Merge pull request #19 from data-platform-hq/protected-registry

kharkevich · web-flow · commit d16014564e88 · 2023-05-18T13:48:07.000-04:00
feat: private registry config
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ Terraform module for creation Azure Linux Web App
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.40.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.49.0 |
 
 ## Providers
 
@@ -55,12 +55,11 @@ No modules.
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | Resource group name | `string` | n/a | yes |
 | <a name="input_scm_ip_restriction"></a> [scm\_ip\_restriction](#input\_scm\_ip\_restriction) | Firewall settings for the function app | <pre>list(object({<br>    name                      = string<br>    ip_address                = optional(string, null)<br>    service_tag               = optional(string, null)<br>    virtual_network_subnet_id = optional(string, null)<br>    priority                  = optional(string, "100")<br>    action                    = string<br>    headers = optional(list(object({<br>      x_azure_fdid      = optional(list(string), null)<br>      x_fd_health_probe = optional(list(string), null)<br>      x_forwarded_for   = optional(list(string), null)<br>      x_forwarded_host  = optional(list(string), null)<br>    })), [])<br>  }))</pre> | <pre>[<br>  {<br>    "action": "Allow",<br>    "name": "allow_azure",<br>    "service_tag": "AzureCloud"<br>  }<br>]</pre> | no |
 | <a name="input_service_plan_id"></a> [service\_plan\_id](#input\_service\_plan\_id) | App Service plan ID | `string` | n/a | yes |
+| <a name="input_site_config"></a> [site\_config](#input\_site\_config) | Site configuration | <pre>object({<br>    always_on                                     = optional(bool, true)<br>    ftps_state                                    = optional(string, "Disabled")<br>    http2_enabled                                 = optional(bool, true)<br>    websockets_enabled                            = optional(bool, false)<br>    use_32_bit_worker                             = optional(bool, false)<br>    container_registry_use_managed_identity       = optional(bool, false)<br>    container_registry_managed_identity_client_id = optional(string, null)<br>    worker_count                                  = optional(number, null)<br>  })</pre> | `{}` | no |
 | <a name="input_storage_account"></a> [storage\_account](#input\_storage\_account) | BYOS storage mount configuration | <pre>list(object({<br>    access_key   = string<br>    account_name = string<br>    name         = string<br>    share_name   = string<br>    type         = string<br>    mount_path   = string<br>  }))</pre> | `[]` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Subnet ID for the web app | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags | `map(string)` | n/a | yes |
 | <a name="input_use_private_net"></a> [use\_private\_net](#input\_use\_private\_net) | Use private network injection | `bool` | `false` | no |
-| <a name="input_websockets_enabled"></a> [websockets\_enabled](#input\_websockets\_enabled) | Enable websockets | `bool` | `false` | no |
-| <a name="input_worker_count"></a> [worker\_count](#input\_worker\_count) | Number of workers | `number` | `null` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
@@ -80,11 +80,14 @@ resource "azurerm_linux_web_app" "this" {
     identity_ids = var.identity_ids
   }
   site_config {
-    always_on          = true
-    ftps_state         = "Disabled"
-    http2_enabled      = true
-    websockets_enabled = var.websockets_enabled
-    use_32_bit_worker  = false
+    always_on                                     = var.site_config.always_on
+    container_registry_managed_identity_client_id = var.site_config.container_registry_managed_identity_client_id
+    container_registry_use_managed_identity       = var.site_config.container_registry_use_managed_identity
+    ftps_state                                    = var.site_config.ftps_state
+    http2_enabled                                 = var.site_config.http2_enabled
+    use_32_bit_worker                             = var.site_config.use_32_bit_worker
+    websockets_enabled                            = var.site_config.websockets_enabled
+    worker_count                                  = var.site_config.worker_count
     dynamic "ip_restriction" {
       for_each = var.ip_restriction
       content {
@@ -125,7 +128,6 @@ resource "azurerm_linux_web_app" "this" {
         }
       }
     }
-    worker_count = var.worker_count
     application_stack {
       docker_image        = local.application_stack["docker_image"]
       docker_image_tag    = local.application_stack["docker_image_tag"]
diff --git a/variables.tf b/variables.tf
@@ -165,12 +165,6 @@ variable "storage_account" {
   description = "BYOS storage mount configuration"
 }
 
-variable "websockets_enabled" {
-  type        = bool
-  description = "Enable websockets"
-  default     = false
-}
-
 variable "enable_appinsights" {
   type        = bool
   description = "Enable application insights"
@@ -201,12 +195,6 @@ variable "client_affinity_enabled" {
   default     = false
 }
 
-variable "worker_count" {
-  type        = number
-  description = "Number of workers"
-  default     = null
-}
-
 variable "key_vault" {
   description = "Configure Linux Function App to Key Vault"
   type = object({
@@ -217,3 +205,18 @@ variable "key_vault" {
   })
   default = {}
 }
+
+variable "site_config" {
+  type = object({
+    always_on                                     = optional(bool, true)
+    ftps_state                                    = optional(string, "Disabled")
+    http2_enabled                                 = optional(bool, true)
+    websockets_enabled                            = optional(bool, false)
+    use_32_bit_worker                             = optional(bool, false)
+    container_registry_use_managed_identity       = optional(bool, false)
+    container_registry_managed_identity_client_id = optional(string, null)
+    worker_count                                  = optional(number, null)
+  })
+  default     = {}
+  description = "Site configuration"
+}
