feat: Container App - Updated UDTs to pending specs (#4123)

AlexanderSehr · web-flow · commit c1f33173fc86 · 2025-01-05T18:48:40.000-06:00
## Description Updated user-defined types with pending Azure/Azure-Verified-Modules#1738 & #4098. ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.app.container-app](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.app.container-app.yml/badge.svg?branch=users%2Falsehr%2FcontainerApp_udt&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.app.container-app.yml) | ## Type of Change  - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation
diff --git a/avm/res/app/container-app/README.md b/avm/res/app/container-app/README.md
@@ -8,6 +8,7 @@ This module deploys a Container App.
 - [Usage examples](#Usage-examples)
 - [Parameters](#Parameters)
 - [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
 - [Data Collection](#Data-Collection)
 
 ## Resource Types
@@ -1086,7 +1087,7 @@ List of probes for the container.
 | [`initialDelaySeconds`](#parameter-containersprobesinitialdelayseconds) | int | Number of seconds after the container has started before liveness probes are initiated. |
 | [`periodSeconds`](#parameter-containersprobesperiodseconds) | int | How often (in seconds) to perform the probe. Default to 10 seconds. |
 | [`successThreshold`](#parameter-containersprobessuccessthreshold) | int | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. |
-| [`tcpSocket`](#parameter-containersprobestcpsocket) | object | TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported. |
+| [`tcpSocket`](#parameter-containersprobestcpsocket) | object | The TCP socket specifies an action involving a TCP port. TCP hooks not yet supported. |
 | [`terminationGracePeriodSeconds`](#parameter-containersprobesterminationgraceperiodseconds) | int | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour). |
 | [`timeoutSeconds`](#parameter-containersprobestimeoutseconds) | int | Number of seconds after which the probe times out. Defaults to 1 second. |
 | [`type`](#parameter-containersprobestype) | string | The type of probe. |
@@ -1230,7 +1231,7 @@ Minimum consecutive successes for the probe to be considered successful after ha
 
 ### Parameter: `containers.probes.tcpSocket`
 
-TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported.
+The TCP socket specifies an action involving a TCP port. TCP hooks not yet supported.
 
 - Required: No
 - Type: object
@@ -1650,7 +1651,7 @@ The managed identity definition for this resource.
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
 | [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
-| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
+| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. |
 
 ### Parameter: `managedIdentities.systemAssigned`
 
@@ -1661,7 +1662,7 @@ Enables system assigned managed identity on the resource.
 
 ### Parameter: `managedIdentities.userAssignedResourceIds`
 
-The resource ID(s) to assign to the resource.
+The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.
 
 - Required: No
 - Type: array
@@ -1943,6 +1944,14 @@ Workload profile name to pin for container app execution.
 | `resourceId` | string | The resource ID of the Container App. |
 | `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
 
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `br/public:avm/utl/types/avm-common-types:0.4.1` | Remote reference |
+
 ## Data Collection
 
 The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/avm/res/app/container-app/main.bicep b/avm/res/app/container-app/main.bicep
@@ -23,7 +23,7 @@ param ingressExternal bool = true
 param clientCertificateMode string = 'ignore'
 
 @description('Optional. Object userd to configure CORS policy.')
-param corsPolicy corsPolicyType
+param corsPolicy corsPolicyType?
 
 @allowed([
   'none'
@@ -48,7 +48,7 @@ param service object = {}
 param includeAddOns bool = false
 
 @description('Optional. Settings to expose additional ports on container app.')
-param additionalPortMappings ingressPortMapping[]?
+param additionalPortMappings ingressPortMappingType[]?
 
 @description('Optional. Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections.')
 param ingressAllowInsecure bool = true
@@ -66,7 +66,7 @@ param scaleMinReplicas int = 3
 param scaleRules array = []
 
 @description('Optional. List of container app services bound to the app.')
-param serviceBinds serviceBind[]?
+param serviceBinds serviceBindingType[]?
 
 @allowed([
   'Multiple'
@@ -78,20 +78,23 @@ param activeRevisionsMode string = 'Single'
 @description('Required. Resource ID of environment.')
 param environmentResourceId string
 
+import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.4.1'
 @description('Optional. The lock settings of the service.')
-param lock lockType
+param lock lockType?
 
 @description('Optional. Tags of the resource.')
 param tags object?
 
 @description('Optional. Collection of private container registry credentials for containers used by the Container app.')
 param registries array = []
 
+import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.1'
 @description('Optional. The managed identity definition for this resource.')
-param managedIdentities managedIdentitiesType
+param managedIdentities managedIdentityAllType?
 
+import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.4.1'
 @description('Optional. Array of role assignments to create.')
-param roleAssignments roleAssignmentType
+param roleAssignments roleAssignmentType[]?
 
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
@@ -124,7 +127,7 @@ param dapr object = {}
 param maxInactiveRevisions int = 0
 
 @description('Required. List of container definitions for the Container App.')
-param containers container[]
+param containers containerType[]
 
 @description('Optional. List of specialized containers that run before app containers.')
 param initContainersTemplate array = []
@@ -323,57 +326,17 @@ output location string = containerApp.location
 //   Definitions   //
 // =============== //
 
-type managedIdentitiesType = {
-  @description('Optional. Enables system assigned managed identity on the resource.')
-  systemAssigned: bool?
-
-  @description('Optional. The resource ID(s) to assign to the resource.')
-  userAssignedResourceIds: string[]?
-}?
-
-type lockType = {
-  @description('Optional. Specify the name of lock.')
-  name: string?
-
-  @description('Optional. Specify the type of lock.')
-  kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
-  @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.')
-  name: string?
-
-  @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-  roleDefinitionIdOrName: string
-
-  @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
-  principalId: string
-
-  @description('Optional. The principal type of the assigned principal ID.')
-  principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?
-
-  @description('Optional. The description of the role assignment.')
-  description: string?
-
-  @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".')
-  condition: string?
-
-  @description('Optional. Version of the condition.')
-  conditionVersion: '2.0'?
-
-  @description('Optional. The Resource Id of the delegated managed identity resource.')
-  delegatedManagedIdentityResourceId: string?
-}[]?
-
-type container = {
+@export()
+@description('The type for a container.')
+type containerType = {
   @description('Optional. Container start command arguments.')
   args: string[]?
 
   @description('Optional. Container start command.')
   command: string[]?
 
   @description('Optional. Container environment variables.')
-  env: environmentVar[]?
+  env: environmentVarType[]?
 
   @description('Required. Container image tag.')
   image: string
@@ -382,16 +345,18 @@ type container = {
   name: string?
 
   @description('Optional. List of probes for the container.')
-  probes: containerAppProbe[]?
+  probes: containerAppProbeType[]?
 
   @description('Required. Container resource requirements.')
   resources: object
 
   @description('Optional. Container volume mounts.')
-  volumeMounts: volumeMount[]?
+  volumeMounts: volumeMountType[]?
 }
 
-type ingressPortMapping = {
+@export()
+@description('The type for an ingress port mapping.')
+type ingressPortMappingType = {
   @description('Optional. Specifies the exposed port for the target port. If not specified, it defaults to target port.')
   exposedPort: int?
 
@@ -402,15 +367,18 @@ type ingressPortMapping = {
   targetPort: int
 }
 
-type serviceBind = {
+@description('The type for a service binding.')
+type serviceBindingType = {
   @description('Required. The name of the service.')
   name: string
 
   @description('Required. The service ID.')
   serviceId: string
 }
 
-type environmentVar = {
+@export()
+@description('The type for an environment variable.')
+type environmentVarType = {
   @description('Required. Environment variable name.')
   name: string
 
@@ -421,14 +389,15 @@ type environmentVar = {
   value: string?
 }
 
-type containerAppProbe = {
+@description('The type for a container app probe.')
+type containerAppProbeType = {
   @description('Optional. Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3.')
   @minValue(1)
   @maxValue(10)
   failureThreshold: int?
 
   @description('Optional. HTTPGet specifies the http request to perform.')
-  httpGet: containerAppProbeHttpGet?
+  httpGet: containerAppProbeHttpGetType?
 
   @description('Optional. Number of seconds after the container has started before liveness probes are initiated.')
   @minValue(1)
@@ -445,8 +414,8 @@ type containerAppProbe = {
   @maxValue(10)
   successThreshold: int?
 
-  @description('Optional. TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported.')
-  tcpSocket: containerAppProbeTcpSocket?
+  @description('Optional. The TCP socket specifies an action involving a TCP port. TCP hooks not yet supported.')
+  tcpSocket: containerAppProbeTcpSocketType?
 
   @description('Optional. Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod\'s terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate. Maximum value is 3600 seconds (1 hour).')
   terminationGracePeriodSeconds: int?
@@ -460,6 +429,8 @@ type containerAppProbe = {
   type: ('Liveness' | 'Startup' | 'Readiness')?
 }
 
+@export()
+@description('The type for a CORS policy.')
 type corsPolicyType = {
   @description('Optional. Switch to determine whether the resource allows credentials.')
   allowCredentials: bool?
@@ -478,14 +449,15 @@ type corsPolicyType = {
 
   @description('Optional. Specifies the content for the access-control-max-age header.')
   maxAge: int?
-}?
+}
 
-type containerAppProbeHttpGet = {
+@description('The type for a container app probe HTTP GET.')
+type containerAppProbeHttpGetType = {
   @description('Optional. Host name to connect to. Defaults to the pod IP.')
   host: string?
 
   @description('Optional. HTTP headers to set in the request.')
-  httpHeaders: containerAppProbeHttpGetHeadersItem[]?
+  httpHeaders: containerAppProbeHttpGetHeadersItemType[]?
 
   @description('Required. Path to access on the HTTP server.')
   path: string
@@ -497,15 +469,17 @@ type containerAppProbeHttpGet = {
   scheme: ('HTTP' | 'HTTPS')?
 }
 
-type containerAppProbeHttpGetHeadersItem = {
+@description('The type for a container app probe HTTP GET header.')
+type containerAppProbeHttpGetHeadersItemType = {
   @description('Required. Name of the header.')
   name: string
 
   @description('Required. Value of the header.')
   value: string
 }
 
-type containerAppProbeTcpSocket = {
+@description('The type for a container app probe TCP socket.')
+type containerAppProbeTcpSocketType = {
   @description('Optional. Host name to connect to, defaults to the pod IP.')
   host: string?
 
@@ -515,7 +489,8 @@ type containerAppProbeTcpSocket = {
   port: int
 }
 
-type volumeMount = {
+@description('The type for a volume mount.')
+type volumeMountType = {
   @description('Required. Path within the container at which the volume should be mounted.Must not contain \':\'.')
   mountPath: string
 
diff --git a/avm/res/app/container-app/main.json b/avm/res/app/container-app/main.json
