Merge pull request #2 from kewalaka/feat/single-instance-avm-alignment

make container apps a single instance resource + add Dapr example

Author: kewalaka

README.md

@@ -49,7 +49,9 @@ The following providers are used by this module:
 The following resources are used by this module:
 
 - [azapi_resource.container_app](https://registry.terraform.io/providers/Azure/azapi/1.9.0/docs/resources/resource) (resource)
+- [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
 - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource)
+- [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource)
 - [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) (data source)
 
@@ -58,20 +60,14 @@ The following resources are used by this module:
 
 The following input variables are required:
 
-### <a name="input_container_app_environment_resource_id"></a> [container\_app\_environment\_resource\_id](#input\_container\_app\_environment\_resource\_id)
-
-Description: Resource ID of environment.
-
-Type: `string`
-
-### <a name="input_container_apps"></a> [container\_apps](#input\_container\_apps)
+### <a name="input_container_app"></a> [container\_app](#input\_container\_app)
 
 Description: Specifies the container apps in the managed environment.
 
 Type:
 
 ```hcl
-list(object({
+object({
     name          = string
     revision_mode = optional(string, "Single")
 
@@ -255,9 +251,15 @@ list(object({
         storageType = string
       })))
     })
-  }))
+  })
 ```
 
+### <a name="input_container_app_environment_resource_id"></a> [container\_app\_environment\_resource\_id](#input\_container\_app\_environment\_resource\_id)
+
+Description: Resource ID of environment.
+
+Type: `string`
+
 ### <a name="input_name"></a> [name](#input\_name)
 
 Description: Name for the resource.
@@ -292,6 +294,42 @@ Type: `string`
 
 Default: `null`
 
+### <a name="input_lock"></a> [lock](#input\_lock)
+
+Description: The lock level to apply to the Container App. Default is `None`. Possible values are `None`, `CanNotDelete`, and `ReadOnly`.
+
+Type:
+
+```hcl
+object({
+    name = optional(string, null)
+    kind = optional(string, "None")
+
+  })
+```
+
+Default: `{}`
+
+### <a name="input_role_assignments"></a> [role\_assignments](#input\_role\_assignments)
+
+Description: required AVM interfaces
+
+Type:
+
+```hcl
+map(object({
+    role_definition_id_or_name             = string
+    principal_id                           = string
+    description                            = optional(string, null)
+    skip_service_principal_aad_check       = optional(bool, true)
+    condition                              = optional(string, null)
+    condition_version                      = optional(string, "2.0")
+    delegated_managed_identity_resource_id = optional(string)
+  }))
+```
+
+Default: `{}`
+
 ### <a name="input_tags"></a> [tags](#input\_tags)
 
 Description: Custom tags to apply to the resource.

examples-not-working/dapr/README.md renamed to examples/dapr/README.md

@@ -61,15 +61,15 @@ resource "azapi_resource" "managed_environment" {
 }
 
 # This is the module call
-module "container-app" {
+module "node-app" {
   source = "../../"
   # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
-  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
+  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-nodeapp-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
   resource_group_name                   = azurerm_resource_group.this.name
   container_app_environment_resource_id = azapi_resource.managed_environment.id
 
   workload_profile_name = ""
-  container_apps = [{
+  container_app = {
     name = "nodeapp"
     configuration = {
       ingress = {
@@ -101,30 +101,40 @@ module "container-app" {
         maxReplicas = 1
       }
     }
-    },
-    {
-      name = "pythonapp"
-      configuration = {
-        dapr = {
-          enabled = true
-          appId   = "pythonapp"
-        }
+  }
+}
+
+module "python-app" {
+  source = "../../"
+  # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
+  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-pythonapp-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
+  resource_group_name                   = azurerm_resource_group.this.name
+  container_app_environment_resource_id = azapi_resource.managed_environment.id
+
+  workload_profile_name = ""
+  container_app = {
+    name = "pythonapp"
+    configuration = {
+      dapr = {
+        enabled = true
+        appId   = "pythonapp"
       }
-      template = {
-        containers = [{
-          image = "dapriosamples/hello-k8s-python:latest"
-          name  = "hello-k8s-python"
-          resources = {
-            cpu    = 0.5
-            memory = "1.0Gi"
-          }
-        }]
-        scale = {
-          minReplicas = 1
-          maxReplicas = 1
+    }
+    template = {
+      containers = [{
+        image = "dapriosamples/hello-k8s-python:latest"
+        name  = "hello-k8s-python"
+        resources = {
+          cpu    = 0.5
+          memory = "1.0Gi"
         }
+      }]
+      scale = {
+        minReplicas = 1
+        maxReplicas = 1
       }
-  }]
+    }
+  }
 }
 ```
 
@@ -181,17 +191,23 @@ No outputs.
 
 The following Modules are called:
 
-### <a name="module_container-app"></a> [container-app](#module\_container-app)
+### <a name="module_naming"></a> [naming](#module\_naming)
+
+Source: Azure/naming/azurerm
+
+Version: 0.3.0
+
+### <a name="module_node-app"></a> [node-app](#module\_node-app)
 
 Source: ../../
 
 Version:
 
-### <a name="module_naming"></a> [naming](#module\_naming)
+### <a name="module_python-app"></a> [python-app](#module\_python-app)
 
-Source: Azure/naming/azurerm
+Source: ../../
 
-Version: 0.3.0
+Version:
 
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection

examples-not-working/dapr/_footer.md renamed to examples/dapr/_footer.md

@@ -55,15 +55,15 @@ resource "azapi_resource" "managed_environment" {
 }
 
 # This is the module call
-module "container-app" {
+module "node-app" {
   source = "../../"
   # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
-  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
+  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-nodeapp-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
   resource_group_name                   = azurerm_resource_group.this.name
   container_app_environment_resource_id = azapi_resource.managed_environment.id
 
   workload_profile_name = ""
-  container_apps = [{
+  container_app = {
     name = "nodeapp"
     configuration = {
       ingress = {
@@ -95,28 +95,38 @@ module "container-app" {
         maxReplicas = 1
       }
     }
-    },
-    {
-      name = "pythonapp"
-      configuration = {
-        dapr = {
-          enabled = true
-          appId   = "pythonapp"
-        }
+  }
+}
+
+module "python-app" {
+  source = "../../"
+  # source             = "Azure/avm-<res/ptn>-<name>/azurerm"
+  name                                  = replace(azurerm_resource_group.this.name, "rg-", "ca-pythonapp-") # TODO remove workaround pending PR - https://github.com/Azure/terraform-azurerm-naming/pull/103
+  resource_group_name                   = azurerm_resource_group.this.name
+  container_app_environment_resource_id = azapi_resource.managed_environment.id
+
+  workload_profile_name = ""
+  container_app = {
+    name = "pythonapp"
+    configuration = {
+      dapr = {
+        enabled = true
+        appId   = "pythonapp"
       }
-      template = {
-        containers = [{
-          image = "dapriosamples/hello-k8s-python:latest"
-          name  = "hello-k8s-python"
-          resources = {
-            cpu    = 0.5
-            memory = "1.0Gi"
-          }
-        }]
-        scale = {
-          minReplicas = 1
-          maxReplicas = 1
+    }
+    template = {
+      containers = [{
+        image = "dapriosamples/hello-k8s-python:latest"
+        name  = "hello-k8s-python"
+        resources = {
+          cpu    = 0.5
+          memory = "1.0Gi"
         }
+      }]
+      scale = {
+        minReplicas = 1
+        maxReplicas = 1
       }
-  }]
+    }
+  }
 }

examples-not-working/dapr/_header.md renamed to examples/dapr/_header.md

@@ -56,7 +56,7 @@ module "container_app" {
   container_app_environment_resource_id = azurerm_container_app_environment.this.id
 
   workload_profile_name = "Consumption"
-  container_apps = [{
+  container_app = {
     name = "helloworld"
     configuration = {
       ingress = {
@@ -77,8 +77,7 @@ module "container_app" {
         maxReplicas = 1
       }
     }
-    }
-  ]
+  }
 }
 ```
 

examples-not-working/dapr/main.tf renamed to examples/dapr/main.tf

@@ -50,7 +50,7 @@ module "container_app" {
   container_app_environment_resource_id = azurerm_container_app_environment.this.id
 
   workload_profile_name = "Consumption"
-  container_apps = [{
+  container_app = {
     name = "helloworld"
     configuration = {
       ingress = {
@@ -71,6 +71,5 @@ module "container_app" {
         maxReplicas = 1
       }
     }
-    }
-  ]
+  }
 }

examples/default/README.md

@@ -1,3 +1,4 @@
 locals {
-  location = var.location != null ? var.location : data.azurerm_resource_group.rg.location
+  location                           = var.location != null ? var.location : data.azurerm_resource_group.rg.location
+  role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions"
 }

examples/default/main.tf

@@ -3,7 +3,6 @@ data "azurerm_resource_group" "rg" {
 }
 
 resource "azapi_resource" "container_app" {
-  for_each                  = { for app in var.container_apps : app.name => app }
   type                      = "Microsoft.App/containerApps@2023-05-01"
   schema_validation_enabled = false
   name                      = var.name
@@ -18,38 +17,38 @@ resource "azapi_resource" "container_app" {
   body = jsonencode({
     properties = {
       configuration = {
-        activeRevisionsMode  = try(each.value.revision_mode, "Single")
-        dapr                 = try(each.value.dapr, null)
-        ingress              = try(each.value.ingress, null)
-        maxInactiveRevisions = try(each.value.maxInactiveRevisions, null)
-        registries           = try(each.value.registries, null)
-        secrets              = try(each.value.secrets, null)
-        service              = try(each.value.service, null)
+        activeRevisionsMode  = try(var.container_app.revision_mode, "Single")
+        dapr                 = try(var.container_app.dapr, null)
+        ingress              = try(var.container_app.ingress, null)
+        maxInactiveRevisions = try(var.container_app.maxInactiveRevisions, null)
+        registries           = try(var.container_app.registries, null)
+        secrets              = try(var.container_app.secrets, null)
+        service              = try(var.container_app.service, null)
       }
       environmentId       = var.container_app_environment_resource_id
-      template            = each.value.template
+      template            = var.container_app.template
       workloadProfileName = var.workload_profile_name
     }
   })
 
   response_export_values = ["identity"]
 }
 
-# resource "azurerm_management_lock" "this" {
-#   count      = var.lock.kind != "None" ? 1 : 0
-#   name       = coalesce(var.lock.name, "lock-${var.name}")
-#   scope      = azapi_resource.container_app.id
-#   lock_level = var.lock.kind
-# }
+resource "azurerm_management_lock" "this" {
+  count      = var.lock.kind != "None" ? 1 : 0
+  name       = coalesce(var.lock.name, "lock-${var.name}")
+  scope      = azapi_resource.container_app.id
+  lock_level = var.lock.kind
+}
 
-# resource "azurerm_role_assignment" "this" {
-#   for_each                               = var.role_assignments
-#   scope                                  = azapi_resource.container_app.id
-#   role_definition_id                     = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? each.value.role_definition_id_or_name : null
-#   role_definition_name                   = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? null : each.value.role_definition_id_or_name
-#   principal_id                           = each.value.principal_id
-#   condition                              = each.value.condition
-#   condition_version                      = each.value.condition_version
-#   skip_service_principal_aad_check       = each.value.skip_service_principal_aad_check
-#   delegated_managed_identity_resource_id = each.value.delegated_managed_identity_resource_id
-# }
+resource "azurerm_role_assignment" "this" {
+  for_each                               = var.role_assignments
+  scope                                  = azapi_resource.container_app.id
+  role_definition_id                     = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? each.value.role_definition_id_or_name : null
+  role_definition_name                   = strcontains(lower(each.value.role_definition_id_or_name), lower(local.role_definition_resource_substring)) ? null : each.value.role_definition_id_or_name
+  principal_id                           = each.value.principal_id
+  condition                              = each.value.condition
+  condition_version                      = each.value.condition_version
+  skip_service_principal_aad_check       = each.value.skip_service_principal_aad_check
+  delegated_managed_identity_resource_id = each.value.delegated_managed_identity_resource_id
+}