Function App is failing to retrieve the AZURE_OPENAI_API_KEY.

[fpittelo]

Function App is failing to retrieve the AZURE_OPENAI_API_KEY.

The Cause: In infra/main.tf. The Key Vault network rule default_action = "Deny".

The Problem: Azure Function Apps (even on S1 plans) have dynamic outbound IP addresses. The "Allow Trusted Microsoft Services" bypass does not automatically include Function Apps unless they are VNet integrated. Therefore, the Key Vault firewall rejects the Function App's request for the key.

The Symptom: The environment variable in Python resolves to the string @Microsoft.KeyVault(...) instead of the actual key, causing the OpenAI client initialization to crash.

[fpittelo]

Error:

Run terraform init
terraform init
-backend-config="resource_group_name=dev-bkd-alpinebot"
-backend-config="storage_account_name=devbkdalpinebotsa"
-backend-config="container_name=dev-bkd-alpinebot-co"
-backend-config="key=dev-bkd-alpinebot.tfstate"
shell: /usr/bin/bash -e {0}
env:
ENVIRONMENT: dev
TF_VAR_az_client_id: ***
TF_VAR_az_tenant_id: ***
TF_VAR_az_subscription_id: ***
TF_VAR_az_container_name: dev-bkd-alpinebot-co
TF_VAR_sp_object_id:
TF_VAR_az_openai_key_value:
TF_VAR_postgresql_admin_password: ***
TF_VAR_postgresql_admin_username: ***
TF_VAR_google_client_id: ***
TF_VAR_google_client_secret: ***
TERRAFORM_CLI_PATH: /home/runner/work/_temp/a06b4d57-a779-4115-b898-bbf6f29f1d2e
ARM_CLIENT_ID: ***
ARM_SUBSCRIPTION_ID: ***
ARM_TENANT_ID: ***
ARM_USE_OIDC: true
/home/runner/work/_temp/a06b4d57-a779-4115-b898-bbf6f29f1d2e/terraform-bin init -backend-config=resource_group_name=dev-bkd-alpinebot -backend-config=storage_account_name=devbkdalpinebotsa -backend-config=container_name=dev-bkd-alpinebot-co -backend-config=key=dev-bkd-alpinebot.tfstate
Initializing the backend...

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...

• app_service_plan in ../modules/app_service_plan
• cognitive_account in ../modules/cognitive_account
• function_app in ../modules/function_app
• key_vault in ../modules/key_vault
• linux_web_app in ../modules/linux_web_app
• log_analytics_workspace in ../modules/log_analytics_workspace
• postgresql_db in ../modules/postgresql_db
• redis_cache in ../modules/redis_cache
• virtual_network in ../modules/virtual_network
  ╷
  │ Error: Terraform encountered problems during initialisation, including problems
  │ with the configuration, described below.
  │
  │ The Terraform configuration must be valid before initialization so that
  │ Terraform can determine which modules and providers need to be installed.
  │
  │
  ╵
  ╷
  │ Error: Attribute redefined
  │
  │ on main.tf line 217, in module "function_app":
  │ 217: service_plan_id = module.app_service_plan.service_plan_id
  │
  │ The argument "service_plan_id" was already set at main.tf:216,3-18. Each
  │ argument may be set only once.
  ╵
  Error: Terraform exited with code 1.
  Error: Process completed with exit code 1.

[fpittelo]

I have identified the cause of the "Null value found in list" error.

Cause:
The key_vault_ip_rules list in infra/main.tf includes var.client_ip_address, which defaults to null. Terraform does not allow null values in a list of strings for the ip_rules argument.

  key_vault_ip_rules = [
    var.client_ip_address, # This is null by default
    "83.76.0.0/14"
  ]

Proposed Correction:
Filter out null values from the list using a for expression.

  key_vault_ip_rules = [
    for ip in [var.client_ip_address, "83.76.0.0/14"] : ip if ip != null
  ]

I will apply this fix now.

[fpittelo]

New error on Terrafor Apply:

Plan: 3 to add, 1 to change, 1 to destroy.
╷
│ Error: Null value found in list
│
│ with module.key_vault.azurerm_key_vault.alpinebot_kv,
│ on ../modules/key_vault/main.tf line 17, in resource "azurerm_key_vault" "alpinebot_kv":
│ 17: ip_rules = var.key_vault_ip_rules
│
│ Null values are not allowed for this attribute value.
╵
Releasing state lock. This may take a few moments...
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

[fpittelo]

Resolved