[#153676720] functionapp tf resource

README.md

@@ -314,7 +314,6 @@ script:
 
 | Command                          | Task                                                                                                                                                       |
 | -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `yarn resources:functions:setup` | [Create Functions resource and setup application settings](./infrastructure/tasks/10-functions_setup.ts)                                                   |
 | `yarn deploy:functions:sync`     | [Deploy Functions code from the GitHub repository](./infrastructure/tasks/15-functions_sync.ts)                                                            |
 | `yarn resources:apim:setup`      | [Create API management resource and setup configuration from template files](./infrastructure/tasks/20-apim_setup.ts)                                      |
 | `yarn resources:apim:logger`     | [Setup API management logging through EventHub](./infrastructure/tasks/21-apim_logger.ts)                                                                  |
@@ -395,7 +394,7 @@ INCLUDE_API_PRODUCTS=1
 INCLUDE_API_POLICIES=1
 
 # Mail service API key
-SENDGRID_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+TF_VAR_SENDGRID_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 ```
 
 ## Example output

infrastructure/azure.tf

@@ -2,7 +2,7 @@
 # Set up environment variables before running this script (see README.md)
 
 provider "azurerm" {
-  version = "~> 0.3"
+  version = "~> 1.0"
 }
 
 provider "random" {
@@ -54,9 +54,29 @@ variable "azurerm_storage_container" {
     type = "string"
 }
 
-# Name of the storage account for functions
+variable "message_blob_container" {
+  default = "message-content"
+  description = "Name of the message container blob"
+}
+
+variable "azurerm_functionapp" {
+  type = "string"
+  description = "Name of the main Functions application"
+}
+
 variable "azurerm_functionapp_storage_account" {
-    type = "string"
+  type = "string"
+  description = "Name of the storage account for functions"
+}
+
+variable "azurerm_functionapp_git_repo" {
+  default = "https://github.com/teamdigitale/digital-citizenship-functions"
+  description = "The GitHub repository that must be associated to the function app"
+}
+
+variable "azurerm_functionapp_git_branch" {
+  default = "funcpack-release-latest"
+  description = "The branch of the GitHub repository that must be associated to the function app"
 }
 
 # Name of the storage queue for email notifications
@@ -154,6 +174,12 @@ variable "azurerm_apim_eventhub_rule" {
     type = "string"
 }
 
+# This should be passed bya ENV var TF_VAR_SENDGRID_KEY
+variable "SENDGRID_KEY" {
+  type = "string"
+  description = "The API key for the SendGrid service"
+}
+
 # module "variables" {
 #     source = "./modules/variables"
 # }
@@ -192,6 +218,8 @@ resource "azurerm_storage_account" "azurerm_storage_account" {
     # see https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
     enable_blob_encryption = true
 
+    enable_https_traffic_only = true
+
     tags {
         environment = "${var.environment}"
     }
@@ -210,6 +238,8 @@ resource "azurerm_storage_account" "azurerm_functionapp_storage_account" {
     # see https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
     enable_blob_encryption = true
 
+    enable_https_traffic_only = true
+
     tags {
         environment = "${var.environment}"
     }
@@ -238,6 +268,18 @@ resource "azurerm_storage_queue" "azurerm_storage_queue_createdmessages" {
     storage_account_name = "${azurerm_storage_account.azurerm_storage_account.name}"
 }
 
+## BLOBS
+
+resource "azurerm_storage_blob" "azurerm_message_blob" {
+  name = "${var.message_blob_container}"
+
+  resource_group_name    = "${azurerm_resource_group.azurerm_resource_group.name}"
+  storage_account_name   = "${azurerm_storage_account.azurerm_storage_account.name}"
+  storage_container_name = "${azurerm_storage_container.azurerm_storage_container.name}"
+
+  type = "block"
+}
+
 ## DATABASE
 
 resource "azurerm_cosmosdb_account" "azurerm_cosmosdb" {
@@ -328,6 +370,91 @@ resource "azurerm_app_service_plan" "azurerm_app_service_plan" {
     # }
 }
 
+## FUNCTIONS
+
+resource "azurerm_function_app" "azurerm_function_app" {
+  name                      = "${var.azurerm_functionapp}"
+  location                  = "${azurerm_resource_group.azurerm_resource_group.location}"
+  resource_group_name       = "${azurerm_resource_group.azurerm_resource_group.name}"
+  app_service_plan_id       = "${azurerm_app_service_plan.azurerm_app_service_plan.id}"
+  storage_connection_string = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+  version                   = "~1"
+
+  site_config = {
+    # We don't want the express server to idle
+    # so do not set `alwaysOn: false` in production
+    always_on = true
+  }
+
+  app_settings = {
+    # "AzureWebJobsStorage" = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+    # "AzureWebJobsDashboard" = "${azurerm_storage_account.azurerm_functionapp_storage_account.primary_connection_string}"
+
+    "COSMOSDB_NAME" = "${var.azurerm_cosmosdb_documentdb}"
+
+    "QueueStorageConnection" = "${azurerm_storage_account.azurerm_storage_account.primary_connection_string}"
+
+    "APPINSIGHTS_INSTRUMENTATIONKEY" = "${azurerm_application_insights.azurerm_application_insights.instrumentation_key}"
+
+    # Avoid edit functions code from the Azure portal
+    "FUNCTION_APP_EDIT_MODE" = "readonly"
+
+    # AzureWebJobsSecretStorageType may be `disabled` or `Blob`
+    # When set to `Blob` the API manager task won't be able
+    # to retrieve the master key
+    "AzureWebJobsSecretStorageType" = "disabled"
+
+    "WEBSITE_HTTPLOGGING_RETENTION_DAYS" = "3"
+
+    "DIAGNOSTICS_AZUREBLOBRETENTIONINDAYS" = "1"
+
+    "WEBSITE_NODE_DEFAULT_VERSION" = "6.11.2"
+
+    "SCM_USE_FUNCPACK_BUILD" = "1"
+
+    "MESSAGE_CONTAINER_NAME" = "${azurerm_storage_blob.azurerm_message_blob.name}"
+  }
+
+  connection_string = [
+    # [#152800384] - TODO: change the following value
+    # when we'll migrate to production service
+    {
+      name = "SENDGRID_KEY"
+      type = "Custom"
+      value = "${var.SENDGRID_KEY}"
+    },
+    {
+      name = "COSMOSDB_URI"
+      type = "Custom"
+      value = "https://${azurerm_cosmosdb_account.azurerm_cosmosdb.name}.documents.azure.com:443/"
+    },
+    {
+      name = "COSMOSDB_KEY"
+      type = "Custom"
+      value = "${azurerm_cosmosdb_account.azurerm_cosmosdb.primary_master_key}"
+    }
+  ]
+}
+
+resource "null_resource" "azurerm_function_app_git" {
+  triggers = {
+    azurerm_functionapp_id = "${azurerm_function_app.azurerm_function_app.id}"
+
+    # trigger recreation of this resource when the following variables change
+    azurerm_functionapp_git_repo = "${var.azurerm_functionapp_git_repo}"
+    azurerm_functionapp_git_branch = "${var.azurerm_functionapp_git_branch}"
+
+    # increment the following value when changing the provisioner script to
+    # trigger the re-execution of the script
+    # TODO: consider using the hash of the script content instead
+    provisioner_version = "1"
+  }
+
+  provisioner "local-exec" {
+    command = "ts-node ${var.website_git_provisioner} --resource-group-name ${azurerm_resource_group.azurerm_resource_group.name} --app-name ${azurerm_function_app.azurerm_function_app.name} --git-repo ${var.azurerm_functionapp_git_repo} --git-branch ${var.azurerm_functionapp_git_branch}"
+  }
+}
+
 ### DEVELOPER PORTAL TASKS
 
 resource "azurerm_app_service_plan" "azurerm_app_service_plan_portal" {
@@ -402,7 +529,7 @@ resource "null_resource" "azurerm_app_service_portal_git" {
   }
 
   provisioner "local-exec" {
-    command = "ts-node ${var.website_git_provisioner} --resource-group-name ${azurerm_resource_group.azurerm_resource_group.name} --appservice-portal-name ${azurerm_app_service.azurerm_app_service_portal.name} --git-repo ${var.app_service_portal_git_repo} --git-branch ${var.app_service_portal_git_branch}"
+    command = "ts-node ${var.website_git_provisioner} --resource-group-name ${azurerm_resource_group.azurerm_resource_group.name} --app-name ${azurerm_app_service.azurerm_app_service_portal.name} --git-repo ${var.app_service_portal_git_repo} --git-branch ${var.app_service_portal_git_branch}"
   }
 }
 

infrastructure/env/common/config.json

@@ -43,7 +43,6 @@
       "policyFile": "admin.xml"
     }
   ],
-  "message_blob_container": "message-content",
   "azure_portal_ips": [
     "104.42.195.92",
     "40.76.54.131",

infrastructure/local-provisioners/azurerm_website_git.ts

@@ -1,16 +1,6 @@
 /**
  * Run this task from the command line to set up deployment
- * from the GitHub repository to the Azure App Service
- * running the developer portal onboarding facilities:
- *
- * yarn resources:devapp:git
- *
- * https://github.com/teamdigitale/digital-citizenship-onboarding
- *
- * This task assumes that the following resources are already created:
- *  - Resource group
- *  - App Service Plan
- *  - App Service
+ * from the GitHub repository to an Azure App
  */
 // tslint:disable:no-console
 // tslint:disable:no-any
@@ -24,13 +14,13 @@ import webSiteManagementClient = require("azure-arm-website");
 
 interface IRunParams {
   readonly resourceGroupName: string;
-  readonly appServicePortalName: string;
-  readonly appServicePortalGitBranch: string;
-  readonly appServicePortalGitRepo: string;
+  readonly appName: string;
+  readonly appGitBranch: string;
+  readonly appGitRepo: string;
 }
 
 export const run = async (config: IRunParams) => {
-  if (!config.appServicePortalGitRepo) {
+  if (!config.appGitRepo) {
     return Promise.reject(
       "Deployment from source control repository not configured, skipping."
     );
@@ -43,26 +33,26 @@ export const run = async (config: IRunParams) => {
   );
 
   const siteSourceControl = {
-    branch: config.appServicePortalGitBranch,
+    branch: config.appGitBranch,
     deploymentRollbackEnabled: true,
     // [#152115927] TODO: setting `isManualIntegration: false` will fail trying to send an email
     // to the service principal user. I guess this is a bug in the Azure APIs
     isManualIntegration: true,
     isMercurial: false,
-    repoUrl: config.appServicePortalGitRepo,
+    repoUrl: config.appGitRepo,
     type: "GitHub"
   };
 
   winston.info(
-    `Configuring Git integration for the Developer Portal application: ${
-      config.appServicePortalGitRepo
-    }#${config.appServicePortalGitBranch}`
+    `Configuring Git integration for the application: ${
+      config.appGitRepo
+    }#${config.appGitBranch}`
   );
 
   // Create git integration
   return webSiteClient.webApps.createOrUpdateSourceControl(
     config.resourceGroupName,
-    config.appServicePortalName,
+    config.appName,
     siteSourceControl
   );
 };
@@ -71,7 +61,7 @@ const argv = yargs
   .alias("g", "resource-group-name")
   .demandOption("g")
   .string("g")
-  .alias("n", "appservice-portal-name")
+  .alias("n", "app-name")
   .demandOption("n")
   .string("n")
   .alias("r", "git-repo")
@@ -82,16 +72,14 @@ const argv = yargs
   .string("b").argv;
 
 run({
-  appServicePortalGitBranch: argv.b as string,
-  appServicePortalGitRepo: argv.r as string,
-  appServicePortalName: argv.n as string,
+  appGitBranch: argv.b as string,
+  appGitRepo: argv.r as string,
+  appName: argv.n as string,
   resourceGroupName: argv.g as string
 })
   .then(r => {
     if (r) {
-      winston.info(
-        "Successfully synced developer portal webapp with source control"
-      );
+      winston.info("Successfully synced app with source control");
     } else {
       winston.warn("Nothing happened");
     }