add managed identity for postgres

Altinn · Sep 20, 2024 · 3af9f07 · 3af9f07
1 parent f3c8e6d
commit 3af9f07
Show file tree

Hide file tree

Showing 55 changed files with 1,213 additions and 200 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -5,33 +5,24 @@
     "version": "0.2.0",
     "configurations": [
         {
-            "name": ".NET Core Launch (console)",
+            "name": ".NET Core Launch (web)",
             "type": "coreclr",
             "request": "launch",
-            "WARNING01": "*********************************************************************************",
-            "WARNING02": "The C# extension was unable to automatically decode projects in the current",
-            "WARNING03": "workspace to create a runnable launch.json file. A template launch.json file has",
-            "WARNING04": "been created as a placeholder.",
-            "WARNING05": "",
-            "WARNING06": "If the server is currently unable to load your project, you can attempt to",
-            "WARNING07": "resolve this by restoring any missing project dependencies (example: run 'dotnet",
-            "WARNING08": "restore') and by fixing any reported errors from building the projects in your",
-            "WARNING09": "workspace.",
-            "WARNING10": "If this allows the server to now load your project then --",
-            "WARNING11": "  * Delete this file",
-            "WARNING12": "  * Open the Visual Studio Code command palette (View->Command Palette)",
-            "WARNING13": "  * run the command: '.NET: Generate Assets for Build and Debug'.",
-            "WARNING14": "",
-            "WARNING15": "If your project requires a more complex launch configuration, you may wish to",
-            "WARNING16": "delete this configuration and pick a different template using the 'Add",
-            "WARNING17": "Configuration...' button at the bottom of this file.",
-            "WARNING18": "*********************************************************************************",
             "preLaunchTask": "build",
-            "program": "${workspaceFolder}/bin/Debug/<insert-target-framework-here>/<insert-project-name-here>.dll",
+            "program": "${workspaceFolder}/src/apps/Altinn.Garfield/src/Altinn.Garfield/bin/Debug/net8.0/Altinn.Garfield.dll",
             "args": [],
-            "cwd": "${workspaceFolder}",
-            "console": "internalConsole",
-            "stopAtEntry": false
+            "cwd": "${workspaceFolder}/src/apps/Altinn.Garfield/src/Altinn.Garfield",
+            "stopAtEntry": false,
+            "serverReadyAction": {
+                "action": "openExternally",
+                "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            },
+            "sourceFileMap": {
+                "/Views": "${workspaceFolder}/Views"
+            }
         },
         {
             "name": ".NET Core Attach",

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -0,0 +1,41 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "build",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "build",
+                "${workspaceFolder}/src/libs/Altinn.Authorization.Hosting/Altinn.Authorization.Hosting.sln",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary;ForceNoAlign"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "publish",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "publish",
+                "${workspaceFolder}/src/libs/Altinn.Authorization.Hosting/Altinn.Authorization.Hosting.sln",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary;ForceNoAlign"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "watch",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "watch",
+                "run",
+                "--project",
+                "${workspaceFolder}/src/libs/Altinn.Authorization.Hosting/Altinn.Authorization.Hosting.sln"
+            ],
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}
diff --git a/infrastructure/deploy/shared/main.tf b/infrastructure/deploy/shared/main.tf
@@ -160,6 +160,7 @@ module "application_gateway" {
   cert_user_assigned_identity_name = var.cert_user_assigned_identity_name
   api_domain_name                  = var.api_domain
   subnet_id                        = module.vnet.subnets["application_gateway"].id
+  log_analytics_workspace_id       = module.application_insights.log_analytics_workspace_id
 
   container_apps_api_prefix = [for api in var.container_apps_api :
     {
@@ -179,6 +180,9 @@ module "app_configuration" {
       for api in var.container_apps_api : "AppsEndpoints:${title(api.hostname)}" => "http://${api.hostname}.${var.api_domain}"
     },
     {
-      "AppsInsights:ConnectionString" = module.application_insights.connection_string
+      "Postgres:Host"                        = module.postgres_server.host
+      "ServiceBus:Host"                      = module.service_bus.host
+      "ApplicationInsights:ConnectionString" = module.application_insights.connection_string,
+      "Sentinel"                             = timestamp()
   })
 }
diff --git a/infrastructure/modules/application_gateway/main.tf b/infrastructure/modules/application_gateway/main.tf
@@ -87,6 +87,9 @@ resource "azurerm_application_gateway" "appgw" {
       interval                                  = 30
       timeout                                   = 30
       unhealthy_threshold                       = 3
+      match {
+        status_code = ["200"]
+      }
     }
 
     for_each = local.container_apps
@@ -140,3 +143,18 @@ resource "azurerm_application_gateway" "appgw" {
   }
 }
 
+resource "azurerm_monitor_diagnostic_setting" "diagnostics" {
+  name = "log_analytics_workspace"
+
+  target_resource_id         = azurerm_application_gateway.appgw.id
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+
+  enabled_log {
+    category_group = "allLogs"
+  }
+
+  metric {
+    category = "AllMetrics"
+    enabled  = true
+  }
+}
diff --git a/infrastructure/modules/application_gateway/variables.tf b/infrastructure/modules/application_gateway/variables.tf
@@ -36,6 +36,10 @@ variable "api_domain_name" {
   type = string
 }
 
+variable "log_analytics_workspace_id" {
+  type = string
+}
+
 variable "container_apps_api_prefix" {
   type = list(object({
     path     = string

diff --git a/infrastructure/modules/container_app_api/main.tf b/infrastructure/modules/container_app_api/main.tf
@@ -45,6 +45,11 @@ resource "azurerm_user_assigned_identity" "app" {
   location            = var.location
 }
 
+data "azurerm_user_assigned_identity" "postgres_server" {
+  name                = "mipsqlsrv${local.infrastructure_suffix}"
+  resource_group_name = local.infrastructure_resource_group_name
+}
+
 # Assign 'AcrPull' role to the container app's managed identity so it can pull images from the ACR
 # Assign 'App Configuration Data Reader' role to container app's managed identity so it can read from app configuration
 resource "azurerm_role_assignment" "rbac" {
@@ -101,14 +106,29 @@ resource "azurerm_container_app" "app" {
     min_replicas = 2
     max_replicas = var.max_replicas
 
+    dynamic "init_container" {
+      content {
+        env {
+          name  = "Azure__PrincipalId"
+          value = data.
+        }
+        env {
+          name  = "Azure__PrincipalName"
+          value = data.
+        }
+
+
+      }
+    }
+
     container {
       env {
-        name  = "Azure__AppConfigurationUrl"
-        value = data.azurerm_app_configuration.appconf.endpoint
+        name  = "Azure__PrincipalName"
+        value = data.azurerm_user_assigned_identity.postgres_server.name
       }
       env {
-        name  = "Azure__ManagedIdentityPrincipalId"
-        value = azurerm_user_assigned_identity.app.client_id
+        name  = "Azure__PrincipalId"
+        value = data.azurerm_user_assigned_identity.postgres_server.principal_id
       }
 
       name   = var.name
@@ -121,6 +141,14 @@ resource "azurerm_container_app" "app" {
   depends_on = [azurerm_role_assignment.rbac]
 }
 
+module "database" {
+  source              = "../postgres_database"
+  database_name       = each.key
+  infrastructure_name = var.infrastructure_name
+  environment         = var.environment
+  for_each            = toset(var.postgres_databases)
+}
+
 resource "azurerm_private_dns_a_record" "record" {
   name                = var.hostname
   zone_name           = var.api_domain

diff --git a/infrastructure/modules/container_app_api/variables.tf b/infrastructure/modules/container_app_api/variables.tf
@@ -56,3 +56,8 @@ variable "app_configuration_variables" {
   type    = map(string)
   default = {}
 }
+
+variable "postgres_databases" {
+  type    = list(string)
+  default = []
+}
diff --git a/infrastructure/modules/postgres_database/main.tf b/infrastructure/modules/postgres_database/main.tf
@@ -1,17 +1,16 @@
-
-
-data "azurerm_resource_group" "rg" {
-  name = var.resource_group_name
+locals {
+  infrastructure_suffix              = "${var.infrastructure_name}${var.instance}${var.environment}"
+  infrastructure_resource_group_name = "rg${local.infrastructure_suffix}"
 }
 
-data "azurerm_postgresql_flexible_server" "postgres_database" {
-  name                = var.postgres_server_name
-  resource_group_name = data.azurerm_resource_group.rg.name
+data "azurerm_postgresql_flexible_server" "server" {
+  name                = "$psqlsrv${local.infrastructure_suffix}"
+  resource_group_name = local.infrastructure_resource_group_name
 }
 
-resource "azurerm_postgresql_flexible_server_database" "postgres_database" {
+resource "azurerm_postgresql_flexible_server_database" "database" {
   name      = var.database_name
-  server_id = azurerm_postgresql_flexible_server.postgres_database.id
+  server_id = data.azurerm_postgresql_flexible_server.server.id
   collation = "en_US.utf8"
   charset   = "utf8"
 

diff --git a/infrastructure/modules/postgres_database/variables.tf b/infrastructure/modules/postgres_database/variables.tf
@@ -1,9 +1,14 @@
+variable "infrastructure_name" {
+  type    = string
+  default = "shared"
+}
 
-variable "resource_group_name" {
-  type = string
+variable "instance" {
+  type    = string
+  default = "001"
 }
 
-variable "postgres_server_name" {
+variable "environment" {
   type = string
 }
 

diff --git a/infrastructure/modules/postgres_server/outputs.tf b/infrastructure/modules/postgres_server/outputs.tf
@@ -3,6 +3,10 @@ output "id" {
   description = "Postgres Flexible server AzureRM ID"
 }
 
+output "host" {
+  value = azurerm_postgresql_flexible_server.postgres_server.fqdn
+}
+
 output "admin" {
   value       = azurerm_user_assigned_identity.postgres_server_admin.id
   description = "Managed Identity AzureRM ID"

diff --git a/infrastructure/modules/service_bus/outputs.tf b/infrastructure/modules/service_bus/outputs.tf
@@ -1,3 +1,7 @@
 output "id" {
   value = azurerm_servicebus_namespace.service_bus.id
 }
+
+output "host" {
+  value = azurerm_servicebus_namespace.service_bus.endpoint
+}
diff --git a/src/Altinn.ruleset b/src/Altinn.ruleset
@@ -12,7 +12,7 @@
         <Rule Id="SA1006" Action="Warning" />
         <Rule Id="SA1007" Action="Warning" />
         <Rule Id="SA1008" Action="Warning" />
-        <Rule Id="SA1009" Action="Warning" />
+        <Rule Id="SA1009" Action="None" />
         <Rule Id="SA1010" Action="Warning" />
         <Rule Id="SA1011" Action="Warning" />
         <Rule Id="SA1012" Action="Warning" />
@@ -42,7 +42,7 @@
         <Rule Id="SA1107" Action="Warning" />
         <Rule Id="SA1108" Action="Warning" />
         <Rule Id="SA1110" Action="Warning" />
-        <Rule Id="SA1111" Action="Warning" />
+        <Rule Id="SA1111" Action="None" />
         <Rule Id="SA1112" Action="Warning" />
         <Rule Id="SA1113" Action="Warning" />
         <Rule Id="SA1114" Action="Warning" />
@@ -114,7 +114,7 @@
         <Rule Id="SA1413" Action="None" />
         <Rule Id="SA1500" Action="Warning" />
         <Rule Id="SA1501" Action="Warning" />
-        <Rule Id="SA1502" Action="Warning" />
+        <Rule Id="SA1502" Action="None" />
         <Rule Id="SA1503" Action="Warning" />
         <Rule Id="SA1504" Action="Warning" />
         <Rule Id="SA1505" Action="Warning" />

diff --git a/src/Directory.Packages.props b/src/Directory.Packages.props
@@ -13,13 +13,13 @@
         <PackageVersion Include="Altinn.Authorization.ABAC" Version="0.0.8" />
         <PackageVersion Include="Altinn.Common.AccessToken" Version="4.5.0" />
         <PackageVersion Include="Altinn.Common.PEP" Version="3.0.0" />
+        <PackageVersion Include="CommandLine.Net" Version="2.3.0" />
         <PackageVersion Include="Microsoft.Azure.AppConfiguration.AspNetCore"
             Version="8.0.0-preview.3" />
         <PackageVersion Include="AutoMapper.Extensions.Microsoft.DependencyInjection"
             Version="12.0.1" />
         <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.3.1" />
         <PackageVersion Include="Azure.Identity" Version="1.12.0" />
-        <PackageVersion Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.3.0" />
         <PackageVersion Include="Microsoft.Extensions.Azure" Version="1.7.4" />
         <PackageVersion Include="JWTCookieAuthentication" Version="3.0.1" />
         <PackageVersion Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />
@@ -31,13 +31,13 @@
         <PackageVersion Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets"
             Version="1.21.0" />
         <PackageVersion Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
-        <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.9.0" />
         <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.7.0" />
         <PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="8.0.7" />
         <PackageVersion Include="Swashbuckle.AspNetCore.Filters" Version="8.0.2" />
         <PackageVersion Include="System.Text.Json" Version="8.0.4" />
         <PackageVersion Include="Yuniql.AspNetCore" Version="1.2.25" />
         <PackageVersion Include="Yuniql.PostgreSql" Version="1.3.15" />
+        <PackageVersion Include="Yuniql.Core" Version="1.3.15" />
         <PackageVersion Include="Altinn.Common.AccessTokenClient" Version="3.0.6" />
         <PackageVersion Include="Altinn.Platform.Models" Version="1.6.1" />
         <PackageVersion Include="Altinn.Platform.Storage.Interface" Version="3.30.0" />
@@ -52,8 +52,6 @@
         <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
         <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
         <PackageVersion Include="Dapper" Version="2.1.35" />
-        <PackageVersion Include="Npgsql.OpenTelemetry" Version="8.0.3" />
-        <PackageVersion Include="OpenTelemetry" Version="1.9.0" />
         <PackageVersion Include="System.Linq.Async" Version="6.0.1" />
         <PackageVersion Include="Microsoft.Extensions.Telemetry.Abstractions" Version="8.7.0" />
         <PackageVersion Include="Testcontainers.PostgreSql" Version="3.9.0" />
@@ -65,5 +63,19 @@
         <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
         <PackageVersion Include="coverlet.collector" Version="6.0.2" />
         <PackageVersion Include="MSTest.TestFramework" Version="3.5.2" />
+
+        <PackageVersion Include="OpenTelemetry" Version="1.9.0" />
+        <PackageVersion Include="Npgsql.OpenTelemetry" Version="8.0.3" />
+        <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
+        <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
+        <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.9.0" />
+        <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.9.0" />
+        <PackageVersion Include="Azure.Monitor.OpenTelemetry.AspNetCore" Version="1.3.0-beta.1" />
+
+
+        <PackageVersion Include="MassTransit.Azure.ServiceBus.Core" Version="8.2.6-develop.1998" />
+        <PackageVersion Include="MassTransit.Extensions.DependencyInjection" Version="7.3.1" />
+
+        <PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
     </ItemGroup>
 </Project>
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
@@ -37,7 +37,7 @@ internal static class AccessManagementHost
     /// <param name="args">The command line arguments.</param>
     public static WebApplication Create(string[] args)
     {
-        var builder = AltinnHost.CreateWebApplicationBuilder("access-management", args);
+        var builder = AltinnHost.CreateWebApplicationBuilder("accessmanagement", args);
 
         builder.Services.AddAutoMapper(typeof(Program));
         builder.Services.AddControllers();

diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/Program.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/Program.cs
@@ -18,7 +18,6 @@
 
 app.UseAuthentication();
 app.UseAuthorization();
-
 app.MapControllers();
 app.MapDefaultAltinnEndpoints();
 

diff --git a/src/apps/Altinn.Garfield/Makefile b/src/apps/Altinn.Garfield/Makefile
@@ -1,6 +1,8 @@
 APP=garfield
 REGISTRY=acrshared004at21.azurecr.io
-TAG=5
+TAG=11
+
+all: docker_build docker_push
 
 docker_build:
 	docker build \