add support for duarble

pagopa · Dec 18, 2024 · 34e5562 · 34e5562
1 parent 121bdf8
commit 34e5562
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 2 deletions.
diff --git a/.changeset/brown-ears-reply.md b/.changeset/brown-ears-reply.md
@@ -0,0 +1,5 @@
+---
+"azure_function_app": minor
+---
+
+Add support for Durable Functions
diff --git a/infra/modules/azure_function_app/README.md b/infra/modules/azure_function_app/README.md
@@ -26,13 +26,16 @@
 | [azurerm_private_endpoint.st_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_private_endpoint.st_file](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_private_endpoint.st_queue](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
+| [azurerm_private_endpoint.st_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_private_endpoint.staging_function_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_role_assignment.function_storage_account_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.function_storage_blob_data_owner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.function_storage_queue_data_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.function_storage_table_data_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.staging_function_storage_account_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.staging_function_storage_blob_data_owner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.staging_function_storage_queue_data_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.staging_function_storage_table_data_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_service_plan.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_plan) | resource |
 | [azurerm_storage_account.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
 | [azurerm_storage_account_network_rules.st_network_rules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules) | resource |
@@ -41,6 +44,7 @@
 | [azurerm_private_dns_zone.storage_account_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_private_dns_zone.storage_account_file](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_private_dns_zone.storage_account_queue](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
+| [azurerm_private_dns_zone.storage_account_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
 | [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
 
 ## Inputs
@@ -53,6 +57,7 @@
 | <a name="input_application_insights_connection_string"></a> [application\_insights\_connection\_string](#input\_application\_insights\_connection\_string) | (Optional) Application Insights connection string | `string` | `null` | no |
 | <a name="input_application_insights_key"></a> [application\_insights\_key](#input\_application\_insights\_key) | (Optional) Application Insights key | `string` | `null` | no |
 | <a name="input_application_insights_sampling_percentage"></a> [application\_insights\_sampling\_percentage](#input\_application\_insights\_sampling\_percentage) | (Optional) The sampling percentage of Application Insights. Default is 5 | `number` | `5` | no |
+| <a name="input_contains_durable_functions"></a> [contains\_durable\_functions](#input\_contains\_durable\_functions) | (Optional) Enable if the Function App hosts Durable Functions | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Values which are used to generate resource names and location short names. They are all mandatory except for domain, which should not be used only in the case of a resource used by multiple domains. | <pre>object({<br/>    prefix          = string<br/>    env_short       = string<br/>    location        = string<br/>    domain          = optional(string)<br/>    app_name        = string<br/>    instance_number = string<br/>  })</pre> | n/a | yes |
 | <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | Endpoint where health probe is exposed | `string` | n/a | yes |
 | <a name="input_java_version"></a> [java\_version](#input\_java\_version) | Java version to use | `string` | `17` | no |

diff --git a/infra/modules/azure_function_app/data.tf b/infra/modules/azure_function_app/data.tf
@@ -18,6 +18,13 @@ data "azurerm_private_dns_zone" "storage_account_queue" {
   resource_group_name = local.private_dns_zone.resource_group_name
 }
 
+data "azurerm_private_dns_zone" "storage_account_table" {
+  count = local.function_app.has_durable
+
+  name                = "privatelink.table.core.windows.net"
+  resource_group_name = local.private_dns_zone.resource_group_name
+}
+
 data "azurerm_private_dns_zone" "function_app" {
   name                = "privatelink.azurewebsites.net"
   resource_group_name = local.private_dns_zone.resource_group_name

diff --git a/infra/modules/azure_function_app/function_app.tf b/infra/modules/azure_function_app/function_app.tf
@@ -81,5 +81,6 @@ resource "azurerm_linux_function_app" "this" {
     azurerm_private_endpoint.st_blob,
     azurerm_private_endpoint.st_file,
     azurerm_private_endpoint.st_queue,
+    azurerm_private_endpoint.st_table
   ]
-}
+}
diff --git a/infra/modules/azure_function_app/locals.tf b/infra/modules/azure_function_app/locals.tf
@@ -22,6 +22,7 @@ locals {
     pep_sites_staging      = "${module.naming_convention.prefix}-staging-func-pep-${module.naming_convention.suffix}"
     alert                  = "${module.naming_convention.prefix}-func-${module.naming_convention.suffix}] Health Check Failed"
     worker_process_count   = local.worker_process_count_mapping[local.tier]
+    has_durable            = var.contains_durable_functions ? 1 : 0
   }
 
   function_app_slot = {
@@ -38,6 +39,7 @@ locals {
     pep_blob_name    = "${module.naming_convention.prefix}-blob-pep-${module.naming_convention.suffix}"
     pep_file_name    = "${module.naming_convention.prefix}-file-pep-${module.naming_convention.suffix}"
     pep_queue_name   = "${module.naming_convention.prefix}-queue-pep-${module.naming_convention.suffix}"
+    pep_table_name   = "${module.naming_convention.prefix}-table-pep-${module.naming_convention.suffix}"
     alert            = "[${replace("${module.naming_convention.project}${replace(module.naming_convention.domain, "-", "")}${var.environment.app_name}stfn${module.naming_convention.suffix}", "-", "")}] Low Availability"
   }
 

diff --git a/infra/modules/azure_function_app/networking.tf b/infra/modules/azure_function_app/networking.tf
@@ -61,6 +61,29 @@ resource "azurerm_private_endpoint" "st_queue" {
   tags = var.tags
 }
 
+resource "azurerm_private_endpoint" "st_table" {
+  count = local.function_app.has_durable
+
+  name                = local.storage_account.pep_table_name
+  location            = var.environment.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = var.subnet_pep_id
+
+  private_service_connection {
+    name                           = local.storage_account.pep_table_name
+    private_connection_resource_id = azurerm_storage_account.this.id
+    is_manual_connection           = false
+    subresource_names              = ["table"]
+  }
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [data.azurerm_private_dns_zone.storage_account_table[0].id]
+  }
+
+  tags = var.tags
+}
+
 resource "azurerm_private_endpoint" "function_sites" {
   name                = local.function_app.pep_sites
   location            = var.environment.location

diff --git a/infra/modules/azure_function_app/rbac.tf b/infra/modules/azure_function_app/rbac.tf
@@ -41,3 +41,19 @@ resource "azurerm_role_assignment" "staging_function_storage_queue_data_contribu
   role_definition_name = "Storage Queue Data Contributor"
   principal_id         = azurerm_linux_function_app_slot.this[0].identity[0].principal_id
 }
+
+resource "azurerm_role_assignment" "function_storage_table_data_contributor" {
+  count = local.function_app.has_durable
+
+  scope                = azurerm_storage_account.this.id
+  role_definition_name = "Storage Table Data Contributor"
+  principal_id         = azurerm_linux_function_app.this.identity[0].principal_id
+}
+
+resource "azurerm_role_assignment" "staging_function_storage_table_data_contributor" {
+  count = local.function_app.is_slot_enabled == 1 && local.function_app.has_durable == 1 ? 1 : 0
+
+  scope                = azurerm_storage_account.this.id
+  role_definition_name = "Storage Table Data Contributor"
+  principal_id         = azurerm_linux_function_app_slot.this[0].identity[0].principal_id
+}
diff --git a/infra/modules/azure_function_app/variables.tf b/infra/modules/azure_function_app/variables.tf
@@ -168,4 +168,10 @@ variable "application_insights_key" {
   description = "(Optional) Application Insights key"
   sensitive   = true
   default     = null
-}
+}
+
+variable "contains_durable_functions" {
+  type        = bool
+  description = "(Optional) Enable if the Function App hosts Durable Functions"
+  default     = false
+}
diff --git a/yarn.lock b/yarn.lock
@@ -4381,6 +4381,12 @@ __metadata:
   languageName: unknown
   linkType: soft
 
+"azure_function_app_durable@workspace:infra/modules/azure_function_app_durable":
+  version: 0.0.0-use.local
+  resolution: "azure_function_app_durable@workspace:infra/modules/azure_function_app_durable"
+  languageName: unknown
+  linkType: soft
+
 "azure_function_app_exposed@workspace:infra/modules/azure_function_app_exposed":
   version: 0.0.0-use.local
   resolution: "azure_function_app_exposed@workspace:infra/modules/azure_function_app_exposed"