132 lines
4.1 KiB
HCL
132 lines
4.1 KiB
HCL
data "azurerm_key_vault" "key_vault" {
|
|
name = var.key_vault_name
|
|
resource_group_name = var.key_vault_resource_group_name
|
|
}
|
|
|
|
resource "azurerm_resource_group" "resource_group" {
|
|
name = local.resource_group_name
|
|
location = var.location
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
tags
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "azurerm_storage_account" "storage_account" {
|
|
name = local.storage_account_name
|
|
location = azurerm_resource_group.resource_group.location
|
|
resource_group_name = azurerm_resource_group.resource_group.name
|
|
account_tier = "Standard"
|
|
account_replication_type = "LRS"
|
|
min_tls_version = "TLS1_2"
|
|
enable_https_traffic_only = true
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
tags
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "azurerm_application_insights" "application_insights" {
|
|
name = local.application_insights_name
|
|
location = azurerm_resource_group.resource_group.location
|
|
resource_group_name = azurerm_resource_group.resource_group.name
|
|
application_type = "web"
|
|
}
|
|
|
|
resource "azurerm_app_service_plan" "app_service_plan" {
|
|
name = local.app_service_plan_name
|
|
location = azurerm_resource_group.resource_group.location
|
|
resource_group_name = azurerm_resource_group.resource_group.name
|
|
kind = "FunctionApp"
|
|
|
|
sku {
|
|
tier = "Dynamic"
|
|
size = "Y1"
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
tags,
|
|
kind
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "azurerm_function_app" "function_app" {
|
|
name = local.function_app_name
|
|
location = azurerm_resource_group.resource_group.location
|
|
resource_group_name = azurerm_resource_group.resource_group.name
|
|
app_service_plan_id = azurerm_app_service_plan.app_service_plan.id
|
|
storage_account_name = azurerm_storage_account.storage_account.name
|
|
storage_account_access_key = azurerm_storage_account.storage_account.primary_access_key
|
|
version = "~3"
|
|
https_only = true
|
|
|
|
app_settings = {
|
|
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.application_insights.instrumentation_key
|
|
"FUNCTIONS_WORKER_RUNTIME" = "dotnet"
|
|
}
|
|
|
|
identity {
|
|
type = "SystemAssigned"
|
|
}
|
|
|
|
site_config {
|
|
ftps_state = "Disabled"
|
|
dotnet_framework_version = "v4.0"
|
|
use_32_bit_worker_process = false
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
tags,
|
|
# app_settings["WEBSITE_ENABLE_SYNC_UPDATE_SITE"],
|
|
# app_settings["WEBSITE_RUN_FROM_PACKAGE"],
|
|
# app_settings["APPINSIGHTS_INSTRUMENTATIONKEY"],
|
|
# app_settings["FUNCTIONS_WORKER_RUNTIME"]
|
|
]
|
|
}
|
|
}
|
|
|
|
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_source_control
|
|
# resource "azurerm_app_service_source_control" "app_service_source_control" {
|
|
# app_id = azurerm_function_app.function_app.id
|
|
# repo_url = "https://github.com/Azure-Samples/KeyVault-Rotation-SQLPassword-Csharp.git"
|
|
# branch = "main"
|
|
# manual_integration = true
|
|
# # scm_type = "ExternalGit"
|
|
# }
|
|
|
|
resource "azurerm_key_vault_access_policy" "key_vault_access_policy_function_app" {
|
|
key_vault_id = data.azurerm_key_vault.key_vault.id
|
|
tenant_id = azurerm_function_app.function_app.identity[0].tenant_id
|
|
object_id = azurerm_function_app.function_app.identity[0].principal_id
|
|
|
|
secret_permissions = [
|
|
"Get", "List", "Set"
|
|
]
|
|
}
|
|
|
|
# resource "azurerm_eventgrid_event_subscription" "eventgrid_event_subscription" {
|
|
# name = "${data.azurerm_key_vault.key_vault.name}-${var.secret_name}-${azurerm_function_app.function_app.name}"
|
|
# scope = data.azurerm_key_vault.key_vault.id
|
|
|
|
# azure_function_endpoint {
|
|
# function_id = "${azurerm_function_app.function_app.id}/functions/AKVSQLRotation"
|
|
# max_events_per_batch = 1
|
|
# preferred_batch_size_in_kilobytes = 64
|
|
# }
|
|
|
|
# subject_filter {
|
|
# subject_begins_with = var.secret_name
|
|
# subject_ends_with = var.secret_name
|
|
# }
|
|
|
|
# included_event_types = [
|
|
# "Microsoft.KeyVault.SecretNearExpiry"
|
|
# ]
|
|
# } |