Bicep tidying and add max connections to iac

Altinn · Jan 8, 2025 · 468ec52 · 468ec52
1 parent 21dd934
commit 468ec52
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 35 deletions.
diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
@@ -29,22 +29,9 @@ param idportenClientSecret string
 
 @secure()
 param storageAccountName string
-
 param maskinporten_token_exchange_environment string
 
-import { Sku as KeyVaultSku } from '../modules/keyvault/create.bicep'
-param keyVaultSku KeyVaultSku
-
-param prodLikeEnvironment bool = environment == 'production' || maskinporten_token_exchange_environment == 'yt01'
-param postgresSku object = prodLikeEnvironment ? {
-    name: 'Standard_D8ads_v5'
-    tier: 'GeneralPurpose'
-  } : {
-    name: 'Standard_B1ms'
-    tier: 'Burstable'
-}
-
-
+var prodLikeEnvironment = environment == 'production' || maskinporten_token_exchange_environment == 'yt01'
 var resourceGroupName = '${namePrefix}-rg'
 
 // Create resource groups
@@ -59,7 +46,6 @@ module environmentKeyVault '../modules/keyvault/create.bicep' = {
   params: {
     vaultName: sourceKeyVaultName
     location: location
-    sku: keyVaultSku
     tenant_id: tenantId
     environment: environment
     test_client_id: test_client_id
@@ -129,9 +115,8 @@ module postgresql '../modules/postgreSql/create.bicep' = {
     srcKeyVault: srcKeyVault
     srcSecretName: correspondenceAdminPasswordSecretName
     administratorLoginPassword: correspondencePgAdminPassword
-    sku: postgresSku
-    iopsTier: prodLikeEnvironment ? 'P15': 'P4'
     tenantId: tenantId
+    prodLikeEnvironment: prodLikeEnvironment
   }
 }
 

diff --git a/.azure/infrastructure/params.bicepparam b/.azure/infrastructure/params.bicepparam
@@ -18,8 +18,3 @@ param slackUrl = readEnvironmentVariable('SLACK_URL')
 param idportenClientId = readEnvironmentVariable('IDPORTEN_CLIENT_ID')
 param idportenClientSecret = readEnvironmentVariable('IDPORTEN_CLIENT_SECRET')
 param maskinporten_token_exchange_environment = readEnvironmentVariable('MASKINPORTEN_TOKEN_EXCHANGE_ENVIRONMENT')
-// SKUs
-param keyVaultSku = {
-  name: 'standard'
-  family: 'A'
-}
diff --git a/.azure/modules/keyvault/create.bicep b/.azure/modules/keyvault/create.bicep
@@ -5,12 +5,6 @@ param environment string
 param tenant_id string
 @secure()
 param test_client_id string
-@export()
-type Sku = {
-  name: 'standard'
-  family: 'A'
-}
-param sku Sku
 
 resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
   name: vaultName
@@ -19,7 +13,10 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
     enabledForTemplateDeployment: true
     enabledForDiskEncryption: true
     enabledForDeployment: true
-    sku: sku
+    sku: {
+      name: 'standard'
+      family: 'A'
+    }
     tenantId: tenant_id
     accessPolicies: environment == 'test'
       ? [

diff --git a/.azure/modules/postgreSql/create.bicep b/.azure/modules/postgreSql/create.bicep
@@ -3,8 +3,6 @@ param location string
 param environmentKeyVaultName string
 param srcSecretName string
 
-param sku object
-param iopsTier string
 @secure()
 param srcKeyVault object
 
@@ -13,6 +11,8 @@ param administratorLoginPassword string
 @secure()
 param tenantId string
 
+param prodLikeEnvironment bool
+
 var databaseName = 'correspondence'
 var databaseUser = 'adminuser'
 var poolSize = 100
@@ -48,7 +48,7 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2023-12-01-preview'
     storage: {
       storageSizeGB: 32
       autoGrow: 'Enabled'
-      tier: iopsTier
+      tier: prodLikeEnvironment ? 'P15': 'P4'
     }
     backup: { backupRetentionDays: 35 }
     authConfig: {
@@ -57,10 +57,16 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2023-12-01-preview'
       tenantId: tenantId
     }
   }
-  sku: sku
+  sku: prodLikeEnvironment ? {
+    name: 'Standard_D8ads_v5'
+    tier: 'GeneralPurpose'
+  } : {
+    name: 'Standard_B1ms'
+    tier: 'Burstable'
+  }
 }
 
-resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2022-12-01' = {
+resource extensionsConfiguration 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2022-12-01' = {
   name: 'azure.extensions'
   parent: postgres
   dependsOn: [database]
@@ -70,6 +76,16 @@ resource configurations 'Microsoft.DBforPostgreSQL/flexibleServers/configuration
   }
 }
 
+resource maxConnectionsConfiguration 'Microsoft.DBforPostgreSQL/flexibleServers/configurations@2022-12-01' = {
+  name: 'max_connections'
+  parent: postgres
+  dependsOn: [database]
+  properties: {
+    value: prodLikeEnvironment ? '3000' : '50'
+    source: 'user-override'
+  }
+}
+
 resource database 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-06-01-preview' = {
   name: databaseName
   parent: postgres
@@ -82,7 +98,7 @@ resource database 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-06-0
 resource allowAzureAccess 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-06-01-preview' = {
   name: 'azure-access'
   parent: postgres
-  dependsOn: [configurations] // Needs to depend on database to avoid updating at the same time
+  dependsOn: [database, extensionsConfiguration, maxConnectionsConfiguration] // Needs to depend on database to avoid updating at the same time
   properties: {
     startIpAddress: '0.0.0.0'
     endIpAddress: '0.0.0.0'