azure / terraform-azure-container-apps Goto Github PK

View Code? Open in Web Editor NEW

26.0 5.0 19.0 200 KB

A Terraform module to deploy a container app in Azure

Home Page: https://github.com/Azure/terraform-azure-container-apps

HCL 94.86% Makefile 0.60% Go 4.54%

terraform-azure-container-apps's Introduction

terraform-azurerm-container-apps

A Terraform module to deploy a container app in Azure with the following characteristics:

Ability to specify all the parameters of log analytics workspace resource.
Specify the container app image using image parameter in template block under container_apps variable.
For multiple apps, specify the container parameters under containers. It's a set of objects with the following parameters:
- name - (Required) The name of the container.
- image - (Required) The container image.
- resources - (Optional) The resource requirements for the container.
- ports - (Optional) The ports exposed by the container.
- environment_variables - (Optional) The environment variables for the container.
- command - (Optional) The command to run within the container in exec form.
- args - (Optional) The arguments to the command in command field.
- liveness_probe - (Optional) The liveness probe for the container.
- readiness_probe - (Optional) The readiness probe for the container.
- volume_mounts - (Optional) The volume mounts for the container.
- volumes - (Optional) The volumes for the container.
- secrets - (Optional) The secrets for the container.
- image_pull_secrets - (Optional) The image pull secrets for the container.
- security_context - (Optional) The security context for the container.
- resources - (Optional) The resource requirements for the container.
- ports - (Optional) The ports exposed by the container.
- environment_variables - (Optional) The environment variables for the container.
- command - (Optional) The command to run within the container in exec form.
- args - (Optional) The arguments to the command in command field.
- liveness_probe - (Optional) The liveness probe for the container.

Usage in Terraform 1.2.0

Please view folders in examples.

Telemetry Collection

This module uses terraform-provider-modtm to collect telemetry data. This provider is designed to assist with tracking the usage of Terraform modules. It creates a custom modtm_telemetry resource that gathers and sends telemetry data to a specified endpoint. The aim is to provide visibility into the lifecycle of your Terraform modules - whether they are being created, updated, or deleted. This data can be invaluable in understanding the usage patterns of your modules, identifying popular modules, and recognizing those that are no longer in use.

The ModTM provider is designed with respect for data privacy and control. The only data collected and transmitted are the tags you define in module's modtm_telemetry resource, an uuid which represents a module instance's identifier, and the operation the module's caller is executing (Create/Update/Delete/Read). No other data from your Terraform modules or your environment is collected or transmitted.

One of the primary design principles of the ModTM provider is its non-blocking nature. The provider is designed to work in a way that any network disconnectedness or errors during the telemetry data sending process will not cause a Terraform error or interrupt your Terraform operations. This makes the ModTM provider safe to use even in network-restricted or air-gaped environments.

If the telemetry data cannot be sent due to network issues, the failure will be logged, but it will not affect the Terraform operation in progress(it might delay your operations for no more than 5 seconds). This ensures that your Terraform operations always run smoothly and without interruptions, regardless of the network conditions.

You can turn off the telemetry collection by declaring the following provider block in your root module:

provider "modtm" {
  enabled = false
}

Pre-Commit & Pr-Check & Test

Configurations

Configure Terraform for Azure

We assumed that you have setup service principal's credentials in your environment variables like below:

export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"

On Windows Powershell:

$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"

We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest

To run the pre-commit task, we can run the following command:

$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit

On Windows Powershell:

$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit

In pre-commit task, we will:

Run terraform fmt -recursive command for your Terraform code.
Run terrafmt fmt -f command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted.
Run go mod tidy and go mod vendor for test folder to ensure that all the dependencies have been synced.
Run gofmt for all go code files.
Run gofumpt for all go code files.
Run terraform-docs on README.md file, then run markdown-table-formatter to format markdown tables in README.md.

Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):

$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pr-check

On Windows Powershell:

$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pr-check

To run the e2e-test, we can run the following command:

docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test

On Windows Powershell:

docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test

Prerequisites

Docker

License

MIT

Requirements

Name	Version
terraform	>= 1.2
azurerm	>= 3.85, < 4.0
modtm	>= 0.2.0, < 1.0

Providers

Name	Version
azurerm	>= 3.85, < 4.0
modtm	>= 0.2.0, < 1.0

Modules

No modules.

Resources

Name	Type
azurerm_container_app.container_app	resource
azurerm_container_app_environment.container_env	resource
azurerm_container_app_environment_dapr_component.dapr	resource
azurerm_container_app_environment_storage.storage	resource
azurerm_log_analytics_workspace.laws	resource
modtm_telemetry.this	resource
azurerm_container_app_environment.container_env	data source

Inputs

Name	Description	Type	Default	Required
container_app_environment	Reference to existing container apps environment to use.	object({ name = string resource_group_name = string })	`null`	no
container_app_environment_infrastructure_subnet_id	(Optional) The existing subnet to use for the container apps control plane. Changing this forces a new resource to be created.	`string`	`null`	no
container_app_environment_internal_load_balancer_enabled	(Optional) Should the Container Environment operate in Internal Load Balancing Mode? Defaults to `false`. Changing this forces a new resource to be created.	`bool`	`null`	no
container_app_environment_name	(Required) The name of the container apps managed environment. Changing this forces a new resource to be created.	`string`	n/a	yes
container_app_environment_tags	A map of the tags to use on the resources that are deployed with this module.	`map(string)`	`{}`	no
container_app_secrets	(Optional) The secrets of the container apps. The key of the map should be aligned with the corresponding container app.	map(list(object({ name = string value = string })))	`{}`	no
container_apps	The container apps to deploy.	map(object({ name = string tags = optional(map(string)) revision_mode = string workload_profile_name = optional(string) template = object({ init_containers = optional(set(object({ args = optional(list(string)) command = optional(list(string)) cpu = optional(number) image = string name = string memory = optional(string) env = optional(list(object({ name = string secret_name = optional(string) value = optional(string) }))) volume_mounts = optional(list(object({ name = string path = string }))) })), []) containers = set(object({ name = string image = string args = optional(list(string)) command = optional(list(string)) cpu = string memory = string env = optional(set(object({ name = string secret_name = optional(string) value = optional(string) }))) liveness_probe = optional(object({ failure_count_threshold = optional(number) header = optional(object({ name = string value = string })) host = optional(string) initial_delay = optional(number, 1) interval_seconds = optional(number, 10) path = optional(string) port = number timeout = optional(number, 1) transport = string })) readiness_probe = optional(object({ failure_count_threshold = optional(number) header = optional(object({ name = string value = string })) host = optional(string) interval_seconds = optional(number, 10) path = optional(string) port = number success_count_threshold = optional(number, 3) timeout = optional(number) transport = string })) startup_probe = optional(object({ failure_count_threshold = optional(number) header = optional(object({ name = string value = string })) host = optional(string) interval_seconds = optional(number, 10) path = optional(string) port = number timeout = optional(number) transport = string })) volume_mounts = optional(list(object({ name = string path = string }))) })) max_replicas = optional(number) min_replicas = optional(number) revision_suffix = optional(string) volume = optional(set(object({ name = string storage_name = optional(string) storage_type = optional(string) }))) }) ingress = optional(object({ allow_insecure_connections = optional(bool, false) external_enabled = optional(bool, false) target_port = number transport = optional(string) traffic_weight = object({ label = optional(string) latest_revision = optional(string) revision_suffix = optional(string) percentage = number }) })) identity = optional(object({ type = string identity_ids = optional(list(string)) })) dapr = optional(object({ app_id = string app_port = number app_protocol = optional(string) })) registry = optional(list(object({ server = string username = optional(string) password_secret_name = optional(string) identity = optional(string) }))) }))	n/a	yes
dapr_component	(Optional) The Dapr component to deploy.	map(object({ name = string component_type = string version = string ignore_errors = optional(bool, false) init_timeout = optional(string, "5s") scopes = optional(list(string)) metadata = optional(set(object({ name = string secret_name = optional(string) value = string }))) }))	`{}`	no
dapr_component_secrets	(Optional) The secrets of the Dapr components. The key of the map should be aligned with the corresponding Dapr component.	map(list(object({ name = string value = string })))	`{}`	no
env_storage	(Optional) Manages a Container App Environment Storage, writing files to this file share to make data accessible by other systems.	map(object({ name = string account_name = string share_name = string access_mode = string }))	`{}`	no
environment_storage_access_key	(Optional) The Storage Account Access Key. The key of the map should be aligned with the corresponding environment storage.	`map(string)`	`null`	no
location	(Required) The location this container app is deployed in. This should be the same as the environment in which it is deployed.	`string`	n/a	yes
log_analytics_workspace	(Optional) A Log Analytics Workspace already exists.	object({ id = string })	`null`	no
log_analytics_workspace_allow_resource_only_permissions	(Optional) Specifies if the log Analytics Workspace allow users accessing to data associated with resources they have permission to view, without permission to workspace. Defaults to `true`.	`bool`	`true`	no
log_analytics_workspace_cmk_for_query_forced	(Optional) Is Customer Managed Storage mandatory for query management? Defaults to `false`.	`bool`	`false`	no
log_analytics_workspace_daily_quota_gb	(Optional) The workspace daily quota for ingestion in GB. Defaults to `-1` which means unlimited.	`number`	`-1`	no
log_analytics_workspace_internet_ingestion_enabled	(Optional) Should the Log Analytics Workspace support ingestion over the Public Internet? Defaults to `true`.	`bool`	`true`	no
log_analytics_workspace_internet_query_enabled	(Optional) Should the Log Analytics Workspace support query over the Public Internet? Defaults to `true`.	`bool`	`true`	no
log_analytics_workspace_local_authentication_disabled	(Optional) Specifies if the log analytics workspace should enforce authentication using Azure Active Directory. Defaults to `false`.	`bool`	`false`	no
log_analytics_workspace_name	(Optional) Specifies the name of the Log Analytics Workspace. Must set this variable if `var.log_analytics_workspace` is `null`. Changing this forces a new resource to be created.	`string`	`null`	no
log_analytics_workspace_reservation_capacity_in_gb_per_day	(Optional) The capacity reservation level in GB for this workspace. Must be in increments of 100 between 100 and 5000. `reservation_capacity_in_gb_per_day` can only be used when the `sku` is set to `CapacityReservation`.	`number`	`null`	no
log_analytics_workspace_retention_in_days	(Optional) The workspace data retention in days. Possible values are either 7 (Free Tier only) or range between 30 and 730.	`number`	`null`	no
log_analytics_workspace_sku	(Optional) Specifies the SKU of the Log Analytics Workspace. Possible values are `Free`, `PerNode`, `Premium`, `Standard`, `Standalone`, `Unlimited`, `CapacityReservation`, and `PerGB2018`(new SKU as of `2018-04-03`). Defaults to `PerGB2018`.	`string`	`"PerGB2018"`	no
log_analytics_workspace_tags	(Optional) A mapping of tags to assign to the resource.	`map(string)`	`null`	no
resource_group_name	(Required) The name of the resource group in which the resources will be created.	`string`	n/a	yes
tracing_tags_enabled	Whether enable tracing tags that generated by BridgeCrew Yor.	`bool`	`false`	no
tracing_tags_prefix	Default prefix for generated tracing tags	`string`	`"avm_"`	no

Outputs

Name	Description
container_app_environment_id	The ID of the Container App Environment within which this Container App should exist.
container_app_fqdn	The FQDN of the Container App's ingress.
container_app_identities	The identities of the Container App, key is Container App's name.
container_app_ips	The IPs of the Latest Revision of the Container App.

terraform-azure-container-apps's People

Contributors

Stargazers

Watchers

Forkers

doytsujin jiaweitao001 sept0r lonegunmanb apinity-io johnknutsonhc daconstenla icklsede jogbd jbarascut sourcecodecheck camptocamp rarguello vincentschmid indigo-saito davidkarlsen masumofficial2010 adeany abossard

terraform-azure-container-apps's Issues

Support for KEDA Scaler

Is there an existing issue for this?

I have searched the existing issues

Description

I would find it helpful if I could add a KEDA scalers to the container app. As of my understanding currently this would have to be done using azapi

New or Affected Resource(s)/Data Source(s)

azapi_update_resource

Potential Terraform Configuration

containers = [
          {
            name   = "github-runner"
            memory = "0.5Gi"
            cpu    = 0.25
            image  = "..."
            env = [
              ...
            ],
            scale = {
              rules = [
                {
                  name = "github-runner-rule",
                  custom = {
                    type = "github-runner"
                    metadata = {
                      githubAPIURL = "https://api.github.com"
                      owner = "your-github-owner"
                      runnerScope = "org"
                      repos = "your-repo-name"
                      labels = "your-runner-labels"
                      targetWorkflowQueueLength = "1"
                      applicationID = "your-application-id"
                      installationID = "your-installation-id"
                    }
                  }
                }
              ]
            }
          }
        ]

References

No response

Unable to pull container from docker hub

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.5.3

Module Version

0.1.0

AzureRM Provider Version

3.65.0

Affected Resource(s)/Data Source(s)

azurerm_container_app

Terraform Configuration Files

terraform {
backend "remote" {
    hostname = "app.terraform.io"
    organization = "<org>"

    workspaces {
      name = "<workspace>"
    }
  }
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.11, < 4.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  location = var.location
  name     = var.resource_group_name
}

module "containerapps" {
	source = "./containerapps/"
	container_app_environment_name = var.container_app_environment_name
	container_apps = var.container_apps
	location = var.location
	log_analytics_workspace_name = var.log_analytics_workspace_name
	resource_group_name = azurerm_resource_group.rg.name
	container_app_secrets = var.container_app_secrets

}

tfvars variables values

container_app_environment_name = "dev1"
log_analytics_workspace_name = "dev1"
resource_group_name = "dev1"
location = "eastus2"
container_apps = {
	"proxy" = {
		name = "proxy" 
			revision_mode = "Single"
			template = {
				containers =[{
					name = "proxy"
					image = "registry.hub.docker.com/nfishel/proxy:latest"
					cpu = ".25"
					memory = "0.5Gi"
					max_replicas = 10
					min_replicas = 0
					dapr = {
						app_id = "proxy"
						app_port = 3010
					}
					ingress = {
						external_enabled = true
						target_port = 3010
					}
					registry = [{
						server = "registry.hub.docker.com"
						username = "nfishel"
						password_secret_name = "registry"
					}]
				}]
			}
	}
}

container_app_secrets = {
	"proxy" = [
		{
			name = "registry"
			value = "******"
		}	
	]
}

Debug Output/Panic Output

module.containerapps.azurerm_container_app.container_app["proxy"]: Modifying... [id=/subscriptions/************************************/resourceGroups/dev1/providers/Microsoft.App/containerApps/proxy]
╷
│ Error: updating Container App (Subscription: "************************************"
│ Resource Group Name: "dev1"
│ Container App Name: "proxy"): performing CreateOrUpdate: containerapps.ContainerAppsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameterValueInContainerTemplate" Message="The following field(s) are either invalid or missing. Field 'template.containers.proxy.image' is invalid with details: 'Invalid value: \"registry.hub.docker.com/*******/proxy:latest\": GET https:: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:*******/proxy Type:repository]]';."
│ 
│   with module.containerapps.azurerm_container_app.container_app["proxy"],
│   on containerapps/main.tf line 59, in resource "azurerm_container_app" "container_app":
│   59: resource "azurerm_container_app" "container_app" {
│ 
│ updating Container App (Subscription: "************************************"
│ Resource Group Name: "dev1"
│ Container App Name: "proxy"): performing CreateOrUpdate: containerapps.ContainerAppsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameterValueInContainerTemplate" Message="The following field(s) are either invalid or missing. Field 'template.containers.proxy.image' is invalid with details: 'Invalid value: \"registry.hub.docker.com/*******/proxy:latest\": GET https:: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:*******/proxy Type:repository]]';."
╵

Exited with code exit status 1

Expected Behaviour

The container should be pull successfully, when configured through the web ui this works.

Actual Behaviour

Terrafrom apply fails

Steps to Reproduce

No response

Important Factoids

Azure for startups sponsored subscription, standard azure cloud

References

No response

Support for IP Security Restrictions Mode

Is there an existing issue for this?

I have searched the existing issues

Description

Support the "IP Security Restrictions Mode" feature of ingress where you can allow/deny given IP-ranges on the ingress.

New or Affected Resource(s)/Data Source(s)

N/A

Potential Terraform Configuration

Should only require new inputs to the terraform module, it will be backwards compatible because it is new parameters and won't affect existing mode.

References

https://learn.microsoft.com/en-us/azure/container-apps/ip-restrictions?pivots=azure-portal

update: seems to be needed in the the terraform resource as well: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app, tracked in hashicorp/terraform-provider-azurerm#21774

Support for existing container apps environment

Is there an existing issue for this?

I have searched the existing issues

Description

It would be good to create the container apps conditionally, and only if user does not provide a reference to an existing container apps environment.

New or Affected Resource(s)/Data Source(s)

azurerm_container_app_environment

Potential Terraform Configuration

new nullable input var `container_app_environment`, if non-null, use this, and use a

count = var.container_app_environment == 0 ? 1

on the one in the module.

References

No response

Support for container_app_fqdn and default_domain

Is there an existing issue for this?

I have searched the existing issues

Description

To use this module with Azure Front Door and Private Link Service, I need the default_domain of the Container App Environment and the FQDN of the Container App's internal service domain.

The current output is a full URI (with https://), which is not usable in the context of Front Door. So I suggest to change the output container_app_fqdn to a value with FQDN and adding another output container_app_uri with the full URI as value.

New or Affected Resource(s)/Data Source(s)

azurerm_container_app_environment, azurerm_container_app.container_app

Potential Terraform Configuration

output "default_domain" {
  description = "The default domain of the Container App Environment."
  value       = azurerm_container_app_environment.container_env.default_domain
}

output "container_app_fqdn" {
  description = "The FQDN of the Container App's ingress."
  value       = { for name, container in azurerm_container_app.container_app : name => "${try(container.ingress[0].fqdn, "")}" if can(container.ingress[0].fqdn) }
}

output "container_app_uri" {
  description = "The URI of the Container App's ingress."
  value       = { for name, container in azurerm_container_app.container_app : name => "https://${try(container.ingress[0].fqdn, "")}" if can(container.ingress[0].fqdn) }
}

References

No response

Support for init containers

Is there an existing issue for this?

I have searched the existing issues

Description

As a developer I would like to use init containers to initialize database schema before starting main application

init containers are available https://learn.microsoft.com/en-us/azure/container-apps/containers#init-containers

New or Affected Resource(s)/Data Source(s)

azurerm_container_app

Potential Terraform Configuration

No response

References

No response

incorrect map element type: attribute "ingress": attributes "target_port" and "traffic_weight" are required

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

v1.3.4

Module Version

v0.2.0

AzureRM Provider Version

v3.75.0

Affected Resource(s)/Data Source(s)

azurerm_container_app.container_app

Terraform Configuration Files

module "container-apps" {
  source  = "Azure/container-apps/azure"
  version = "0.2.0"
  # insert the 5 required variables here
  container_apps                                           = var.container_apps
  container_app_environment_name                           = var.container_app_environment_name
  location                                                 = var.location
  log_analytics_workspace_name                             = var.log_analytics_workspace_name
  resource_group_name                                      = "testrsg"
  container_app_secrets                                    = var.container_app_secrets
}

tfvars variables values

container_app_environment_name = "dev1"
log_analytics_workspace_name   = "dev1"
resource_group_name            = "dev1"
location                       = "eastus2"
container_apps = {
  test = {
    name          = "nginx"
    revision_mode = "Multiple"
    template = {
      containers = [{
        name         = "nginx"
        image        = "nginx:latest"
        cpu          = ".25"
        memory       = "0.5Gi"
        max_replicas = 2
        min_replicas = 1
        liveness_probe = {
          port      = 80
          transport = "HTTP"
        }
        readiness_probe = {
          port      = 80
          transport = "HTTP"
        }
        startup_probe = {
          port      = 80
          transport = "HTTP"
        }
      }]
      ingress = {
        target_port    = 80  
        traffic_weight = {
          percentage = 50  
        }
      }
    }
  }
}

Debug Output/Panic Output

│ Error: Invalid value for input variable
│
│   on main.tf line 5, in module "container-apps":
│    5:   container_apps                                           = var.container_apps
│
│ The given value is not suitable for module.container-apps.var.container_apps declared at .terraform\modules\container-apps\variables.tf:7,1-26: incorrect map element type: attribute "ingress": attributes "target_port" and  
│ "traffic_weight" are required.
╵
╷
│ Error: Missing required argument
│
│   with module.container-apps.azurerm_container_app_environment.container_env,
│   on .terraform\modules\container-apps\main.tf line 25, in resource "azurerm_container_app_environment" "container_env":
│   25:   internal_load_balancer_enabled = var.container_app_environment_internal_load_balancer_enabled
│
│ "internal_load_balancer_enabled": all of `infrastructure_subnet_id,internal_load_balancer_enabled` must be specified

Expected Behaviour

I expected that it would be easy to run a container app with this module.
In docs only 5 required variables. Documentation is not clear.

Actual Behaviour

I had more than 5 required and errors

Steps to Reproduce

No response

Important Factoids

No response

References

No response

Missing required variable `var.container_app_environment_internal_load_balancer_enabled` in example.

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.6.0

Module Version

16332f4

AzureRM Provider Version

3.75.0

Affected Resource(s)/Data Source(s)

azurerm_container_app_environment

Terraform Configuration Files

resource "random_id" "rg_name" {
  byte_length = 8
}

resource "random_id" "env_name" {
  byte_length = 8
}

resource "random_id" "container_name" {
  byte_length = 4
}

resource "azurerm_resource_group" "test" {
  location = var.location
  name     = "example-container-app-${random_id.rg_name.hex}"
}

locals {
  counting_app_name  = "counting-${random_id.container_name.hex}"
  dashboard_app_name = "dashboard-${random_id.container_name.hex}"
}

module "container_apps" {
  source                         = "../.."
  resource_group_name            = azurerm_resource_group.test.name
  location                       = var.location
  container_app_environment_name = "example-env-${random_id.env_name.hex}"

  container_apps = {
    counting = {
      name          = local.counting_app_name
      revision_mode = "Single"

      template = {
        containers = [
          {
            name   = "countingservicetest1"
            memory = "0.5Gi"
            cpu    = 0.25
            image  = "docker.io/hashicorp/counting-service:0.0.2"
            env = [
              {
                name  = "PORT"
                value = "9001"
              }
            ]
          },
        ]
      }

      ingress = {
        allow_insecure_connections = true
        external_enabled           = true
        target_port                = 9001
        traffic_weight = {
          latest_revision = true
          percentage      = 100
        }
      }
    },
    dashboard = {
      name          = local.dashboard_app_name
      revision_mode = "Single"

      template = {
        containers = [
          {
            name   = "testdashboard"
            memory = "1Gi"
            cpu    = 0.5
            image  = "docker.io/hashicorp/dashboard-service:0.0.4"
            env = [
              {
                name  = "PORT"
                value = "8080"
              },
              {
                name  = "COUNTING_SERVICE_URL"
                value = "http://${local.counting_app_name}"
              }
            ]
          },
        ]
      }

      ingress = {
        allow_insecure_connections = false
        target_port                = 8080
        external_enabled           = true

        traffic_weight = {
          latest_revision = true
          percentage      = 100
        }
      }
      identity = {
        type = "SystemAssigned"
      }
    },
  }
  log_analytics_workspace_name = "testlaws"
}

tfvars variables values

no

Debug Output/Panic Output

TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: ╷
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │ Error: Missing required argument
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │ 
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │   with module.container_apps.azurerm_container_app_environment.container_env,
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │   on ../../main.tf line 25, in resource "azurerm_container_app_environment" "container_env":
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │   25:   internal_load_balancer_enabled = var.container_app_environment_internal_load_balancer_enabled
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │ 
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │ "internal_load_balancer_enabled": all of
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: │ `infrastructure_subnet_id,internal_load_balancer_enabled` must be specified
TestExamplesStartup 2023-11-07T01:35:30Z command.go:185: ╵

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

Can't access attributes on a list of objects. Did you mean to access an attribute for a specific element of the list, or across all elements of the list?

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

3.51.0

Module Version

newest

AzureRM Provider Version

newest

Affected Resource(s)/Data Source(s)

azurerm_container_app

Terraform Configuration Files

dynamic "volume" {
      for_each = each.value.template.volume == null ? [] : [each.value.template.volume]

      content {
        name         = volume.value.name
        storage_name = volume.value.storage_name
        storage_type = volume.value.storage_type
      }
    }

tfvars variables values

volume = [{
          name         = "test",
          storage_name = "test"
          storage_type = "AzureFile"
        }]

Debug Output/Panic Output

│ Error: Unsupported attribute
│
│   on ..\_modules\environment_v1\_modules\container-apps\main.tf line 121, in resource "azurerm_container_app" "container_app":
│  121:         name         = volume.value[each.value.template.volume.key].name
│     ├────────────────
│     │ each.value.template.volume is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access an attribute for a specific element of the list, or across all elements of the list?
╵
╷
│ Error: Unsupported attribute
│
│   on ..\_modules\environment_v1\_modules\container-apps\main.tf line 122, in resource "azurerm_container_app" "container_app":
│  122:         storage_name = volume.value[each.value.template.volume.key].storage_name
│     ├────────────────
│     │ each.value.template.volume is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access an attribute for a specific element of the list, or across all elements of the list?
╵
╷
│ Error: Unsupported attribute
│
│   on ..\_modules\environment_v1\_modules\container-apps\main.tf line 123, in resource "azurerm_container_app" "container_app":
│  123:         storage_type = volume.value[each.value.template.volume.key].storage_type
│     ├────────────────
│     │ each.value.template.volume is list of object with 1 element
│
│ Can't access attributes on a list of objects. Did you mean to access an attribute for a specific element of the list, or across all elements of the list?

Expected Behaviour

add volume to container

Actual Behaviour

error

Steps to Reproduce

terraform apply

Important Factoids

No response

References

Solution to the Problem for me:
dynamic "volume" {
for_each = each.value.template.volume == null ? [] : [each.value.template.volume]

  content {
    name         = volume.value[volume.key].name
    storage_name = volume.value[volume.key].storage_name
    storage_type = volume.value[volume.key].storage_type
  }
}

(Added volume.key)

Duplicated `azurerm_log_analytics_workspace` in example `darp`.

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.6.3

Module Version

0.2.0

AzureRM Provider Version

3.85.0

Affected Resource(s)/Data Source(s)

azurerm_log_analytics_workspace

Terraform Configuration Files

Example code in `example/dapr`

tfvars variables values

No

Debug Output/Panic Output

TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │ Error: A resource with the ID "/subscriptions/xxxxxxx/resourceGroups/rg-5e9709f5ec831d95/providers/Microsoft.OperationalInsights/workspaces/testlaworkspace" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_log_analytics_workspace" for more information.
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │ 
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │   with azurerm_log_analytics_workspace.test,
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │   on main.tf line 76, in resource "azurerm_log_analytics_workspace" "test":
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │   76: resource "azurerm_log_analytics_workspace" "test" {
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: │ 
TestExamplesDapr 2023-12-18T02:58:37Z command.go:185: ╵

Expected Behaviour

Pr #38 failed due to this error, but it's weird that the current main branch cannot reproduce this issue.

We've created a log analytics workspace at line 76, but we forgot to pass it's id to var.log_analytics_workspace, according to the toggle expression, the module would try to create another log analytics workspace with the same name, which should cause an error. It's weird that version d6c3196 met no error but the same issue blocked #38.

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

Support for Authentication

Is there an existing issue for this?

I have searched the existing issues

Description

Support for auth_settings

New or Affected Resource(s)/Data Source(s)

azurerm_container_app

Potential Terraform Configuration

Similar setting as in azurerm_app_service(https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service.html#auth_settings)

References

Improve `output identity_ids`

Is there an existing issue for this?

I have searched the existing issues

Description

Now we have:

output "identity_ids" {
  description = "The identities of the Container App."
  value       = { for name, container in azurerm_container_app.container_app : name => container.identity }
}

Actually we've exported the whole container identity block, not just id. We should change the output's map value to a wrapped object type instead of export container.identity directly to avoid extra coupling between the provider's schema and the user's code.

New or Affected Resource(s)/Data Source(s)

output "identity_ids"

Potential Terraform Configuration

No response

References

No response

`azurerm_container_app_environment`'s `internal_load_balancer_enabled` must be set along with `infrastructure_subnet_id`.

Is there an existing issue for this?

I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.6.3

Module Version

0.2.0

AzureRM Provider Version

3.85.0

Affected Resource(s)/Data Source(s)

azurerm_container_app_environment

Terraform Configuration Files

`examples/dapr`

tfvars variables values

none

Debug Output/Panic Output

╷
│ Error: Missing required argument
│
│   with module.containerapps.azurerm_container_app_environment.container_env,
│   on ..\..\main.tf line 25, in resource "azurerm_container_app_environment" "container_env":
│   25:   internal_load_balancer_enabled = var.container_app_environment_internal_load_balancer_enabled
│
│ "internal_load_balancer_enabled": all of `infrastructure_subnet_id,internal_load_balancer_enabled` must be specified
╵

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

hashicorp/terraform-provider-azurerm#23313 has added a new constriction so our examples were broken.