + 'AppServiceAuditLogs' + 'AppServiceIPSecAuditLogs' + 'AppServicePlatformLogs' +] + @description('CosmosDB URI') param cosmosDbUri string @@ -201,64 +212,8 @@ resource diagnosticSettingsApp 'Microsoft.Insights/diagnosticSettings@2021-05-01 scope: appService properties: { logs: [ - { - category: 'AppServiceAntivirusScanAuditLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceHTTPLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceConsoleLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceAppLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceFileAuditLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceAuditLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServiceIPSecAuditLogs' - enabled: true - retentionPolicy: { - days: 0 - enabled: false - } - } - { - category: 'AppServicePlatformLogs' + for categoryName in appServiceDiagSettingsLogCategory : { + category: categoryName enabled: true retentionPolicy: { days: 0 From 39964c87d384396e1750544e24e1e10f8097ab2f Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:34:48 +0200 Subject: [PATCH 02/11] set diagSettings as parameter --- deploy/main.bicep | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/deploy/main.bicep b/deploy/main.bicep index fa29bb9..210ff5f 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -53,6 +53,28 @@ param resourceNames object = { containerRegistryName: '${namePrefix}acr${uniqueString(guid)}' } +@description('Diagnostic settings for app service') +@allowed([ + 'AppServiceAntivirusScanAuditLogs' + 'AppServiceHTTPLogs' + 'AppServiceConsoleLogs' + 'AppServiceAppLogs' + 'AppServiceFileAuditLogs' + 'AppServiceAuditLogs' + 'AppServiceIPSecAuditLogs' + 'AppServicePlatformLogs' +]) +param appServiceDiagSettingsLogCategory string[] = [ + 'AppServiceAntivirusScanAuditLogs' + 'AppServiceHTTPLogs' + 'AppServiceConsoleLogs' + 'AppServiceAppLogs' + 'AppServiceFileAuditLogs' + 'AppServiceAuditLogs' + 'AppServiceIPSecAuditLogs' + 'AppServicePlatformLogs' +] + // Resource Group resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { location: location @@ -143,6 +165,7 @@ module appService './modules/appService.bicep' = if (!deployAsFunc) { azureCloud: azureCloud appServiceName: resourceNames.appServiceName appServicePlanName: resourceNames.appServicePlanName + appServiceDiagSettingsLogCategory: appServiceDiagSettingsLogCategory keyVaultUri: keyVault.outputs.keyVaultUri cosmosDbUri: cosmos.outputs.cosmosDocumentEndpoint databaseName: resourceNames.cosmosDatabaseName From 97b314f50c1a9bb1b0ba44846e40ef61545e31d6 Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:35:55 +0200 Subject: [PATCH 03/11] remove default value from module, handle values from main --- deploy/modules/appService.bicep | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 70871e9..7b7611e 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -4,7 +4,8 @@ param appServiceName string @description('App Service Plan Name') param appServicePlanName string -param appServiceDiagSettingsLogCategory string[] = [ +@description('Diagnostic settings for app service') +@allowed([ 'AppServiceAntivirusScanAuditLogs' 'AppServiceHTTPLogs' 'AppServiceConsoleLogs' @@ -13,7 +14,8 @@ param appServiceDiagSettingsLogCategory string[] = [ 'AppServiceAuditLogs' 'AppServiceIPSecAuditLogs' 'AppServicePlatformLogs' -] +]) +param appServiceDiagSettingsLogCategory string[] = [] @description('CosmosDB URI') param cosmosDbUri string From 91ea5c3915079c0ba5262b306e85cb638de77f0e Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:47:51 +0200 Subject: [PATCH 04/11] Create bicep types --- deploy/types/types.bicep | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 deploy/types/types.bicep diff --git a/deploy/types/types.bicep b/deploy/types/types.bicep new file mode 100644 index 0000000..4d35386 --- /dev/null +++ b/deploy/types/types.bicep @@ -0,0 +1,2 @@ +@export() +type appServiceDiagSettingsLogCategory = ('AppServiceAntivirusScanAuditLogs' | 'AppServiceHTTPLogs' | 'AppServiceConsoleLogs' | 'AppServiceAppLogs' | 'AppServiceFileAuditLogs' | 'AppServiceAuditLogs' | 'AppServiceIPSecAuditLogs' | 'AppServicePlatformLogs') From 7858d4151a4ac75c639a039f0ea2f9a148a86917 Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:52:11 +0200 Subject: [PATCH 05/11] Update main.bicep --- deploy/main.bicep | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/deploy/main.bicep b/deploy/main.bicep index 210ff5f..f78539f 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -1,6 +1,8 @@ // Global parameters targetScope = 'subscription' +import { appServiceDiagSettingsLogCategory } from './types/types.bicep' + @description('GUID for Resource Naming') param guid string = newGuid() @@ -54,17 +56,7 @@ param resourceNames object = { } @description('Diagnostic settings for app service') -@allowed([ - 'AppServiceAntivirusScanAuditLogs' - 'AppServiceHTTPLogs' - 'AppServiceConsoleLogs' - 'AppServiceAppLogs' - 'AppServiceFileAuditLogs' - 'AppServiceAuditLogs' - 'AppServiceIPSecAuditLogs' - 'AppServicePlatformLogs' -]) -param appServiceDiagSettingsLogCategory string[] = [ +param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategory[] = [ 'AppServiceAntivirusScanAuditLogs' 'AppServiceHTTPLogs' 'AppServiceConsoleLogs' From 7f643ab555ec1c2d6d35663f3f44db1d821693ec Mon Sep 17 00:00:00 2001 From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:54:03 +0200 Subject: [PATCH 06/11] Update appService.bicep --- deploy/modules/appService.bicep | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 7b7611e..c53b083 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -1,3 +1,5 @@ +import { appServiceDiagSettingsLogCategory } from '../types/types.bicep' + @description('App Service Name') param appServiceName string @@ -5,17 +7,7 @@ param appServiceName string param appServicePlanName string @description('Diagnostic settings for app service') -@allowed([ - 'AppServiceAntivirusScanAuditLogs' - 'AppServiceHTTPLogs' - 'AppServiceConsoleLogs' - 'AppServiceAppLogs' - 'AppServiceFileAuditLogs' - 'AppServiceAuditLogs' - 'AppServiceIPSecAuditLogs' - 'AppServicePlatformLogs' -]) -param appServiceDiagSettingsLogCategory string[] = [] +param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategory[] = [] @description('CosmosDB URI') param cosmosDbUri string From 8dbf80d32ff879e8b31f91bdfda4637537971560 Mon Sep 17 00:00:00 2001 From: picccard <7443949+picccard@users.noreply.github.com> Date: Wed, 26 Jun 2024 17:34:18 +0200 Subject: [PATCH 07/11] updated type name --- deploy/main.bicep | 4 ++-- deploy/modules/appService.bicep | 4 ++-- deploy/types/types.bicep | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/main.bicep b/deploy/main.bicep index f78539f..42ea5c4 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -1,7 +1,7 @@ // Global parameters targetScope = 'subscription' -import { appServiceDiagSettingsLogCategory } from './types/types.bicep' +import { appServiceDiagSettingsLogCategoryType } from './types/types.bicep' @description('GUID for Resource Naming') param guid string = newGuid() @@ -56,7 +56,7 @@ param resourceNames object = { } @description('Diagnostic settings for app service') -param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategory[] = [ +param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = [ 'AppServiceAntivirusScanAuditLogs' 'AppServiceHTTPLogs' 'AppServiceConsoleLogs' diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index c53b083..3e42bf9 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -1,4 +1,4 @@ -import { appServiceDiagSettingsLogCategory } from '../types/types.bicep' +import { appServiceDiagSettingsLogCategoryType } from '../types/types.bicep' @description('App Service Name') param appServiceName string @@ -7,7 +7,7 @@ param appServiceName string param appServicePlanName string @description('Diagnostic settings for app service') -param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategory[] = [] +param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = [] @description('CosmosDB URI') param cosmosDbUri string diff --git a/deploy/types/types.bicep b/deploy/types/types.bicep index 4d35386..dcce280 100644 --- a/deploy/types/types.bicep +++ b/deploy/types/types.bicep @@ -1,2 +1,2 @@ @export() -type appServiceDiagSettingsLogCategory = ('AppServiceAntivirusScanAuditLogs' | 'AppServiceHTTPLogs' | 'AppServiceConsoleLogs' | 'AppServiceAppLogs' | 'AppServiceFileAuditLogs' | 'AppServiceAuditLogs' | 'AppServiceIPSecAuditLogs' | 'AppServicePlatformLogs') +type appServiceDiagSettingsLogCategoryType = ('AppServiceAntivirusScanAuditLogs' | 'AppServiceHTTPLogs' | 'AppServiceConsoleLogs' | 'AppServiceAppLogs' | 'AppServiceFileAuditLogs' | 'AppServiceAuditLogs' | 'AppServiceIPSecAuditLogs' | 'AppServicePlatformLogs') From 8fa5d350451371aa4e2461865d6041596fce68dc Mon Sep 17 00:00:00 2001 From: picccard <7443949+picccard@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:09:37 +0200 Subject: [PATCH 08/11] parameterize asp sku and capacity --- deploy/main.bicep | 16 ++++++++++++++++ deploy/modules/appService.bicep | 20 ++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/deploy/main.bicep b/deploy/main.bicep index 42ea5c4..556a308 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -55,6 +55,20 @@ param resourceNames object = { containerRegistryName: '${namePrefix}acr${uniqueString(guid)}' } +@description('App Service Plan SKU name, this will determine the tier, size, family of the App Service Plan.') +@metadata({ + example: ''' + 'F1' + 'B1' + 'P1v3' + 'I1v2' + ''' +}) +param appServicePlanSkuName string = 'P1v3' + +@description('Number of workers associated with the App Service Plan.') +param appServicePlanSkuCapacity int = 1 + @description('Diagnostic settings for app service') param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = [ 'AppServiceAntivirusScanAuditLogs' @@ -157,6 +171,8 @@ module appService './modules/appService.bicep' = if (!deployAsFunc) { azureCloud: azureCloud appServiceName: resourceNames.appServiceName appServicePlanName: resourceNames.appServicePlanName + appServicePlanSkuName: appServicePlanSkuName + appServicePlanSkuCapacity: appServicePlanSkuCapacity appServiceDiagSettingsLogCategory: appServiceDiagSettingsLogCategory keyVaultUri: keyVault.outputs.keyVaultUri cosmosDbUri: cosmos.outputs.cosmosDocumentEndpoint diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 3e42bf9..4f2c8f8 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -6,6 +6,20 @@ param appServiceName string @description('App Service Plan Name') param appServicePlanName string +@description('The name of the SKU will Determine the tier, size, family of the App Service Plan.') +@metadata({ + example: ''' + 'F1' + 'B1' + 'P1v3' + 'I1v2' + ''' +}) +param appServicePlanSkuName string = 'P1v3' + +@description('Number of workers associated with the App Service Plan.') +param appServicePlanSkuCapacity int = 1 + @description('Diagnostic settings for app service') param appServiceDiagSettingsLogCategory appServiceDiagSettingsLogCategoryType[] = [] @@ -59,10 +73,8 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { name: appServicePlanName location: location sku: { - name: 'P1v3' - size: 'P1v3' - tier: 'PremiumV3' - capacity: 1 + name: appServicePlanSkuName + capacity: appServicePlanSkuCapacity } kind: 'linux' properties: { From 296ea77415c04fdae60bb712d3d4cc7ca8564b55 Mon Sep 17 00:00:00 2001 From: picccard <7443949+picccard@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:28:03 +0200 Subject: [PATCH 09/11] remove unused retentionPolicy from diagSettings --- deploy/modules/appService.bicep | 8 -------- 1 file changed, 8 deletions(-) diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 4f2c8f8..00043df 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -221,20 +221,12 @@ resource diagnosticSettingsApp 'Microsoft.Insights/diagnosticSettings@2021-05-01 for categoryName in appServiceDiagSettingsLogCategory : { category: categoryName enabled: true - retentionPolicy: { - days: 0 - enabled: false - } } ] metrics: [ { category: 'AllMetrics' enabled: true - retentionPolicy: { - days: 0 - enabled: false - } } ] workspaceId: workspaceId From a10086e8060c0e60cb1725f38ddd1707446d651e Mon Sep 17 00:00:00 2001 From: picccard <7443949+picccard@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:51:41 +0200 Subject: [PATCH 10/11] use any container image tag --- deploy/main.bicep | 5 +++++ deploy/modules/appService.bicep | 5 ++++- deploy/modules/functionApp.bicep | 5 ++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/deploy/main.bicep b/deploy/main.bicep index 556a308..c5ac26a 100644 --- a/deploy/main.bicep +++ b/deploy/main.bicep @@ -25,6 +25,9 @@ param deployAsFunc bool = false @description('Flag to Deploy IPAM as a Container') param deployAsContainer bool = false +@description('IPAM Container Image Tag to use') +param acrImageTag string = 'latest' + @description('IPAM-UI App Registration Client/App ID') param uiAppId string = '00000000-0000-0000-0000-000000000000' @@ -182,6 +185,7 @@ module appService './modules/appService.bicep' = if (!deployAsFunc) { managedIdentityClientId: managedIdentity.outputs.clientId workspaceId: logAnalyticsWorkspace.outputs.workspaceId deployAsContainer: deployAsContainer + acrImageTag: acrImageTag privateAcr: privateAcr privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : '' } @@ -205,6 +209,7 @@ module functionApp './modules/functionApp.bicep' = if (deployAsFunc) { storageAccountName: resourceNames.storageAccountName workspaceId: logAnalyticsWorkspace.outputs.workspaceId deployAsContainer: deployAsContainer + acrImageTag: acrImageTag privateAcr: privateAcr privateAcrUri: privateAcr ? containerRegistry.outputs.acrUri : '' } diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 00043df..8475b68 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -53,6 +53,9 @@ param workspaceId string @description('Flag to Deploy IPAM as a Container') param deployAsContainer bool = false +@description('IPAM Container Image Tag to use') +param acrImageTag string = 'latest' + @description('Flag to Deploy Private Container Registry') param privateAcr bool @@ -100,7 +103,7 @@ resource appService 'Microsoft.Web/sites@2021-02-01' = { acrUseManagedIdentityCreds: privateAcr ? true : false acrUserManagedIdentityID: privateAcr ? managedIdentityClientId : null alwaysOn: true - linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipam:latest' : 'PYTHON|${pythonVersion}' + linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipam:${acrImageTag}' : 'PYTHON|${pythonVersion}' appCommandLine: !deployAsContainer ? 'bash ./init.sh 8000' : null healthCheckPath: '/api/status' appSettings: concat( diff --git a/deploy/modules/functionApp.bicep b/deploy/modules/functionApp.bicep index 05650e9..834e583 100644 --- a/deploy/modules/functionApp.bicep +++ b/deploy/modules/functionApp.bicep @@ -37,6 +37,9 @@ param workspaceId string @description('Flag to Deploy IPAM as a Container') param deployAsContainer bool = false +@description('IPAM Container Image Tag to use') +param acrImageTag string = 'latest' + @description('Flag to Deploy Private Container Registry') param privateAcr bool @@ -87,7 +90,7 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = { siteConfig: { acrUseManagedIdentityCreds: privateAcr ? true : false acrUserManagedIdentityID: privateAcr ? managedIdentityClientId : null - linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipamfunc:latest' : 'PYTHON|${pythonVersion}' + linuxFxVersion: deployAsContainer ? 'DOCKER|${acrUri}/ipamfunc:${acrImageTag}' : 'PYTHON|${pythonVersion}' healthCheckPath: '/api/status' appSettings: concat( [ From 74722c35f4693fef2d1788e851f982923c3e233d Mon Sep 17 00:00:00 2001 From: picccard <7443949+picccard@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:52:08 +0200 Subject: [PATCH 11/11] set min value for appServicePlanSkuCapacity --- deploy/modules/appService.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/modules/appService.bicep b/deploy/modules/appService.bicep index 8475b68..4521452 100644 --- a/deploy/modules/appService.bicep +++ b/deploy/modules/appService.bicep @@ -18,6 +18,7 @@ param appServicePlanName string param appServicePlanSkuName string = 'P1v3' @description('Number of workers associated with the App Service Plan.') +@minValue(1) param appServicePlanSkuCapacity int = 1 @description('Diagnostic settings for app service')