-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.tf
457 lines (391 loc) · 22.2 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
resource "azurerm_service_plan" "service_plan" {
for_each = { for app in var.linux_function_apps : app.name => app if app.create_new_app_service_plan == true }
name = each.value.app_service_plan_name != null ? each.value.app_service_plan_name : "asp-${each.value.name}"
resource_group_name = each.value.rg_name
location = each.value.location
os_type = each.value.os_type != null ? each.value.os_type : "Linux"
sku_name = each.value.sku_name
}
resource "azurerm_linux_function_app" "function_app" {
for_each = { for app in var.linux_function_apps : app.name => app }
name = each.value.name
service_plan_id = each.value.service_plan_id != null ? each.value.service_plan_id : lookup(azurerm_service_plan.service_plan, each.key, null).id
location = each.value.location
resource_group_name = each.value.rg_name
app_settings = each.value.create_new_app_insights == true && lookup(local.app_insights_map, each.value.app_insights_name, null) != null ? merge(each.value.app_settings, local.app_insights_map[each.value.app_insights_name]) : each.value.app_settings
https_only = each.value.https_only
tags = each.value.tags
builtin_logging_enabled = each.value.builtin_logging_enabled
client_certificate_enabled = each.value.client_certificate_enabled
client_certificate_mode = each.value.client_certificate_mode
client_certificate_exclusion_paths = each.value.client_certificate_exclusion_paths
daily_memory_time_quota = each.value.daily_memory_time_quota
enabled = each.value.enabled
functions_extension_version = each.value.functions_extension_version
ftp_publish_basic_authentication_enabled = each.value.ftp_publish_basic_authentication_enable
public_network_access_enabled = each.value.public_network_access_enabled
key_vault_reference_identity_id = each.value.key_vault_reference_identity_id
virtual_network_subnet_id = each.value.virtual_network_subnet_id
webdeploy_publish_basic_authentication_enabled = each.value.webdeploy_publish_basic_authentication_enabled
zip_deploy_file = each.value.zip_deploy_file
storage_account_name = each.value.storage_account_name != null ? each.value.storage_account_name : null
storage_account_access_key = each.value.storage_account_access_key
storage_key_vault_secret_id = each.value.storage_account_name == null ? each.value.storage_key_vault_secret_id : null
storage_uses_managed_identity = each.value.storage_account_access_key == null ? each.value.storage_uses_managed_identity : null
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned, UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = try(each.value.identity_ids, [])
}
}
dynamic "identity" {
for_each = each.value.identity_type == "UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = length(try(each.value.identity_ids, [])) > 0 ? each.value.identity_ids : []
}
}
dynamic "storage_account" {
for_each = each.value.storage_account != null ? [each.value.storage_account] : []
content {
access_key = storage_account.value.access_key
account_name = storage_account.value.account_name
name = storage_account.value.name
share_name = storage_account.value.share_name
type = storage_account.value.type
mount_path = storage_account.value.mount_path
}
}
dynamic "sticky_settings" {
for_each = each.value.sticky_settings != null ? [each.value.sticky_settings] : []
content {
app_setting_names = sticky_settings.value.app_setting_names
connection_string_names = sticky_settings.value.connection_string_names
}
}
dynamic "connection_string" {
for_each = each.value.connection_string != null ? [each.value.connection_string] : []
content {
name = connection_string.value.name
type = connection_string.value.type
value = connection_string.value.value
}
}
dynamic "backup" {
for_each = each.value.backup != null ? [each.value.backup] : []
content {
name = backup.value.name
enabled = backup.value.enabled
storage_account_url = try(backup.value.storage_account_url, var.backup_sas_url)
dynamic "schedule" {
for_each = backup.value.schedule != null ? [backup.value.schedule] : []
content {
frequency_interval = schedule.value.frequency_interval
frequency_unit = schedule.value.frequency_unit
keep_at_least_one_backup = schedule.value.keep_at_least_one_backup
retention_period_days = schedule.value.retention_period_days
start_time = schedule.value.start_time
}
}
}
}
dynamic "auth_settings" {
for_each = each.value.auth_settings != null ? [each.value.auth_settings] : []
content {
enabled = auth_settings.value.enabled
additional_login_parameters = auth_settings.value.additional_login_parameters
allowed_external_redirect_urls = auth_settings.value.allowed_external_redirect_urls
default_provider = auth_settings.value.default_provider
issuer = auth_settings.value.issuer
runtime_version = auth_settings.value.runtime_version
token_refresh_extension_hours = auth_settings.value.token_refresh_extension_hours
token_store_enabled = auth_settings.value.token_store_enabled
unauthenticated_client_action = auth_settings.value.unauthenticated_client_action
dynamic "active_directory" {
for_each = auth_settings.value.active_directory != null ? [auth_settings.value.active_directory] : []
content {
client_id = active_directory.value.client_id
client_secret = active_directory.value.client_secret
allowed_audiences = active_directory.value.allowed_audiences
}
}
dynamic "facebook" {
for_each = auth_settings.value.facebook != null ? [auth_settings.value.facebook] : []
content {
app_id = facebook.value.app_id
app_secret = facebook.value.app_secret
oauth_scopes = facebook.value.oauth_scopes
}
}
dynamic "google" {
for_each = auth_settings.value.google != null ? [auth_settings.value.google] : []
content {
client_id = google.value.client_id
client_secret = google.value.client_secret
oauth_scopes = google.value.oauth_scopes
}
}
dynamic "microsoft" {
for_each = auth_settings.value.microsoft != null ? [auth_settings.value.microsoft] : []
content {
client_id = microsoft.value.client_id
client_secret = microsoft.value.client_secret
oauth_scopes = microsoft.value.oauth_scopes
}
}
dynamic "twitter" {
for_each = auth_settings.value.twitter != null ? [auth_settings.value.twitter] : []
content {
consumer_key = twitter.value.consumer_key
consumer_secret = twitter.value.consumer_secret
}
}
dynamic "github" {
for_each = auth_settings.value.github != null ? [auth_settings.value.github] : []
content {
client_id = github.value.client_id
client_secret = github.value.client_secret
client_secret_setting_name = github.value.client_secret_setting_name
oauth_scopes = github.value.oauth_scopes
}
}
}
}
dynamic "auth_settings_v2" {
for_each = each.value.auth_settings_v2 != null ? [each.value.auth_settings_v2] : []
content {
auth_enabled = auth_settings_v2.value.auth_enabled
runtime_version = auth_settings_v2.value.runtime_version
config_file_path = auth_settings_v2.value.config_file_path
require_authentication = auth_settings_v2.value.require_authentication
unauthenticated_action = auth_settings_v2.value.unauthenticated_action
default_provider = auth_settings_v2.value.default_provider
excluded_paths = toset(auth_settings_v2.value.excluded_paths)
require_https = auth_settings_v2.value.require_https
http_route_api_prefix = auth_settings_v2.value.http_route_api_prefix
forward_proxy_convention = auth_settings_v2.value.forward_proxy_convention
forward_proxy_custom_host_header_name = auth_settings_v2.value.forward_proxy_custom_host_header_name
forward_proxy_custom_scheme_header_name = auth_settings_v2.value.forward_proxy_custom_scheme_header_name
dynamic "apple_v2" {
for_each = auth_settings_v2.value.apple_v2 != null ? [auth_settings_v2.value.apple_v2] : []
content {
client_id = apple_v2.value.client_id
client_secret_setting_name = apple_v2.value.client_secret_setting_name
login_scopes = toset(apple_v2.value.login_scopes)
}
}
dynamic "active_directory_v2" {
for_each = auth_settings_v2.value.active_directory_v2 != null ? [auth_settings_v2.value.active_directory_v2] : []
content {
client_id = active_directory_v2.value.client_id
tenant_auth_endpoint = active_directory_v2.value.tenant_auth_endpoint
client_secret_setting_name = active_directory_v2.value.client_secret_setting_name
client_secret_certificate_thumbprint = active_directory_v2.value.client_secret_certificate_thumbprint
jwt_allowed_groups = toset(active_directory_v2.value.jwt_allowed_groups)
jwt_allowed_client_applications = toset(active_directory_v2.value.jwt_allowed_client_applications)
www_authentication_disabled = active_directory_v2.value.www_authentication_disabled
allowed_groups = toset(active_directory_v2.value.allowed_groups)
allowed_identities = toset(active_directory_v2.value.allowed_identities)
allowed_applications = toset(active_directory_v2.value.allowed_applications)
login_parameters = active_directory_v2.value.login_parameters
allowed_audiences = toset(active_directory_v2.value.allowed_audiences)
}
}
dynamic "azure_static_web_app_v2" {
for_each = auth_settings_v2.value.azure_static_web_app_v2 != null ? [auth_settings_v2.value.azure_static_web_app_v2] : []
content {
client_id = azure_static_web_app_v2.value.client_id
}
}
dynamic "custom_oidc_v2" {
for_each = auth_settings_v2.value.custom_oidc_v2 != null ? [auth_settings_v2.value.custom_oidc_v2] : []
content {
name = custom_oidc_v2.value.name
client_id = custom_oidc_v2.value.client_id
openid_configuration_endpoint = custom_oidc_v2.value.openid_configuration_endpoint
name_claim_type = custom_oidc_v2.value.name_claim_type
scopes = toset(custom_oidc_v2.value.scopes)
client_credential_method = custom_oidc_v2.value.client_credential_method
client_secret_setting_name = custom_oidc_v2.value.client_secret_setting_name
authorisation_endpoint = custom_oidc_v2.value.authorisation_endpoint
token_endpoint = custom_oidc_v2.value.token_endpoint
issuer_endpoint = custom_oidc_v2.value.issuer_endpoint
certification_uri = custom_oidc_v2.value.certification_uri
}
}
dynamic "facebook_v2" {
for_each = auth_settings_v2.value.facebook_v2 != null ? [auth_settings_v2.value.facebook_v2] : []
content {
graph_api_version = facebook_v2.value.graph_api_version
login_scopes = toset(facebook_v2.value.login_scopes)
app_id = facebook_v2_value.app_id
app_secret_setting_name = facebook_v2.value.app_secret_setting_name
}
}
dynamic "github_v2" {
for_each = auth_settings_v2.value.github_v2 != null ? [auth_settings_v2.value.github_v2] : []
content {
client_id = github_v2.value.client_id
client_secret_setting_name = github_v2.value.client_secret_setting_name
login_scopes = toset(github_v2.value.login_scopes)
}
}
dynamic "google_v2" {
for_each = auth_settings_v2.value.google_v2 != null ? [auth_settings_v2.value.google_v2] : []
content {
client_id = google_v2.value.client_id
client_secret_setting_name = google_v2.value.client_secret_setting_name
allowed_audiences = toset(google_v2.value.allowed_audiences)
login_scopes = toset(google_v2.value.login_scopes)
}
}
dynamic "microsoft_v2" {
for_each = auth_settings_v2.value.microsoft_v2 != null ? [auth_settings_v2.value.microsoft_v2] : []
content {
client_id = microsoft_v2.value.client_id
client_secret_setting_name = microsoft_v2.value.client_secret_setting_name
allowed_audiences = toset(microsoft_v2.value.allowed_audiences)
login_scopes = toset(microsoft_v2.value.login_scopes)
}
}
dynamic "twitter_v2" {
for_each = auth_settings_v2.value.twitter_v2 != null ? [auth_settings_v2.value.twitter_v2] : []
content {
consumer_key = twitter_v2.value.consumer_key
consumer_secret_setting_name = twitter_v2.value.consumer_secret_setting_name
}
}
dynamic "login" {
for_each = auth_settings_v2.value.login != null ? [auth_settings_v2.value.login] : []
content {
logout_endpoint = login.value.logout_endpoint
token_store_enabled = login.value.token_store_enabled
token_refresh_extension_time = login.value.token_refresh_extension_time
token_store_path = login.value.token_store_path
token_store_sas_setting_name = login.value.token_store_sas_setting_name
preserve_url_fragments_for_logins = login.value.preserve_url_fragments_for_logins
allowed_external_redirect_urls = toset(login.value.allowed_external_redirect_urls)
cookie_expiration_convention = login.value.cookie_expiration_convention
cookie_expiration_time = login.value.cookie_expiration_time
validate_nonce = login.value.validate_nonce
nonce_expiration_time = login.value.nonce_expiration_time
}
}
}
}
dynamic "site_config" {
for_each = each.value.site_config != null ? [each.value.site_config] : []
content {
always_on = site_config.value.always_on
api_definition_url = site_config.value.api_definition_url
api_management_api_id = site_config.value.api_management_api_id
app_command_line = site_config.value.app_command_line
application_insights_connection_string = site_config.value.application_insights_connection_string
application_insights_key = site_config.value.application_insights_key
container_registry_managed_identity_client_id = site_config.value.container_registry_managed_identity_client_id
container_registry_use_managed_identity = site_config.value.container_registry_use_managed_identity
elastic_instance_minimum = site_config.value.elastic_instance_minimum
ftps_state = site_config.value.ftps_state
health_check_path = site_config.value.health_check_path
health_check_eviction_time_in_min = site_config.value.health_check_eviction_time_in_min
http2_enabled = site_config.value.http2_enabled
load_balancing_mode = site_config.value.load_balancing_mode
managed_pipeline_mode = site_config.value.managed_pipeline_mode
minimum_tls_version = site_config.value.minimum_tls_version
pre_warmed_instance_count = site_config.value.pre_warmed_instance_count
remote_debugging_enabled = site_config.value.remote_debugging_enabled
remote_debugging_version = site_config.value.remote_debugging_version
runtime_scale_monitoring_enabled = site_config.value.runtime_scale_monitoring_enabled
scm_minimum_tls_version = site_config.value.scm_minimum_tls_version
scm_use_main_ip_restriction = site_config.value.scm_use_main_ip_restriction
use_32_bit_worker = site_config.value.use_32_bit_worker
app_scale_limit = site_config.value.app_scale_limit
websockets_enabled = site_config.value.websockets_enabled
vnet_route_all_enabled = site_config.value.vnet_route_all_enabled
worker_count = site_config.value.worker_count
default_documents = toset(site_config.value.default_documents)
dynamic "application_stack" {
for_each = site_config.value.application_stack != null ? [site_config.value.application_stack] : []
content {
java_version = application_stack.value.java_version
dotnet_version = application_stack.value.dotnet_version
node_version = application_stack.value.node_version
python_version = application_stack.value.python_version
powershell_core_version = application_stack.value.powershell_core_version
use_custom_runtime = application_stack.value.use_custom_runtime
dynamic "docker" {
for_each = application_stack.value.docker != null ? application_stack.value.docker : []
content {
registry_url = docker.value.registry_url
registry_username = docker.value.registry_username
registry_password = docker.value.registry_password
image_name = docker.value.image_name
image_tag = docker.value.image_tag
}
}
}
}
dynamic "app_service_logs" {
for_each = site_config.value.app_service_logs != null ? [site_config.value.app_service_logs] : []
content {
disk_quota_mb = app_service_logs.value.disk_quota_mb
retention_period_days = app_service_logs.value.retention_period_days
}
}
dynamic "cors" {
for_each = site_config.value.cors != null ? [site_config.value.cors] : []
content {
allowed_origins = cors.value.allowed_origins
support_credentials = cors.value.support_credentials
}
}
dynamic "ip_restriction" {
for_each = site_config.value.ip_restriction != null ? [site_config.value.ip_restriction] : []
content {
ip_address = ip_restriction.value.ip_address
service_tag = ip_restriction.value.service_tag
virtual_network_subnet_id = ip_restriction.value.virtual_network_subnet_id
name = ip_restriction.value.name
priority = ip_restriction.value.priority
action = ip_restriction.value.action
dynamic "headers" {
for_each = ip_restriction.value.headers != null ? [ip_restriction.value.headers] : []
content {
x_azure_fdid = headers.value.x_azure_fdid
x_fd_health_probe = headers.value.x_fd_health_prob
x_forwarded_for = headers.value.x_forwarded_for
x_forwarded_host = headers.value.x_forwarded_host
}
}
}
}
dynamic "scm_ip_restriction" {
for_each = site_config.value.scm_ip_restriction != null ? [site_config.value.scm_ip_restriction] : []
content {
ip_address = scm_ip_restriction.value.ip_address
service_tag = scm_ip_restriction.value.service_tag
virtual_network_subnet_id = scm_ip_restriction.value.virtual_network_subnet_id
name = scm_ip_restriction.value.name
priority = scm_ip_restriction.value.priority
action = scm_ip_restriction.value.action
dynamic "headers" {
for_each = scm_ip_restriction.value.headers != null ? [scm_ip_restriction.value.headers] : []
content {
x_azure_fdid = headers.value.x_azure_fdid
x_fd_health_probe = headers.value.x_fd_health_prob
x_forwarded_for = headers.value.x_forwarded_for
x_forwarded_host = headers.value.x_forwarded_host
}
}
}
}
}
}
}