Add Windows function app

.github/workflows/standalone-scenarios.json

@@ -136,6 +136,7 @@
     "webapps/function_app/101-function_app-private",
     "webapps/function_app/102-function_app-linux",
     "webapps/function_app/103-function_app-windows",
+    "webapps/windows_function_app/103-function_app-windows",	
     "webapps/static_site/101-simple-static-web-app"
   ]
 }

examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars

@@ -27,14 +27,14 @@ cognitive_services_account = {
       # lz_key = "examples"
       key = "test-rg"
     }
-    name     = "cs-test-1"
-    kind     = "OpenAI"
-    sku_name = "S0"
+    name                          = "cs-test-1"
+    kind                          = "OpenAI"
+    sku_name                      = "S0"
     public_network_access_enabled = true
 
     identity = {
       type = "SystemAssigned, UserAssigned" // Can be "SystemAssigned, UserAssigned" or "SystemAssigned" or "UserAssigned"
-      key  = "cognitive_msi" // A must with "SystemAssigned, UserAssigned" and "UserAssigned"
+      key  = "cognitive_msi"                // A must with "SystemAssigned, UserAssigned" and "UserAssigned"
     }
 
     tags = {

examples/module.tf

@@ -333,6 +333,7 @@ module "example" {
     app_service_plans                              = var.app_service_plans
     app_services                                   = var.app_services
     function_apps                                  = var.function_apps
+    windows_function_apps                          = var.windows_function_apps 	
     static_sites                                   = var.static_sites
   }
   data_factory = {

examples/variables.tf

@@ -814,6 +814,10 @@ variable "cdn_profile" {
 variable "function_apps" {
   default = {}
 }
+variable "windows_function_apps" {
+  default = {}
+  type    = map(any)
+}
 variable "active_directory_domain_service" {
   default = {}
 }

examples/webapps/README.md

@@ -33,3 +33,4 @@ Under the webapps category you can create the following resources, with their ex
 | Azure App Service             | [GitHub repository](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples/webapps/appservice/)            |
 | Azure App Service Environment | [GitHub repository](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples/webapps/appservice-environment) |
 | Azure Functions               | [GitHub repository](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples/webapps/function_app)           |
+| Azure Windows_Functions       | [GitHub repository](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples/webapps/windows_function_app)   |

examples/webapps/windows_function_app/103-function_app-windows/configuration.tfvars

@@ -0,0 +1,61 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "francecentral"
+  }
+}
+
+resource_groups = {
+  rg1 = {
+    name   = "windowsfunapp-private"
+    region = "region1"
+  }
+}
+
+
+storage_accounts = {
+  sa1 = {
+    name                     = "windowsfunctionsapptestsa"
+    resource_group_key       = "rg1"
+    region                   = "region1"
+    account_tier             = "Standard"
+    account_replication_type = "LRS"
+  }
+}
+
+app_service_plans = {
+  asp1 = {
+    name               = "azure-windows-functions-test-service-plan"
+    resource_group_key = "rg1"
+    region             = "region1"
+    kind               = "functionapp"
+
+    sku = {
+      tier = "Dynamic"
+      size = "Y1"
+    }
+  }
+}
+
+windows_function_apps = {
+  faaps1 = {
+    name                 = "windows-test-azure-functions"
+    resource_group_key   = "rg1"
+    region               = "region1"
+    app_service_plan_key = "asp1"
+    storage_account_key  = "sa1"
+    settings = {
+      site_config = {
+        application_stack = {
+            powershell_core_version = "7.4"
+        }
+        ftps_state                = "Disabled" // AllAllowed, FtpsOnly and Disabled
+        always_on                 = true
+        http2_enabled             = true
+        min_tls_version           = "1.2"
+        use_32_bit_worker_process = false
+        vnet_route_all_enabled    = true
+      }
+    }
+  }
+}

function_app.tf

@@ -51,3 +51,58 @@ data "azurerm_storage_account" "function_apps" {
   name                = local.combined_objects_storage_accounts[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.storage_account_key].name
   resource_group_name = local.combined_objects_storage_accounts[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.storage_account_key].resource_group_name
 }
+
+
+module "windows_function_apps" {
+  source     = "./modules/webapps/windows_function_app"
+  depends_on = [module.networking]
+  for_each   = local.webapp.windows_function_apps
+
+  name                       = each.value.name
+  client_config              = local.client_config
+  dynamic_app_settings       = try(each.value.dynamic_app_settings, {})
+  app_settings               = try(each.value.app_settings, null)
+  combined_objects           = local.dynamic_app_settings_combined_objects
+  service_plan_id            = can(each.value.service_plan_id) || can(each.value.app_service_plan_key) == false ? try(each.value.app_service_plan_id, null) : local.combined_objects_app_service_plans[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.app_service_plan_key].id
+  settings                   = each.value.settings
+  application_insight        = try(each.value.application_insight_key, null) == null ? null : module.azurerm_application_insights[each.value.application_insight_key]
+  diagnostic_profiles        = try(each.value.diagnostic_profiles, null)
+  diagnostics                = local.combined_diagnostics
+  identity                   = try(each.value.identity, null)
+  connection_strings         = try(each.value.connection_strings, {})
+  storage_account_name       = try(data.azurerm_storage_account.windows_function_apps[each.key].name, null)
+  storage_account_access_key = try(data.azurerm_storage_account.windows_function_apps[each.key].primary_access_key, null)
+  tags                       = try(each.value.tags, null)
+  # subnet_id = try(
+  #                 each.value.subnet_id,
+  #                 local.combined_objects_networking[try(each.value.settings.lz_key, local.client_config.landingzone_key)][each.value.settings.vnet_key].subnets[each.value.settings.subnet_key].id,
+  #                 null
+  #                 )
+  global_settings   = local.global_settings
+  private_dns       = local.combined_objects_private_dns
+  private_endpoints = try(each.value.private_endpoints, {})
+  vnets             = local.combined_objects_networking
+  virtual_subnets   = local.combined_objects_virtual_subnets
+  remote_objects = {
+    subnets = try(local.combined_objects_networking[try(each.value.settings.lz_key, local.client_config.landingzone_key)][each.value.settings.vnet_key].subnets, null)
+  }
+
+  base_tags           = local.global_settings.inherit_tags
+  resource_group      = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)]
+  resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : null
+  location            = try(local.global_settings.regions[each.value.region], null)
+}
+
+output "windows_function_apps" {
+  value = module.windows_function_apps
+}
+
+data "azurerm_storage_account" "windows_function_apps" {
+  for_each = {
+    for key, value in local.webapp.windows_function_apps : key => value
+    if try(value.storage_account_key, null) != null
+  }
+
+  name                = local.combined_objects_storage_accounts[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.storage_account_key].name
+  resource_group_name = local.combined_objects_storage_accounts[try(each.value.lz_key, local.client_config.landingzone_key)][each.value.storage_account_key].resource_group_name
+}

locals.combined_objects.tf

@@ -83,7 +83,7 @@ locals {
   combined_objects_express_route_circuits                         = merge(tomap({ (local.client_config.landingzone_key) = module.express_route_circuits }), lookup(var.remote_objects, "express_route_circuits", {}), lookup(var.data_sources, "express_route_circuits", {}))
   combined_objects_front_door                                     = merge(tomap({ (local.client_config.landingzone_key) = module.front_doors }), lookup(var.remote_objects, "front_doors", {}))
   combined_objects_front_door_waf_policies                        = merge(tomap({ (local.client_config.landingzone_key) = module.front_door_waf_policies }), lookup(var.remote_objects, "front_door_waf_policies", {}))
-  combined_objects_function_apps                                  = merge(tomap({ (local.client_config.landingzone_key) = module.function_apps }), lookup(var.remote_objects, "function_apps", {}))
+  combined_objects_function_apps                                  = merge(tomap({ (local.client_config.landingzone_key) = merge(module.function_apps, module.windows_function_apps) }), lookup(var.remote_objects, "function_apps", {}), lookup(var.remote_objects, "windows_function_apps", {}))                                                                                                                        
   combined_objects_image_definitions                              = merge(tomap({ (local.client_config.landingzone_key) = module.image_definitions }), lookup(var.remote_objects, "image_definitions", {}))
   combined_objects_integration_service_environment                = merge(tomap({ (local.client_config.landingzone_key) = module.integration_service_environment }), lookup(var.remote_objects, "integration_service_environment", {}))
   combined_objects_iot_central_application                        = merge(tomap({ (local.client_config.landingzone_key) = module.iot_central_application }), lookup(var.remote_objects, "iot_central_application", {}))

locals.tf

@@ -413,6 +413,7 @@ locals {
     azurerm_application_insights_web_test          = try(var.webapp.azurerm_application_insights_web_test, {})
     azurerm_application_insights_standard_web_test = try(var.webapp.azurerm_application_insights_standard_web_test, {})
     function_apps                                  = try(var.webapp.function_apps, {})
+	  windows_function_apps                          = try(var.webapp.windows_function_apps, {})
     static_sites                                   = try(var.webapp.static_sites, {})
   }
 

modules/webapps/windows_function_app/diagnostic.tf

@@ -0,0 +1,9 @@
+module "diagnostics" {
+  source = "../../diagnostics"
+  count  = var.diagnostic_profiles == null ? 0 : 1
+
+  resource_id       = azurerm_windows_function_app.windows_function_app.id
+  resource_location = local.location
+  diagnostics       = var.diagnostics
+  profiles          = var.diagnostic_profiles
+}

modules/webapps/windows_function_app/locals.dynamic_app_settings.tf

@@ -0,0 +1,27 @@
+locals {
+  # Expected Variable: dynamic_app_settings = {
+  #                      "KEYVAULT_URL" = {
+  #                         keyvaults = {
+  #                           my_common_vault = {
+  #                             lz_key = "common_services_lz"
+  #                             attribute_key = "vault_uri"
+  #                           }
+  #                         }
+  #                      }
+  #                     }
+  dynamic_settings_to_process = {
+    for setting in
+    flatten(
+      [
+        for setting_name, resources in var.dynamic_app_settings : [
+          for resource_type_key, resource in resources : [
+            for object_id_key, object_attributes in resource : {
+              key   = setting_name
+              value = try(var.combined_objects[resource_type_key][object_attributes.lz_key][object_id_key][object_attributes.attribute_key], var.combined_objects[resource_type_key][var.client_config.landingzone_key][object_id_key][object_attributes.attribute_key])
+            }
+          ]
+        ]
+      ]
+    ) : setting.key => setting.value
+  }
+}

modules/webapps/windows_function_app/locals.long_vars.tf

@@ -0,0 +1,7 @@
+locals {
+  ip_restrictions     = try(var.settings.site_config.ip_restriction, [])
+  scm_ip_restrictions = try(var.settings.site_config.scm_ip_restriction, [])
+  site_config         = try(var.settings.site_config, {})
+  auth_settings_v2    = try(var.settings.auth_settings_v2, {})
+  auth_settings       = try(var.settings.auth_settings, {})
+}

modules/webapps/windows_function_app/main.tf

@@ -0,0 +1,35 @@
+terraform {
+  required_providers {
+    azurecaf = {
+      source = "aztfmod/azurecaf"
+    }
+  }
+
+}
+
+locals {
+  module_tag = {
+    "module" = basename(abspath(path.module))
+  }
+  tags = var.base_tags ? merge(
+    var.global_settings.tags,
+    try(var.resource_group.tags, null),
+    local.module_tag,
+    try(var.tags, null)
+    ) : merge(
+    local.module_tag,
+    try(var.tags,
+    null)
+  )
+
+  location            = coalesce(var.location, var.resource_group.location)
+  resource_group_name = coalesce(var.resource_group_name, var.resource_group.name)
+
+  app_settings = merge(try(var.app_settings, {}), try(local.dynamic_settings_to_process, {}), var.application_insight == null ? {} :
+    {
+      "APPINSIGHTS_INSTRUMENTATIONKEY"             = var.application_insight.instrumentation_key,
+      "APPLICATIONINSIGHTS_CONNECTION_STRING"      = var.application_insight.connection_string,
+      "ApplicationInsightsAgent_EXTENSION_VERSION" = "~2"
+    }
+  )
+}

modules/webapps/windows_function_app/managed_identities.tf

@@ -0,0 +1,17 @@
+locals {
+  managed_local_identities = flatten([
+    for managed_identity_key in try(var.identity.managed_identity_keys, []) : [
+      var.combined_objects.managed_identities[var.client_config.landingzone_key][managed_identity_key].id
+    ]
+  ])
+
+  managed_remote_identities = flatten([
+    for keyvault_key, value in try(var.identity.remote, []) : [
+      for managed_identity_key in value.managed_identity_keys : [
+        var.combined_objects.managed_identities[keyvault_key][managed_identity_key].id
+      ]
+    ]
+  ])
+
+  managed_identities = concat(local.managed_local_identities, local.managed_remote_identities)
+}