I have got an Azure HTTP Function App deployed via Terraform, I would like to manage access to the HTTP function via API management. I can see how to created API management via Terraform, however I cannot see how to marry my function app upto my API management. Via the console this is very simple. How can I do this via terraform?
Below is the terraform code to add your Azure function as a backend to Azure API Management:
resource "azurerm_api_management_backend" "example" {
name = "sample-backend"
resource_group_name = data.azurerm_resource_group.example.name
api_management_name = data.azurerm_api_management.example.name
protocol = "http"
url = "https://${azurerm_function_app.example.name}.azurewebsites.net/api/"
credentials {
header = {
"x-functions-key" = "${data.azurerm_function_app_host_keys.example.default_function_key}"
}
}
}
Refer to Royarin blog article for more information on adding the Functions or Web API as an API in Azure APIM as backend.
Related
Using hashicorp/azurerm provider I want to set up a webhook that would trigger a deployment.
I have a web app that loads the newest Docker image on restart. However, I need a scmUri of the resource to setup the webhook:
resource "azurerm_linux_web_app" "web" {
app_settings = {
DOCKER_REGISTRY_SERVER_URL = url
DOCKER_REGISTRY_SERVER_USERNAME = data.azurerm_key_vault_secret.acr-service-principal-id.value
DOCKER_REGISTRY_SERVER_PASSWORD = data.azurerm_key_vault_secret.acr-service-principal-password.value
...
}
...
}
resource "azurerm_container_registry_webhook" "webhook" {
service_uri = "<scm URL of the azurerm_linux_web_app.web>/docker/hook"
...
}
I have found a way to query the scmUri using various other languages... but nothing using the azurepm provider:
REST: https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/list-publishing-credentials
Bicep: https://github.com/Azure/bicep/discussions/3352#discussioncomment-976818
Pulumi: Add Azure Web App Service web hook to Azure Container Registry for continuous deployment
After everything is deployed I can also copy the scmUri manually from Azure, but I would prefer a fully automated setup:
I am trying to create new azure function app that has azure functions(HTTPtrigger) as part of it. I am able to create function app with terraform but i am not able find a way to create azure functions as part of it. Have checked Hashicorp azurem docs and i couldnt find it there.
Here is how i am creating azure function app
resource "azurerm_function_app" "example" {
name = "functionapptest"
location = var.location
resource_group_name = var.resource_group_name
app_service_plan_id = var.functionappplan.id
storage_connection_string = azurerm_storage_account.functionapptestsa.primary_blob_connection_string
#storage_account_access_key = ""
app_settings = {
APPINSIGHTS_INSTRUMENTATIONKEY = azurerm_application_insights.app_insight.instrumentation_key
}
Is there a way to create HTTPtriggers with terraform?
using Terraform you'll create the infrastructure (where your code should run on). In your case, it's the azure function app.
The triggering part, is code responsibility and the reason why you can't find / create it using Terraform.
All you need to do, is deploy the Azure Function project, which contains functions triggered by Http (or whatever the trigger mechanism you're using).
I am trying to provision some IBM Watson Assistant services using the terraform provider for IBM.
I am currently using the ibm_service_instance along with ibm_service_key resources from the IBM provider.
The relevant piece of terraform code can be found below.
# create service
resource "ibm_service_instance" "wa_test_service_instance_name" {
count = var.wa_template_service_counter
name = "Test-${var.wa_test_service_instance_name}-${var.app_name}-${count.index + 1}"
space_guid = var.space_guid
service = var.service_offering
plan = var.plan
}
# create credentials
resource "ibm_service_key" "wa_test_service_key" {
count = var.wa_template_service_counter
name = var.service_key_name
service_instance_guid = ibm_service_instance.wa_test_service_instance_name[count.index].id
depends_on = [ibm_service_instance.wa_test_service_instance_name]
}
The service instance is created successfully along with the credentials and the CF alias. The problem is that for the CF alias, the created credentials are not having iam_role_crn manager which is the required setup in my configuration.
If I manually add the credentials from IBM cloud dashboard for the CF alias, they are created with the iam_role_crn Manager. Also, the resource instance for which is this alias has in its credentials iam_role_crn = Manager.
I could not find a way of specifying such a parameter when the ibm_service_key or ibm_service_instance gets created.
https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/service_key
Is there a way to create the credentials for the alias of the service with this parameter iam_role_crn setup as Manager or is there a work-around to achieve this?
I am trying to do this, via Terraform code:
However, I can not find how. Is it some obscure resource or it is not implemented at all ?
You can use the azurerm_monitor_diagnostic_setting to configure the setting as ydaetskcoR said, it works like the screenshot you provided shows. Here is the example code:
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "example"
target_resource_id = "application_gateway_resource_id"
storage_account_id = data.azurerm_storage_account.example.id
log {
category = "ApplicationGatewayFirewallLog"
enabled = true
retention_policy {
enabled = true
days = 30
}
}
}
Terraform does not support Data for application gateway, so you need to input the resource id of the existing application gateway yourself, or quote the id when you create the new application gateway.
It seems like logs are not supported by Terraform for Azure WAF (ApplicationGateway) yet.
Does Azure provide any Management REST APIs to fetch the list of PaaS and SaaS services used by a Azure Account or Subscription.
For e.g. If my Account is using Multifactor Auth, Advisor Services, AD etc I need to get that list of services in a REST API call
I am unable to find these APIs in the below Resource Management API list
https://learn.microsoft.com/en-us/rest/api/azure/
There is no option to get the list of the PaaS and SaaS Service alone using the API.
However, you can get all the resources under a particular Subscriptionid and filter using it's type using Azure List Resouce API
1st You should find your Paas/Saas Resouce type, for an instance, say it's is Microsoft.DataFactory/factories
var credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal("<Clientid>", "<ClientSecret?", "<TenantId>",AzureEnvironment.AzureGlobalCloud);
var azure = Microsoft.Azure.Management.Fluent.Azure.Configure().Authenticate(credentials).WithDefaultSubscription();
var resouceManagementClient = new ResourceManagementClient(credentials) { SubscriptionId = "<SubID>" };
var resource = resouceManagementClient.Resources.ListAsync(new ODataQuery<GenericResourceFilterInner>(x => x.ResourceType == "Microsoft.DataFactory/factories")).Result;
Like that you can add many filters to get that particular resource types.