add redis to bicep and auth (#560)

* add redis to bicep and auth

* fix secret in infrastructure

* add redis bicep to infrastructure file

* enable key

* test for dialigporten

* remove code which is done on another pr

---------

Co-authored-by: Hammerbeck <[email protected]>

.azure/infrastructure/main.bicep

@@ -135,6 +135,16 @@ module storageAccount '../modules/storageAccount/create.bicep' = {
   }
 }
 
+module reddis '../modules/redis/main.bicep' = {
+  scope: resourceGroup
+  name: 'redis'
+  params: {
+    location: location
+    namePrefix: namePrefix
+    keyVaultName: sourceKeyVaultName
+  }
+}
+
 module containerAppEnv '../modules/containerAppEnvironment/main.bicep' = {
   scope: resourceGroup
   name: 'container-app-environment'

.azure/modules/containerApp/main.bicep

@@ -49,6 +49,7 @@ var containerAppEnvVarsdefault = [
   { name: 'APPLICATIONINSIGHTS_CONNECTION_STRING', secretRef: 'application-insights-connection-string' }
   { name: 'DatabaseOptions__ConnectionString', secretRef: 'correspondence-ado-connection-string' }
   { name: 'AttachmentStorageOptions__ConnectionString', secretRef: 'storage-connection-string' }
+  { name: 'GeneralSettings__RedisConnectionString', secretRef: 'redis-connection-string' }
   { name: 'AzureResourceManagerOptions__SubscriptionId', value: subscription_id }
   { name: 'AzureResourceManagerOptions__Location', value: 'norwayeast' }
   { name: 'AzureResourceManagerOptions__Environment', value: environment }
@@ -157,6 +158,11 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {
           keyVaultUrl: '${keyVaultUrl}/secrets/idporten-client-secret'
           name: 'idporten-client-secret'
         }
+        {
+          identity: principal_id
+          keyVaultUrl: '${keyVaultUrl}/secrets/redis-connection-string'
+          name: 'redis-connection-string'
+        }
       ]
     }
 

.azure/modules/redis/main.bicep

@@ -0,0 +1,38 @@
+param location string
+@secure()
+param namePrefix string
+@secure()
+param keyVaultName string
+
+resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-redis-identity'
+  location: location
+}
+
+resource redis 'Microsoft.Cache/redis@2024-11-01' = {
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${userAssignedIdentity.id}': {}
+    }
+  }
+  location: location
+  name: '${namePrefix}-redis'
+  properties: {
+    sku: {
+      capacity: 0
+      family: 'C'
+      name: 'Standard'
+    }
+  }
+}
+
+var redisConnectionStringName = 'redis-connection-string'
+module storageAccountConnectionStringSecret '../keyvault/upsertSecret.bicep' = {
+  name: redisConnectionStringName
+  params: {
+    destKeyVaultName: keyVaultName
+    secretName: redisConnectionStringName
+    secretValue: '${namePrefix}-redis.redis.cache.windows.net,abortConnect=false,ssl=true,password=${redis.listKeys().primaryKey}'
+  }
+}

docker-compose.yml

@@ -28,3 +28,15 @@ services:
               condition: service_healthy
       environment:
           AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://storage:10000/devstoreaccount1;
+  redis:
+    image: redis:latest
+    restart: always
+    ports:
+      - "6379:6379"
+    volumes:
+      - /path/to/local/dаta:/root/redis
+      - /path/to/local/redis.conf:/usr/local/etc/redis/redis.conf
+    environment:
+      - REDIS_PASSWORD=test-password
+      - REDIS_PORT=6379
+      - REDIS_DATABASES=16

src/Altinn.Correspondence.API/Altinn.Correspondence.API.csproj

@@ -22,6 +22,8 @@
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Azure.Messaging.EventGrid" Version="4.24.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.6" />
+    <PackageReference Include="StackExchange.Redis" Version="2.8.22" />
+    <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Altinn.Correspondence.API/Auth/DependencyInjection.cs

@@ -6,7 +6,6 @@
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
@@ -25,7 +24,11 @@ public static void ConfigureAuthentication(this IServiceCollection services, ICo
             config.GetSection(nameof(DialogportenSettings)).Bind(dialogportenSettings);
             var generalSettings = new GeneralSettings();
             config.GetSection(nameof(GeneralSettings)).Bind(generalSettings);
-            services.AddDistributedMemoryCache();
+            services.AddStackExchangeRedisCache(options =>
+            {
+                options.Configuration = generalSettings.RedisConnectionString;
+                options.InstanceName = "redisCache";
+            });
             services.AddTransient<IdportenTokenValidator>();
             services
                 .AddAuthentication()

src/Altinn.Correspondence.Core/Options/GeneralSettings.cs

@@ -5,4 +5,5 @@ public class GeneralSettings
     public string SlackUrl { get; set; } = string.Empty;
 
     public string CorrespondenceBaseUrl { get; set; } = string.Empty;
+    public string RedisConnectionString { get; set; } = string.Empty;
 }