@@ -83,6 +83,9 @@ var resourceToken = toLower(uniqueString(subscription().id, environmentName, loc
8383var tags = union ({ 'azd-env-name' : environmentName }, empty (aliasTag ) ? {} : { alias : aliasTag })
8484var allowedOrigins = empty (allowedOrigin ) ? [webApp .outputs .uri ] : [webApp .outputs .uri , allowedOrigin ]
8585
86+ var indexerApiIdentityName = '${abbrs .managedIdentityUserAssignedIdentities }indexer-api-${resourceToken }'
87+ var searchApiIdentityName = '${abbrs .managedIdentityUserAssignedIdentities }search-api-${resourceToken }'
88+
8689// Organize resources in a resource group
8790resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
8891 name : !empty (resourceGroupName ) ? resourceGroupName : '${abbrs .resourcesResourceGroups }${environmentName }'
@@ -142,6 +145,16 @@ module webApp './core/host/staticwebapp.bicep' = {
142145 }
143146}
144147
148+ // search API identity
149+ module searchApiIdentity 'core/security/managed-identity.bicep' = {
150+ name : 'search-api-identity'
151+ scope : resourceGroup
152+ params : {
153+ name : searchApiIdentityName
154+ location : location
155+ }
156+ }
157+
145158// The search API
146159module searchApi './core/host/container-app.bicep' = {
147160 name : 'search-api'
@@ -152,7 +165,7 @@ module searchApi './core/host/container-app.bicep' = {
152165 tags : union (tags , { 'azd-service-name' : searchApiName })
153166 containerAppsEnvironmentName : containerApps .outputs .environmentName
154167 containerRegistryName : containerApps .outputs .registryName
155- identityType : 'SystemAssigned'
168+ identityName : searchApiIdentityName
156169 allowedOrigins : allowedOrigins
157170 containerCpuCoreCount : '1.0'
158171 containerMemory : '2.0Gi'
@@ -200,15 +213,29 @@ module searchApi './core/host/container-app.bicep' = {
200213 value : storageContainerName
201214 }
202215 {
203- name : 'APPLICATIONINSIGHTS_CONNECTION_STRING'
204- secretRef : 'appinsights-cs'
216+ name : 'APPLICATIONINSIGHTS_CONNECTION_STRING'
217+ secretRef : 'appinsights-cs'
218+ }
219+ {
220+ name : 'AZURE_CLIENT_ID'
221+ value : searchApiIdentity .outputs .clientId
205222 }
206223 ]
207224 imageName : !empty (searchApiImageName ) ? searchApiImageName : 'nginx:latest'
208225 targetPort : 3000
209226 }
210227}
211228
229+ // Indexer API identity
230+ module indexerApiIdentity 'core/security/managed-identity.bicep' = {
231+ name : 'indexer-api-identity'
232+ scope : resourceGroup
233+ params : {
234+ name : indexerApiIdentityName
235+ location : location
236+ }
237+ }
238+
212239// The indexer API
213240module indexerApi './core/host/container-app.bicep' = {
214241 name : 'indexer-api'
@@ -219,7 +246,7 @@ module indexerApi './core/host/container-app.bicep' = {
219246 tags : union (tags , { 'azd-service-name' : indexerApiName })
220247 containerAppsEnvironmentName : containerApps .outputs .environmentName
221248 containerRegistryName : containerApps .outputs .registryName
222- identityType : 'SystemAssigned'
249+ identityName : indexerApiIdentityName
223250 containerCpuCoreCount : '1.0'
224251 containerMemory : '2.0Gi'
225252 secrets : [
@@ -266,8 +293,12 @@ module indexerApi './core/host/container-app.bicep' = {
266293 value : storageContainerName
267294 }
268295 {
269- name : 'APPLICATIONINSIGHTS_CONNECTION_STRING'
270- secretRef : 'appinsights-cs'
296+ name : 'APPLICATIONINSIGHTS_CONNECTION_STRING'
297+ secretRef : 'appinsights-cs'
298+ }
299+ {
300+ name : 'AZURE_CLIENT_ID'
301+ value : indexerApiIdentity .outputs .clientId
271302 }
272303 ]
273304 imageName : !empty (indexerApiImageName ) ? indexerApiImageName : 'nginx:latest'
@@ -505,3 +536,6 @@ output INDEXER_API_URI string = indexerApi.outputs.uri
505536
506537output ALLOWED_ORIGINS string = join (allowedOrigins , ',' )
507538output BACKEND_URI string = !empty (backendUri ) ? backendUri : searchApi .outputs .uri
539+
540+ output INDEXER_PRINCIPAL_ID string = indexerApi .outputs .identityPrincipalId
541+ output SEARCH_API_PRINCIPAL_ID string = searchApi .outputs .identityPrincipalId
0 commit comments