Fix: Add outputs to Application Insights module, optional Entra ID group memberships for App Services (#147)

patrickmoore-nc · web-flow · commit aa2910e39d72 · 2025-04-25T13:27:00.000Z
* feat/app-services-entra-id-group-memberships

* fix: Add outputs to application insights module
diff --git a/infrastructure/modules/app-insights/output.tf b/infrastructure/modules/app-insights/output.tf
@@ -1,8 +1,15 @@
-
 output "connection_string" {
   value = azurerm_application_insights.appins.connection_string
 }
 
 output "id" {
   value = azurerm_application_insights.appins.id
 }
+
+output "name" {
+  value = azurerm_application_insights.appins.name
+}
+
+output "resource_group_name" {
+  value = azurerm_application_insights.appins.resource_group_name
+}
diff --git a/infrastructure/modules/function-app/entra_id_group.tf b/infrastructure/modules/function-app/entra_id_group.tf
@@ -0,0 +1,6 @@
+resource "azuread_group_member" "function_app" {
+  for_each = toset(var.entra_id_group_ids)
+
+  group_object_id  = each.key
+  member_object_id = azurerm_linux_function_app.function_app.identity.0.principal_id
+}
diff --git a/infrastructure/modules/function-app/variables.tf b/infrastructure/modules/function-app/variables.tf
@@ -52,6 +52,11 @@ variable "cors_allowed_origins" {
   default = [""]
 }
 
+variable "entra_id_group_ids" {
+  type    = list(string)
+  default = []
+}
+
 variable "ftp_publish_basic_authentication_enabled" {
   type        = bool
   description = "Enable basic authentication for FTP. Defaults to false."
diff --git a/infrastructure/modules/linux-web-app/entra_id_group.tf b/infrastructure/modules/linux-web-app/entra_id_group.tf
@@ -0,0 +1,6 @@
+resource "azuread_group_member" "function_app" {
+  for_each = toset(var.entra_id_group_ids)
+
+  group_object_id  = each.key
+  member_object_id = azurerm_linux_web_app.this.identity.0.principal_id
+}
diff --git a/infrastructure/modules/linux-web-app/variables.tf b/infrastructure/modules/linux-web-app/variables.tf
@@ -47,6 +47,11 @@ variable "docker_image_name" {
   default = ""
 }
 
+variable "entra_id_group_ids" {
+  type    = list(string)
+  default = []
+}
+
 variable "ftp_publish_basic_authentication_enabled" {
   type        = bool
   description = "Enable basic authentication for FTP. Defaults to false."
diff --git a/infrastructure/modules/sql-server/main.tf b/infrastructure/modules/sql-server/main.tf
@@ -20,7 +20,10 @@ resource "azurerm_mssql_server" "azure_sql_server" {
   }
 
   lifecycle {
-    ignore_changes = [tags]
+    ignore_changes = [
+      tags,
+      express_vulnerability_assessment_enabled
+    ]
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,10 @@ resource "azurerm_mssql_server" "azure_sql_server" {`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`lifecycle {`
`23`		`- ignore_changes = [tags]`
	`23`	`+ ignore_changes = [`
	`24`	`+ tags,`
	`25`	`+ express_vulnerability_assessment_enabled`
	`26`	`+ ]`
`24`	`27`	`}`
`25`	`28`	`}`
`26`	`29`