Dynamic App Setting + App Config Support

[erikschlegel]

This feature request comprises of the following changes:

• Added new caf module app_config responsible for provisioning an Application Configuration resource
• MSI support for app_config module
• Standardized naming convention for cosmos module ie cosmos_dbs vs cosmos_db. The naming discrepency was causing an issue when a terraform mutation was dependent on an exported attribute from the cosmos resource (ie writing the cosmos connection string as a KV secret)
• Added the dynamic_app_settings feature for the app_services and function_app modules. This new parameter allows a CAF developer to provision app settings sourced from Terraform exported attributes (ie keyvault URI, app config endpoint)
• Exported the system assigned managed identity for the machine_learning resource so we can create provision role assignments for the AML MSI identity.
• Exporting the cosmos connection string so we can save that as a secret via dynamic_secrets module

[brockneedscoffee]

really nice work, just had the one comment/question

[brockneedscoffee]

@erikschlegel given the CAF team's guidance on this flag do we still want to move forward with it? They have taken it out of the core modules but use it in the landing zone itself

[erikschlegel]

Makes me really nervous getting rid of the sensitive flag given the cosmos connection string would be exposed in clear text within the state file. Removing this flag seemed like a band aid fix due to upgrading to the latest version of Terraform.

[brockneedscoffee]

agreed, just wanted to verify