IAC and internal improvements

Makefile

@@ -5,8 +5,9 @@ VERSION ?= 0.8.5
 BUILD_INFO ?= "Local makefile build"
 DAPR_RUN_LOGLEVEL := warn
 
-# Only change this if you know what you're doing
+# Only change these if testing with different components
 #DAPR_STORE_NAME := statestore-table
+#DAPR_PUBSUB_NAME := pubsub
 
 # Most likely want to override these when calling `make image-all`
 IMAGE_REG ?= ghcr.io

deploy/container-app/dapr-store.bicep

@@ -16,6 +16,9 @@ param imageBase string = 'ghcr.io/azure-samples/dapr-store'
 @description('Version of the container image')
 param imageTag string = 'latest'
 
+@description('Enable authentication with Entra ID, by setting a client ID')
+param authClientID string = '7faeb5dc-3110-4e4d-81d6-da6b56b1b955'
+
 // ===== Variables ============================================================
 
 // Using my own benc-uk/nanoproxy-proxy as a simple HTTP proxy for the API gateway
@@ -28,7 +31,7 @@ var imageUsers = '${imageBase}/users:${imageTag}'
 var imageCart = '${imageBase}/cart:${imageTag}'
 var imageFrontend = '${imageBase}/frontend-host:${imageTag}'
 
-var daprTableName = 'daprstate'
+var daprTableName = 'daprstate2222'
 
 // ===== Base shared resources ==================================================
 
@@ -47,7 +50,15 @@ module storageAcct 'modules/storage.bicep' = {
   name: 'storage-deploy'
   params: {
     name: 'daprstore'
-    tableName: daprTableName
+  }
+}
+
+module storageTable 'modules/storage-table.bicep' = {
+  scope: resGroup
+  name: 'storage-table-deploy'
+  params: {
+    name: daprTableName
+    storageAccountName: storageAcct.outputs.name
   }
 }
 
@@ -163,6 +174,13 @@ module productsApp './modules/app.bicep' = {
 
     daprAppId: 'products'
     daprAppPort: 9002
+
+    envs: [
+      {
+        name: 'AUTH_CLIENT_ID'
+        value: authClientID
+      }
+    ]
   }
 }
 
@@ -180,6 +198,13 @@ module ordersApp './modules/app.bicep' = {
 
     daprAppId: 'orders'
     daprAppPort: 9004
+
+    envs: [
+      {
+        name: 'AUTH_CLIENT_ID'
+        value: authClientID
+      }
+    ]
   }
 }
 
@@ -197,6 +222,13 @@ module usersApp './modules/app.bicep' = {
 
     daprAppId: 'users'
     daprAppPort: 9003
+
+    envs: [
+      {
+        name: 'AUTH_CLIENT_ID'
+        value: authClientID
+      }
+    ]
   }
 }
 
@@ -214,6 +246,13 @@ module cartApp './modules/app.bicep' = {
 
     daprAppId: 'cart'
     daprAppPort: 9001
+
+    envs: [
+      {
+        name: 'AUTH_CLIENT_ID'
+        value: authClientID
+      }
+    ]
   }
 }
 
@@ -228,6 +267,13 @@ module frontendApp './modules/app.bicep' = {
 
     ingressExternal: false
     ingressPort: 8000
+
+    envs: [
+      {
+        name: 'AUTH_CLIENT_ID'
+        value: authClientID
+      }
+    ]
   }
 }
 

deploy/container-app/modules/dapr-component.bicep

@@ -1,5 +1,5 @@
 // ============================================================================
-// Container App Environment to host container apps
+// Add Dapr Component to existing Container App Environment
 // ============================================================================
 
 @description('Existing Container App Environment')

deploy/container-app/modules/log-analytics.bicep

@@ -36,4 +36,3 @@ resource logWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' = {
 output id string = logWorkspace.id
 output name string = logWorkspace.name
 output customerId string = logWorkspace.properties.customerId
-//output sharedKey string = logWorkspace.listKeys().primarySharedKey

deploy/container-app/modules/storage-container.bicep

@@ -0,0 +1,37 @@
+// ============================================================================
+// A module to deploy a Blob container to an existing Storage Account
+// ============================================================================
+
+@description('Name of existing Storage Account')
+param storageAccountName string
+
+@description('Name of table to create')
+param name string
+
+@description('Public access level for container')
+@allowed([
+  'None'
+  'Blob'
+  'Container'
+])
+param publicAccess string = 'None'
+
+// ===== Modules & Resources ==================================================
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
+  name: storageAccountName
+}
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = {
+  name: 'default'
+  parent: storageAccount
+}
+
+resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-04-01' = {
+  parent: blobService
+  name: name
+
+  properties: {
+    publicAccess: publicAccess
+  }
+}

deploy/container-app/modules/storage-table.bicep

@@ -0,0 +1,25 @@
+// ============================================================================
+// A module to deploy a Storage Account Table to an existing Storage Account
+// ============================================================================
+
+@description('Name of existing Storage Account')
+param storageAccountName string
+
+@description('Name of table to create')
+param name string
+
+// ===== Modules & Resources ==================================================
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
+  name: storageAccountName
+}
+
+resource tableService 'Microsoft.Storage/storageAccounts/tableServices@2023-01-01' = {
+  name: 'default'
+  parent: storageAccount
+}
+
+resource table 'Microsoft.Storage/storageAccounts/tableServices/tables@2023-01-01' = {
+  parent: tableService
+  name: name
+}

deploy/container-app/modules/storage.bicep

@@ -9,13 +9,33 @@ param location string = resourceGroup().location
 param suffix string = '-${substring(uniqueString(resourceGroup().name), 0, 5)}'
 
 @description('Pick your storage SKU')
+@allowed([
+  'Standard_LRS'
+  'Standard_GRS'
+  'Standard_ZRS'
+  'Standard_RAGRS'
+  'Standard_RAGZRS'
+  'Premium_LRS'
+  'Premium_ZRS'
+])
 param sku string = 'Standard_LRS'
 
 @description('Pick your account kind')
+@allowed([
+  'StorageV2'
+  'Storage'
+  'BlobStorage'
+  'BlockBlobStorage'
+  'FileStorage'
+])
 param kind string = 'StorageV2'
 
-@description('Create a table, leave blank to not create a table')
-param tableName string = ''
+@description('Access tier')
+@allowed([
+  'Hot'
+  'Cool'
+])
+param accessTier string = 'Hot'
 
 // ===== Variables ============================================================
 
@@ -35,20 +55,11 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' = {
 
   properties: {
     supportsHttpsTrafficOnly: true
-    accessTier: 'Hot'
+    accessTier: accessTier
+    allowSharedKeyAccess: true
   }
 }
 
-resource tableService 'Microsoft.Storage/storageAccounts/tableServices@2023-01-01' = if (tableName != '') {
-  name: 'default'
-  parent: storageAccount
-}
-
-resource table 'Microsoft.Storage/storageAccounts/tableServices/tables@2023-01-01' = if (tableName != '') {
-  parent: tableService
-  name: tableName
-}
-
 // ===== Outputs ==============================================================
 
 output resourceId string = storageAccount.id

etc/api-check.http → etc/api-examples.http

@@ -1,7 +1,11 @@
-#@host = staging.daprstore.benco.io
-#@host = daprstore.kube.benco.io
+# ===================================================================
+# File for the VS Code REST Client extension
+# https://marketplace.visualstudio.com/items?itemName=humao.rest-client
+# Provides a quick way to test & call the API wihout needing Postman
+# ===================================================================
+
 @host = localhost:9000
-@user = {{user}}
+@user = 00000000-1111-2222-3333-abcdef123456
 
 # ===================================================================
 # Products API
@@ -49,7 +53,7 @@ content-type: application/json
 # ===================================================================
 
 ### Get existing order
-GET http://{{host}}/v1.0/invoke/orders/method/get/LsWIO 
+GET http://{{host}}/v1.0/invoke/orders/method/get/qf2ah 
 
 ### Get orders for user
 GET http://{{host}}/v1.0/invoke/orders/method/getForUser/{{user}}

scripts/clear-redis.sh

@@ -7,8 +7,9 @@
 echo "🠶🠶🠶  WARNING! 💥 This will clear all Redis state"
 read -r -p "🠶🠶🠶  Press enter to continue, or ctrl-c to exit"
 
-docker info > /dev/null 2>&1 || { echo "Docker is not running!"; exit 1; }
+docker info >/dev/null 2>&1 || {
+  echo "Docker is not running!"
+  exit 1
+}
 
-docker run --rm --network host redis redis-cli --scan --pattern "orders||*" | xargs redis-cli del
-docker run --rm --network host redis redis-cli --scan --pattern "users||*" | xargs redis-cli del
-docker run --rm --network host redis redis-cli --scan --pattern "cart||*" | xargs redis-cli del
+docker run --rm --network host redis redis-cli flushall

scripts/local-gateway/gateway.conf

@@ -0,0 +1,12 @@
+server {
+  listen 9000;
+
+  location /v1.0 {
+    proxy_pass         http://localhost:3501;
+  }
+
+  location / {
+    proxy_pass         http://localhost:8000;
+  }  
+}
+

scripts/local-gateway/run.sh

@@ -1,9 +1,16 @@
 #!/bin/bash
 
-#
-# This script starts the local version of the API gateway
-# Wraps nginx-proxy.sh in `dapr run` so that nginx runs Dapr-ized
-#
+# =========================================================================
+# Starts the local version of the API gateway using Docker and NGINX
+# =========================================================================
+
+docker rm -f api-gateway || true
 
 scriptDir="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
-dapr run --app-id api-gateway --app-port 9000 --log-level warn "$scriptDir"/nginx-proxy.sh --resources-path "$scriptDir"/../../components
+
+dapr run --app-id api-gateway \
+  --app-port 9000 \
+  --log-level warn \
+  --dapr-http-port 3501 \
+  --resources-path "$scriptDir/../../components" \
+  -- docker run --rm --network host --mount type=bind,source="$scriptDir",target=/etc/nginx/conf.d/ --name api-gateway nginx:alpine