From 6df7f67539c726b590c2823607d278231b28461d Mon Sep 17 00:00:00 2001 From: NotMaharshi Date: Wed, 31 Jul 2024 22:58:25 +0530 Subject: [PATCH] feat: Added and tested application stacks for linux and windows web app --- .github/workflows/auto_assignee.yml | 14 + .github/workflows/automerge.yml | 12 + .github/workflows/changelog.yml | 2 +- .github/workflows/readme.yml | 11 +- .github/workflows/tf-checks.yml | 21 + .github/workflows/tflint.yml | 11 + .github/workflows/tfsec.yml | 2 +- _example/complete/linux_web_app/main.tf | 125 ++++++ .../complete/{ => linux_web_app}/outputs.tf | 0 _example/complete/linux_web_app/variables.tf | 98 +++++ .../complete/{ => linux_web_app}/versions.tf | 0 _example/complete/main.tf | 123 ------ _example/complete/variables.tf | 28 -- _example/complete/windows_web_app/main.tf | 110 ++++++ .../outputs.tf} | 0 .../complete/windows_web_app/variables.tf | 73 ++++ _example/complete/windows_web_app/versions.tf | 12 + main.tf | 370 ++++++++++-------- outputs.tf | 55 --- variables.tf | 335 +++++++--------- 20 files changed, 824 insertions(+), 578 deletions(-) create mode 100644 .github/workflows/auto_assignee.yml create mode 100644 .github/workflows/automerge.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml create mode 100644 _example/complete/linux_web_app/main.tf rename _example/complete/{ => linux_web_app}/outputs.tf (100%) create mode 100644 _example/complete/linux_web_app/variables.tf rename _example/complete/{ => linux_web_app}/versions.tf (100%) delete mode 100644 _example/complete/main.tf delete mode 100644 _example/complete/variables.tf create mode 100644 _example/complete/windows_web_app/main.tf rename _example/complete/{variables.auto.tfvars => windows_web_app/outputs.tf} (100%) create mode 100644 _example/complete/windows_web_app/variables.tf create mode 100644 _example/complete/windows_web_app/versions.tf diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..5354997 --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assignee: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.2.7 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..bd2d04f --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- +name: Auto merge +on: + pull_request: +jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.2.7 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'basic-example / Check code format' +... \ No newline at end of file diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 8d61c56..f201ad9 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,6 +7,6 @@ on: workflow_dispatch: jobs: call-workflow-changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.2.7 with: branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 8b60bee..f1a4ed9 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -13,29 +13,28 @@ jobs: uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB }}' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.1 continue-on-error: true - name: 'pre-commit fix erros' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.1 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..207bc31 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,21 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + basic-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.7 + with: + working_directory: './_example/basic/' + + complete-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.7 + with: + working_directory: './_example/complete/' + + vnet_with_existing_ddos_id-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.7 + with: + working_directory: './_example/vnet_with_existing_ddos_id/' \ No newline at end of file diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..1046473 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.2.7 + secrets: + GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 9aaf588..b4a8251 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.2.7 secrets: inherit with: working_directory: '.' \ No newline at end of file diff --git a/_example/complete/linux_web_app/main.tf b/_example/complete/linux_web_app/main.tf new file mode 100644 index 0000000..2bf97bb --- /dev/null +++ b/_example/complete/linux_web_app/main.tf @@ -0,0 +1,125 @@ +provider "azurerm" { + features {} +} + +##----------------------------------------------------------------------------- +## Resource group +##----------------------------------------------------------------------------- +module "resource_group" { + source = "clouddrove/resource-group/azure" + version = "1.0.2" + + label_order = ["name", "environment"] + name = "rg-example" + environment = "test" + location = "Canada Central" +} + +##----------------------------------------------------------------------------- +## Log Analytics +##----------------------------------------------------------------------------- +module "log-analytics" { + source = "clouddrove/log-analytics/azure" + version = "1.0.1" + name = "app" + environment = "test" + label_order = ["name", "environment"] + create_log_analytics_workspace = true + log_analytics_workspace_sku = "PerGB2018" + resource_group_name = module.resource_group.resource_group_name + log_analytics_workspace_location = module.resource_group.resource_group_location +} + +##----------------------------------------------------------------------------- +## Linux web app +##----------------------------------------------------------------------------- +module "linux-web-app" { + source = "../../.." + enable = true + name = "app" + environment = "testing" + label_order = ["name", "environment", ] + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + + os_type = var.os_type + sku_name = var.linux_sku_name + + + + ##----------------------------------------------------------------------------- + ## To Deploy Container + ##----------------------------------------------------------------------------- + use_docker = true + docker_image_name = var.docker_image_name + docker_registry_url = ".azurecr.io" + docker_registry_username = "" + docker_registry_password = "" + acr_id = "" + + ##----------------------------------------------------------------------------- + ## Node application + ##----------------------------------------------------------------------------- + use_node = false + node_version = var.node_version + + ##----------------------------------------------------------------------------- + ## Dot net application + ##----------------------------------------------------------------------------- + use_dotnet = false + dotnet_version = var.dotnet_version + + ##----------------------------------------------------------------------------- + ## Java application + ##----------------------------------------------------------------------------- + use_java = false + java_version = var.java_version + java_server = var.java_server + java_server_version = var.java_server_version + + + ##----------------------------------------------------------------------------- + ## python application + ##----------------------------------------------------------------------------- + + use_python = false + python_version = var.python_version + + ##----------------------------------------------------------------------------- + ## php application + ##----------------------------------------------------------------------------- + + use_php = false + php_version = var.php_version + + ##----------------------------------------------------------------------------- + ## Ruby application + ##----------------------------------------------------------------------------- + + use_ruby = false + ruby_version = var.ruby_version + + ##----------------------------------------------------------------------------- + ## Go application + ##----------------------------------------------------------------------------- + + use_go = false + go_version = var.go_version + + site_config = var.site_config + app_settings = var.app_settings + + ##----------------------------------------------------------------------------- + ## App service logs + ##----------------------------------------------------------------------------- + + app_service_logs = var.app_service_logs + + + ##----------------------------------------------------------------------------- + ## log analytics + ##----------------------------------------------------------------------------- + log_analytics_workspace_id = module.log-analytics.workspace_id + app_insights_workspace_id = module.log-analytics.workspace_id # log analytics workspace id in app insights +} + diff --git a/_example/complete/outputs.tf b/_example/complete/linux_web_app/outputs.tf similarity index 100% rename from _example/complete/outputs.tf rename to _example/complete/linux_web_app/outputs.tf diff --git a/_example/complete/linux_web_app/variables.tf b/_example/complete/linux_web_app/variables.tf new file mode 100644 index 0000000..f69aaef --- /dev/null +++ b/_example/complete/linux_web_app/variables.tf @@ -0,0 +1,98 @@ +##----------------------------------------------------------------------------- +## App Service +##----------------------------------------------------------------------------- + +variable "linux_sku_name" { + default = "B1" + +} + +variable "os_type" { + default = "Linux" +} + +variable "enable" { + default = true +} + +variable "is_linux_webapp" { + default = true +} + +variable "dotnet_version" { + default = "8.0" +} + +variable "node_version" { + default = "20-lts" +} + +variable "site_config" { + default = { + container_registry_use_managed_identity = true # Set to true + } +} + +variable "app_settings" { + type = map(string) + description = "A map of settings for the application" + default = { + foo = "bar" + } +} + +variable "php_version" { + type = string + default = "8.2" +} + +variable "python_version" { + type = string + default = "3.12" +} + +variable "go_version" { + type = string + default = "1.19" +} + +variable "ruby_version" { + type = string + default = "2.7" +} + +variable "java_version" { + type = string + default = "17" +} + +variable "java_server" { + type = string + default = "JAVA" + # Possible values include JAVA, TOMCAT, and JBOSSEAP ( Its in premium sku ). +} + +variable "java_server_version" { + type = string + default = "17" +} + +variable "docker_image_name" { + default = "nginx:latest" +} + +variable "app_service_logs" { + default = { + detailed_error_messages = false + failed_request_tracing = false + application_logs = { + file_system_level = "Information" + } + http_logs = { + file_system = { + retention_in_days = 7 + retention_in_mb = 35 + } + } + } +} diff --git a/_example/complete/versions.tf b/_example/complete/linux_web_app/versions.tf similarity index 100% rename from _example/complete/versions.tf rename to _example/complete/linux_web_app/versions.tf diff --git a/_example/complete/main.tf b/_example/complete/main.tf deleted file mode 100644 index f272ccb..0000000 --- a/_example/complete/main.tf +++ /dev/null @@ -1,123 +0,0 @@ -provider "azurerm" { - features {} -} - -# Resource Group -module "resource_group" { - source = "clouddrove/resource-group/azure" - version = "1.0.2" - - label_order = ["name", "environment"] - name = "rg-example" - environment = "test" - location = "Canada Central" -} - -module "log-analytics" { - source = "clouddrove/log-analytics/azure" - version = "1.0.1" - name = "app" - environment = "test" - label_order = ["name", "environment"] - create_log_analytics_workspace = true - log_analytics_workspace_sku = "PerGB2018" - resource_group_name = module.resource_group.resource_group_name - log_analytics_workspace_location = module.resource_group.resource_group_location -} - -# APP Service -module "windows-web-app" { - source = "../../" - # enable = true - count = var.enable && var.is_linux_webapp ? 0 : 1 - name = "app" - environment = "testing" - label_order = ["name", "environment", ] - resource_group_name = module.resource_group.resource_group_name - location = module.resource_group.resource_group_location - - os_type = var.windows_os_type - sku_name = var.windows_sku_name - - #log-analytics - log_analytics_workspace_id = module.log-analytics.workspace_id - app_insights_workspace_id = module.log-analytics.workspace_id # insights mein log analytics ki workspace id - - #app-service logs - # app_service_logs = var.app_service_logs - - - # service_plan = { - # kind = "Windows" - # size = "S1" - # tier = "Free" - # } - - # app_service_name = "test-app-service" - # enable_client_affinity = true - # enable_https = true - - site_config = { - use_32_bit_worker_process = true - } - - # site_config = var.site_config - # app_settings = var.app_settings - - - - app_settings = { - WEBSITE_NODE_DEFAULT_VERSION = "~16" - # linux_fx_version = "node|18-lts" - } -} - - -# APP Service -module "linux-web-app" { - source = "../../" - # enable = true - count = var.enable && var.is_linux_webapp ? 1 : 0 - name = "app" - environment = "testing" - label_order = ["name", "environment", ] - resource_group_name = module.resource_group.resource_group_name - location = module.resource_group.resource_group_location - - os_type = var.linux_os_type - sku_name = var.linux_sku_name - - #log-analytics - log_analytics_workspace_id = module.log-analytics.workspace_id - app_insights_workspace_id = module.log-analytics.workspace_id # insights mein log analytics ki workspace id - - #app-service logs - # app_service_logs = var.app_service_logs - - - # service_plan = { - # kind = "Windows" - # size = "S1" - # tier = "Free" - # } - - # app_service_name = "test-app-service" - # enable_client_affinity = true - # enable_https = true - - site_config = { - use_32_bit_worker_process = true - } - - # site_config = var.site_config - # app_settings = var.app_settings - - - - app_settings = { - WEBSITE_NODE_DEFAULT_VERSION = "~16" - # linux_fx_version = "node|18-lts" - } -} - - diff --git a/_example/complete/variables.tf b/_example/complete/variables.tf deleted file mode 100644 index 9da0c61..0000000 --- a/_example/complete/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -# App Service Plan - -variable "windows_sku_name" { - default = "S1" -} - -variable "windows_os_type" { - default = "Windows" -} - -variable "linux_sku_name" { - default = "B1" - -} - -variable "linux_os_type" { - default = "Linux" - -} - -variable "enable" { - default = true -} - -variable "is_linux_webapp" { - default = true -} - diff --git a/_example/complete/windows_web_app/main.tf b/_example/complete/windows_web_app/main.tf new file mode 100644 index 0000000..96707c6 --- /dev/null +++ b/_example/complete/windows_web_app/main.tf @@ -0,0 +1,110 @@ +provider "azurerm" { + features {} +} + +##----------------------------------------------------------------------------- +## Resource group +##----------------------------------------------------------------------------- +module "resource_group" { + source = "clouddrove/resource-group/azure" + version = "1.0.2" + + label_order = ["name", "environment"] + name = "rg-example" + environment = "test" + location = "Canada Central" +} + +module "log-analytics" { + source = "clouddrove/log-analytics/azure" + version = "1.0.1" + name = "app" + environment = "test" + label_order = ["name", "environment"] + create_log_analytics_workspace = true + log_analytics_workspace_sku = "PerGB2018" + resource_group_name = module.resource_group.resource_group_name + log_analytics_workspace_location = module.resource_group.resource_group_location +} + +##----------------------------------------------------------------------------- +## Windows web app +##----------------------------------------------------------------------------- +module "windows-web-app" { + source = "../../.." + enable = true + name = "app" + environment = "testing" + label_order = ["name", "environment", ] + resource_group_name = module.resource_group.resource_group_name + location = module.resource_group.resource_group_location + + os_type = var.os_type + sku_name = var.windows_sku_name + + ##----------------------------------------------------------------------------- + ## log analytics + ##----------------------------------------------------------------------------- + log_analytics_workspace_id = module.log-analytics.workspace_id + app_insights_workspace_id = module.log-analytics.workspace_id + + ##----------------------------------------------------------------------------- + ## app service logs + ##----------------------------------------------------------------------------- + app_service_logs = var.app_service_logs + + + site_config = var.site_config + app_settings = var.app_settings + + ##----------------------------------------------------------------------------- + ## Current stack ( Possible values -> dotnet, dotnetcore, node, python, php, and java ) + ##----------------------------------------------------------------------------- + + current_stack = "dotnet" # Specify runtime stack here + + ##----------------------------------------------------------------------------- + ## Dot net + ##----------------------------------------------------------------------------- + use_dotnet = false # Make it true if want to use it + dotnet_version = var.dotnet_version # For dotnet + dotnet_core_version = var.dotnet_core_version # For dotnetcore + + ##----------------------------------------------------------------------------- + ## Node application + ##----------------------------------------------------------------------------- + use_node = false + node_version = var.node_version + + ##----------------------------------------------------------------------------- + ## python application + ##----------------------------------------------------------------------------- + + use_python = false # Can only be a bool (true to use it) + + ##----------------------------------------------------------------------------- + ## php application + ##----------------------------------------------------------------------------- + + use_php = false + php_version = var.php_version + + ##----------------------------------------------------------------------------- + ## java application + ##----------------------------------------------------------------------------- + + use_java = true + java_version = var.java_version + + ##----------------------------------------------------------------------------- + ## To Deploy Docker Container + ##----------------------------------------------------------------------------- + + use_docker = true # Make it true if want to use it + docker_image_name = var.docker_image_name + docker_registry_url = ".azurecr.io" + docker_registry_username = "" + docker_registry_password = "" + acr_id = "" + +} \ No newline at end of file diff --git a/_example/complete/variables.auto.tfvars b/_example/complete/windows_web_app/outputs.tf similarity index 100% rename from _example/complete/variables.auto.tfvars rename to _example/complete/windows_web_app/outputs.tf diff --git a/_example/complete/windows_web_app/variables.tf b/_example/complete/windows_web_app/variables.tf new file mode 100644 index 0000000..f8a5887 --- /dev/null +++ b/_example/complete/windows_web_app/variables.tf @@ -0,0 +1,73 @@ +variable "windows_sku_name" { + default = "S1" +} + +variable "os_type" { + default = "Windows" +} + +variable "enable" { + default = true +} + +variable "is_linux_webapp" { + default = false +} + +variable "dotnet_version" { + default = "v8.0" +} + +variable "dotnet_core_version" { + default = "v4.0" +} + +variable "node_version" { + default = "~20" +} + +variable "python_version" { + default = "1.8.0" +} + +variable "php_version" { + default = "8.3" +} + +variable "java_version" { + default = "17" +} + +variable "site_config" { + default = { + container_registry_use_managed_identity = true # Set to true + } +} + +variable "app_settings" { + type = map(string) + description = "A map of settings for the application" + default = { + foo = "bar" + } +} + +variable "docker_image_name" { + default = "nginx-test:latest" # Windows-based Docker image should be used here +} + +variable "app_service_logs" { + default = { + detailed_error_messages = false + failed_request_tracing = false + application_logs = { + file_system_level = "Information" + } + http_logs = { + file_system = { + retention_in_days = 7 + retention_in_mb = 35 + } + } + } +} diff --git a/_example/complete/windows_web_app/versions.tf b/_example/complete/windows_web_app/versions.tf new file mode 100644 index 0000000..76ed51f --- /dev/null +++ b/_example/complete/windows_web_app/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 1.9.0" +} + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=3.109.0" #3.100.0 + } + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index 9eceb49..4beb4d5 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,14 @@ ## Managed By : CloudDrove ## Copyright @ CloudDrove. All Right Reserved. +##----------------------------------------------------------------------------- +## DATA +##----------------------------------------------------------------------------- +data "azurerm_client_config" "main" {} - +##----------------------------------------------------------------------------- +## Labels module called that will be used for naming and tags. +##----------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/azure" @@ -15,26 +21,9 @@ module "labels" { repository = var.repository } -#---------------------------------------------DATA-----------------------------------------------# -data "azurerm_client_config" "main" {} - -#---------------------------------------------APP SERVICE PLAN-----------------------------------------------# -resource "azurerm_service_plan" "main" { - count = var.enable ? 1 : 0 - name = format("%s-asp", module.labels.id) - resource_group_name = var.resource_group_name - location = var.location - - os_type = var.os_type - sku_name = var.sku_name - worker_count = var.sku_name == "B1" ? null : var.worker_count - maximum_elastic_worker_count = var.maximum_elastic_worker_count - app_service_environment_id = var.app_service_environment_id - per_site_scaling_enabled = var.per_site_scaling_enabled - tags = module.labels.tags -} - -#---------------------------------------------Locals-----------------------------------------------------# +##----------------------------------------------------------------------------- +## Locals +##----------------------------------------------------------------------------- locals { default_site_config = { always_on = "true" @@ -173,11 +162,30 @@ locals { private_dns_zone_name = var.existing_private_dns_zone == null ? join("", azurerm_private_dns_zone.dnszone.*.name) : var.existing_private_dns_zone } -#---------------------------------------------Linux web app-----------------------------------------------------# +##----------------------------------------------------------------------------- +## App service plan +##----------------------------------------------------------------------------- +resource "azurerm_service_plan" "main" { + count = var.enable ? 1 : 0 + name = format("%s-asp", module.labels.id) + resource_group_name = var.resource_group_name + location = var.location + + os_type = var.os_type + sku_name = var.sku_name + worker_count = var.sku_name == "B1" ? null : var.worker_count + maximum_elastic_worker_count = var.maximum_elastic_worker_count + app_service_environment_id = var.app_service_environment_id + per_site_scaling_enabled = var.per_site_scaling_enabled + tags = module.labels.tags +} + +##----------------------------------------------------------------------------- +## Linux web app +##----------------------------------------------------------------------------- resource "azurerm_linux_web_app" "main" { - # count = var.enable_linux_web_app ? 1 : 0 - count = var.enable && var.is_linux_webapp ? 1 : 0 + count = var.enable && var.os_type == "Linux" ? 1 : 0 name = format("%s-linux-app", module.labels.id) resource_group_name = var.resource_group_name location = var.location @@ -241,18 +249,20 @@ resource "azurerm_linux_web_app" "main" { vnet_route_all_enabled = var.app_service_vnet_integration_subnet_id != null - dynamic "application_stack" { - for_each = lookup(site_config.value, "application_stack", null) == null ? [] : ["application_stack"] - content { - dotnet_version = lookup(local.site_config.application_stack, "dotnet_version", null) - java_server = lookup(local.site_config.application_stack, "java_server", null) - java_server_version = lookup(local.site_config.application_stack, "java_server_version", null) - java_version = lookup(local.site_config.application_stack, "java_version", null) - node_version = lookup(local.site_config.application_stack, "node_version", null) - php_version = lookup(local.site_config.application_stack, "php_version", null) - python_version = lookup(local.site_config.application_stack, "python_version", null) - ruby_version = lookup(local.site_config.application_stack, "ruby_version", null) - } + application_stack { + docker_image_name = var.use_docker ? var.docker_image_name : null + docker_registry_url = var.use_docker ? format("https://%s", var.docker_registry_url) : null + docker_registry_username = var.use_docker ? var.docker_registry_username : null + docker_registry_password = var.use_docker ? var.docker_registry_password : null + dotnet_version = var.use_dotnet ? var.dotnet_version : null + node_version = var.use_node ? var.node_version : null + java_version = var.use_java ? var.java_version : null + java_server = var.use_java ? var.java_server : null + java_server_version = var.use_java ? var.java_server_version : null + php_version = var.use_php ? var.php_version : null + python_version = var.use_python ? var.python_version : null + ruby_version = var.use_ruby ? var.ruby_version : null + go_version = var.use_go ? var.go_version : null } dynamic "cors" { @@ -498,7 +508,7 @@ resource "azurerm_linux_web_app" "main" { lifecycle { ignore_changes = [ app_settings, - site_config.0.application_stack, + # site_config.0.application_stack, site_config.0.cors, site_config.0.ip_restriction_default_action, site_config.0.scm_ip_restriction_default_action, @@ -507,125 +517,12 @@ resource "azurerm_linux_web_app" "main" { } } -#------------------------------App insights-------------------------------------------------------# - -data "azurerm_application_insights" "app_insights" { - count = var.application_insights_enabled && var.application_insights_id != null ? 1 : 0 - - name = split("/", var.application_insights_id)[8] - resource_group_name = split("/", var.application_insights_id)[4] -} - -resource "azurerm_application_insights" "app_insights" { - count = var.enable && var.application_insights_enabled && var.application_insights_id == null ? 1 : 0 - - name = format("%s-app-insights", module.labels.id) - location = var.location - resource_group_name = var.resource_group_name - application_type = var.application_insights_type - sampling_percentage = var.application_insights_sampling_percentage - retention_in_days = var.retention_in_days - disable_ip_masking = var.disable_ip_masking - tags = module.labels.tags - workspace_id = var.app_insights_workspace_id # Added log analytics workspace id from module in main using this variable app_insights_workspace_id -} - -#----------------------------End point ---------------------------------------------------# - -resource "azurerm_private_endpoint" "pep" { - count = var.enable && var.enable_private_endpoint ? 1 : 0 - name = format("%s-pe-app-service", module.labels.id) - location = local.location - resource_group_name = local.resource_group_name - subnet_id = var.subnet_id - tags = module.labels.tags - private_service_connection { - name = format("%s-psc-app-service", module.labels.id) - is_manual_connection = false - private_connection_resource_id = azurerm_linux_web_app.main[0].id - subresource_names = ["sites"] - } - - lifecycle { - ignore_changes = [ - tags, - ] - } -} - -data "azurerm_private_endpoint_connection" "private-ip-0" { - count = var.enable && var.enable_private_endpoint ? 1 : 0 - name = join("", azurerm_private_endpoint.pep.*.name) - resource_group_name = local.resource_group_name - depends_on = [azurerm_linux_web_app.main] -} - -#---------------------------- Dns Zone ---------------------------------------------------# - -resource "azurerm_private_dns_zone" "dnszone" { - count = var.enable && var.existing_private_dns_zone == null && var.enable_private_endpoint ? 1 : 0 - name = "privatelink.azurewebsites.net" - resource_group_name = local.resource_group_name - tags = module.labels.tags -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" { - count = var.enable && var.enable_private_endpoint && (var.existing_private_dns_zone != null ? (var.existing_private_dns_zone_resource_group_name == "" ? false : true) : true) ? 1 : 0 - name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-app-service", module.labels.id) : format("%s-pdz-vnet-link-app-service-1", module.labels.id) - resource_group_name = local.valid_rg_name - private_dns_zone_name = local.private_dns_zone_name - virtual_network_id = var.virtual_network_id - tags = module.labels.tags -} - -#-------------------------- Telemetry --------------------------------------# - -resource "azurerm_application_insights_api_key" "read_telemetry" { - name = format("%s-app-insights-api-key", module.labels.id) - application_insights_id = azurerm_application_insights.app_insights[0].id - read_permissions = var.read_permissions -} - -#---------------------------- Vnet Integration ---------------------------------------------------# - -resource "azurerm_app_service_virtual_network_swift_connection" "main" { - count = var.enable_vnet_integration == true ? 1 : 0 - app_service_id = azurerm_linux_web_app.main[0].id - subnet_id = var.integration_subnet_id -} - -#---------------------------- Diagnostic Settings ---------------------------------------------------# - -resource "azurerm_monitor_diagnostic_setting" "diagnostic" { - count = var.enable && var.enable_diagnostic ? 1 : 0 - name = format("%s-diagnostic-log", module.labels.id) - target_resource_id = var.enable && var.is_linux_webapp ? azurerm_linux_web_app.main[0].id : azurerm_windows_web_app.main[0].id # Added condition for both linux and windows - log_analytics_workspace_id = var.log_analytics_workspace_id - storage_account_id = var.storage_account_id - eventhub_name = var.eventhub_name - eventhub_authorization_rule_id = var.eventhub_authorization_rule_id - log_analytics_destination_type = var.log_analytics_destination_type - dynamic "enabled_log" { - for_each = var.log_category - content { - category = enabled_log.value - } - } - - dynamic "metric" { - for_each = var.metric_enabled ? ["AllMetrics"] : [] - content { - category = metric.value - enabled = true - } - } -} - - -#------------------------------------------------------------- Windows Web App ------------------------------------------------------------------------------------# +##----------------------------------------------------------------------------- +## Windows web app +##----------------------------------------------------------------------------- resource "azurerm_windows_web_app" "main" { - count = var.enable && var.is_linux_webapp ? 0 : 1 + count = var.enable && var.os_type == "Windows" ? 1 : 0 name = format("%s-windows-app", module.labels.id) resource_group_name = var.resource_group_name location = var.location @@ -688,19 +585,20 @@ resource "azurerm_windows_web_app" "main" { vnet_route_all_enabled = var.app_service_vnet_integration_subnet_id != null - dynamic "application_stack" { - for_each = lookup(site_config.value, "application_stack", null) == null ? [] : ["application_stack"] - content { - current_stack = lookup(local.site_config.application_stack, "current_stack", null) - dotnet_version = lookup(local.site_config.application_stack, "dotnet_version", null) - dotnet_core_version = lookup(local.site_config.application_stack, "dotnet_core_version", null) - tomcat_version = lookup(local.site_config.application_stack, "tomcat_version", null) - java_embedded_server_enabled = lookup(local.site_config.application_stack, "java_embedded_server_enabled", false) - java_version = lookup(local.site_config.application_stack, "java_version", null) - node_version = lookup(local.site_config.application_stack, "node_version", null) - php_version = lookup(local.site_config.application_stack, "php_version", null) - python = lookup(local.site_config.application_stack, "python", false) || lookup(local.site_config.application_stack, "python_version", null) != null - } + application_stack { + docker_image_name = var.use_docker ? var.docker_image_name : null + docker_registry_url = var.use_docker ? format("https://%s", var.docker_registry_url) : null + docker_registry_username = var.use_docker ? var.docker_registry_username : null + docker_registry_password = var.use_docker ? var.docker_registry_password : null + current_stack = var.use_current_stack ? var.current_stack : null + python = var.use_python && var.current_stack == "python" ? var.use_python : null # Can only be true or false + php_version = var.use_php && var.current_stack == "php" ? var.php_version : null + node_version = var.use_node && var.current_stack == "node" ? var.node_version : null + java_version = var.use_java && var.current_stack == "java" ? var.java_version : null + java_embedded_server_enabled = var.use_java && var.current_stack == "java" ? var.java_embedded_server_enabled : null + tomcat_version = var.use_tomcat ? var.tomcat_version : null + dotnet_version = var.use_dotnet && var.current_stack == "dotnet" ? var.dotnet_version : null + dotnet_core_version = var.use_dotnet && var.current_stack == "dotnetcore" ? var.dotnet_core_version : null } dynamic "cors" { @@ -946,7 +844,7 @@ resource "azurerm_windows_web_app" "main" { lifecycle { ignore_changes = [ app_settings, - site_config.0.application_stack, + # site_config.0.application_stack, site_config.0.cors, site_config.0.ip_restriction_default_action, site_config.0.scm_ip_restriction_default_action, @@ -955,3 +853,139 @@ resource "azurerm_windows_web_app" "main" { } } +##----------------------------------------------------------------------------- +## Application Insights +##----------------------------------------------------------------------------- + +data "azurerm_application_insights" "app_insights" { + count = var.application_insights_enabled && var.application_insights_id != null ? 1 : 0 + + name = split("/", var.application_insights_id)[8] + resource_group_name = split("/", var.application_insights_id)[4] +} + +resource "azurerm_application_insights" "app_insights" { + count = var.enable && var.application_insights_enabled && var.application_insights_id == null ? 1 : 0 + + name = format("%s-app-insights", module.labels.id) + location = var.location + resource_group_name = var.resource_group_name + application_type = var.application_insights_type + sampling_percentage = var.application_insights_sampling_percentage + retention_in_days = var.retention_in_days + disable_ip_masking = var.disable_ip_masking + tags = module.labels.tags + workspace_id = var.app_insights_workspace_id # Added log analytics workspace id from module in main using this variable app_insights_workspace_id +} + +##----------------------------------------------------------------------------- +## End Point +##----------------------------------------------------------------------------- + +resource "azurerm_private_endpoint" "pep" { + count = var.enable && var.enable_private_endpoint ? 1 : 0 + name = format("%s-pe-app-service", module.labels.id) + location = local.location + resource_group_name = local.resource_group_name + subnet_id = var.subnet_id + tags = module.labels.tags + private_service_connection { + name = format("%s-psc-app-service", module.labels.id) + is_manual_connection = false + private_connection_resource_id = azurerm_linux_web_app.main[0].id + subresource_names = ["sites"] + } + + lifecycle { + ignore_changes = [ + tags, + ] + } +} + +data "azurerm_private_endpoint_connection" "private-ip-0" { + count = var.enable && var.enable_private_endpoint ? 1 : 0 + name = join("", azurerm_private_endpoint.pep.*.name) + resource_group_name = local.resource_group_name + depends_on = [azurerm_linux_web_app.main] +} + +##----------------------------------------------------------------------------- +## Dns Zone +##----------------------------------------------------------------------------- + +resource "azurerm_private_dns_zone" "dnszone" { + count = var.enable && var.existing_private_dns_zone == null && var.enable_private_endpoint ? 1 : 0 + name = "privatelink.azurewebsites.net" + resource_group_name = local.resource_group_name + tags = module.labels.tags +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vent-link" { + count = var.enable && var.enable_private_endpoint && (var.existing_private_dns_zone != null ? (var.existing_private_dns_zone_resource_group_name == "" ? false : true) : true) ? 1 : 0 + name = var.existing_private_dns_zone == null ? format("%s-pdz-vnet-link-app-service", module.labels.id) : format("%s-pdz-vnet-link-app-service-1", module.labels.id) + resource_group_name = local.valid_rg_name + private_dns_zone_name = local.private_dns_zone_name + virtual_network_id = var.virtual_network_id + tags = module.labels.tags +} + +##----------------------------------------------------------------------------- +## Telemetry +##----------------------------------------------------------------------------- + +resource "azurerm_application_insights_api_key" "read_telemetry" { + name = format("%s-app-insights-api-key", module.labels.id) + application_insights_id = azurerm_application_insights.app_insights[0].id + read_permissions = var.read_permissions +} + +##----------------------------------------------------------------------------- +## Vnet Integration +##----------------------------------------------------------------------------- + +resource "azurerm_app_service_virtual_network_swift_connection" "main" { + count = var.enable_vnet_integration == true ? 1 : 0 + app_service_id = azurerm_linux_web_app.main[0].id + subnet_id = var.integration_subnet_id +} + +##----------------------------------------------------------------------------- +## Diagnostic settings +##----------------------------------------------------------------------------- + +resource "azurerm_monitor_diagnostic_setting" "diagnostic" { + count = var.enable && var.enable_diagnostic ? 1 : 0 + name = format("%s-diagnostic-log", module.labels.id) + target_resource_id = var.enable && var.os_type == "Linux" ? azurerm_linux_web_app.main[0].id : azurerm_windows_web_app.main[0].id # Added condition for both linux and windows + log_analytics_workspace_id = var.log_analytics_workspace_id + storage_account_id = var.storage_account_id + eventhub_name = var.eventhub_name + eventhub_authorization_rule_id = var.eventhub_authorization_rule_id + log_analytics_destination_type = var.log_analytics_destination_type + dynamic "enabled_log" { + for_each = var.log_category + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.metric_enabled ? ["AllMetrics"] : [] + content { + category = metric.value + enabled = true + } + } +} + +##----------------------------------------------------------------------------- +## Acr Role assignment +##----------------------------------------------------------------------------- +resource "azurerm_role_assignment" "acr_pull" { + count = var.enable && var.use_docker && var.site_config.container_registry_use_managed_identity == true ? 1 : 0 + principal_id = var.enable && var.os_type == "Linux" ? azurerm_linux_web_app.main[0].identity.0.principal_id : azurerm_windows_web_app.main[0].identity.0.principal_id # Updated Condition + role_definition_name = "AcrPull" + scope = var.acr_id + skip_service_principal_aad_check = true +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 5af6a1e..bdc8d20 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,58 +1,3 @@ -# output "service_plan_id" { -# value = azurerm_service_plan.main.id -# description = "The ID of the App Service Plan component." -# } - -# output "maximum_number_of_workers" { -# value = azurerm_service_plan.main.worker_count -# description = "The maximum number of workers supported with the App Service Plan's sku." -# } - -# output "id" { -# value = azurerm_linux_web_app.main[0].id -# description = "The ID of the App Service." -# } - -# output "custom_domain_verification_id" { -# value = azurerm_linux_web_app.main[0].custom_domain_verification_id -# description = "An identifier used by App Service to perform domain ownership verification via DNS TXT record." -# } - -# output "default_site_hostname" { -# value = azurerm_linux_web_app.main[0].default_hostname -# description = "The Default Hostname associated with the App Service - such as mysite.azurewebsites.net" -# } - -# output "outbound_ip_addresses" { -# value = azurerm_linux_web_app.main[0].outbound_ip_addresses -# description = "A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12" -# } - -# output "outbound_ip_address_list" { -# value = join("", azurerm_linux_web_app.main[0].outbound_ip_address_list) -# description = "A list of outbound IP addresses - such as ['52.23.25.3', '52.143.43.12']" -# } - -# output "possible_outbound_ip_addresses" { -# value = azurerm_linux_web_app.main[0].possible_outbound_ip_addresses -# description = "A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12,52.143.43.17 - not all of which are necessarily in use. Superset of outbound_ip_addresses" -# } - -# output "possible_outbound_ip_address_list" { -# value = join("", azurerm_linux_web_app.main[0].possible_outbound_ip_address_list) -# description = "A list of outbound IP addresses - such as ['52.23.25.3', '52.143.43.12', '52.143.43.17'] - not all of which are necessarily in use. Superset of outbound_ip_address_list" -# } - -# # output "source_control" { -# # value = azurerm_linux_web_app.main[0].source_control -# # description = "A source_control block as defined below, which contains the Source Control information when scm_type is set to LocalGit." -# # } - -# output "site_credential" { -# value = azurerm_linux_web_app.main[0].site_credential -# description = "A site_credential block as defined below, which contains the site-level credentials used to publish to this App Service." -# } - output "service_plan_id" { description = "The ID of the App Service Plan component." value = azurerm_service_plan.main[*].id diff --git a/variables.tf b/variables.tf index 8c5cee5..e271e4c 100644 --- a/variables.tf +++ b/variables.tf @@ -213,6 +213,54 @@ variable "docker_registry_password" { description = "The User Name to use for authentication against the registry to pull the image." } +variable "dotnet_version" { + type = string + default = null + description = "dotnet version" +} + +variable "java_server" { + type = string + default = null + description = "Java server" +} + +variable "java_server_version" { + type = string + default = null + description = "Java server version" +} + +variable "java_version" { + type = string + default = null + description = "Java version" +} + +variable "node_version" { + type = string + default = null + description = "Node version" +} + +variable "php_version" { + type = string + default = null + description = "php version" +} + +variable "python_version" { + type = string + default = null + description = "Python version" +} + +variable "ruby_version" { + type = string + default = null + description = "Ruby version" +} + variable "application_insights_enabled" { description = "Use Application Insights for this App Service" type = bool @@ -372,193 +420,12 @@ variable "eventhub_authorization_rule_id" { description = "Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG." } -#------------- Web app ---------------------# - variable "is_linux_webapp" { description = "Enable linux web app" type = bool default = true } - -# variable "name" { -# type = string -# default = "" -# description = "Name (e.g. `app` or `cluster`)." -# } - -# variable "environment" { -# type = string -# default = "" -# description = "Environment (e.g. `prod`, `dev`, `staging`)." -# } - -# variable "repository" { -# type = string -# default = "" -# description = "Terraform current module repo" -# } - -# variable "label_order" { -# type = list(any) -# default = [] -# description = "Label order, e.g. sequence of application name and environment `name`,`environment`,'attribute' [`webserver`,`qa`,`devops`,`public`,] ." -# } - -# variable "managedby" { -# type = string -# default = "" -# description = "ManagedBy, eg ''." -# } - -# variable "enabled" { -# type = bool -# description = "Set to false to prevent the module from creating any resources." -# default = true -# } - -# variable "resource_group_name" { -# type = string -# default = "" -# description = "A container that holds related resources for an Azure solution" - -# } - -# variable "location" { -# type = string -# default = null -# description = "Location where resource group will be created." -# } - - -# variable "tags" { -# type = map(string) -# default = {} -# description = "A map of tags to add to all resources" -# } - -# # APP SERVICE PLAN - -# variable "os_type" { -# description = "The O/S type for the App Services to be hosted in this plan. Possible values include `Windows`, `Linux`, and `WindowsContainer`." -# type = string - -# validation { -# condition = try(contains(["Windows", "Linux", "WindowsContainer"], var.os_type), true) -# error_message = "The `os_type` value must be valid. Possible values are `Windows`, `Linux`, and `WindowsContainer`." -# } -# } - -# variable "sku_name" { -# description = "The SKU for the plan. Possible values include B1, B2, B3, D1, F1, FREE, I1, I2, I3, I1v2, I2v2, I3v2, P1v2, P2v2, P3v2, P1v3, P2v3, P3v3, S1, S2, S3, SHARED, Y1, EP1, EP2, EP3, WS1, WS2, and WS3." -# type = string - -# validation { -# condition = try(contains(["B1", "B2", "B3", "D1", "F1", "FREE", "I1", "I2", "I3", "I1v2", "I2v2", "I3v2", "P1v2", "P2v2", "P3v2", "P1v3", "P2v3", "P3v3", "S1", "S2", "S3", "SHARED", "Y1", "EP1", "EP2", "EP3", "WS1", "WS2", "WS3"], var.sku_name), true) -# error_message = "The `sku_name` value must be valid. Possible values include B1, B2, B3, D1, F1, FREE, I1, I2, I3, I1v2, I2v2, I3v2, P1v2, P2v2, P3v2, P1v3, P2v3, P3v3, S1, S2, S3, SHARED, Y1, EP1, EP2, EP3, WS1, WS2, and WS3." -# } -# } - -# variable "service_plan" { -# description = "Definition of the dedicated plan to use" -# type = object({ -# kind = string -# size = string -# capacity = optional(number) -# tier = string -# per_site_scaling = optional(bool) -# }) -# } - -# variable "ips_allowed" { -# description = "IPs restriction for App Service to allow specific IP addresses or ranges" -# type = list(string) -# default = [] -# } - -# variable "subnet_ids_allowed" { -# description = "Allow Specific Subnets for App Service" -# type = list(string) -# default = [] -# } - -# # APP SERVICE - -# variable "app_service_name" { -# description = "Specifies the name of the App Service." -# default = "" -# } - -# variable "app_settings" { -# description = "A key-value pair of App Settings." -# type = map(string) -# default = {} -# } - -# variable "enable_client_affinity" { -# description = "Should the App Service send session affinity cookies, which route client requests in the same session to the same instance?" -# default = false -# } - -# variable "enable_https" { -# description = "Can the App Service only be accessed via HTTPS?" -# default = false -# } - -# variable "enable_client_certificate" { -# description = "Does the App Service require client certificates for incoming requests" -# default = false -# } - -# variable "site_config" { -# description = "Site configuration for Application Service" -# type = any -# default = {} -# } - -# variable "enable_auth_settings" { -# description = "Specifies the Authenication enabled or not" -# default = false -# } - -# variable "default_auth_provider" { -# description = "The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`" -# default = "AzureActiveDirectory" -# } - -# variable "unauthenticated_client_action" { -# description = "The action to take when an unauthenticated client attempts to access the app. Possible values are `AllowAnonymous` and `RedirectToLoginPage`" -# default = "RedirectToLoginPage" -# } - -# variable "token_store_enabled" { -# description = "If enabled the module will durably store platform-specific security tokens that are obtained during login flows" -# default = false -# } - -# variable "active_directory_auth_setttings" { -# description = "Acitve directory authentication provider settings for app service" -# type = any -# default = {} -# } - -# variable "connection_strings" { -# description = "Connection strings for App Service" -# type = list(map(string)) -# default = [] -# } - -# variable "identity_ids" { -# description = "Specifies a list of user managed identity ids to be assigned" -# default = null -# } - -# variable "storage_mounts" { -# description = "Storage account mount points for App Service" -# type = list(map(string)) -# default = [] -# } - # # Private Endpoint variable "virtual_network_id" { @@ -592,23 +459,23 @@ variable "existing_private_dns_zone_resource_group_name" { } # ## Addon vritual link -# variable "addon_vent_link" { -# type = bool -# default = false -# description = "The name of the addon vnet " -# } +variable "addon_vent_link" { + type = bool + default = false + description = "The name of the addon vnet " +} -# variable "addon_resource_group_name" { -# type = string -# default = "" -# description = "The name of the addon vnet resource group" -# } +variable "addon_resource_group_name" { + type = string + default = "" + description = "The name of the addon vnet resource group" +} -# variable "addon_virtual_network_id" { -# type = string -# default = "" -# description = "The name of the addon vnet link vnet id" -# } +variable "addon_virtual_network_id" { + type = string + default = "" + description = "The name of the addon vnet link vnet id" +} # # app insights # variable "application_insights_enabled" { @@ -660,4 +527,80 @@ variable "app_insights_workspace_id" { variable "read_permissions" { type = list(string) default = ["aggregate", "api", "draft", "extendqueries", "search"] +} + +variable "use_docker" { + type = bool + default = false +} + +variable "use_dotnet" { + type = bool + default = false +} + +variable "use_php" { + type = bool + default = false +} + +variable "use_python" { + type = bool + default = false +} + +variable "use_node" { + type = bool + default = false +} + +variable "use_java" { + type = bool + default = false +} + +variable "use_ruby" { + type = bool + default = false +} + +variable "use_current_stack" { + type = bool + default = true +} + +variable "current_stack" { + type = string + default = null + # Possible values -> dotnet, dotnetcore, node, python, php, and java +} + +variable "java_embedded_server_enabled" { + type = string + default = null +} + +variable "use_tomcat" { + type = bool + default = false +} + +variable "tomcat_version" { + type = string + default = null +} + +variable "dotnet_core_version" { + type = string + default = null +} + +variable "use_go" { + type = bool + default = false +} + +variable "go_version" { + type = string + default = null } \ No newline at end of file