Update infra/core with latest

infra/core/ai/cognitiveservices.bicep

@@ -1,45 +1,42 @@
-param name string
-param location string = resourceGroup().location
-param tags object = {}
-
-param customSubDomainName string = name
-param deployments array = []
-param kind string = 'OpenAI'
-param publicNetworkAccess string = 'Enabled'
-param sku object = {
-  name: 'S0'
-}
-
-resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
-  name: name
-  location: location
-  tags: tags
-  kind: kind
-  properties: {
-    customSubDomainName: customSubDomainName
-    publicNetworkAccess: publicNetworkAccess
-    networkAcls: {
-      bypass: 'AzureServices'
-      defaultAction: 'Allow'
-    }
-  }
-  sku: sku
-}
-
-@batchSize(1)
-resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
-  parent: account
-  name: deployment.name
-  properties: {
-    model: deployment.model
-    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
-  }
-  sku: contains(deployment, 'sku') ? deployment.sku : {
-    name: 'Standard'
-    capacity: 20
-  }
-}]
-
-output endpoint string = account.properties.endpoint
-output id string = account.id
-output name string = account.name
+metadata description = 'Creates an Azure Cognitive Services instance.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+    model: deployment.model
+    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+  }
+  sku: contains(deployment, 'sku') ? deployment.sku : {
+    name: 'Standard'
+    capacity: 20
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name

infra/core/host/appservice-appsettings.bicep

@@ -0,0 +1,17 @@
+metadata description = 'Updates app settings for an Azure App Service.'
+@description('The name of the app service resource within the current resource group scope')
+param name string
+
+@description('The app settings to be applied to the app service')
+@secure()
+param appSettings object
+
+resource appService 'Microsoft.Web/sites@2022-03-01' existing = {
+  name: name
+}
+
+resource settings 'Microsoft.Web/sites/config@2022-03-01' = {
+  name: 'appsettings'
+  parent: appService
+  properties: appSettings
+}

infra/core/host/appservice.bicep

@@ -1,118 +1,118 @@
-param name string
-param location string = resourceGroup().location
-param tags object = {}
-
-// Reference Properties
-param applicationInsightsName string = ''
-param appServicePlanId string
-param keyVaultName string = ''
-param managedIdentity bool = !empty(keyVaultName)
-
-// Runtime Properties
-@allowed([
-  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
-])
-param runtimeName string
-param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
-param runtimeVersion string
-
-// Microsoft.Web/sites Properties
-param kind string = 'app,linux'
-
-// Microsoft.Web/sites/config
-param allowedOrigins array = []
-param alwaysOn bool = true
-param appCommandLine string = ''
-param appSettings object = {}
-param clientAffinityEnabled bool = false
-param enableOryxBuild bool = contains(kind, 'linux')
-param functionAppScaleLimit int = -1
-param linuxFxVersion string = runtimeNameAndVersion
-param minimumElasticInstanceCount int = -1
-param numberOfWorkers int = -1
-param scmDoBuildDuringDeployment bool = false
-param use32BitWorkerProcess bool = false
-param ftpsState string = 'FtpsOnly'
-param healthCheckPath string = ''
-
-resource appService 'Microsoft.Web/sites@2022-03-01' = {
-  name: name
-  location: location
-  tags: tags
-  kind: kind
-  properties: {
-    serverFarmId: appServicePlanId
-    siteConfig: {
-      linuxFxVersion: linuxFxVersion
-      alwaysOn: alwaysOn
-      ftpsState: ftpsState
-      appCommandLine: appCommandLine
-      numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null
-      minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null
-      minTlsVersion: '1.2'
-      use32BitWorkerProcess: use32BitWorkerProcess
-      functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null
-      healthCheckPath: healthCheckPath
-      cors: {
-        allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
-      }
-    }
-    clientAffinityEnabled: clientAffinityEnabled
-    httpsOnly: true
-  }
-
-  resource ftpsPublishingCredentials 'basicPublishingCredentialsPolicies' = {
-    name: 'ftp'
-    kind: 'ftp'
-    properties: {
-      allow: true
-    }
-  }
-
-  resource scmPublishingCredentials 'basicPublishingCredentialsPolicies' = {
-    name: 'scm'
-    kind: 'scm'
-    properties: {
-      allow: true
-    }
-  }
-
-  identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
-
-  resource configAppSettings 'config' = {
-    name: 'appsettings'
-    properties: union(appSettings,
-      {
-        SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
-        ENABLE_ORYX_BUILD: string(enableOryxBuild)
-      },
-      runtimeName == 'python' ? { PYTHON_ENABLE_GUNICORN_MULTIWORKERS: 'true'} : {},
-      !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
-      !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
-  }
-
-  resource configLogs 'config' = {
-    name: 'logs'
-    properties: {
-      applicationLogs: { fileSystem: { level: 'Verbose' } }
-      detailedErrorMessages: { enabled: true }
-      failedRequestsTracing: { enabled: true }
-      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
-    }
-    dependsOn: [
-      configAppSettings
-    ]
-  }
-}
-
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
-  name: keyVaultName
-}
-
-resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
-  name: applicationInsightsName
-}
-
-output identityPrincipalId string = managedIdentity ? appService.identity.principalId : ''
-output name string = appService.name
-output uri string = 'https://${appService.properties.defaultHostName}'
+metadata description = 'Creates an Azure App Service in an existing Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+// Reference Properties
+param applicationInsightsName string = ''
+param appServicePlanId string
+param keyVaultName string = ''
+param managedIdentity bool = !empty(keyVaultName)
+
+// Runtime Properties
+@allowed([
+  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
+])
+param runtimeName string
+param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
+param runtimeVersion string
+
+// Microsoft.Web/sites Properties
+param kind string = 'app,linux'
+
+// Microsoft.Web/sites/config
+param allowedOrigins array = []
+param alwaysOn bool = true
+param appCommandLine string = ''
+@secure()
+param appSettings object = {}
+param clientAffinityEnabled bool = false
+param enableOryxBuild bool = contains(kind, 'linux')
+param functionAppScaleLimit int = -1
+param linuxFxVersion string = runtimeNameAndVersion
+param minimumElasticInstanceCount int = -1
+param numberOfWorkers int = -1
+param scmDoBuildDuringDeployment bool = false
+param use32BitWorkerProcess bool = false
+param ftpsState string = 'FtpsOnly'
+param healthCheckPath string = ''
+
+resource appService 'Microsoft.Web/sites@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    serverFarmId: appServicePlanId
+    siteConfig: {
+      linuxFxVersion: linuxFxVersion
+      alwaysOn: alwaysOn
+      ftpsState: ftpsState
+      minTlsVersion: '1.2'
+      appCommandLine: appCommandLine
+      numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null
+      minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null
+      use32BitWorkerProcess: use32BitWorkerProcess
+      functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null
+      healthCheckPath: healthCheckPath
+      cors: {
+        allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
+      }
+    }
+    clientAffinityEnabled: clientAffinityEnabled
+    httpsOnly: true
+  }
+
+  identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
+
+  resource configLogs 'config' = {
+    name: 'logs'
+    properties: {
+      applicationLogs: { fileSystem: { level: 'Verbose' } }
+      detailedErrorMessages: { enabled: true }
+      failedRequestsTracing: { enabled: true }
+      httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+    }
+  }
+
+  resource basicPublishingCredentialsPoliciesFtp 'basicPublishingCredentialsPolicies' = {
+    name: 'ftp'
+    properties: {
+      allow: false
+    }
+  }
+
+  resource basicPublishingCredentialsPoliciesScm 'basicPublishingCredentialsPolicies' = {
+    name: 'scm'
+    properties: {
+      allow: false
+    }
+  }
+}
+
+module config 'appservice-appsettings.bicep' = if (!empty(appSettings)) {
+  name: '${name}-appSettings'
+  params: {
+    name: appService.name
+    appSettings: union(appSettings,
+      {
+        SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
+        ENABLE_ORYX_BUILD: string(enableOryxBuild)
+      },
+      runtimeName == 'python' && appCommandLine == '' ? { PYTHON_ENABLE_GUNICORN_MULTIWORKERS: 'true'} : {},
+      !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
+      !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
+  name: keyVaultName
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
+  name: applicationInsightsName
+}
+
+output identityPrincipalId string = managedIdentity ? appService.identity.principalId : ''
+output name string = appService.name
+output uri string = 'https://${appService.properties.defaultHostName}'

infra/core/host/appserviceplan.bicep

@@ -1,21 +1,22 @@
-param name string
-param location string = resourceGroup().location
-param tags object = {}
-
-param kind string = ''
-param reserved bool = true
-param sku object
-
-resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
-  name: name
-  location: location
-  tags: tags
-  sku: sku
-  kind: kind
-  properties: {
-    reserved: reserved
-  }
-}
-
-output id string = appServicePlan.id
-output name string = appServicePlan.name
+metadata description = 'Creates an Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param kind string = ''
+param reserved bool = true
+param sku object
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  kind: kind
+  properties: {
+    reserved: reserved
+  }
+}
+
+output id string = appServicePlan.id
+output name string = appServicePlan.name