diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep index 22c3a3b05..f304318e1 100644 --- a/.azure/infrastructure/main.bicep +++ b/.azure/infrastructure/main.bicep @@ -51,9 +51,6 @@ param appConfigurationSku AppConfigurationSku import { Sku as AppInsightsSku } from '../modules/applicationInsights/create.bicep' param appInsightsSku AppInsightsSku -import { Sku as SlackNotifierSku } from '../modules/functionApp/slackNotifier.bicep' -param slackNotifierSku SlackNotifierSku - import { Sku as PostgresSku } from '../modules/postgreSql/create.bicep' import { StorageConfiguration as PostgresStorageConfig } from '../modules/postgreSql/create.bicep' @@ -262,19 +259,6 @@ module copyEnvironmentSecrets '../modules/keyvault/copySecrets.bicep' = { } } -module slackNotifier '../modules/functionApp/slackNotifier.bicep' = { - name: 'slackNotifier' - scope: resourceGroup - params: { - location: location - keyVaultName: environmentKeyVault.outputs.name - namePrefix: namePrefix - applicationInsightsName: appInsights.outputs.appInsightsName - sku: slackNotifierSku - tags: tags - } -} - module containerAppIdentity '../modules/managedIdentity/main.bicep' = { scope: resourceGroup name: 'containerAppIdentity' @@ -299,15 +283,6 @@ module containerAppEnv '../modules/containerAppEnv/main.bicep' = { } } -module appInsightsReaderAccessPolicy '../modules/applicationInsights/addReaderRoles.bicep' = { - scope: resourceGroup - name: 'appInsightsReaderAccessPolicy' - params: { - appInsightsName: appInsights.outputs.appInsightsName - principalIds: [slackNotifier.outputs.functionAppPrincipalId] - } -} - module postgresConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValue.bicep' = { scope: resourceGroup name: 'AppConfig_Add_DialogDbConnectionString' @@ -332,15 +307,6 @@ module redisConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValu } } -module keyVaultReaderAccessPolicy '../modules/keyvault/addReaderRoles.bicep' = { - scope: resourceGroup - name: 'keyVaultReaderAccessPolicyFunctions' - params: { - keyvaultName: environmentKeyVault.outputs.name - principalIds: [slackNotifier.outputs.functionAppPrincipalId] - } -} - output resourceGroupName string = resourceGroup.name output containerAppEnvId string = containerAppEnv.outputs.containerAppEnvId output environmentKeyVaultName string = environmentKeyVault.outputs.name diff --git a/.azure/infrastructure/prod.bicepparam b/.azure/infrastructure/prod.bicepparam index 2b0a624e7..14699dd41 100644 --- a/.azure/infrastructure/prod.bicepparam +++ b/.azure/infrastructure/prod.bicepparam @@ -24,11 +24,6 @@ param appConfigurationSku = { param appInsightsSku = { name: 'PerGB2018' } -param slackNotifierSku = { - storageAccountName: 'Standard_LRS' - applicationServicePlanName: 'Y1' - applicationServicePlanTier: 'Dynamic' -} param postgresConfiguration = { sku: { name: 'Standard_D8ads_v5' diff --git a/.azure/infrastructure/staging.bicepparam b/.azure/infrastructure/staging.bicepparam index c434a5469..e3230883c 100644 --- a/.azure/infrastructure/staging.bicepparam +++ b/.azure/infrastructure/staging.bicepparam @@ -24,11 +24,6 @@ param appConfigurationSku = { param appInsightsSku = { name: 'PerGB2018' } -param slackNotifierSku = { - storageAccountName: 'Standard_LRS' - applicationServicePlanName: 'Y1' - applicationServicePlanTier: 'Dynamic' -} param postgresConfiguration = { sku: { name: 'Standard_D4ads_v5' diff --git a/.azure/infrastructure/test.bicepparam b/.azure/infrastructure/test.bicepparam index e4ca02594..9f2fe769f 100644 --- a/.azure/infrastructure/test.bicepparam +++ b/.azure/infrastructure/test.bicepparam @@ -24,11 +24,6 @@ param appConfigurationSku = { param appInsightsSku = { name: 'PerGB2018' } -param slackNotifierSku = { - storageAccountName: 'Standard_LRS' - applicationServicePlanName: 'Y1' - applicationServicePlanTier: 'Dynamic' -} param postgresConfiguration = { sku: { name: 'Standard_B2s' diff --git a/.azure/infrastructure/yt01.bicepparam b/.azure/infrastructure/yt01.bicepparam index d37a727da..64a561ed2 100644 --- a/.azure/infrastructure/yt01.bicepparam +++ b/.azure/infrastructure/yt01.bicepparam @@ -24,11 +24,6 @@ param appConfigurationSku = { param appInsightsSku = { name: 'PerGB2018' } -param slackNotifierSku = { - storageAccountName: 'Standard_LRS' - applicationServicePlanName: 'Y1' - applicationServicePlanTier: 'Dynamic' -} param postgresConfiguration = { sku: { name: 'Standard_D8ads_v5' diff --git a/.azure/modules/functionApp/appSettings.bicep b/.azure/modules/functionApp/appSettings.bicep deleted file mode 100644 index eeca797f2..000000000 --- a/.azure/modules/functionApp/appSettings.bicep +++ /dev/null @@ -1,18 +0,0 @@ -@description('The name of the web application') -param webAppName string - -@description('The new app settings to be applied') -param appSettings object - -@description('The current app settings of the web application') -param currentAppSettings object - -resource webApp 'Microsoft.Web/sites@2023-12-01' existing = { - name: webAppName -} - -resource siteconfig 'Microsoft.Web/sites/config@2023-12-01' = { - parent: webApp - name: 'appsettings' - properties: union(currentAppSettings, appSettings) -} diff --git a/.azure/modules/functionApp/slackNotifier.bicep b/.azure/modules/functionApp/slackNotifier.bicep deleted file mode 100644 index fbd0629eb..000000000 --- a/.azure/modules/functionApp/slackNotifier.bicep +++ /dev/null @@ -1,221 +0,0 @@ -import { uniqueStringBySubscriptionAndResourceGroup, uniqueResourceName } from '../../functions/resourceName.bicep' - -@description('The location where the resources will be deployed') -param location string - -@description('The name of the Application Insights resource') -param applicationInsightsName string - -@description('The prefix used for naming resources to ensure unique names') -param namePrefix string - -@description('The name of the Key Vault') -param keyVaultName string - -@description('Tags to apply to resources') -param tags object - -@export() -type Sku = { - storageAccountName: - | 'Standard_LRS' - | 'Standard_GRS' - | 'Standard_RAGRS' - | 'Standard_ZRS' - | 'Premium_LRS' - | 'Premium_ZRS' - applicationServicePlanName: - | 'F1' - | 'D1' - | 'B1' - | 'B2' - | 'B3' - | 'S1' - | 'S2' - | 'S3' - | 'P1' - | 'P2' - | 'P3' - | 'P1V2' - | 'P2V2' - | 'P3V2' - | 'I1' - | 'I2' - | 'I3' - | 'Y1' - | 'Y2' - | 'Y3' - | 'Y1v2' - | 'Y2v2' - | 'Y3v2' - | 'Y1v2Isolated' - | 'Y2v2Isolated' - | 'Y3v2Isolated' - applicationServicePlanTier: 'Free' | 'Shared' | 'Basic' | 'Dynamic' | 'Standard' | 'Premium' | 'Isolated' -} -@description('The SKU of the Slack Notifier') -param sku Sku - -// Storage account names only supports lower case and numbers -// todo: add name of function as param and turn this into a reusable module -// We use uniqueStringBySubscriptionAndResourceGroup directly here to avoid having too short storage account name. -// This should be refactored to use one common storage account. Or one storage account for all app functions. -var storageAccountName = take( - replace('${'${namePrefix}-sn'}-${uniqueStringBySubscriptionAndResourceGroup()}', '-', ''), - 24 -) - -resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: storageAccountName - location: location - sku: { - name: sku.storageAccountName - } - kind: 'Storage' - properties: { - supportsHttpsTrafficOnly: true - defaultToOAuthAuthentication: true - minimumTlsVersion: 'TLS1_2' - } - tags: tags -} - -resource applicationServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = { - name: '${namePrefix}-slacknotifier-asp' - location: location - sku: { - name: sku.applicationServicePlanName - tier: sku.applicationServicePlanTier - } - properties: {} - tags: tags -} - -resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = { - name: applicationInsightsName -} - -var functionAppNameMaxLength = 40 -var functionAppName = uniqueResourceName('${namePrefix}-slacknotifier-fa', functionAppNameMaxLength) -resource functionApp 'Microsoft.Web/sites@2023-12-01' = { - name: functionAppName - location: location - kind: 'functionapp' - identity: { - type: 'SystemAssigned' - } - properties: { - serverFarmId: applicationServicePlan.id - publicNetworkAccess: 'Enabled' - siteConfig: { - // Setting/updating appSettings in separate module in order to not delete already deployed functions, see below - } - httpsOnly: true - } - tags: tags -} - -var appSettings = { - AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' - WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}' - WEBSITE_CONTENTSHARE: toLower(functionAppName) - FUNCTIONS_EXTENSION_VERSION: '~4' - APPINSIGHTS_INSTRUMENTATIONKEY: applicationInsights.properties.InstrumentationKey - Slack__WebhookUrl: '@Microsoft.KeyVault(VaultName=${keyVaultName};SecretName=Slack--Webhook--Url)' - FUNCTIONS_WORKER_RUNTIME: 'dotnet-isolated' -} - -module updateAppSettings 'appSettings.bicep' = { - name: '${functionAppName}-appsettings' - params: { - webAppName: functionAppName - currentAppSettings: list(resourceId('Microsoft.Web/sites/config', functionAppName, 'appsettings'), '2023-01-01').properties - appSettings: appSettings - } -} - -var defaultFunctionKey = listkeys('${functionApp.id}/host/default', '2023-01-01').functionKeys.default -var forwardAlertToSlackTriggerUrl = 'https://${functionApp.properties.defaultHostName}/api/forwardalerttoslack?code=${defaultFunctionKey}' -resource notifyDevTeam 'Microsoft.Insights/actionGroups@2023-01-01' = { - name: '${namePrefix}-notify-devteam-ag' - location: 'Global' - properties: { - enabled: true - groupShortName: 'DevNotify' - azureFunctionReceivers: [ - { - name: functionApp.properties.defaultHostName - functionName: 'ForwardAlertToSlack' - functionAppResourceId: functionApp.id - httpTriggerUrl: forwardAlertToSlackTriggerUrl - useCommonAlertSchema: true - } - ] - } - tags: tags -} - -var query = ''' - union - (exceptions - | where not(customDimensions.['Service Type'] == 'API Management') - | where type != "ZiggyCreatures.Caching.Fusion.SyntheticTimeoutException"), - (traces - | where severityLevel >= 3 or (severityLevel >= 2 and customDimensions.SourceContext startswith "Digdir")) - | where customDimensions.RequestPath !startswith "/health" - | summarize Count = count() - by - Environment = tostring(customDimensions.EnvironmentName), - Type = itemType, - problemId, - tostring(customDimensions.MessageTemplate), - severityLevel - | extend SeverityLevel = case( - severityLevel == 0, "Verbose", - severityLevel == 1, "Information", - severityLevel == 2, "Warning", - severityLevel == 3, "Error", - severityLevel == 4, "Critical", - tostring(severityLevel) - ) - | extend Details = coalesce(problemId, customDimensions_MessageTemplate) - | extend Details = replace_string(Details, "Digdir.Domain.Dialogporten.", "") - | project Environment, Type, SeverityLevel, Count, Details - ''' -resource exceptionOccuredAlertRule 'Microsoft.Insights/scheduledQueryRules@2023-03-15-preview' = { - name: '${namePrefix}-exception-occured-sqr' - location: location - properties: { - enabled: true - severity: 1 - evaluationFrequency: 'PT5M' - windowSize: 'PT5M' - scopes: [applicationInsights.id] - autoMitigate: false - targetResourceTypes: [ - 'microsoft.insights/components' - ] - criteria: { - allOf: [ - { - query: query - operator: 'GreaterThan' - threshold: 0 - timeAggregation: 'Count' - failingPeriods: { - numberOfEvaluationPeriods: 1 - minFailingPeriodsToAlert: 1 - } - } - ] - } - actions: { - actionGroups: [ - notifyDevTeam.id - ] - } - } - tags: tags -} - -output functionAppPrincipalId string = functionApp.identity.principalId