resource "azurerm_service_plan" "service_plan" {
for_each = { for app in var.linux_function_apps : app.name => app if app.app_service_plan_name != null }
name = each.value.app_service_plan_name != null ? each.value.app_service_plan_name : "asp-${each.value.name}"
resource_group_name = each.value.rg_name
location = each.value.location
os_type = each.value.os_type != null ? each.value.os_type : "Linux"
sku_name = each.value.sku_name
}
resource "azurerm_linux_function_app" "function_app" {
for_each = { for app in var.linux_function_apps : app.name => app }
name = each.value.name
service_plan_id = each.value.service_plan_id != null ? each.value.service_plan_id : lookup(azurerm_service_plan.service_plan, each.key, null).id
location = each.value.location
resource_group_name = each.value.rg_name
app_settings = each.value.app_settings
https_only = each.value.https_only
tags = each.value.tags
builtin_logging_enabled = each.value.builtin_logging_enabled
client_certificate_enabled = each.value.client_certificate_enabled
client_certificate_mode = each.value.client_certificate_mode
daily_memory_time_quota = each.value.daily_memory_time_quota
enabled = each.value.enabled
functions_extension_version = each.value.functions_extension_version
storage_account_name = each.value.storage_account_name != null ? each.value.storage_account_name : null
storage_account_access_key = each.value.storage_account_access_key
storage_key_vault_secret_id = each.value.storage_account_name == null ? each.value.storage_key_vault_secret_id : null
storage_uses_managed_identity = each.value.storage_account_access_key == null ? each.value.storage_uses_managed_identity : null
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned, UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = try(each.value.identity_ids, [])
}
}
dynamic "identity" {
for_each = each.value.identity_type == "UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = length(try(each.value.identity_ids, [])) > 0 ? each.value.identity_ids : []
}
}
dynamic "storage_account" {
for_each = each.value.storage_account != null ? [each.value.storage_account] : []
content {
access_key = storage_account.value.access_key
account_name = storage_account.value.account_name
name = storage_account.value.name
share_name = storage_account.value.share_name
type = storage_account.value.type
mount_path = storage_account.value.mount_path
}
}
dynamic "sticky_settings" {
for_each = each.value.sticky_settings != null ? [each.value.sticky_settings] : []
content {
app_setting_names = sticky_settings.value.app_setting_names
connection_string_names = sticky_settings.value.connection_string_names
}
}
dynamic "connection_string" {
for_each = each.value.connection_string != null ? [each.value.connection_string] : []
content {
name = connection_string.value.name
type = connection_string.value.type
value = connection_string.value.value
}
}
dynamic "backup" {
for_each = each.value.backup != null ? [each.value.backup] : []
content {
name = backup.value.name
enabled = backup.value.enabled
storage_account_url = try(backup.value.storage_account_url, var.backup_sas_url)
dynamic "schedule" {
for_each = backup.value.schedule != null ? [backup.value.schedule] : []
content {
frequency_interval = schedule.value.frequency_interval
frequency_unit = schedule.value.frequency_unit
keep_at_least_one_backup = schedule.value.keep_at_least_one_backup
retention_period_days = schedule.value.retention_period_days
start_time = schedule.value.start_time
}
}
}
}
dynamic "auth_settings" {
for_each = each.value.auth_settings != null ? [each.value.auth_settings] : []
content {
enabled = auth_settings.value.enabled
additional_login_parameters = auth_settings.value.additional_login_parameters
allowed_external_redirect_urls = auth_settings.value.allowed_external_redirect_urls
default_provider = auth_settings.value.default_provider
issuer = auth_settings.value.issuer
runtime_version = auth_settings.value.runtime_version
token_refresh_extension_hours = auth_settings.value.token_refresh_extension_hours
token_store_enabled = auth_settings.value.token_store_enabled
unauthenticated_client_action = auth_settings.value.unauthenticated_client_action
dynamic "active_directory" {
for_each = auth_settings.value.active_directory != null ? [auth_settings.value.active_directory] : []
content {
client_id = active_directory.value.client_id
client_secret = active_directory.value.client_secret
allowed_audiences = active_directory.value.allowed_audiences
}
}
dynamic "facebook" {
for_each = auth_settings.value.facebook != null ? [auth_settings.value.facebook] : []
content {
app_id = facebook.value.app_id
app_secret = facebook.value.app_secret
oauth_scopes = facebook.value.oauth_scopes
}
}
dynamic "google" {
for_each = auth_settings.value.google != null ? [auth_settings.value.google] : []
content {
client_id = google.value.client_id
client_secret = google.value.client_secret
oauth_scopes = google.value.oauth_scopes
}
}
dynamic "microsoft" {
for_each = auth_settings.value.microsoft != null ? [auth_settings.value.microsoft] : []
content {
client_id = microsoft.value.client_id
client_secret = microsoft.value.client_secret
oauth_scopes = microsoft.value.oauth_scopes
}
}
dynamic "twitter" {
for_each = auth_settings.value.twitter != null ? [auth_settings.value.twitter] : []
content {
consumer_key = twitter.value.consumer_key
consumer_secret = twitter.value.consumer_secret
}
}
dynamic "github" {
for_each = auth_settings.value.github != null ? [auth_settings.value.github] : []
content {
client_id = github.value.client_id
client_secret = github.value.client_secret
client_secret_setting_name = github.value.client_secret_setting_name
oauth_scopes = github.value.oauth_scopes
}
}
}
}
dynamic "auth_settings_v2" {
for_each = each.value.auth_settings_v2 != null ? [each.value.auth_settings_v2] : []
content {
auth_enabled = auth_settings_v2.value.auth_enabled
runtime_version = auth_settings_v2.value.runtime_version
config_file_path = auth_settings_v2.value.config_file_path
require_authentication = auth_settings_v2.value.require_authentication
unauthenticated_action = auth_settings_v2.value.unauthenticated_action
default_provider = auth_settings_v2.value.default_provider
excluded_paths = toset(auth_settings_v2.value.excluded_paths)
require_https = auth_settings_v2.value.require_https
http_route_api_prefix = auth_settings_v2.value.http_route_api_prefix
forward_proxy_convention = auth_settings_v2.value.forward_proxy_convention
forward_proxy_custom_host_header_name = auth_settings_v2.value.forward_proxy_custom_host_header_name
forward_proxy_custom_scheme_header_name = auth_settings_v2.value.forward_proxy_custom_scheme_header_name
dynamic "apple_v2" {
for_each = auth_settings_v2.value.apple_v2 != null ? [auth_settings_v2.value.apple_v2] : []
content {
client_id = apple_v2.value.client_id
client_secret_setting_name = apple_v2.value.client_secret_setting_name
login_scopes = toset(apple_v2.value.login_scopes)
}
}
dynamic "active_directory_v2" {
for_each = auth_settings_v2.value.active_directory_v2 != null ? [auth_settings_v2.value.active_directory_v2] : []
content {
client_id = active_directory_v2.value.client_id
tenant_auth_endpoint = active_directory_v2.value.tenant_auth_endpoint
client_secret_setting_name = active_directory_v2.value.client_secret_setting_name
client_secret_certificate_thumbprint = active_directory_v2.value.client_secret_certificate_thumbprint
jwt_allowed_groups = toset(active_directory_v2.value.jwt_allowed_groups)
jwt_allowed_client_applications = toset(active_directory_v2.value.jwt_allowed_client_applications)
www_authentication_disabled = active_directory_v2.value.www_authentication_disabled
allowed_groups = toset(active_directory_v2.value.allowed_groups)
allowed_identities = toset(active_directory_v2.value.allowed_identities)
allowed_applications = toset(active_directory_v2.value.allowed_applications)
login_parameters = active_directory_v2.value.login_parameters
allowed_audiences = toset(active_directory_v2.value.allowed_audiences)
}
}
dynamic "azure_static_web_app_v2" {
for_each = auth_settings_v2.value.azure_static_web_app_v2 != null ? [auth_settings_v2.value.azure_static_web_app_v2] : []
content {
client_id = azure_static_web_app_v2.value.client_id
}
}
dynamic "custom_oidc_v2" {
for_each = auth_settings_v2.value.custom_oidc_v2 != null ? [auth_settings_v2.value.custom_oidc_v2] : []
content {
name = custom_oidc_v2.value.name
client_id = custom_oidc_v2.value.client_id
openid_configuration_endpoint = custom_oidc_v2.value.openid_configuration_endpoint
name_claim_type = custom_oidc_v2.value.name_claim_type
scopes = toset(custom_oidc_v2.value.scopes)
client_credential_method = custom_oidc_v2.value.client_credential_method
client_secret_setting_name = custom_oidc_v2.value.client_secret_setting_name
authorisation_endpoint = custom_oidc_v2.value.authorisation_endpoint
token_endpoint = custom_oidc_v2.value.token_endpoint
issuer_endpoint = custom_oidc_v2.value.issuer_endpoint
certification_uri = custom_oidc_v2.value.certification_uri
}
}
dynamic "facebook_v2" {
for_each = auth_settings_v2.value.facebook_v2 != null ? [auth_settings_v2.value.facebook_v2] : []
content {
graph_api_version = facebook_v2.value.graph_api_version
login_scopes = toset(facebook_v2.value.login_scopes)
app_id = facebook_v2_value.app_id
app_secret_setting_name = facebook_v2.value.app_secret_setting_name
}
}
dynamic "github_v2" {
for_each = auth_settings_v2.value.github_v2 != null ? [auth_settings_v2.value.github_v2] : []
content {
client_id = github_v2.value.client_id
client_secret_setting_name = github_v2.value.client_secret_setting_name
login_scopes = toset(github_v2.value.login_scopes)
}
}
dynamic "google_v2" {
for_each = auth_settings_v2.value.google_v2 != null ? [auth_settings_v2.value.google_v2] : []
content {
client_id = google_v2.value.client_id
client_secret_setting_name = google_v2.value.client_secret_setting_name
allowed_audiences = toset(google_v2.value.allowed_audiences)
login_scopes = toset(google_v2.value.login_scopes)
}
}
dynamic "microsoft_v2" {
for_each = auth_settings_v2.value.microsoft_v2 != null ? [auth_settings_v2.value.microsoft_v2] : []
content {
client_id = microsoft_v2.value.client_id
client_secret_setting_name = microsoft_v2.value.client_secret_setting_name
allowed_audiences = toset(microsoft_v2.value.allowed_audiences)
login_scopes = toset(microsoft_v2.value.login_scopes)
}
}
dynamic "twitter_v2" {
for_each = auth_settings_v2.value.twitter_v2 != null ? [auth_settings_v2.value.twitter_v2] : []
content {
consumer_key = twitter_v2.value.consumer_key
consumer_secret_setting_name = twitter_v2.value.consumer_secret_setting_name
}
}
dynamic "login" {
for_each = auth_settings_v2.value.login != null ? [auth_settings_v2.value.login] : []
content {
logout_endpoint = login.value.logout_endpoint
token_store_enabled = login.value.token_store_enabled
token_refresh_extension_time = login.value.token_refresh_extension_time
token_store_path = login.value.token_store_path
token_store_sas_setting_name = login.value.token_store_sas_setting_name
preserve_url_fragments_for_logins = login.value.preserve_url_fragments_for_logins
allowed_external_redirect_urls = toset(login.value.allowed_external_redirect_urls)
cookie_expiration_convention = login.value.cookie_expiration_convention
cookie_expiration_time = login.value.cookie_expiration_time
validate_nonce = login.value.validate_nonce
nonce_expiration_time = login.value.nonce_expiration_time
}
}
}
}
dynamic "site_config" {
for_each = each.value.site_settings != null ? [each.value.site_settings] : []
content {
always_on = site_config.value.always_on
api_definition_url = site_config.value.api_definition_url
api_management_api_id = site_config.value.api_management_api_id
app_command_line = site_config.value.app_command_line
application_insights_connection_string = site_config.value.application_insights_connection_string
application_insights_key = site_config.value.application_insights_key
container_registry_managed_identity_client_id = site_config.value.container_registry_managed_identity_client_id
container_registry_use_managed_identity = site_config.value.container_registry_use_managed_identity
elastic_instance_minimum = site_config.value.elastic_instance_minimum
ftps_state = site_config.value.ftps_state
health_check_path = site_config.value.health_check_path
health_check_eviction_time_in_min = site_config.value.health_check_eviction_time_in_min
http2_enabled = site_config.value.http2_enabled
load_balancing_mode = site_config.value.load_balancing_mode
managed_pipeline_mode = site_config.value.managed_pipeline_mode
minimum_tls_version = site_config.value.minimum_tls_version
pre_warmed_instance_count = site_config.value.pre_warmed_instance_count
remote_debugging_enabled = site_config.value.remote_debugging_enabled
remote_debugging_version = site_config.value.remote_debugging_version
runtime_scale_monitoring_enabled = site_config.value.runtime_scale_monitoring_enabled
scm_minimum_tls_version = site_config.value.scm_minimum_tls_version
scm_use_main_ip_restriction = site_config.value.scm_use_main_ip_restriction
use_32_bit_worker = site_config.value.use_32_bit_worker
app_scale_limit = site_config.value.app_scale_limit
websockets_enabled = site_config.value.websockets_enabled
vnet_route_all_enabled = site_config.value.vnet_route_all_enabled
worker_count = site_config.value.worker_count
default_documents = toset(site_config.value.default_documents)
dynamic "application_stack" {
for_each = site_config.value.application_stack != null ? [site_config.value.application_stack] : []
content {
java_version = application_stack.value.java_version
dotnet_version = application_stack.value.dotnet_version
node_version = application_stack.value.node_version
python_version = application_stack.value.python_version
powershell_core_version = application_stack.value.powershell_core_version
use_custom_runtime = application_stack.value.use_custom_runtime
dynamic "docker" {
for_each = application_stack.value.docker != null ? [application_stack.value.docker] : []
content {
registry_url = docker.value.registry_url
registry_username = docker.value.registry_username
registry_password = docker.value.registry_password
image_name = docker.value.image_name
image_tag = docker.value.image_tag
}
}
}
}
dynamic "app_service_logs" {
for_each = site_config.value.app_service_logs != null ? [site_config.value.app_service_logs] : []
content {
disk_quota_mb = app_service_logs.value.disk_quota_mb
retention_period_days = app_service_logs.value.retention_period_days
}
}
dynamic "cors" {
for_each = site_config.value.cors != null ? [site_config.value.cors] : []
content {
allowed_origins = cors.value.allowed_origins
support_credentials = cors.value.support_credentials
}
}
dynamic "ip_restriction" {
for_each = site_config.value.ip_restriction != null ? [site_config.value.ip_restriction] : []
content {
ip_address = ip_restriction.value.ip_address
service_tag = ip_restriction.value.service_tag
virtual_network_subnet_id = ip_restriction.value.virtual_network_subnet_id
name = ip_restriction.value.name
priority = ip_restriction.value.priority
action = ip_restriction.value.action
dynamic "headers" {
for_each = ip_restriction.value.headers != null ? [ip_restriction.value.headers] : []
content {
x_azure_fdid = headers.value.x_azure_fdid
x_fd_health_probe = headers.value.x_fd_health_prob
x_forwarded_for = headers.value.x_forwarded_for
x_forwarded_host = headers.value.x_forwarded_host
}
}
}
}
dynamic "scm_ip_restriction" {
for_each = site_config.value.scm_ip_restriction != null ? [site_config.value.scm_ip_restriction] : []
content {
ip_address = scm_ip_restriction.value.ip_address
service_tag = scm_ip_restriction.value.service_tag
virtual_network_subnet_id = scm_ip_restriction.value.virtual_network_subnet_id
name = scm_ip_restriction.value.name
priority = scm_ip_restriction.value.priority
action = scm_ip_restriction.value.action
dynamic "headers" {
for_each = scm_ip_restriction.value.headers != null ? [scm_ip_restriction.value.headers] : []
content {
x_azure_fdid = headers.value.x_azure_fdid
x_fd_health_probe = headers.value.x_fd_health_prob
x_forwarded_for = headers.value.x_forwarded_for
x_forwarded_host = headers.value.x_forwarded_host
}
}
}
}
}
}
}
resource "azurerm_app_service_virtual_network_swift_connection" "function_vnet_integration" {
for_each = { for app in var.linux_function_apps : app.name => app if app.enable_vnet_integration == true }
app_service_id = azurerm_linux_function_app.function_app[each.value.name].id
subnet_id = each.value.subnet_id
}No requirements.
| Name | Version |
|---|---|
| azurerm | n/a |
No modules.
| Name | Type |
|---|---|
| azurerm_app_service_virtual_network_swift_connection.function_vnet_integration | resource |
| azurerm_linux_function_app.function_app | resource |
| azurerm_service_plan.service_plan | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| linux_function_apps | List of Azure Linux Function Apps configurations | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| function_app_identities | The identities of the Storage Accounts. |
| function_apps_custom_domain_verification_id | The custom domain verification IDs of the Linux Function Apps. |
| function_apps_default_hostnames | The default hostnames of the Linux Function Apps. |
| function_apps_outbound_ip_addresses | The outbound IP addresses of the Linux Function Apps. |
| function_apps_possible_outbound_ip_addresses | The possible outbound IP addresses of the Linux Function Apps. |
| function_apps_site_credentials | The site credentials for the Linux Function Apps. |
| function_vnet_integration_ids | The IDs of the App Service Virtual Network Swift Connections. |
| linux_function_apps_ids | The IDs of the Linux Function Apps. |
| service_plans_ids | The IDs of the Service Plans. |