-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogic-app.bicep
181 lines (145 loc) · 6.91 KB
/
logic-app.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
//=============================================================================
// Logic App
//=============================================================================
//=============================================================================
// Imports
//=============================================================================
import * as helpers from '../../functions/helpers.bicep'
import { apiManagementSettingsType, eventHubSettingsType, logicAppSettingsType, serviceBusSettingsType } from '../../types/settings.bicep'
//=============================================================================
// Parameters
//=============================================================================
@description('Location to use for all resources')
param location string
@description('The tags to associate with the resource')
param tags object
@description('The settings for the Logic App that will be created')
param logicAppSettings logicAppSettingsType
@description('The settings for the API Management Service')
param apiManagementSettings apiManagementSettingsType?
@description('The name of the App Insights instance that will be used by the Logic App')
param appInsightsName string
@description('The settings for the Event Hub namespace')
param eventHubSettings eventHubSettingsType?
@description('The name of the Key Vault that will contain the secrets')
param keyVaultName string
@description('The settings for the Service Bus namespace')
param serviceBusSettings serviceBusSettingsType?
@description('Name of the storage account that will be used by the Logic App')
param storageAccountName string
//=============================================================================
// Variables
//=============================================================================
// azd uses the 'azd-service-name' tag to identify the service when deploying the app source code from the src folder.
// In this case the logic app workflow(s) and related assets.
var serviceTags = union(tags, {
'azd-service-name': 'logicApp'
})
// If API Management is deployed, add app settings to connect to it
var apimAppSettings = apiManagementSettings == null ? {} : {
ApiManagement_gatewayUrl: helpers.getApiManagementGatewayUrl(apiManagementSettings!.serviceName)
ApiManagement_subscriptionKey: helpers.getKeyVaultSecretReference(keyVaultName, 'apim-master-subscription-key')
}
// If the Event Hub is deployed, add app settings to connect to it
var eventHubAppSettings = eventHubSettings == null ? {} : {
EventHub_fullyQualifiedNamespace: helpers.getServiceBusFullyQualifiedNamespace(eventHubSettings!.namespaceName)
}
// If the Service Bus is deployed, add app settings to connect to it
var serviceBusAppSettings = serviceBusSettings == null ? {} : {
ServiceBus_fullyQualifiedNamespace: helpers.getServiceBusFullyQualifiedNamespace(serviceBusSettings!.namespaceName)
}
// Construct the storage account connection string
// NOTE: tried using a key vault secret but regularly got errors because the role assignment for the function app on the key vault was not yet effective
var storageAccountConnectionString = 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}'
var appSettings = {
APP_KIND: 'workflowApp'
APPLICATIONINSIGHTS_CONNECTION_STRING: appInsights.properties.ConnectionString
AzureFunctionsJobHost__extensionBundle__id: 'Microsoft.Azure.Functions.ExtensionBundle.Workflows'
AzureFunctionsJobHost__extensionBundle__version: '[1.*, 2.0.0)'
AzureWebJobsStorage: storageAccountConnectionString
FUNCTIONS_EXTENSION_VERSION: '~4'
FUNCTIONS_WORKER_RUNTIME: 'dotnet'
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: storageAccountConnectionString
WEBSITE_CONTENTSHARE: toLower(logicAppSettings.logicAppName)
WEBSITE_NODE_DEFAULT_VERSION: '~20'
// Storage Account App Settings
AzureBlob_blobStorageEndpoint: helpers.getBlobStorageEndpoint(storageAccountName)
AzureFile_storageAccountUri: helpers.getFileStorageEndpoint(storageAccountName)
AzureQueues_queueServiceUri: helpers.getQueueStorageEndpoint(storageAccountName)
AzureTables_tableStorageEndpoint: helpers.getTableStorageEndpoint(storageAccountName)
// Include optional app settings
...apimAppSettings
...eventHubAppSettings
...serviceBusAppSettings
}
//=============================================================================
// Existing resources
//=============================================================================
resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = {
name: appInsightsName
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {
name: storageAccountName
}
//=============================================================================
// Resources
//=============================================================================
// Create the Application Service Plan for the Logic App
resource hostingPlan 'Microsoft.Web/serverfarms@2024-04-01' = {
name: logicAppSettings.appServicePlanName
location: location
tags: tags
kind: 'elastic'
sku: {
name: 'WS1'
tier: 'WorkflowStandard'
}
properties: {
elasticScaleEnabled: false
}
}
// Create the Logic App
resource logicApp 'Microsoft.Web/sites@2024-04-01' = {
name: logicAppSettings.logicAppName
location: location
tags: serviceTags
kind: 'functionapp,workflowapp'
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: hostingPlan.id
siteConfig: {
// NOTE: the app settings will be set separately
ftpsState: 'FtpsOnly'
minTlsVersion: '1.2'
netFrameworkVersion: logicAppSettings.netFrameworkVersion
}
httpsOnly: true
}
}
// Assign roles to system-assigned identity of Logic App
module assignRolesToLogicAppSystemAssignedIdentity '../shared/assign-roles-to-principal.bicep' = {
name: 'assignRolesToLogicAppSystemAssignedIdentity'
params: {
principalId: logicApp.identity.principalId
eventHubSettings: eventHubSettings
keyVaultName: keyVaultName
serviceBusSettings: serviceBusSettings
storageAccountName: storageAccountName
}
}
// Set standard App Settings
// NOTE: this is done in a separate module that merges the app settings with the existing ones
// to prevent other (manually) created app settings from being removed.
module setLogicAppSettings '../shared/merge-app-settings.bicep' = {
name: 'setLogicAppSettings'
params: {
siteName: logicAppSettings.logicAppName
currentAppSettings: list('${logicApp.id}/config/appsettings', logicApp.apiVersion).properties
newAppSettings: appSettings
}
dependsOn: [
assignRolesToLogicAppSystemAssignedIdentity // App settings might be dependent on the logic app having access to e.g. Key Vault
]
}