forked from claranet/terraform-azurerm-function-app-single
-
Notifications
You must be signed in to change notification settings - Fork 0
/
r-function-app.tf
101 lines (84 loc) · 3.9 KB
/
r-function-app.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Data App Service Plan
data "azurerm_app_service_plan" "plan" {
name = element(split("/", var.app_service_plan_id), 8)
resource_group_name = var.resource_group_name
}
# Storage account
resource "azurerm_storage_account" "storage" {
name = coalesce(var.storage_account_name, local.storage_default_name)
location = var.location
resource_group_name = var.resource_group_name
account_replication_type = "LRS"
account_tier = "Standard"
account_kind = var.storage_account_kind
enable_https_traffic_only = var.storage_account_enable_https_traffic_only
tags = merge(
local.default_tags,
var.storage_account_extra_tags,
var.extra_tags,
)
count = var.storage_account_primary_access_key == null ? 1 : 0
}
resource "azurerm_advanced_threat_protection" "threat_protection" {
count = var.storage_account_primary_access_key == null ? 1 : 0
enabled = var.storage_account_enable_advanced_threat_protection
target_resource_id = azurerm_storage_account.storage[0].id
}
# Function App
resource "azurerm_function_app" "function_app" {
name = coalesce(var.function_app_custom_name, local.function_default_name)
app_service_plan_id = var.app_service_plan_id
location = var.location
resource_group_name = var.resource_group_name
storage_account_name = var.storage_account_name == null ? local.storage_default_name : var.storage_account_name
storage_account_access_key = var.storage_account_primary_access_key == null ? azurerm_storage_account.storage[0].primary_access_key : var.storage_account_primary_access_key
os_type = var.os_type
app_settings = merge(
local.default_application_settings,
var.function_app_application_settings,
)
dynamic "site_config" {
for_each = [merge(local.default_site_config, var.site_config)]
content {
always_on = lookup(site_config.value, "always_on", null)
ftps_state = lookup(site_config.value, "ftps_state", null)
http2_enabled = lookup(site_config.value, "http2_enabled", null)
ip_restriction = lookup(site_config.value, "ip_restriction", null)
linux_fx_version = lookup(site_config.value, "linux_fx_version", null)
min_tls_version = lookup(site_config.value, "min_tls_version", null)
pre_warmed_instance_count = lookup(site_config.value, "pre_warmed_instance_count", null)
scm_ip_restriction = lookup(site_config.value, "scm_ip_restriction", null)
scm_type = lookup(site_config.value, "scm_type", null)
scm_use_main_ip_restriction = lookup(site_config.value, "scm_use_main_ip_restriction", null)
use_32_bit_worker_process = lookup(site_config.value, "use_32_bit_worker_process", null)
websockets_enabled = lookup(site_config.value, "websockets_enabled", null)
dynamic "cors" {
for_each = lookup(site_config.value, "cors", [])
content {
allowed_origins = cors.value.allowed_origins
support_credentials = lookup(cors.value, "support_credentials", null)
}
}
}
}
https_only = var.https_only
lifecycle {
ignore_changes = [
app_settings.WEBSITE_RUN_FROM_ZIP,
app_settings.WEBSITE_RUN_FROM_PACKAGE,
app_settings.MACHINEKEY_DecryptionKey,
app_settings.WEBSITE_CONTENTAZUREFILECONNECTIONSTRING,
app_settings.WEBSITE_CONTENTSHARE
]
}
dynamic "identity" {
for_each = var.identity_type != null ? ["fake"] : []
content {
type = var.identity_type
# Avoid perpetual changes if SystemAssigned and identity_ids is not null
identity_ids = var.identity_type == "UserAssigned" ? var.identity_ids : null
}
}
version = "~${var.function_app_version}"
tags = merge(var.extra_tags, var.function_app_extra_tags, local.default_tags)
}