diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index d044d9f6fa..a55dc9c7d5 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -4,11 +4,11 @@ This module deploys an App Managed Environment (also known as a Container App En ## Navigation -- [Resource Types](#Resource-Types) -- [Usage examples](#Usage-examples) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) +- [Resource Types](#resource-types) +- [Usage examples](#usage-examples) +- [Parameters](#parameters) +- [Outputs](#outputs) +- [Cross-referenced modules](#cross-referenced-modules) ## Resource Types @@ -34,7 +34,6 @@ The following section provides usage examples for the module, which were used to This instance deploys the module with the minimum set of required parameters. -
via Bicep module @@ -84,7 +83,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { This instance deploys the module with most of its features enabled. -
via Bicep module @@ -108,7 +106,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { } platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' - skuName: 'Consumption' + infrastructureResourceGroupName: '' + workloadProfiles: '' tags: { Env: 'test' 'hidden-title': 'This is visible in the resource name' @@ -164,8 +163,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { "platformReservedDnsIP": { "value": "172.17.17.17" }, - "skuName": { - "value": "Consumption" + "infrastructureResourceGroupName": { + "value": "" }, "tags": { "value": { @@ -184,7 +183,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. -
via Bicep module @@ -208,7 +206,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { } platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' - skuName: 'Consumption' + infrastructureResourceGroupName: '' + workloadProfiles: '' tags: { Env: 'test' 'hidden-title': 'This is visible in the resource name' @@ -264,8 +263,8 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { "platformReservedDnsIP": { "value": "172.17.17.17" }, - "skuName": { - "value": "Consumption" + "infrastructureResourceGroupName": { + "value": "" }, "tags": { "value": { @@ -280,7 +279,6 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {

- ## Parameters **Required parameters** @@ -314,7 +312,7 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { | [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | | [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | -| [`skuName`](#parameter-skuname) | string | Managed environment SKU. | +| [`infrastructureResourceGroupName`](#parameter-infrastructureresourcegroupname) | string | Custom Resource group name for infrastrcuture components. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | @@ -433,6 +431,7 @@ Specify the type of lock. - Required: No - Type: string - Allowed: + ```Bicep [ 'CanNotDelete' @@ -492,7 +491,7 @@ Array of role assignments to create. | :-- | :-- | :-- | | [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource ID of the delegated managed identity resource. | | [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | | [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | @@ -524,6 +523,7 @@ Version of the condition. - Required: No - Type: string - Allowed: + ```Bicep [ '2.0' @@ -532,7 +532,7 @@ Version of the condition. ### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -The Resource Id of the delegated managed identity resource. +The Resource ID of the delegated managed identity resource. - Required: No - Type: string @@ -551,6 +551,7 @@ The principal type of the assigned principal ID. - Required: No - Type: string - Allowed: + ```Bicep [ 'Device' @@ -561,20 +562,13 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `skuName` +### Parameter: `infrastructureResourceGroupName` -Managed environment SKU. +Customer Resource Group name for additional infrastructure components. - Required: No - Type: string -- Default: `'Consumption'` -- Allowed: - ```Bicep - [ - 'Consumption' - 'Premium' - ] - ``` +- Default: `'ME_ManagedEnvironmentName'` ### Parameter: `tags` @@ -599,7 +593,6 @@ Whether or not this Managed Environment is zone-redundant. - Type: bool - Default: `False` - ## Outputs | Output | Type | Description | diff --git a/modules/app/managed-environment/main.bicep b/modules/app/managed-environment/main.bicep index f3905ce986..93e9920902 100644 --- a/modules/app/managed-environment/main.bicep +++ b/modules/app/managed-environment/main.bicep @@ -17,13 +17,6 @@ param tags object? @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType -@allowed([ - 'Consumption' - 'Premium' -]) -@description('Optional. Managed environment SKU.') -param skuName string = 'Consumption' - @description('Optional. Logs destination.') param logsDestination string = 'log-analytics' @@ -73,6 +66,9 @@ param lock lockType @description('Optional. Workload profiles configured for the Managed Environment.') param workloadProfiles array = [] +@description('Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value.') +param infrastructureResourceGroupName string = take('ME_${name}', 63) + var builtInRoleNames = { Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') @@ -98,13 +94,10 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 scope: resourceGroup(split(logAnalyticsWorkspaceResourceId, '/')[2], split(logAnalyticsWorkspaceResourceId, '/')[4]) } -resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = { +resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = { name: name location: location tags: tags - sku: { - name: skuName - } properties: { appLogsConfiguration: { destination: logsDestination @@ -122,13 +115,14 @@ resource managedEnvironment 'Microsoft.App/managedEnvironments@2022-10-01' = { } vnetConfiguration: { internal: internal - infrastructureSubnetId: !empty(infrastructureSubnetId) && internal == true ? infrastructureSubnetId : null - dockerBridgeCidr: !empty(infrastructureSubnetId) && internal == true ? dockerBridgeCidr : null - platformReservedCidr: !empty(infrastructureSubnetId) && internal == true ? platformReservedCidr : null - platformReservedDnsIP: !empty(infrastructureSubnetId) && internal == true ? platformReservedDnsIP : null + infrastructureSubnetId: !empty(infrastructureSubnetId) ? infrastructureSubnetId : null + dockerBridgeCidr: !empty(infrastructureSubnetId) ? dockerBridgeCidr : null + platformReservedCidr: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedCidr : null + platformReservedDnsIP: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedDnsIP : null } workloadProfiles: !empty(workloadProfiles) ? workloadProfiles : null zoneRedundant: zoneRedundant + infrastructureResourceGroup: infrastructureResourceGroupName } } @@ -167,6 +161,9 @@ output name string = managedEnvironment.name @description('The resource ID of the Managed Environment.') output resourceId string = managedEnvironment.id +@description('The Default domain of the Managed Environment.') +output defaultDomain string = managedEnvironment.properties.defaultDomain + // =============== // // Definitions // // =============== // diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json index ba37943c32..d3860b25fa 100644 --- a/modules/app/managed-environment/main.json +++ b/modules/app/managed-environment/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "15830956831455159038" + "templateHash": "6452494198386670014" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -138,17 +138,6 @@ "description": "Optional. Array of role assignments to create." } }, - "skuName": { - "type": "string", - "defaultValue": "Consumption", - "allowedValues": [ - "Consumption", - "Premium" - ], - "metadata": { - "description": "Optional. Managed environment SKU." - } - }, "logsDestination": { "type": "string", "defaultValue": "log-analytics", @@ -251,6 +240,13 @@ "metadata": { "description": "Optional. Workload profiles configured for the Managed Environment." } + }, + "infrastructureResourceGroupName": { + "type": "string", + "defaultValue": "[take(format('ME_{0}', parameters('name')), 63)]", + "metadata": { + "description": "Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value." + } } }, "variables": { @@ -288,13 +284,10 @@ }, "managedEnvironment": { "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2022-10-01", + "apiVersion": "2023-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", - "sku": { - "name": "[parameters('skuName')]" - }, "properties": { "appLogsConfiguration": { "destination": "[parameters('logsDestination')]", @@ -312,13 +305,14 @@ }, "vnetConfiguration": { "internal": "[parameters('internal')]", - "infrastructureSubnetId": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('infrastructureSubnetId'), null())]", - "dockerBridgeCidr": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('dockerBridgeCidr'), null())]", - "platformReservedCidr": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('platformReservedCidr'), null())]", - "platformReservedDnsIP": "[if(and(not(empty(parameters('infrastructureSubnetId'))), equals(parameters('internal'), true())), parameters('platformReservedDnsIP'), null())]" + "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('infrastructureSubnetId'), null())]", + "dockerBridgeCidr": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('dockerBridgeCidr'), null())]", + "platformReservedCidr": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedCidr'), null())]", + "platformReservedDnsIP": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedDnsIP'), null())]" }, "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]", - "zoneRedundant": "[parameters('zoneRedundant')]" + "zoneRedundant": "[parameters('zoneRedundant')]", + "infrastructureResourceGroup": "[parameters('infrastructureResourceGroupName')]" }, "dependsOn": [ "logAnalyticsWorkspace" @@ -374,7 +368,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('managedEnvironment', '2022-10-01', 'full').location]" + "value": "[reference('managedEnvironment', '2023-05-01', 'full').location]" }, "name": { "type": "string", @@ -389,6 +383,13 @@ "description": "The resource ID of the Managed Environment." }, "value": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]" + }, + "defaultDomain": { + "type": "string", + "metadata": { + "description": "The Default domain of the Managed Environment." + }, + "value": "[reference('managedEnvironment').defaultDomain]" } } } \ No newline at end of file diff --git a/modules/app/managed-environment/tests/e2e/max/dependencies.bicep b/modules/app/managed-environment/tests/e2e/max/dependencies.bicep index f61380acc4..8d908b1603 100644 --- a/modules/app/managed-environment/tests/e2e/max/dependencies.bicep +++ b/modules/app/managed-environment/tests/e2e/max/dependencies.bicep @@ -37,6 +37,14 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'defaultSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 16, 0) + delegations: [ + { + name: 'Microsoft.App.environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] } } ] diff --git a/modules/app/managed-environment/tests/e2e/max/main.test.bicep b/modules/app/managed-environment/tests/e2e/max/main.test.bicep index 7eecb1c599..1646791a1b 100644 --- a/modules/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/modules/app/managed-environment/tests/e2e/max/main.test.bicep @@ -10,6 +10,9 @@ metadata description = 'This instance deploys the module with most of its featur @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' +@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') +param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + @description('Optional. The location to deploy resources to.') param location string = deployment().location @@ -22,6 +25,16 @@ param enableDefaultTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '[[namePrefix]]' +@description('Optional. WorkloadProfile') +param workloadProfiles array = [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } +] + // =========== // // Deployments // // =========== // @@ -55,12 +68,13 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location - skuName: 'Consumption' + workloadProfiles: workloadProfiles internal: true dockerBridgeCidr: '172.16.0.1/28' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId + infrastructureResourceGroupName: infrastructureResourceGroupName lock: { kind: 'CanNotDelete' name: 'myCustomLockName' diff --git a/modules/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep b/modules/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep index f61380acc4..8d908b1603 100644 --- a/modules/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep +++ b/modules/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep @@ -37,6 +37,14 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { name: 'defaultSubnet' properties: { addressPrefix: cidrSubnet(addressPrefix, 16, 0) + delegations: [ + { + name: 'Microsoft.App.environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] } } ] diff --git a/modules/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/modules/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index f7416ce8ed..11807a0ea4 100644 --- a/modules/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/modules/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -10,6 +10,9 @@ metadata description = 'This instance deploys the module in alignment with the b @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' +@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') +param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + @description('Optional. The location to deploy resources to.') param location string = deployment().location @@ -22,6 +25,15 @@ param enableDefaultTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '[[namePrefix]]' +@description('Optional. WorkloadProfile') +param workloadProfiles array = [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } +] // =========== // // Deployments // // =========== // @@ -55,12 +67,13 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location - skuName: 'Consumption' + workloadProfiles: workloadProfiles internal: true dockerBridgeCidr: '172.16.0.1/28' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId + infrastructureResourceGroupName: infrastructureResourceGroupName lock: { kind: 'CanNotDelete' name: 'myCustomLockName'