tf-azurerm-module_primitive-function_app

README

tf-azurerm-module_primitive-function_app

Overview

This terraform module provisions an Azure Function App with additional pre-requisite resources

Pre-Commit hooks

.pre-commit-config.yaml file defines certain pre-commit hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.

commitlint hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:

• fix: a commit of the type fix patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).
• feat: a commit of the type feat introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).
• BREAKING CHANGE: a commit that has a footer BREAKING CHANGE:, or appends a ! after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type. footers other than BREAKING CHANGE: may be provided and follow a convention similar to git trailer format.
• build: a commit of the type build adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
• chore: a commit of the type chore adds changes that don't modify src or test files
• ci: a commit of the type ci adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
• docs: a commit of the type docs adds documentation only changes
• perf: a commit of the type perf adds code change that improves performance
• refactor: a commit of the type refactor adds code change that neither fixes a bug nor adds a feature
• revert: a commit of the type revert reverts a previous commit
• style: a commit of the type style adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
• test: a commit of the type test adds missing tests or correcting existing tests

Base configuration used for this project is commitlint-config-conventional (based on the Angular convention)

If you are a developer using vscode, this plugin may be helpful.

detect-secrets-hook prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS

In order for pre-commit hooks to work properly

• You need to have the pre-commit package manager installed. Here are the installation instructions.
• pre-commit would install all the hooks when commit message is added by default except for commitlint hook. commitlint hook would need to be installed manually using the command below

pre-commit install --hook-type commit-msg

To test the resource group module locally

1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the configure target in the project's Makefile. Before you can run configure, familiarize yourself with the variables in the Makefile and ensure they're pointing to the right places.

make configure

This adds in several files and directories that are ignored by git. They expose many new Make targets.

1. THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP. The first target you care about is env. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.

make configure command will bring down azure_env.sh file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.

These environment variables are used by terratest integration suit.

Service principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.

"Microsoft.Resources/subscriptions/resourceGroups/write"
"Microsoft.Resources/subscriptions/resourceGroups/read"
"Microsoft.Resources/subscriptions/resourceGroups/delete"

Then run this make target to set the environment variables on developer workstation.

make env

1. The first target you care about is check.

Pre-requisites Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are azure specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.

• A file named provider.tf with contents below

provider "azurerm" {
  features {}
}

• A file named terraform.tfvars which contains key value pair of variables used.

Note that since these files are added in gitignore they would not be checked in into primitive/segment's git repo.

After creating these files, for running tests associated with the primitive/segment, run

make check

If make check target is successful, developer is good to commit the code to primitive/segment's git repo.

make check target

• runs terraform commands to lint,validate and plan terraform code.
• runs conftests. conftests make sure policy checks are successful.
• runs terratest. This is integration test suit.
• runs opa tests

Requirements

Name	Version
terraform	~> 1.0
azurerm	~>3.113

Providers

Name	Version
azurerm	3.117.0

Modules

No modules.

Resources

Name	Type
azurerm_linux_function_app.func	resource
azurerm_windows_function_app.windows_func	resource
azurerm_service_plan.asp	data source
azurerm_storage_account.sa	data source

Inputs

Name	Description	Type	Default	Required
function_app_name	Name of the function app to create	string	n/a	yes
service_plan_name	Name of the service plan to create	string	n/a	yes
storage_account_name	Name of the storage account to create	string	n/a	yes
storage_account_access_key	Access key for the storage account	string	null	no
resource_group_name	name of the resource group where the function app will be created	string	n/a	yes
location	Location where the function app will be created	string	n/a	yes
app_settings	Environment variables to set on the function app	map(string)	{}	no
functions_extension_version	The version of the Azure Functions runtime to use	string	"~4"	no
https_only	If true, the function app will only accept HTTPS requests	bool	true	no
public_network_access_enabled	If true, the function app will be accessible from the public internet	bool	true	no
site_config	object({ always_on = If this Linux Web App is Always On enabled. Defaults to false. app_command_line = The App command line to launch. app_scale_limit = The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. application_insights_connection_string = The connection string of the Application Insights instance to use. application_insights_key = The key of the Application Insights instance to use. application_stack = optional(object({ docker = optional(object({ image_name = The name of the Docker image to use. image_tag = The image tag of the image to use. registry_url = The URL of the docker registry. registry_username = The username to use for connections to the registry. registry_password = The password for the account to use to connect to the registry. })) dotnet_version = optional(string) use_dotnet_isolated_runtime = optional(bool) java_version = optional(string) node_version = optional(string) python_version = optional(string) powershell_core_version = optional(string) use_custom_runtime = optional(bool) })) container_registry_managed_identity_client_id = The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. container_registry_use_managed_identity = Should connections for Azure Container Registry use Managed Identity. cors = optional(object({ allowed_origins = list(string) support_credentials = optional(bool) })) health_check_path = The path to be checked for this function app health. http2_enabled = Specifies if the HTTP2 protocol should be enabled. Defaults to false. ip_restriction = optional(list(object({ ip_address = The CIDR notation of the IP or IP Range to match. action = The action to take. Possible values are Allow or Deny. Defaults to Allow. }))) minimum_tls_version = The configures the minimum version of TLS required for SSL requests. Defaults to '1.2' })	object({ always_on = optional(bool) app_command_line = optional(string) app_scale_limit = optional(number) application_insights_connection_string = optional(string) application_insights_key = optional(string) application_stack = optional(object({ docker = optional(object({ image_name = string image_tag = string registry_url = optional(string) registry_username = optional(string) registry_password = optional(string) })) dotnet_version = optional(string) use_dotnet_isolated_runtime = optional(bool) java_version = optional(string) node_version = optional(string) python_version = optional(string) powershell_core_version = optional(string) use_custom_runtime = optional(bool) })) container_registry_managed_identity_client_id = optional(string) container_registry_use_managed_identity = optional(bool) cors = optional(object({ allowed_origins = list(string) support_credentials = optional(bool) })) health_check_path = optional(string) http2_enabled = optional(bool) ip_restriction_default_action = optional(string) scm_use_main_ip_restriction = optional(bool) vnet_route_all_enabled = optional(bool) ip_restriction = optional(list(object({ ip_address = optional(string) action = string name = optional(string) priority = optional(number) service_tag = optional(string) virtual_network_subnet_id = optional(string) headers = optional(list(object({ x_forwarded_for = optional(string) x_forwarded_host = optional(string) x_fd_health_probe = optional(string) x_azure_fdid = optional(list(string)) }))) }))) minimum_tls_version = optional(string) })	{}	no
identity	(Optional) An identity block.	object({ type = string identity_ids = optional(list(string)) })	null	no
key_vault_reference_identity_id	(Optional) The identity ID of the Key Vault reference. Required when identity.type is set to UserAssigned or SystemAssigned, UserAssigned.	string	null	no
virtual_network_subnet_id	(Optional) The ID of the subnet to place the function app in.	string	null	no
tags	n/a	map(string)	{}	no
os_type	The operating system type of the function app	string	"Linux"	no

Outputs

Name	Description
default_hostname	The default hostname for the function app
function_app_name	The name of the function app
function_app_id	The ID of the function app
principal_id	The principal ID of the function app

Requirements

Name	Version
terraform	~> 1.0
azurerm	~>3.113

Providers

Name	Version
azurerm	3.117.0

Modules

No modules.

Resources

Name	Type
azurerm_linux_function_app.func	resource
azurerm_windows_function_app.windows_func	resource
azurerm_service_plan.asp	data source
azurerm_storage_account.sa	data source

Inputs

Name	Description	Type	Default	Required
function_app_name	Name of the function app to create	string	n/a	yes
service_plan_name	Name of the service plan to create	string	n/a	yes
storage_account_name	Name of the storage account to create	string	n/a	yes
storage_account_access_key	Access key for the storage account	string	null	no
resource_group_name	name of the resource group where the function app will be created	string	n/a	yes
location	Location where the function app will be created	string	n/a	yes
app_settings	Environment variables to set on the function app	map(string)	{}	no
functions_extension_version	The version of the Azure Functions runtime to use	string	"~4"	no
https_only	If true, the function app will only accept HTTPS requests	bool	true	no
public_network_access_enabled	If true, the function app will be accessible from the public internet	bool	true	no
site_config	object({ always_on = If this Linux Web App is Always On enabled. Defaults to false. app_command_line = The App command line to launch. app_scale_limit = The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. application_insights_connection_string = The connection string of the Application Insights instance to use. application_insights_key = The key of the Application Insights instance to use. application_stack = optional(object({ docker = optional(object({ image_name = The name of the Docker image to use. image_tag = The image tag of the image to use. registry_url = The URL of the docker registry. registry_username = The username to use for connections to the registry. registry_password = The password for the account to use to connect to the registry. })) dotnet_version = optional(string) use_dotnet_isolated_runtime = optional(bool) java_version = optional(string) node_version = optional(string) python_version = optional(string) powershell_core_version = optional(string) use_custom_runtime = optional(bool) })) container_registry_managed_identity_client_id = The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. container_registry_use_managed_identity = Should connections for Azure Container Registry use Managed Identity. cors = optional(object({ allowed_origins = list(string) support_credentials = optional(bool) })) health_check_path = The path to be checked for this function app health. http2_enabled = Specifies if the HTTP2 protocol should be enabled. Defaults to false. ip_restriction = optional(list(object({ ip_address = The CIDR notation of the IP or IP Range to match. action = The action to take. Possible values are Allow or Deny. Defaults to Allow. }))) minimum_tls_version = The configures the minimum version of TLS required for SSL requests. Defaults to '1.2' })	object({ always_on = optional(bool) app_command_line = optional(string) app_scale_limit = optional(number) application_insights_connection_string = optional(string) application_insights_key = optional(string) application_stack = optional(object({ docker = optional(object({ image_name = string image_tag = string registry_url = optional(string) registry_username = optional(string) registry_password = optional(string) })) dotnet_version = optional(string) use_dotnet_isolated_runtime = optional(bool) java_version = optional(string) node_version = optional(string) python_version = optional(string) powershell_core_version = optional(string) use_custom_runtime = optional(bool) })) container_registry_managed_identity_client_id = optional(string) container_registry_use_managed_identity = optional(bool) cors = optional(object({ allowed_origins = list(string) support_credentials = optional(bool) })) health_check_path = optional(string) http2_enabled = optional(bool) ip_restriction_default_action = optional(string) scm_use_main_ip_restriction = optional(bool) vnet_route_all_enabled = optional(bool) ip_restriction = optional(list(object({ ip_address = optional(string) action = string name = optional(string) priority = optional(number) service_tag = optional(string) virtual_network_subnet_id = optional(string) headers = optional(list(object({ x_forwarded_for = optional(string) x_forwarded_host = optional(string) x_fd_health_probe = optional(string) x_azure_fdid = optional(list(string)) }))) }))) minimum_tls_version = optional(string) })	{}	no
identity	(Optional) An identity block.	object({ type = string identity_ids = optional(list(string)) })	null	no
key_vault_reference_identity_id	(Optional) The identity ID of the Key Vault reference. Required when identity.type is set to UserAssigned or SystemAssigned, UserAssigned.	string	null	no
virtual_network_subnet_id	(Optional) The ID of the subnet to place the function app in.	string	null	no
tags	n/a	map(string)	{}	no
os_type	The operating system type of the function app	string	"Linux"	no

Outputs

Name	Description
default_hostname	The default hostname for the function app
function_app_name	The name of the function app
function_app_id	The ID of the function app
principal_id	The principal ID of the function app