Merge pull request #5 from data-platform-hq/add-user-assigned-identity

kharkevich · web-flow · commit b5fa9e1ff5d0 · 2022-10-26T15:15:35.000-04:00
feat: add UserAssigned identity
diff --git a/README.md b/README.md
@@ -37,9 +37,10 @@ No modules.
 | <a name="input_application_stack"></a> [application\_stack](#input\_application\_stack) | Application stack configuration, run `az webapp list-runtimes --os-type linux` to get the list of supported stacks | `map(string)` | <pre>{<br>  "java_server": "JAVA",<br>  "java_server_version": 11,<br>  "java_version": "java11"<br>}</pre> | no |
 | <a name="input_application_type"></a> [application\_type](#input\_application\_type) | Application type (java, python, etc) | `string` | `"java"` | no |
 | <a name="input_env"></a> [env](#input\_env) | Environment | `string` | n/a | yes |
+| <a name="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids) | List of user assigned identity IDs | `list(string)` | `null` | no |
 | <a name="input_ip_restriction"></a> [ip\_restriction](#input\_ip\_restriction) | Firewall settings for the function app | <pre>list(object({<br>    name                      = string<br>    ip_address                = string<br>    service_tag               = string<br>    virtual_network_subnet_id = string<br>    priority                  = string<br>    action                    = string<br>    headers = list(object({<br>      x_azure_fdid      = list(string)<br>      x_fd_health_probe = list(string)<br>      x_forwarded_for   = list(string)<br>      x_forwarded_host  = list(string)<br>    }))<br>  }))</pre> | <pre>[<br>  {<br>    "action": "Allow",<br>    "headers": null,<br>    "ip_address": null,<br>    "name": "allow_azure",<br>    "priority": "100",<br>    "service_tag": "AzureCloud",<br>    "virtual_network_subnet_id": null<br>  }<br>]</pre> | no |
-| <a name="input_java_version"></a> [java\_version](#input\_java\_version) | Java version | `string` | `"8"` | no |
 | <a name="input_location"></a> [location](#input\_location) | Location | `string` | n/a | yes |
+| <a name="input_logs"></a> [logs](#input\_logs) | Logs configuration | <pre>object({<br>    detailed_error_messages = bool<br>    failed_request_tracing  = bool<br>    http_logs = object({<br>      file_system = object({<br>        retention_in_days = number<br>        retention_in_mb   = number<br>      })<br>    })<br>  })</pre> | <pre>{<br>  "detailed_error_messages": false,<br>  "failed_request_tracing": false,<br>  "http_logs": {<br>    "file_system": {<br>      "retention_in_days": 7,<br>      "retention_in_mb": 35<br>    }<br>  }<br>}</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | Function index/name (like 007) | `string` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | Resource group name | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
@@ -43,7 +43,8 @@ resource "azurerm_linux_web_app" "this" {
   app_settings        = merge(local.app_settings, var.app_settings)
 
   identity {
-    type = "SystemAssigned"
+    type         = var.identity_ids == null ? "SystemAssigned" : "SystemAssigned, UserAssigned"
+    identity_ids = var.identity_ids
   }
   site_config {
     always_on          = true
@@ -66,6 +67,16 @@ resource "azurerm_linux_web_app" "this" {
       ruby_version        = local.application_stack["ruby_version"]
     }
   }
+  logs {
+    detailed_error_messages = var.logs.detailed_error_messages
+    failed_request_tracing  = var.logs.failed_request_tracing
+    http_logs {
+      file_system {
+        retention_in_days = var.logs.http_logs.file_system.retention_in_days
+        retention_in_mb   = var.logs.http_logs.file_system.retention_in_mb
+      }
+    }
+  }
   lifecycle {
     ignore_changes = [
       tags["hidden-link: /app-insights-conn-string"],
diff --git a/outputs.tf b/outputs.tf
@@ -4,6 +4,6 @@ output "id" {
 }
 
 output "identity" {
-  value       = azurerm_linux_web_app.this.identity.*
+  value       = azurerm_linux_web_app.this.identity[*]
   description = "Function app Managed Identity"
 }
diff --git a/variables.tf b/variables.tf
@@ -96,3 +96,33 @@ variable "application_stack" {
   }
   description = "Application stack configuration, run `az webapp list-runtimes --os-type linux` to get the list of supported stacks"
 }
+
+variable "identity_ids" {
+  type        = list(string)
+  description = "List of user assigned identity IDs"
+  default     = null
+}
+
+variable "logs" {
+  type = object({
+    detailed_error_messages = bool
+    failed_request_tracing  = bool
+    http_logs = object({
+      file_system = object({
+        retention_in_days = number
+        retention_in_mb   = number
+      })
+    })
+  })
+  default = {
+    detailed_error_messages = false
+    failed_request_tracing  = false
+    http_logs = {
+      file_system = {
+        retention_in_days = 7
+        retention_in_mb   = 35
+      }
+    }
+  }
+  description = "Logs configuration"
+}

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ output "id" {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "identity" {`
`7`		`- value = azurerm_linux_web_app.this.identity.*`
	`7`	`+ value = azurerm_linux_web_app.this.identity[*]`
`8`	`8`	`description = "Function app Managed Identity"`
`9`	`9`	`}`