Merge pull request #1 from kewalaka/feat/container-apps

initial version for container apps

Author: kewalaka

.devcontainer/devcontainer.json

@@ -0,0 +1,26 @@
+{
+  "image": "mcr.microsoft.com/azterraform:latest",
+  "runArgs": [
+    "--cap-add=SYS_PTRACE",
+    "--security-opt",
+    "seccomp=unconfined",
+    "--init",
+    "--network=host"
+  ],
+  "mounts": [
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+  ],
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "go.toolsManagement.checkForUpdates": "local",
+        "go.useLanguageServer": true,
+        "go.goroot": "/usr/local/go"
+      },
+      "extensions": [
+        "hashicorp.terraform",
+        "golang.Go"
+      ]
+    }
+  }
+}

.gitignore

@@ -10,8 +10,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version
-# control as they are data points which are potentially sensitive and subject
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -26,12 +26,12 @@ override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 
-# Ignore Terraform lock file
-.terraform.lock.hcl
-
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+# lock files
+**/.terraform.lock.hcl

.terraform-docs.yml

@@ -60,7 +60,7 @@ settings:
   hide-empty: false
   html: true
   indent: 2
-  lockfile: false
+  lockfile: true
   read-comments: true
   required: true
   sensitive: true

.vscode/extensions.json

@@ -1,6 +1,9 @@
 {
   "recommendations": [
     "hashicorp.terraform",
-    "EditorConfig.EditorConfig"
+    "editorconfig.editorconfig",
+    "azapi-vscode.azapi",
+    "ms-vscode-remote.remote-wsl",
+    "ms-vscode-remote.remote-containers"
   ]
-}
+}

.vscode/settings.json

@@ -1,3 +1,4 @@
 {
   "editor.bracketPairColorization.enabled": true,
-}
+  "git.enableCommitSigning": true,
+}

README.md

@@ -1,7 +1,13 @@
 <!-- BEGIN_TF_DOCS -->
-# terraform-azurerm-avm-template
+# terraform-azurerm-avm-res-container-apps
 
-This is a template repo for Terraform Azure Verified Modules.
+This is a repo for Container Apps in the style of Azure Verified Modules (AVM), it is an 'unofficial' example that has been used for learning AVM.
+
+Note this uses the AZAPI provider because of support missing within the AzureRM provider for [workload profiles](https://github.com/hashicorp/terraform-provider-azurerm/issues/21747).
+
+Once required functionality is available within AzureRM, [azapi2azurerm](https://github.com/Azure/azapi2azurerm) can be used to convert this code.
+
+This project includes [examples](./examples/) showing default settings and an example from Microsoft Learn illustrating Dapr.
 
 Things to do:
 
@@ -20,7 +26,9 @@ Things to do:
 
 The following requirements are needed by this module:
 
-- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.0.0)
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.0)
+
+- <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (1.9.0)
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.71.0)
 
@@ -30,6 +38,8 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
+- <a name="provider_azapi"></a> [azapi](#provider\_azapi) (1.9.0)
+
 - <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.71.0)
 
 - <a name="provider_random"></a> [random](#provider\_random) (>= 3.5.0)
@@ -38,14 +48,222 @@ The following providers are used by this module:
 
 The following resources are used by this module:
 
+- [azapi_resource.container_app](https://registry.terraform.io/providers/Azure/azapi/1.9.0/docs/resources/resource) (resource)
 - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource)
 - [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource)
+- [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs
 
 The following input variables are required:
 
+### <a name="input_container_app_environment_resource_id"></a> [container\_app\_environment\_resource\_id](#input\_container\_app\_environment\_resource\_id)
+
+Description: Resource ID of environment.
+
+Type: `string`
+
+### <a name="input_container_apps"></a> [container\_apps](#input\_container\_apps)
+
+Description: Specifies the container apps in the managed environment.
+
+Type:
+
+```hcl
+list(object({
+    name          = string
+    revision_mode = optional(string, "Single")
+
+    dapr = optional(object({
+      appId              = optional(string)
+      appPort            = optional(number)
+      appProtocol        = optional(string)
+      enableApiLogging   = optional(bool)
+      enabled            = optional(bool)
+      httpMaxRequestSize = optional(number)
+      httpReadBufferSize = optional(number)
+      logLevel           = optional(string)
+    }))
+    ingress = optional(object({
+      allowInsecure         = optional(bool)
+      clientCertificateMode = optional(string)
+      corsPolicy = optional(object({
+        allowCredentials = optional(bool)
+        allowedHeaders   = optional(list(string))
+        allowedMethods   = optional(list(string))
+        allowedOrigins   = optional(list(string))
+        exposeHeaders    = optional(list(string))
+        maxAge           = optional(number)
+      }))
+      customDomains = optional(list(object({
+        bindingType   = optional(string)
+        certificateId = optional(string)
+        name          = optional(string)
+      })))
+      exposedPort = optional(number)
+      external    = optional(bool)
+      ipSecurityRestrictions = optional(list(object({
+        action         = optional(string)
+        description    = optional(string)
+        ipAddressRange = optional(string)
+        name           = optional(string)
+      })))
+      stickySessions = optional(object({
+        affinity = optional(string)
+      }))
+      targetPort = optional(number)
+      traffic = optional(list(object({
+        label          = optional(string)
+        latestRevision = optional(bool)
+        revisionName   = optional(string)
+        weight         = optional(number)
+      })))
+      transport = optional(string)
+    }))
+    maxInactiveRevisions = optional(number)
+    registries = optional(list(object({
+      identity          = optional(string)
+      passwordSecretRef = optional(string)
+      server            = optional(string)
+      username          = optional(string)
+    })))
+    secrets = optional(list(object({
+      identity    = optional(string)
+      keyVaultUrl = optional(string)
+      name        = string
+      value       = string
+    })))
+    service = optional(object({
+      type = optional(string)
+    }))
+
+    template = object({
+      containers = list(object({
+        args    = optional(list(string))
+        command = optional(list(string))
+        env = optional(list(object({
+          name      = string
+          secretRef = optional(string)
+          value     = optional(string)
+        })))
+        image = string
+        name  = string
+        probes = optional(list(object({
+          failureThreshold = optional(number)
+          httpGet = optional(object({
+            host = optional(string)
+            httpHeaders = optional(list(object({
+              name  = string
+              value = string
+            })))
+            path   = optional(string)
+            port   = optional(number)
+            scheme = optional(string)
+          }))
+          initialDelaySeconds = optional(number)
+          periodSeconds       = optional(number)
+          successThreshold    = optional(number)
+          tcpSocket = optional(object({
+            host = optional(string)
+            port = optional(number)
+          }))
+          terminationGracePeriodSeconds = optional(number)
+          timeoutSeconds                = optional(number)
+          type                          = optional(string)
+        })))
+        resources = optional(object({
+          cpu    = optional(string)
+          memory = optional(string)
+        }))
+        volumeMounts = optional(list(object({
+          mountPath  = optional(string)
+          subPath    = optional(string)
+          volumeName = optional(string)
+        })))
+      }))
+      initContainers = optional(list(object({
+        args    = optional(list(string))
+        command = optional(list(string))
+        env = optional(list(object({
+          name      = string
+          secretRef = optional(string)
+          value     = optional(string)
+        })))
+        image = string
+        name  = string
+        resources = optional(object({
+          cpu    = optional(string)
+          memory = optional(string)
+        }))
+        volumeMounts = optional(list(object({
+          mountPath  = optional(string)
+          subPath    = optional(string)
+          volumeName = optional(string)
+        })))
+      })))
+      revisionSuffix = optional(string, null)
+      scale = optional(object({
+        maxReplicas = optional(number)
+        minReplicas = optional(number)
+        rules = optional(list(object({
+          azureQueue = optional(object({
+            auth = optional(list(object({
+              secretRef        = string
+              triggerParameter = string
+            })))
+            queueLength = optional(number)
+            queueName   = optional(string)
+          }))
+          custom = optional(object({
+            auth = optional(list(object({
+              secretRef        = string
+              triggerParameter = string
+            })))
+            metadata = optional(map(string))
+            type     = optional(string)
+          }))
+          http = optional(object({
+            auth = optional(list(object({
+              secretRef        = string
+              triggerParameter = string
+            })))
+            metadata = optional(map(string))
+          }))
+          name = optional(string)
+          tcp = optional(object({
+            auth = optional(list(object({
+              secretRef        = string
+              triggerParameter = string
+            })))
+            metadata = optional(map(string))
+          }))
+        })))
+      }))
+      serviceBinds = optional(list(object({
+        name      = string
+        serviceId = string
+      })))
+      volumes = optional(list(object({
+        mountOptions = string
+        name         = string
+        secrets = optional(list(object({
+          path      = string
+          secretRef = string
+        })))
+        storageName = string
+        storageType = string
+      })))
+    })
+  }))
+```
+
+### <a name="input_name"></a> [name](#input\_name)
+
+Description: Name for the resource.
+
+Type: `string`
+
 ### <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name)
 
 Description: The resource group where the resources will be deployed.
@@ -64,11 +282,47 @@ If it is set to false, then no telemetry will be collected.
 
 Type: `bool`
 
-Default: `true`
+Default: `false`
+
+### <a name="input_location"></a> [location](#input\_location)
+
+Description: Azure region where the resource should be deployed.
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_tags"></a> [tags](#input\_tags)
+
+Description: Custom tags to apply to the resource.
+
+Type: `map(string)`
+
+Default: `{}`
+
+### <a name="input_user_identity_resource_id"></a> [user\_identity\_resource\_id](#input\_user\_identity\_resource\_id)
+
+Description: The managed identity definition for this resource.
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_workload_profile_name"></a> [workload\_profile\_name](#input\_workload\_profile\_name)
+
+Description: Workload profile name to pin for container app execution.  If not set, workload profiles are not used.
+
+Type: `string`
+
+Default: `null`
 
 ## Outputs
 
-No outputs.
+The following outputs are exported:
+
+### <a name="output_resource"></a> [resource](#output\_resource)
+
+Description: The Container Apps resource.
 
 ## Modules