diff --git a/function/azurefunctioncode/function.json b/function/azurefunctioncode/function.json index 890335a..d37e6d2 100644 --- a/function/azurefunctioncode/function.json +++ b/function/azurefunctioncode/function.json @@ -5,7 +5,7 @@ "authLevel": "function", "type": "httpTrigger", "direction": "in", - "name": "req", + "name": "trigger", "methods": [ "get", "post" diff --git a/function/requirements.txt b/function/requirements.txt index 3172c46..c226190 100644 --- a/function/requirements.txt +++ b/function/requirements.txt @@ -1,2 +1,5 @@ logging -azure-functions \ No newline at end of file +azure-functions +pyodbc +requests +dateparser \ No newline at end of file diff --git a/main.tf b/main.tf index c07ad1c..8c6da9b 100644 --- a/main.tf +++ b/main.tf @@ -8,55 +8,69 @@ module "network" { prefix = var.prefix } -module "database" { +/* module "database" { source = "./modules/Database" rg = var.rg location = var.location tags = var.tags prefix = var.prefix env = var.env -} +} */ module "function_app" { - source = "./modules/FunctionApp" - tags = var.tags - rg = var.rg - location = var.location - sa = module.storage.storage_account - env = var.env - prefix = var.prefix - instru_key = module.monitoring.instrumentation_key - conn_string = module.monitoring.conn_string + source = "./modules/FunctionApp" + tags = var.tags + rg = var.rg + location = var.location + private_storage_name = module.storage.private_storage_name + private_storage_key = module.storage.private_storage_key + private_storage_account_id = module.storage.private_storage_account_id + public_storage_account_id = module.storage.public_storage_account_id + env = var.env + prefix = var.prefix + instru_key = module.monitoring.instrumentation_key + conn_string = module.monitoring.conn_string + func_subnet_id = module.network.function_subnet_id } -module "eventgrid" { +/* module "eventgrid" { source = "./modules/Eventgrid" tags = var.tags rg = var.rg prefix = var.prefix location = var.location - sa = module.storage.storage_account + public_storage_account_id = module.storage.public_storage_account_id + private_storage_account_id = module.storage.private_storage_account_id env = var.env name = var.prefix -} + function_app_id = module.function_app.function_app_id + eventgrid_function_app = module.function_app.eventgrid_function_app.name +} */ module "storage" { - source = "./modules/Storage" - tags = var.tags - rg = var.rg - prefix = var.prefix - location = var.location - env = var.env + source = "./modules/Storage" + tags = var.tags + rg = var.rg + prefix = var.prefix + location = var.location + env = var.env + fe_subnet_id = module.network.frontend_subnet_id + be_subnet_id = module.network.backend_subnet_id + comp_subnet_id = module.network.compute_subnet_id + func_subnet_id = module.network.function_subnet_id + #private_dns_zone_blob_id = module.network.private_dns_zone_blob_id } module "container" { - source = "./modules/Container" - tags = var.tags - rg = var.rg - location = var.location - prefix = var.prefix - env = var.env - subnet = module.network.compute_subnet_id + source = "./modules/Container" + tags = var.tags + rg = var.rg + location = var.location + prefix = var.prefix + env = var.env + fe_subnet_id = module.network.frontend_subnet_id + be_subnet_id = module.network.backend_subnet_id + comp_subnet_id = module.network.compute_subnet_id } module "monitoring" { diff --git a/modules/Container/main.tf b/modules/Container/main.tf index ad4ecd9..eba814a 100644 --- a/modules/Container/main.tf +++ b/modules/Container/main.tf @@ -4,7 +4,7 @@ resource "azurerm_container_group" "container_group" { resource_group_name = var.rg os_type = "Linux" ip_address_type = "Private" - subnet_ids = toset([var.subnet]) + subnet_ids = toset([var.comp_subnet_id]) container { diff --git a/modules/Container/variables.tf b/modules/Container/variables.tf index cae6c3e..e814472 100644 --- a/modules/Container/variables.tf +++ b/modules/Container/variables.tf @@ -19,6 +19,14 @@ variable "env" { type = string } -variable "subnet" { +variable fe_subnet_id { + type = string +} + +variable be_subnet_id { + type = string +} + +variable comp_subnet_id { type = string } \ No newline at end of file diff --git a/modules/Eventgrid/main.tf b/modules/Eventgrid/main.tf index 71b83d5..816a8ed 100644 --- a/modules/Eventgrid/main.tf +++ b/modules/Eventgrid/main.tf @@ -1,24 +1,21 @@ -resource "azurerm_storage_queue" "storage_queue" { - name = "sq-${var.prefix}-${var.env}-001" - storage_account_name = var.sa.name -} - resource "azurerm_eventgrid_system_topic" "eventgrid_topic" { name = "egt-${var.prefix}-${var.env}-001" location = var.location resource_group_name = var.rg - source_arm_resource_id = var.sa.id + source_arm_resource_id = var.public_storage_account_id topic_type = "Microsoft.Storage.StorageAccounts" tags = var.tags } resource "azurerm_eventgrid_system_topic_event_subscription" "event_subscription" { name = "es-${var.prefix}-${var.env}-001" - system_topic = azurerm_eventgrid_system_topic.eventgrid_topic.name + system_topic = azurerm_eventgrid_system_topic.eventgrid_topic resource_group_name = var.rg - storage_queue_endpoint { - storage_account_id = var.sa.id - queue_name = azurerm_storage_queue.storage_queue.name - } + azure_function_endpoint { + function_id = var.eventgrid_function_app.name + max_events_per_batch = 1 + preferred_batch_size_in_kilobytes = 64 + } + included_event_types = ["Microsoft.Storage.BlobCreated"] } \ No newline at end of file diff --git a/modules/Eventgrid/variables.tf b/modules/Eventgrid/variables.tf index e08bc62..2b8130d 100644 --- a/modules/Eventgrid/variables.tf +++ b/modules/Eventgrid/variables.tf @@ -11,8 +11,12 @@ variable "tags" { type = map(string) } -variable "sa" { - description = "storage account" +variable "public_storage_account_id" { + type = string +} + +variable "private_storage_account_id" { + type = string } variable "prefix" { @@ -25,4 +29,12 @@ variable "env" { variable "name" { type = string +} + +variable "function_app_id" { + type = string +} + +variable "eventgrid_function_app" { + type = string } \ No newline at end of file diff --git a/modules/FunctionApp/main.tf b/modules/FunctionApp/main.tf index 50342e4..d24f8ba 100644 --- a/modules/FunctionApp/main.tf +++ b/modules/FunctionApp/main.tf @@ -11,13 +11,15 @@ resource "azurerm_linux_function_app" "function_app" { location = var.location resource_group_name = var.rg service_plan_id = azurerm_service_plan.service_plan.id - storage_account_name = var.sa.name - storage_account_access_key = var.sa.primary_access_key - https_only = true + storage_account_name = var.private_storage_name + storage_account_access_key = var.private_storage_key + virtual_network_subnet_id = var.func_subnet_id + site_config { cors { allowed_origins = ["https://portal.azure.com"] } + always_on = true application_insights_key = var.instru_key application_insights_connection_string = var.conn_string application_stack { @@ -25,11 +27,32 @@ resource "azurerm_linux_function_app" "function_app" { } } app_settings = { - "AzureWebJobsStorage" = "DefaultEndpointsProtocol=https;AccountName=${var.sa.name};AccountKey=${var.sa.primary_access_key};EndpointSuffix=core.windows.net" + "AzureWebJobsStorage" = "DefaultEndpointsProtocol=https;AccountName=${var.private_storage_name};AccountKey=${var.private_storage_key};EndpointSuffix=core.windows.net" "FUNCTIONS_EXTENSION_VERSION" = "~4" "FUNCTIONS_WORKER_RUNTIME" = "python" "FUNCTIONS_WORKER_PROCESS_COUNT" = "1" "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" = "" "APPLICATIONINSIGHTS_CONNECTION_STRING" = var.conn_string } +} + +resource "azurerm_eventgrid_system_topic" "eventgrid_topic" { + name = "egt-${var.prefix}-${var.env}-001" + location = var.location + resource_group_name = var.rg + source_arm_resource_id = var.public_storage_account_id + topic_type = "Microsoft.Storage.StorageAccounts" + tags = var.tags +} + +resource "azurerm_eventgrid_system_topic_event_subscription" "event_subscription" { + name = "es-${var.prefix}-${var.env}-001" + system_topic = azurerm_eventgrid_system_topic.eventgrid_topic.name + resource_group_name = var.rg + azure_function_endpoint { + function_id = "${azurerm_linux_function_app.function_app.id}/functions/${azurerm_linux_function_app.function_app.name}" + max_events_per_batch = 1 + preferred_batch_size_in_kilobytes = 64 + } + included_event_types = ["Microsoft.Storage.BlobCreated"] } \ No newline at end of file diff --git a/modules/FunctionApp/outputs.tf b/modules/FunctionApp/outputs.tf new file mode 100644 index 0000000..4896b20 --- /dev/null +++ b/modules/FunctionApp/outputs.tf @@ -0,0 +1,7 @@ +output "function_app_id" { + value = azurerm_linux_function_app.function_app.id +} + +output "function_app" { + value = azurerm_linux_function_app.function_app +} \ No newline at end of file diff --git a/modules/FunctionApp/variables.tf b/modules/FunctionApp/variables.tf index adf9c0c..78af242 100644 --- a/modules/FunctionApp/variables.tf +++ b/modules/FunctionApp/variables.tf @@ -10,8 +10,20 @@ variable "tags" { type = map(string) } +variable "public_storage_account_id" { + type = string +} + + +variable "private_storage_name" { + type = string +} + +variable "private_storage_key" { + type = string +} -variable "sa" { +variable "private_storage_account_id" { description = "storage account" } @@ -30,4 +42,9 @@ variable "instru_key" { variable "conn_string" { type = string sensitive = true -} \ No newline at end of file +} + +variable "func_subnet_id" { + type = string +} + diff --git a/modules/Monitoring/main.tf b/modules/Monitoring/main.tf index c770b14..96a9606 100644 --- a/modules/Monitoring/main.tf +++ b/modules/Monitoring/main.tf @@ -12,5 +12,5 @@ resource "azurerm_application_insights" "application_insights" { location = var.location resource_group_name = var.rg workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id - application_type = "web" + application_type = "other" } \ No newline at end of file diff --git a/modules/Network/main.tf b/modules/Network/main.tf index 10db97b..8a9ddc1 100644 --- a/modules/Network/main.tf +++ b/modules/Network/main.tf @@ -15,11 +15,11 @@ resource "azurerm_subnet" "frontend" { } resource "azurerm_subnet" "compute" { - name = "com-subnet-${var.prefix}-${var.env}-001" + name = "comp-subnet-${var.prefix}-${var.env}-001" resource_group_name = var.rg virtual_network_name = azurerm_virtual_network.vnet1.name address_prefixes = ["10.100.2.0/24"] - service_endpoints = ["Microsoft.Storage"] + service_endpoints = ["Microsoft.Storage", "Microsoft.Sql"] delegation { name = "compute-instance" service_delegation { @@ -29,11 +29,28 @@ resource "azurerm_subnet" "compute" { } } + resource "azurerm_subnet" "backend" { name = "be-subnet-${var.prefix}-${var.env}-001" resource_group_name = var.rg virtual_network_name = azurerm_virtual_network.vnet1.name address_prefixes = ["10.100.3.0/24"] + service_endpoints = ["Microsoft.Storage"] +} + +resource "azurerm_subnet" "function" { + name = "func-subnet-${var.prefix}-${var.env}-001" + resource_group_name = var.rg + virtual_network_name = azurerm_virtual_network.vnet1.name + address_prefixes = ["10.100.4.0/24"] + service_endpoints = ["Microsoft.Storage", "Microsoft.Sql"] + delegation { + name = "func-delegation" + service_delegation { + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + name = "Microsoft.Web/serverFarms" + } + } } resource "azurerm_private_dns_zone" "zones" { diff --git a/modules/Network/outputs.tf b/modules/Network/outputs.tf index 36ca34b..df8fd57 100644 --- a/modules/Network/outputs.tf +++ b/modules/Network/outputs.tf @@ -8,4 +8,8 @@ output "backend_subnet_id" { output "compute_subnet_id" { value = azurerm_subnet.compute.id +} + +output "function_subnet_id" { + value = azurerm_subnet.function.id } \ No newline at end of file diff --git a/modules/Storage/main.tf b/modules/Storage/main.tf index e9eb12c..c12917a 100644 --- a/modules/Storage/main.tf +++ b/modules/Storage/main.tf @@ -1,16 +1,50 @@ -resource "azurerm_storage_account" "storage_account" { - name = "sa${var.prefix}" +resource "azurerm_storage_account" "public_storage_account" { + name = "pubsa${var.env}asd" resource_group_name = var.rg location = var.location account_tier = "Standard" account_replication_type = "LRS" + tags = var.tags +} + +resource "azurerm_storage_container" "blob_container" { + name = "clamavscan-${var.prefix}" + storage_account_name = azurerm_storage_account.public_storage_account.name +} + +resource "azurerm_storage_account" "private_storage_account" { + name = "privsa${var.env}asd" + resource_group_name = var.rg + location = var.location + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" min_tls_version = "TLS1_2" + allow_nested_items_to_be_public = false tags = var.tags + network_rules { + default_action = "Deny" + virtual_network_subnet_ids = toset([var.func_subnet_id, var.fe_subnet_id]) + } } -resource "azurerm_storage_container" "container" { - name = "clamavscan${var.prefix}" - storage_account_name = azurerm_storage_account.storage_account.name +resource "azurerm_private_endpoint" "function_app_endpoint" { + name = "blob-endpoint-${var.prefix}-${var.env}-001" + location = var.location + resource_group_name = var.rg + subnet_id = var.fe_subnet_id + tags = var.tags + + private_service_connection { + name = "blob-serviceconnection-${var.prefix}-${var.env}-001" + private_connection_resource_id = azurerm_storage_account.private_storage_account.id + subresource_names = ["blob"] + is_manual_connection = false + } + /* private_dns_zone_group { + name = "function-storage-blob" + private_dns_zone_ids = [var.private_dns_zone_blob_id] + } */ } \ No newline at end of file diff --git a/modules/Storage/outputs.tf b/modules/Storage/outputs.tf index 79823ea..5618674 100644 --- a/modules/Storage/outputs.tf +++ b/modules/Storage/outputs.tf @@ -1,3 +1,16 @@ -output storage_account { - value = azurerm_storage_account.storage_account -} \ No newline at end of file +output public_storage_account_id { + value = azurerm_storage_account.public_storage_account.id +} + +output private_storage_account_id { + value = azurerm_storage_account.private_storage_account.id +} + +output private_storage_name { + value = azurerm_storage_account.private_storage_account.name +} + +output private_storage_key { + value = azurerm_storage_account.private_storage_account.primary_access_key +} + diff --git a/modules/Storage/variables.tf b/modules/Storage/variables.tf index a261c30..4844004 100644 --- a/modules/Storage/variables.tf +++ b/modules/Storage/variables.tf @@ -17,4 +17,24 @@ variable "prefix" { variable "env" { type = string -} \ No newline at end of file +} + +variable fe_subnet_id { + type = string +} + +variable be_subnet_id { + type = string +} + +variable comp_subnet_id { + type = string +} + +variable func_subnet_id { + type = string +} + +/* variable "private_dns_zone_blob_id" { + type = string +} */ \ No newline at end of file