From 09cbe214c1a5cd52788e733d79c02b416f20c8e8 Mon Sep 17 00:00:00 2001 From: sinedied Date: Thu, 21 Mar 2024 17:37:08 +0100 Subject: [PATCH] fix: add missing managed identities --- infra/core/security/managed-identity.bicep | 7 +++++ infra/main.bicep | 36 ++++++++++++++++++++-- 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 infra/core/security/managed-identity.bicep diff --git a/infra/core/security/managed-identity.bicep b/infra/core/security/managed-identity.bicep new file mode 100644 index 00000000..50cb4682 --- /dev/null +++ b/infra/core/security/managed-identity.bicep @@ -0,0 +1,7 @@ +param name string +param location string = resourceGroup().location + +resource apiIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: name + location: location +} diff --git a/infra/main.bicep b/infra/main.bicep index 4a1d5d6e..f3da6ff3 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -83,6 +83,9 @@ var resourceToken = toLower(uniqueString(subscription().id, environmentName, loc var tags = union({ 'azd-env-name': environmentName }, empty(aliasTag) ? {} : { alias: aliasTag }) var allowedOrigins = empty(allowedOrigin) ? [webApp.outputs.uri] : [webApp.outputs.uri, allowedOrigin] +var indexerApiIdentityName = '${abbrs.managedIdentityUserAssignedIdentities}indexer-api-${resourceToken}' +var searchApiIdentityName = '${abbrs.managedIdentityUserAssignedIdentities}search-api-${resourceToken}' + // Organize resources in a resource group resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { name: !empty(resourceGroupName) ? resourceGroupName : '${abbrs.resourcesResourceGroups}${environmentName}' @@ -142,6 +145,16 @@ module webApp './core/host/staticwebapp.bicep' = { } } +// search API identity +module searchApiIdentity 'core/security/managed-identity.bicep' = { + name: 'search-api-identity' + scope: resourceGroup + params: { + name: searchApiIdentityName + location: location + } +} + // The search API module searchApi './core/host/container-app.bicep' = { name: 'search-api' @@ -152,7 +165,7 @@ module searchApi './core/host/container-app.bicep' = { tags: union(tags, { 'azd-service-name': searchApiName }) containerAppsEnvironmentName: containerApps.outputs.environmentName containerRegistryName: containerApps.outputs.registryName - identityName: '${abbrs.managedIdentityUserAssignedIdentities}search-api-${resourceToken}' + identityName: searchApiIdentityName allowedOrigins: allowedOrigins containerCpuCoreCount: '1.0' containerMemory: '2.0Gi' @@ -207,6 +220,19 @@ module searchApi './core/host/container-app.bicep' = { imageName: !empty(searchApiImageName) ? searchApiImageName : 'nginx:latest' targetPort: 3000 } + dependsOn: [ + searchApiIdentity + ] +} + +// Indexer API identity +module indexerApiIdentity 'core/security/managed-identity.bicep' = { + name: 'indexer-api-identity' + scope: resourceGroup + params: { + name: indexerApiIdentityName + location: location + } } // The indexer API @@ -219,7 +245,7 @@ module indexerApi './core/host/container-app.bicep' = { tags: union(tags, { 'azd-service-name': indexerApiName }) containerAppsEnvironmentName: containerApps.outputs.environmentName containerRegistryName: containerApps.outputs.registryName - identityName: '${abbrs.managedIdentityUserAssignedIdentities}indexer-api-${resourceToken}' + identityName: indexerApiIdentityName containerCpuCoreCount: '1.0' containerMemory: '2.0Gi' secrets: [ @@ -273,6 +299,9 @@ module indexerApi './core/host/container-app.bicep' = { imageName: !empty(indexerApiImageName) ? indexerApiImageName : 'nginx:latest' targetPort: 3001 } + dependsOn: [ + indexerApiIdentity + ] } module openAi 'core/ai/cognitiveservices.bicep' = { @@ -505,3 +534,6 @@ output INDEXER_API_URI string = indexerApi.outputs.uri output ALLOWED_ORIGINS string = join(allowedOrigins, ',') output BACKEND_URI string = !empty(backendUri) ? backendUri : searchApi.outputs.uri + +output INDEXER_PRINCIPAL_ID string = indexerApi.outputs.identityPrincipalId +output SEARCH_API_PRINCIPAL_ID string = searchApi.outputs.identityPrincipalId