ryan/DevOpsOpenHack
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2022-11-03. You can view files and clone it, but cannot push or open issues or pull requests.
main
DevOpsOpenHack/iac/terraform/appservice_trips.tf

141 lines
5.3 KiB
Terraform
Raw Permalink Normal View History

add openhack files
2022-11-03 20:41:13 +00:00
############################################
## APP SERVICE - API-TRIPS ##
############################################
resource "azurerm_app_service" "app_service_api-trips" {
depends_on = [
null_resource.db_datainit,
null_resource.docker_api-trips
]
name = local.app_service_api-trips_name
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
app_service_plan_id = azurerm_app_service_plan.app_service_plan.id
https_only = true
identity {
type = "SystemAssigned"
}
app_settings = {
"SQL_USER" = local.mssql_server_administrator_login
"SQL_PASSWORD" = local.mssql_server_administrator_login_password
"SQL_SERVER" = azurerm_mssql_server.mssql_server.fully_qualified_domain_name
"SQL_DBNAME" = local.mssql_database_name
"DOCKER_REGISTRY_SERVER_URL" = local.docker_registry_server_url
"DOCKER_REGISTRY_SERVER_USERNAME" = local.docker_registry_server_username
"DOCKER_REGISTRY_SERVER_PASSWORD" = local.docker_registry_server_password
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.application_insights.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.application_insights.connection_string
}
site_config {
always_on = true
http2_enabled = true
ftps_state = "Disabled"
health_check_path = "/api/healthcheck/trips"
# acr_use_managed_identity_credentials = true
linux_fx_version = "DOCKER|${azurerm_container_registry.container_registry.login_server}/devopsoh/api-trips:${local.apitrips_base_image_tag}"
}
logs {
http_logs {
file_system {
retention_in_days = 7
retention_in_mb = 50
}
}
}
lifecycle {
ignore_changes = [
tags,
app_settings["DOCKER_CUSTOM_IMAGE_NAME"],
site_config[0].linux_fx_version
]
}
}
# resource "azurerm_key_vault_access_policy" "key_vault_access_policy_api-trips" {
# key_vault_id = azurerm_key_vault.key_vault.id
# tenant_id = azurerm_app_service.app_service_api-trips.identity[0].tenant_id
# object_id = azurerm_app_service.app_service_api-trips.identity[0].principal_id
#
# secret_permissions = [
# "Get"
# ]
# }
# resource "azurerm_role_assignment" "cr_role_assignment_api-trips" {
# scope = azurerm_container_registry.container_registry.id
# role_definition_name = "AcrPull"
# principal_id = azurerm_app_service.app_service_api-trips.identity[0].principal_id
# }
resource "azurerm_app_service_slot" "app_service_api-trips_staging" {
name = "staging"
app_service_name = azurerm_app_service.app_service_api-trips.name
app_service_plan_id = azurerm_app_service_plan.app_service_plan.id
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
https_only = true
identity {
type = "SystemAssigned"
}
app_settings = {
"SQL_USER" = local.mssql_server_administrator_login
"SQL_PASSWORD" = local.mssql_server_administrator_login_password
"SQL_SERVER" = azurerm_mssql_server.mssql_server.fully_qualified_domain_name
"SQL_DBNAME" = local.mssql_database_name
"DOCKER_REGISTRY_SERVER_URL" = local.docker_registry_server_url
"DOCKER_REGISTRY_SERVER_USERNAME" = local.docker_registry_server_username
"DOCKER_REGISTRY_SERVER_PASSWORD" = local.docker_registry_server_password
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.application_insights_staging.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.application_insights_staging.connection_string
}
site_config {
always_on = true
http2_enabled = true
ftps_state = "Disabled"
health_check_path = "/api/healthcheck/trips"
# acr_use_managed_identity_credentials = true
linux_fx_version = "DOCKER|${azurerm_container_registry.container_registry.login_server}/devopsoh/api-trips:${local.apitrips_base_image_tag}"
}
logs {
http_logs {
file_system {
retention_in_days = 7
retention_in_mb = 50
}
}
}
lifecycle {
ignore_changes = [
tags,
app_settings["DOCKER_CUSTOM_IMAGE_NAME"],
site_config[0].linux_fx_version
]
}
}
# resource "azurerm_key_vault_access_policy" "key_vault_access_policy_api-trips_staging" {
# key_vault_id = azurerm_key_vault.key_vault.id
# tenant_id = azurerm_app_service_slot.app_service_api-trips_staging.identity[0].tenant_id
# object_id = azurerm_app_service_slot.app_service_api-trips_staging.identity[0].principal_id
#
# secret_permissions = [
# "Get"
# ]
# }
# resource "azurerm_role_assignment" "cr_role_assignment_api-trips_staging" {
# scope = azurerm_container_registry.container_registry.id
# role_definition_name = "AcrPull"
# principal_id = azurerm_app_service_slot.app_service_api-trips_staging.identity[0].principal_id
# }
Reference in New Issue Copy Permalink