variables.slots.tf (464 lines of code) (raw):
variable "app_service_active_slot" {
type = object({
slot_key = optional(string)
overwrite_network_config = optional(bool, true)
})
default = null
description = <<DESCRIPTION
```
Object that sets the active slot for the App Service.
`slot_key` - The key of the slot object to set as active.
`overwrite_network_config` - Determines if the network configuration should be overwritten. Defaults to `true`.
```
DESCRIPTION
}
variable "slot_application_insights" {
type = map(object({
application_type = optional(string, "web")
inherit_tags = optional(bool, false)
location = optional(string)
name = optional(string)
resource_group_name = optional(string)
tags = optional(map(any), null)
workspace_resource_id = optional(string)
daily_data_cap_in_gb = optional(number)
daily_data_cap_notifications_disabled = optional(bool)
retention_in_days = optional(number, 90)
sampling_percentage = optional(number, 100)
disable_ip_masking = optional(bool, false)
local_authentication_disabled = optional(bool, false)
internet_ingestion_enabled = optional(bool, true)
internet_query_enabled = optional(bool, true)
force_customer_storage_for_profiler = optional(bool, false)
}))
default = {
}
description = <<DESCRIPTION
Configures the Application Insights instance(s) for the deployment slot(s).
```
DESCRIPTION
}
variable "deployment_slots" {
type = map(object({
name = optional(string)
app_settings = optional(map(string))
builtin_logging_enabled = optional(bool, true)
content_share_force_disabled = optional(bool, false)
client_affinity_enabled = optional(bool, false)
client_certificate_enabled = optional(bool, false)
client_certificate_exclusion_paths = optional(string, null)
client_certificate_mode = optional(string, "Required")
daily_memory_time_quota = optional(number, 0)
enabled = optional(bool, true)
functions_extension_version = optional(string, "~4")
ftp_publish_basic_authentication_enabled = optional(bool, true)
https_only = optional(bool, false)
key_vault_reference_identity_id = optional(string, null)
# managed_identities = optional(object({
# system_assigned = optional(bool, false)
# user_assigned_resource_ids = optional(set(string), [])
# }), {})
public_network_access_enabled = optional(bool, true)
service_plan_id = optional(string, null)
tags = optional(map(string))
virtual_network_subnet_id = optional(string, null)
webdeploy_publish_basic_authentication_enabled = optional(bool, true)
zip_deploy_file = optional(string, null)
auth_settings = optional(map(object({
additional_login_parameters = optional(list(string))
allowed_external_redirect_urls = optional(list(string))
default_provider = optional(string)
enabled = optional(bool, false)
issuer = optional(string)
runtime_version = optional(string)
token_refresh_extension_hours = optional(number, 72)
token_store_enabled = optional(bool, false)
unauthenticated_client_action = optional(string)
active_directory = optional(map(object({
client_id = optional(string)
allowed_audiences = optional(list(string))
client_secret = optional(string)
client_secret_setting_name = optional(string)
})))
facebook = optional(map(object({
app_id = optional(string)
app_secret = optional(string)
app_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
})))
github = optional(map(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
})))
google = optional(map(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
})))
microsoft = optional(map(object({
client_id = optional(string)
client_secret = optional(string)
client_secret_setting_name = optional(string)
oauth_scopes = optional(list(string))
})))
twitter = optional(map(object({
consumer_key = optional(string)
consumer_secret = optional(string)
consumer_secret_setting_name = optional(string)
})))
})), {})
auth_settings_v2 = optional(map(object({
auth_enabled = optional(bool, false)
config_file_path = optional(string)
default_provider = optional(string)
excluded_paths = optional(list(string))
forward_proxy_convention = optional(string, "NoProxy")
forward_proxy_custom_host_header_name = optional(string)
forward_proxy_custom_scheme_header_name = optional(string)
http_route_api_prefix = optional(string, "/.auth")
require_authentication = optional(bool, false)
require_https = optional(bool, true)
runtime_version = optional(string, "~1")
unauthenticated_action = optional(string, "RedirectToLoginPage")
active_directory_v2 = optional(map(object({
allowed_applications = optional(list(string))
allowed_audiences = optional(list(string))
allowed_groups = optional(list(string))
allowed_identities = optional(list(string))
client_id = optional(string)
client_secret_certificate_thumbprint = optional(string)
client_secret_setting_name = optional(string)
jwt_allowed_client_applications = optional(list(string))
jwt_allowed_groups = optional(list(string))
login_parameters = optional(map(any))
tenant_auth_endpoint = optional(string)
www_authentication_disabled = optional(bool, false)
})), {})
apple_v2 = optional(map(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
login_scopes = optional(list(string))
})), {})
azure_static_web_app_v2 = optional(map(object({
client_id = optional(string)
})), {})
custom_oidc_v2 = optional(map(object({
authorisation_endpoint = optional(string)
certification_uri = optional(string)
client_credential_method = optional(string)
client_id = optional(string)
client_secret_setting_name = optional(string)
issuer_endpoint = optional(string)
name = optional(string)
name_claim_type = optional(string)
openid_configuration_endpoint = optional(string)
scopes = optional(list(string))
token_endpoint = optional(string)
})), {})
facebook_v2 = optional(map(object({
app_id = optional(string)
app_secret_setting_name = optional(string)
graph_api_version = optional(string)
login_scopes = optional(list(string))
})), {})
github_v2 = optional(map(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
login_scopes = optional(list(string))
})), {})
google_v2 = optional(map(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
allowed_audiences = optional(list(string))
login_scopes = optional(list(string))
})), {})
login = map(object({
allowed_external_redirect_urls = optional(list(string))
cookie_expiration_convention = optional(string, "FixedTime")
cookie_expiration_time = optional(string, "00:00:00")
logout_endpoint = optional(string)
nonce_expiration_time = optional(string, "00:05:00")
preserve_url_fragments_for_logins = optional(bool, false)
token_refresh_extension_time = optional(number, 72)
token_store_enabled = optional(bool, false)
token_store_path = optional(string)
token_store_sas_setting_name = optional(string)
validate_nonce = optional(bool, true)
}))
microsoft_v2 = optional(map(object({
client_id = optional(string)
client_secret_setting_name = optional(string)
allowed_audiences = optional(list(string))
login_scopes = optional(list(string))
})), {})
twitter_v2 = optional(map(object({
consumer_key = optional(string)
consumer_secret_setting_name = optional(string)
})), {})
})), {})
auto_heal_setting = optional(map(object({
action = optional(object({
action_type = string
custom_action = optional(object({
executable = string
parameters = optional(string)
}))
minimum_process_execution_time = optional(string, "00:00:00")
}))
trigger = optional(object({
private_memory_kb = optional(number)
requests = optional(map(object({
count = number
interval = string
})), {})
slow_request = optional(map(object({
count = number
interval = string
time_taken = string
path = optional(string)
})), {})
slow_request_with_path = optional(map(object({
count = number
interval = string
time_taken = string
path = optional(string)
})), {})
status_code = optional(map(object({
count = number
interval = string
status_code_range = string
path = optional(string)
sub_status = optional(number)
win32_status_code = optional(number)
})), {})
}))
})), {})
backup = optional(map(object({
enabled = optional(bool, true)
name = optional(string)
storage_account_url = optional(string)
schedule = optional(map(object({
frequency_interval = optional(number)
frequency_unit = optional(string)
keep_at_least_one_backup = optional(bool)
retention_period_days = optional(number)
start_time = optional(string)
})))
})), {})
connection_strings = optional(map(object({
name = optional(string)
type = optional(string)
value = optional(string)
})), {})
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
logs = optional(map(object({
application_logs = optional(map(object({
azure_blob_storage = optional(object({
level = optional(string, "Off")
retention_in_days = optional(number, 0)
sas_url = string
}))
file_system_level = optional(string, "Off")
})), {})
detailed_error_messages = optional(bool, false)
failed_request_tracing = optional(bool, false)
http_logs = optional(map(object({
azure_blob_storage_http = optional(object({
retention_in_days = optional(number, 0)
sas_url = string
}))
file_system = optional(object({
retention_in_days = optional(number, 0)
retention_in_mb = number
}))
})), {})
})), {})
private_endpoints = optional(map(object({
name = optional(string, null)
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
})), {})
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
tags = optional(map(string), null)
subnet_resource_id = string
private_dns_zone_group_name = optional(string, "default")
private_dns_zone_resource_ids = optional(set(string), [])
application_security_group_associations = optional(map(string), {})
private_service_connection_name = optional(string, null)
network_interface_name = optional(string, null)
location = optional(string, null)
resource_group_name = optional(string, null)
ip_configurations = optional(map(object({
name = string
private_ip_address = string
})), {})
})), {})
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
})), {})
storage_shares_to_mount = optional(map(object({
access_key = string
account_name = string
mount_path = string
name = string
share_name = string
type = optional(string, "AzureFiles")
})), {})
site_config = optional(object({
always_on = optional(bool, true)
api_definition_url = optional(string)
api_management_api_id = optional(string)
app_command_line = optional(string)
auto_heal_enabled = optional(bool)
app_scale_limit = optional(number)
application_insights_connection_string = optional(string)
application_insights_key = optional(string)
slot_application_insights_object_key = optional(string)
container_registry_managed_identity_client_id = optional(string)
container_registry_use_managed_identity = optional(bool)
default_documents = optional(list(string))
elastic_instance_minimum = optional(number)
ftps_state = optional(string, "FtpsOnly")
health_check_eviction_time_in_min = optional(number)
health_check_path = optional(string)
http2_enabled = optional(bool, false)
ip_restriction_default_action = optional(string, "Allow")
load_balancing_mode = optional(string, "LeastRequests")
local_mysql_enabled = optional(bool, false)
managed_pipeline_mode = optional(string, "Integrated")
minimum_tls_version = optional(string, "1.3")
pre_warmed_instance_count = optional(number)
remote_debugging_enabled = optional(bool, false)
remote_debugging_version = optional(string)
runtime_scale_monitoring_enabled = optional(bool)
scm_ip_restriction_default_action = optional(string, "Allow")
scm_minimum_tls_version = optional(string, "1.2")
scm_use_main_ip_restriction = optional(bool, false)
use_32_bit_worker = optional(bool, false)
vnet_route_all_enabled = optional(bool, false)
websockets_enabled = optional(bool, false)
worker_count = optional(number)
app_service_logs = optional(map(object({
disk_quota_mb = optional(number, 35)
retention_period_days = optional(number)
})), {})
application_stack = optional(map(object({
dotnet_core_version = optional(string)
dotnet_version = optional(string)
java_version = optional(string)
node_version = optional(string)
powershell_core_version = optional(string)
python_version = optional(string)
go_version = optional(string)
ruby_version = optional(string)
java_server = optional(string)
java_server_version = optional(string)
php_version = optional(string)
use_custom_runtime = optional(bool)
use_dotnet_isolated_runtime = optional(bool)
docker = optional(list(object({
image_name = string
image_tag = string
registry_password = optional(string)
registry_url = string
registry_username = optional(string)
})))
current_stack = optional(string)
docker_image_name = optional(string)
docker_registry_url = optional(string)
docker_registry_username = optional(string)
docker_registry_password = optional(string)
docker_container_name = optional(string)
docker_container_tag = optional(string)
java_embedded_server_enabled = optional(bool)
tomcat_version = optional(bool)
})), {})
cors = optional(map(object({
allowed_origins = optional(list(string))
support_credentials = optional(bool, false)
})), {})
ip_restriction = optional(map(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(map(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string), ["1"])
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
})), {})
})), {})
scm_ip_restriction = optional(map(object({
action = optional(string, "Allow")
ip_address = optional(string)
name = optional(string)
priority = optional(number, 65000)
service_tag = optional(string)
virtual_network_subnet_id = optional(string)
headers = optional(map(object({
x_azure_fdid = optional(list(string))
x_fd_health_probe = optional(list(string), ["1"])
x_forwarded_for = optional(list(string))
x_forwarded_host = optional(list(string))
})), {})
})), {})
virtual_application = optional(map(object({
physical_path = optional(string, "site\\wwwroot")
preload_enabled = optional(bool, false)
virtual_directory = optional(map(object({
physical_path = optional(string)
virtual_path = optional(string)
})), {})
virtual_path = optional(string, "/")
})),
{
default = {
physical_path = "site\\wwwroot"
preload_enabled = false
virtual_path = "/"
}
}
)
}), {})
timeouts = optional(object({
create = optional(string)
delete = optional(string)
read = optional(string)
update = optional(string)
}), null)
}))
default = {
}
description = <<DESCRIPTION
```
> NOTE: If you plan to use the attribute reference of an external Application Insights instance for `application_insights_connection_string` and `application_insights_key`, you will likely need to remove the sensitivity level. For example, using the `nonsensitive` function.
```
DESCRIPTION
}
variable "deployment_slots_inherit_lock" {
type = bool
default = true
description = "Whether to inherit the lock from the parent resource for the deployment slots. Defaults to `true`."
}