|
| 1 | + |
| 2 | +module "container-app" { |
| 3 | + for_each = local.container_apps_map |
| 4 | + |
| 5 | + source = "../../../dtos-devops-templates/infrastructure/modules/container-app" |
| 6 | + |
| 7 | + providers = { |
| 8 | + azurerm = azurerm |
| 9 | + azurerm.hub = azurerm.hub |
| 10 | + } |
| 11 | + |
| 12 | + name = "ca-${lower(each.key)}" |
| 13 | + resource_group_name = azurerm_resource_group.core[each.value.region].name |
| 14 | + location = each.value.region |
| 15 | + |
| 16 | + container_app_environment_id = module.container-app-environment["${each.value.container_app_environment_key}-${each.value.region}"].id |
| 17 | + user_assigned_identity_ids = each.value.add_user_assigned_identity ? [module.user_assigned_managed_identity_sql["${each.key}"].id] : [] |
| 18 | + |
| 19 | + acr_login_server = data.azurerm_container_registry.acr.login_server |
| 20 | + acr_managed_identity_id = each.value.container_registry_use_mi ? data.azurerm_user_assigned_identity.acr_mi.id : null |
| 21 | + docker_image = "${data.azurerm_container_registry.acr.login_server}/${each.value.docker_image}:${each.value.docker_env_tag != "" ? each.value.docker_env_tag : var.docker_image_tag}" |
| 22 | + |
| 23 | + environment_variables = each.value.env_vars != null ? each.value.env_vars : {} |
| 24 | + |
| 25 | + is_tcp_app = each.value.is_tcp_app |
| 26 | + is_web_app = each.value.is_web_app |
| 27 | + port = each.value.port |
| 28 | + |
| 29 | + infra_key_vault_rg = each.value.infra_key_vault_rg |
| 30 | + infra_key_vault_name = each.value.infra_key_vault_name |
| 31 | + |
| 32 | + depends_on = [ |
| 33 | + module.azure_sql_server |
| 34 | + ] |
| 35 | +} |
| 36 | + |
| 37 | +locals { |
| 38 | + # There are multiple App Service Plans and possibly multiple regions. |
| 39 | + # We cannot nest for loops inside a map, so first iterate all permutations of both as a list of objects... |
| 40 | + container_apps_object_list = flatten([ |
| 41 | + for region in keys(var.regions) : [ |
| 42 | + for container_app, config in var.container_apps.apps : merge( |
| 43 | + { |
| 44 | + region = region # 1st iterator |
| 45 | + container_app = container_app # 2nd iterator |
| 46 | + }, |
| 47 | + config, # the rest of the key/value pairs for a specific container_app |
| 48 | + { |
| 49 | + env_vars = merge( |
| 50 | + # Add environment variables defined specifically for this container app : |
| 51 | + config.env_vars_static, |
| 52 | + |
| 53 | + # Add in the database connection string if the name of the variable is provided: |
| 54 | + config.add_user_assigned_identity != null && length(config.db_connection_string_name) > 0 ? { |
| 55 | + (config.db_connection_string_name) = "Server=tcp:${module.regions_config[region].names.sql-server}.database.windows.net,1433;Initial Catalog=${var.sqlserver.dbs.cohman.db_name_suffix};Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication='Active Directory Managed Identity';User ID=${module.user_assigned_managed_identity_sql["${container_app}-${region}"].client_id};" |
| 56 | + } : {}, |
| 57 | + |
| 58 | + # Add in the MANAGED_IDENTITY_CLIENT_ID environment variable if using a user assigned managed identity: |
| 59 | + config.add_user_assigned_identity != false ? { |
| 60 | + "MANAGED_IDENTITY_CLIENT_ID" = "${module.user_assigned_managed_identity_sql["${container_app}-${region}"].client_id}", |
| 61 | + "TARGET_SUBSCRIPTION_ID" = var.TARGET_SUBSCRIPTION_ID |
| 62 | + } : {} |
| 63 | + ) |
| 64 | + } |
| 65 | + ) |
| 66 | + ] |
| 67 | + ]) |
| 68 | + |
| 69 | + # ...then project the list of objects into a map with unique keys (combining the iterators), for consumption by a for_each meta argument |
| 70 | + container_apps_map = { |
| 71 | + for object in local.container_apps_object_list : "${object.container_app}-${object.region}" => object |
| 72 | + } |
| 73 | +} |
0 commit comments