Skip to content
This repository has been archived by the owner on Oct 16, 2024. It is now read-only.

Commit

Permalink
Update Terraform github.com/DFE-Digital/terraform-azurerm-container-a…
Browse files Browse the repository at this point in the history 
…pps-hosting to v1.10.1 (#810)

* Update Terraform github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.10.1

* Updated readme

* Set default rate limit duration to 5 minutes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
  • Loading branch information
@renovate @DrizzlyOwl
renovate[bot] and DrizzlyOwl authored Jul 26, 2024
1 parent 06e428f commit b0bdde7
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 65 deletions.
3 changes: 2 additions & 1 deletion terraform/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ No providers.

| Name | Source | Version |
|------|--------|---------|
| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.9.0 |
| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.10.1 |
| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
| <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |

Expand All @@ -163,6 +163,7 @@ No resources.
| <a name="input_cdn_frontdoor_host_redirects"></a> [cdn\_frontdoor\_host\_redirects](#input\_cdn\_frontdoor\_host\_redirects) | CDN FrontDoor host redirects `[{ "from" = "example.com", "to" = "www.example.com" }]` | `list(map(string))` | n/a | yes |
| <a name="input_cdn_frontdoor_origin_fqdn_override"></a> [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
| <a name="input_cdn_frontdoor_origin_host_header_override"></a> [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
| <a name="input_cdn_frontdoor_rate_limiting_duration_in_minutes"></a> [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
| <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests before Rate Limiting policy is applied | `number` | n/a | yes |
| <a name="input_cdn_frontdoor_waf_custom_rules"></a> [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | <pre>map(object({<br> priority : number,<br> action : string<br> match_conditions : map(object({<br> match_variable : string,<br> match_values : optional(list(string), []),<br> operator : optional(string, "Any"),<br> selector : optional(string, null),<br> negation_condition : optional(bool, false),<br> }))<br> }))</pre> | `{}` | no |
| <a name="input_container_apps_allow_ips_inbound"></a> [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
Expand Down
29 changes: 15 additions & 14 deletions terraform/container-apps-hosting.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.9.0"
source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.10.1"

environment = local.environment
project_name = local.project_name
Expand Down Expand Up @@ -30,19 +30,20 @@ module "azure_container_apps_hosting" {
container_max_replicas = local.container_max_replicas
container_scale_http_concurrency = local.container_scale_http_concurrency

enable_cdn_frontdoor = local.enable_cdn_frontdoor
cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_rate_limiting_threshold = local.cdn_frontdoor_rate_limiting_threshold
cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = local.cdn_frontdoor_host_redirects
cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_health_probe_protocol = local.cdn_frontdoor_health_probe_protocol
enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
enable_cdn_frontdoor = local.enable_cdn_frontdoor
cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_rate_limiting_threshold = local.cdn_frontdoor_rate_limiting_threshold
cdn_frontdoor_rate_limiting_duration_in_minutes = local.cdn_frontdoor_rate_limiting_duration_in_minutes
cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = local.cdn_frontdoor_host_redirects
cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_health_probe_protocol = local.cdn_frontdoor_health_probe_protocol
enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound

container_health_probe_path = local.container_health_probe_path
cdn_frontdoor_health_probe_path = local.cdn_frontdoor_health_probe_path
Expand Down
101 changes: 51 additions & 50 deletions terraform/locals.tf
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,53 @@
locals {
environment = var.environment
project_name = var.project_name
azure_location = var.azure_location
tags = var.tags
virtual_network_address_space = var.virtual_network_address_space
enable_container_registry = var.enable_container_registry
registry_admin_enabled = var.registry_admin_enabled
registry_use_managed_identity = var.registry_use_managed_identity
registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
registry_server = var.registry_server
image_name = var.image_name
container_command = var.container_command
container_secret_environment_variables = var.container_secret_environment_variables
container_max_replicas = var.container_max_replicas
container_scale_http_concurrency = var.container_scale_http_concurrency
enable_event_hub = var.enable_event_hub
enable_logstash_consumer = var.enable_logstash_consumer
eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names
enable_dns_zone = var.enable_dns_zone
dns_zone_domain_name = var.dns_zone_domain_name
dns_ns_records = var.dns_ns_records
dns_txt_records = var.dns_txt_records
dns_mx_records = var.dns_mx_records
enable_cdn_frontdoor = var.enable_cdn_frontdoor
container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold
cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
container_health_probe_path = var.container_health_probe_path
cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
enable_monitoring = var.enable_monitoring
monitor_email_receivers = var.monitor_email_receivers
monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
existing_logic_app_workflow = var.existing_logic_app_workflow
existing_network_watcher_name = var.existing_network_watcher_name
existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
statuscake_contact_group_name = var.statuscake_contact_group_name
statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
environment = var.environment
project_name = var.project_name
azure_location = var.azure_location
tags = var.tags
virtual_network_address_space = var.virtual_network_address_space
enable_container_registry = var.enable_container_registry
registry_admin_enabled = var.registry_admin_enabled
registry_use_managed_identity = var.registry_use_managed_identity
registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
registry_server = var.registry_server
image_name = var.image_name
container_command = var.container_command
container_secret_environment_variables = var.container_secret_environment_variables
container_max_replicas = var.container_max_replicas
container_scale_http_concurrency = var.container_scale_http_concurrency
enable_event_hub = var.enable_event_hub
enable_logstash_consumer = var.enable_logstash_consumer
eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names
enable_dns_zone = var.enable_dns_zone
dns_zone_domain_name = var.dns_zone_domain_name
dns_ns_records = var.dns_ns_records
dns_txt_records = var.dns_txt_records
dns_mx_records = var.dns_mx_records
enable_cdn_frontdoor = var.enable_cdn_frontdoor
container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold
cdn_frontdoor_rate_limiting_duration_in_minutes = var.cdn_frontdoor_rate_limiting_duration_in_minutes
cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
container_health_probe_path = var.container_health_probe_path
cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
enable_monitoring = var.enable_monitoring
monitor_email_receivers = var.monitor_email_receivers
monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
existing_logic_app_workflow = var.existing_logic_app_workflow
existing_network_watcher_name = var.existing_network_watcher_name
existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
statuscake_contact_group_name = var.statuscake_contact_group_name
statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
}
6 changes: 6 additions & 0 deletions terraform/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,12 @@ variable "cdn_frontdoor_rate_limiting_threshold" {
type = number
}

variable "cdn_frontdoor_rate_limiting_duration_in_minutes" {
description = "CDN Front Door rate limiting duration in minutes"
type = number
default = 5
}

variable "cdn_frontdoor_host_add_response_headers" {
description = "List of response headers to add at the CDN Front Door `[{ \"Name\" = \"Strict-Transport-Security\", \"value\" = \"max-age=31536000\" }]`"
type = list(map(string))
Expand Down

0 comments on commit b0bdde7

Please sign in to comment.