https://github.com/launchbynttdata/tf-azurerm-module_primitive-web_app
https://github.com/launchbynttdata/tf-azurerm-module_primitive-web_app
azure primitive terraform
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/launchbynttdata/tf-azurerm-module_primitive-web_app
- Owner: launchbynttdata
- License: apache-2.0
- Created: 2024-11-11T21:03:09.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-20T19:35:10.000Z (over 1 year ago)
- Last Synced: 2024-12-26T10:12:19.168Z (over 1 year ago)
- Topics: azure, primitive, terraform
- Language: HCL
- Size: 73.2 KB
- Stars: 0
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# tf-azurerm-module_primitive-web_app
[](https://opensource.org/licenses/Apache-2.0)
[](https://creativecommons.org/licenses/by-nc-nd/4.0/)
## Overview
This terraform module provisions an Azure Function App with additional pre-requisite resources
## Pre-Commit hooks
[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.
`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:
- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).
- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).
- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.
footers other than BREAKING CHANGE: may be provided and follow a convention similar to git trailer format.
- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
- **chore**: a commit of the type `chore` adds changes that don't modify src or test files
- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
- **docs**: a commit of the type `docs` adds documentation only changes
- **perf**: a commit of the type `perf` adds code change that improves performance
- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature
- **revert**: a commit of the type `revert` reverts a previous commit
- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
- **test**: a commit of the type `test` adds missing tests or correcting existing tests
Base configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)
If you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.
`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS
In order for `pre-commit` hooks to work properly
- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.
- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below
```
pre-commit install --hook-type commit-msg
```
## To test the resource group module locally
1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.
```
make configure
```
This adds in several files and directories that are ignored by `git`. They expose many new Make targets.
2. _THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP._ The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.
`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.
These environment variables are used by `terratest` integration suit.
Service principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.
```
"Microsoft.Resources/subscriptions/resourceGroups/write"
"Microsoft.Resources/subscriptions/resourceGroups/read"
"Microsoft.Resources/subscriptions/resourceGroups/delete"
```
Then run this make target to set the environment variables on developer workstation.
```
make env
```
3. The first target you care about is `check`.
**Pre-requisites**
Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.
- A file named `provider.tf` with contents below
```
provider "azurerm" {
features {}
}
```
- A file named `terraform.tfvars` which contains key value pair of variables used.
Note that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.
After creating these files, for running tests associated with the primitive/segment, run
```
make check
```
If `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.
`make check` target
- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.
- runs `conftests`. `conftests` make sure `policy` checks are successful.
- runs `terratest`. This is integration test suit.
- runs `opa` tests
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.0 |
| [azurerm](#requirement\_azurerm) | ~>3.113 |
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | 3.117.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_linux_web_app.web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app) | resource |
| [azurerm_windows_web_app.web_app](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_web_app) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#input\_name) | Name of the web app to create | `string` | n/a | yes |
| [location](#input\_location) | Location where the web app will be created | `string` | n/a | yes |
| [resource\_group\_name](#input\_resource\_group\_name) | name of the resource group where the web app will be created | `string` | n/a | yes |
| [service\_plan\_id](#input\_service\_plan\_id) | ID of the service plan to use | `string` | n/a | yes |
| [site\_config](#input\_site\_config) | n/a |
object({
always_on = optional(bool)
api_definition_url = optional(string)
api_management_api_id = optional(string)
app_command_line = optional(string)
application_stack = optional(object({
current_stack = optional(string)
docker_image_name = optional(string)
docker_registry_url = optional(string)
docker_registry_username = optional(string)
docker_registry_password = optional(string)
dotnet_version = optional(string)
dotnet_core_version = optional(string)
go_version = optional(string)
tomcat_version = optional(string)
java_embedded_server_enabled = optional(bool)
java_server = optional(string)
java_server_version = optional(string)
java_version = optional(string)
node_version = optional(string)
php_version = optional(string)
python = optional(bool)
python_version = optional(string)
ruby_version = optional(string)
}))
auto_heal_setting = optional(object({
action = object({
action_type = string
custom_action = optional(object({
executable = string
parameters = optional(string)
}))
minimum_process_execution_time = optional(string)
})
trigger = object({
private_memory_kb = optional(number)
requests = optional(object({
count = number
interval = string
}))
slow_request = optional(object({
count = number
interval = string
time_taken = string
}))
slow_request_with_path = optional(object({
count = number
interval = string
time_taken = string
path = optional(string)
}))
status_code = optional(object({
count = number
interval = string
status_code_range = string
path = optional(string)
sub_status = optional(string)
win32_status_code = optional(string)
}))
})
}))
container_registry_managed_identity_client_id = optional(string)
container_registry_use_managed_identity = optional(bool)
cors = optional(object({
allowed_origins = list(string)
support_credentials = optional(bool)
}))
default_documents = optional(list(string))
ftps_state = optional(string)
health_check_path = optional(string)
health_check_eviction_time_in_min = optional(number)
http2_enabled = optional(bool)
ip_restriction = optional(list(object({
ip_address = optional(string)
action = string
name = optional(string)
priority = optional(number)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(list(object({
x_forwarded_for = optional(string)
x_forwarded_host = optional(string)
x_fd_health_probe = optional(string)
x_azure_fdid = optional(list(string))
})))
})))
ip_restriction_default_action = optional(string)
load_balancing_mode = optional(string)
local_mysql_enabled = optional(bool)
managed_pipeline_mode = optional(string)
minimum_tls_version = optional(string)
remote_debugging_enabled = optional(bool)
remote_debugging_version = optional(string)
scm_ip_restrictions = optional(list(object({
ip_address = optional(string)
action = string
name = optional(string)
priority = optional(number)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(list(object({
x_forwarded_for = optional(string)
x_forwarded_host = optional(string)
x_fd_health_probe = optional(string)
x_azure_fdid = optional(list(string))
})))
})))
scm_ip_restrictions_default_action = optional(string)
scm_minimum_tls_version = optional(string)
scm_use_main_ip_restriction = optional(bool, true)
use_32_bit_worker = optional(bool)
handler_mapping = optional(object({
extension = string
script_processor_path = string
arguments = optional(string)
}))
virtual_application = optional(list(object({
physical_path = string
preload = bool
virtual_directory = optional(list(object({
physical_path = optional(string)
virtual_path = optional(string)
})))
virtual_path = string
})))
vnet_route_all_enabled = optional(bool)
websockets_enabled = optional(bool)
worker_count = optional(number)
}) | `{}` | no |
| [app\_settings](#input\_app\_settings) | Environment variables to set on the web app | `map(string)` | `{}` | no |
| [auth\_settings](#input\_auth\_settings) | (Optional) A auth\_settings block. | object({
enabled = bool
active_directory = optional(object({
client_id = string
allowed_audiences = list(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
}))
additional_login_parameters = optional(list(map(any)))
allowed_external_redirect_urls = optional(list(string))
default_provider = optional(string)
facebook = optional(object({
app_id = string
app_secret = optional(string)
app_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
github = optional(object({
client_id = string
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
google = optional(object({
client_id = string
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
issuer = optional(string)
microsoft = optional(object({
client_id = string
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
}))
runtime_version = optional(string)
token_refresh_extension_hours = optional(number)
token_store_enabled = optional(bool)
twitter = optional(object({
consumer_key = string
consumer_secret = optional(string)
consumer_secret_setting_name = optional(string)
}))
unauthenticated_client_action = optional(string)
}) | `null` | no |
| [auth\_settings\_v2](#input\_auth\_settings\_v2) | (Optional) A auth\_settings\_v2 block. | object({
auth_enabled = optional(bool)
runtime_version = optional(string)
config_file_path = optional(string)
require_authentication = optional(bool)
unauthenticated_action = optional(string)
default_provider = optional(string)
excluded_paths = optional(list(string))
require_https = optional(bool)
http_route_api_prefix = optional(string)
forward_proxy_convention = optional(string)
forward_proxy_custom_host_header_name = optional(string)
forward_proxy_custom_scheme_header_name = optional(string)
apple_v2 = optional(object({
client_id = string
client_secret_setting_name = optional(string)
login_scopes = optional(list(string))
}))
active_directory_v2 = optional(object({
client_id = string
tenant_auth_endpoint = optional(string)
client_secret_setting_name = optional(string)
client_secret_certificate_thumbprint = optional(string)
jwt_allowed_groups = optional(list(string))
jwt_allowed_client_applications = optional(list(string))
www_authentication_disabled = optional(bool)
allowed_groups = optional(list(string))
allowed_identities = optional(list(string))
allowed_applications = optional(list(string))
login_parameters = optional(map(any))
allowed_audiences = optional(list(string))
}))
azure_static_web_app_v2 = optional(object({
client_id = string
}))
custom_oidc_v2 = optional(object({
name = string
client_id = string
openid_configuration_endpoint = string
name_claim_type = optional(string)
scopes = optional(list(string))
client_credential_method = string
client_secret_setting_name = optional(string)
authorisation_endpoint = string
token_endpoint = string
issuer_endpoint = string
certification_uri = string
}))
facebook_v2 = optional(object({
app_id = string
app_secret_setting_name = string
graph_api_version = optional(string)
login_scopes = optional(list(string))
}))
github_v2 = optional(object({
client_id = string
client_secret_setting_name = string
login_scopes = optional(list(string))
}))
google_v2 = optional(object({
client_id = string
client_secret_setting_name = string
allowed_audiences = optional(list(string))
login_scopes = optional(list(string))
}))
microsoft_v2 = optional(object({
client_id = string
client_secret_setting_name = string
allowed_audiences = optional(list(string))
login_scopes = optional(list(string))
}))
twitter_v2 = optional(object({
consumer_key = string
consumer_secret_setting_name = string
}))
login = optional(object({
logout_endpoint = optional(string)
token_store_enabled = optional(bool)
token_refresh_extension_time = optional(number)
token_store_path = optional(string)
token_store_sas_setting_name = optional(string)
preserve_url_fragments_for_logins = optional(bool)
allowed_external_redirect_urls = optional(list(string))
cookie_expiration_convention = optional(string)
cookie_expiration_time = optional(string)
validate_nonce = optional(bool)
nonce_expiration_time = optional(string)
}))
}) | `null` | no |
| [backup](#input\_backup) | (Optional) A backup block. | object({
name = string
schedule = object({
frequency_interval = number
frequency_unit = string
keep_at_least_one_backup = optional(bool)
retention_period_days = optional(number)
start_time = optional(string)
last_execution_time = optional(string)
})
storage_account_url = string
enabled = optional(bool, true)
}) | `null` | no |
| [client\_affinity\_enabled](#input\_client\_affinity\_enabled) | If true, the web app will use client affinity | `bool` | `false` | no |
| [client\_certificate\_enabled](#input\_client\_certificate\_enabled) | If true, the web app will require client certificates | `bool` | `false` | no |
| [client\_certificate\_mode](#input\_client\_certificate\_mode) | The client certificate mode of the web app. Only effective if client\_certificate\_enabled is set to true. | `string` | `"Required"` | no |
| [client\_certificate\_exclusion\_paths](#input\_client\_certificate\_exclusion\_paths) | Paths to exclude when using client certificates, separated by ; | `string` | `null` | no |
| [connection\_string](#input\_connection\_string) | Connection string definition | object({
name = string
type = string
value = string
}) | `null` | no |
| [enabled](#input\_enabled) | If true, the web app will be enabled | `bool` | `true` | no |
| [ftp\_publish\_basic\_authentication\_enabled](#input\_ftp\_publish\_basic\_authentication\_enabled) | If true, the web app will use basic FTP authentication | `bool` | `false` | no |
| [https\_only](#input\_https\_only) | If true, the web app will only accept HTTPS requests | `bool` | `true` | no |
| [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | If true, the web app will be accessible from the public internet | `bool` | `true` | no |
| [identity](#input\_identity) | (Optional) An identity block. | object({
type = string
identity_ids = optional(list(string))
}) | `null` | no |
| [key\_vault\_reference\_identity\_id](#input\_key\_vault\_reference\_identity\_id) | (Optional) The identity ID of the Key Vault reference. Required when identity.type is set to UserAssigned or SystemAssigned, UserAssigned. | `string` | `null` | no |
| [logs](#input\_logs) | (Optional) A logs block. | object({
application_logs = optional(object({
azure_blob_storage = optional(object({
level = string
sas_url = string
retention_in_days = number
}))
file_system_level = string
}))
detailed_error_messages = optional(bool, true)
failed_request_tracing = optional(bool, true)
http_logs = optional(object({
azure_blob_storage = optional(object({
retention_in_days = optional(number)
sas_url = string
}))
file_system = optional(object({
retention_in_days = number
retention_in_mb = number
}))
}))
}) | `null` | no |
| [sticky\_settings](#input\_sticky\_settings) | A list of settings that should be sticky to the slot during a swap. | object({
app_setting_names = optional(list(string))
connection_string_names = optional(list(string))
}) | `null` | no |
| [storage\_account](#input\_storage\_account) | (Optional) One or more storage\_account blocks. | list(object({
access_key = string
account_name = string
name = string
share_name = string
type = string
mount_path = optional(string)
})) | `null` | no |
| [tags](#input\_tags) | n/a | `map(string)` | `{}` | no |
| [virtual\_network\_subnet\_id](#input\_virtual\_network\_subnet\_id) | (Optional) The ID of the subnet to place the web app in. | `string` | `null` | no |
| [webdeploy\_publish\_basic\_authentication\_enabled](#input\_webdeploy\_publish\_basic\_authentication\_enabled) | If true, the web app will use basic WebDeploy authentication | `bool` | `false` | no |
| [zip\_deploy\_file](#input\_zip\_deploy\_file) | The path to a zip file to deploy to the web app | `string` | `null` | no |
| [os\_type](#input\_os\_type) | The operating system type of the web app | `string` | `"Linux"` | no |
## Outputs
| Name | Description |
|------|-------------|
| [web\_app\_id](#output\_web\_app\_id) | The ID of the Web App |
| [web\_app\_default\_hostname](#output\_web\_app\_default\_hostname) | The default hostname of the Web App |
| [web\_app\_name](#output\_web\_app\_name) | The name of the Web App |
| [web\_app\_outbound\_ip\_addresses](#output\_web\_app\_outbound\_ip\_addresses) | The outbound IP addresses of the Web App |
| [web\_app\_possible\_outbound\_ip\_addresses](#output\_web\_app\_possible\_outbound\_ip\_addresses) | The possible outbound IP addresses of the Web App |
| [custom\_domain\_verification\_id](#output\_custom\_domain\_verification\_id) | The ID of the Custom Domain Verification |
| [web\_app\_identity](#output\_web\_app\_identity) | The identity of the Web App |
| [web\_app\_principal\_id](#output\_web\_app\_principal\_id) | The principal ID of the Web App |