Skip to content

Commit fea8822

Browse files
committed
Fix review findings: missing params, descriptions, identity, hardcoded values
- Add missing sqlAdminLogin param to saas-startup bicepparam - Add @description to tags param in all 3 Bicep examples - Expose aksAdminUsername as param in AI startup (Bicep + TF) - Add identity block to web container app in SaaS (Bicep + TF) - Complete policy module outputs (all 8 assignments) - Use set -euo pipefail in all scripts - Update git origin to sslz repo
1 parent 3453bbe commit fea8822

File tree

9 files changed

+38
-10
lines changed

9 files changed

+38
-10
lines changed

.devcontainer/post-create.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/bin/bash
2-
set -e
2+
set -euo pipefail
33

44
echo "Installing jq and shellcheck..."
55
sudo apt-get update -qq && sudo apt-get install -y -qq jq shellcheck > /dev/null

diagrams/generate.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# Outputs PNG and SVG files for use in docs and presentations
55
# Requires: npx (Node.js) OR docker
66
# ==============================================================================
7-
set -e
7+
set -euo pipefail
88

99
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
1010
OUTPUT_DIR="${SCRIPT_DIR}/output"

examples/ai-startup/main.bicep

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@ param kubernetesVersion string = '1.30'
3333
@description('SSH public key for AKS nodes')
3434
param sshPublicKey string
3535

36+
@description('Linux admin username for AKS nodes')
37+
param aksAdminUsername string = 'azureuser'
38+
39+
@description('Resource tags applied to all deployed resources')
3640
param tags object = {
3741
environment: environment
3842
team: 'ml-engineering'
@@ -96,7 +100,7 @@ resource aks 'Microsoft.ContainerService/managedClusters@2024-09-01' = {
96100
}
97101
}
98102
linuxProfile: {
99-
adminUsername: 'azureuser'
103+
adminUsername: aksAdminUsername
100104
ssh: {
101105
publicKeys: [
102106
{

examples/ai-startup/terraform/main.tf

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,12 @@ variable "ssh_public_key" {
105105
type = string
106106
}
107107

108+
variable "aks_admin_username" {
109+
description = "Linux admin username for AKS nodes"
110+
type = string
111+
default = "azureuser"
112+
}
113+
108114
variable "tags" {
109115
description = "Tags applied to all resources"
110116
type = map(string)
@@ -181,7 +187,7 @@ resource "azurerm_kubernetes_cluster" "this" {
181187
}
182188

183189
linux_profile {
184-
admin_username = "azureuser"
190+
admin_username = var.aks_admin_username
185191
ssh_key {
186192
key_data = var.ssh_public_key
187193
}

examples/api-first-startup/main.bicep

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ param apimPublisherEmail string
2424
@description('APIM publisher name')
2525
param apimPublisherName string
2626

27+
@description('Resource tags applied to all deployed resources')
2728
param tags object = {
2829
environment: environment
2930
team: 'engineering'

examples/saas-startup/main.bicep

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ param privateEndpointSubnetId string = ''
3838
@description('VNet resource ID for Private DNS Zone links. Required when deployPrivateEndpoints is true. Example: /subscriptions/.../virtualNetworks/vnet-prod')
3939
param vnetId string = ''
4040

41+
@description('Resource tags applied to all deployed resources')
4142
param tags object = {
4243
environment: environment
4344
team: 'engineering'
@@ -138,6 +139,7 @@ resource webApp 'Microsoft.App/containerApps@2024-03-01' = {
138139
name: 'ca-${appName}-web'
139140
location: location
140141
tags: tags
142+
identity: { type: 'SystemAssigned' }
141143
properties: {
142144
managedEnvironmentId: cae.id
143145
configuration: {

examples/saas-startup/main.bicepparam

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ param appName = 'mysaas'
88
param environment = 'prod'
99
param apiImage = 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
1010
param webImage = 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
11+
param sqlAdminLogin = '<replace-with-admin-username>'
1112
// In production, use Key Vault references instead of inline passwords.
1213
// See: https://learn.microsoft.com/azure/azure-resource-manager/bicep/key-vault-parameter
1314
param sqlAdminPassword = '<replace-with-secure-password>'

examples/saas-startup/terraform/main.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,10 @@ resource "azurerm_container_app" "web" {
231231
revision_mode = "Single"
232232
tags = local.tags
233233

234+
identity {
235+
type = "SystemAssigned"
236+
}
237+
234238
ingress {
235239
external_enabled = true
236240
target_port = 80
Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,27 @@
11
output "policy_assignment_ids" {
22
description = "Map of policy assignment resource IDs"
33
value = {
4-
mcsb = azurerm_subscription_policy_assignment.mcsb.id
5-
allowed_locations = azurerm_subscription_policy_assignment.allowed_locations.id
6-
activity_log_diag = azurerm_subscription_policy_assignment.activity_log_diag.id
4+
mcsb = azurerm_subscription_policy_assignment.mcsb.id
5+
allowed_locations = azurerm_subscription_policy_assignment.allowed_locations.id
6+
allowed_locations_rg = azurerm_subscription_policy_assignment.allowed_locations_rg.id
7+
require_env_tag = azurerm_subscription_policy_assignment.require_env_tag.id
8+
require_team_tag = azurerm_subscription_policy_assignment.require_team_tag.id
9+
inherit_env_tag = azurerm_subscription_policy_assignment.inherit_env_tag.id
10+
inherit_team_tag = azurerm_subscription_policy_assignment.inherit_team_tag.id
11+
activity_log_diag = azurerm_subscription_policy_assignment.activity_log_diag.id
712
}
813
}
914

1015
output "policy_assignment_names" {
1116
description = "Map of policy assignment names"
1217
value = {
13-
mcsb = azurerm_subscription_policy_assignment.mcsb.name
14-
allowed_locations = azurerm_subscription_policy_assignment.allowed_locations.name
15-
activity_log_diag = azurerm_subscription_policy_assignment.activity_log_diag.name
18+
mcsb = azurerm_subscription_policy_assignment.mcsb.name
19+
allowed_locations = azurerm_subscription_policy_assignment.allowed_locations.name
20+
allowed_locations_rg = azurerm_subscription_policy_assignment.allowed_locations_rg.name
21+
require_env_tag = azurerm_subscription_policy_assignment.require_env_tag.name
22+
require_team_tag = azurerm_subscription_policy_assignment.require_team_tag.name
23+
inherit_env_tag = azurerm_subscription_policy_assignment.inherit_env_tag.name
24+
inherit_team_tag = azurerm_subscription_policy_assignment.inherit_team_tag.name
25+
activity_log_diag = azurerm_subscription_policy_assignment.activity_log_diag.name
1626
}
1727
}

0 commit comments

Comments
 (0)