From b0bdde7b1411e071775877ad0f5139ef81e3df5d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 26 Jul 2024 14:27:14 +0100
Subject: [PATCH] Update Terraform
github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.10.1
(#810)
* Update Terraform github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.10.1
* Updated readme
* Set default rate limit duration to 5 minutes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
---
terraform/README.md | 3 +-
terraform/container-apps-hosting.tf | 29 ++++----
terraform/locals.tf | 101 ++++++++++++++--------------
terraform/variables.tf | 6 ++
4 files changed, 74 insertions(+), 65 deletions(-)
diff --git a/terraform/README.md b/terraform/README.md
index 4564bbda..09fbd9db 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -137,7 +137,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.9.0 |
+| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.10.1 |
| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |
@@ -163,6 +163,7 @@ No resources.
| [cdn\_frontdoor\_host\_redirects](#input\_cdn\_frontdoor\_host\_redirects) | CDN FrontDoor host redirects `[{ "from" = "example.com", "to" = "www.example.com" }]` | `list(map(string))` | n/a | yes |
| [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
| [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
+| [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
| [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests before Rate Limiting policy is applied | `number` | n/a | yes |
| [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | map(object({
priority : number,
action : string
match_conditions : map(object({
match_variable : string,
match_values : optional(list(string), []),
operator : optional(string, "Any"),
selector : optional(string, null),
negation_condition : optional(bool, false),
}))
})) | `{}` | no |
| [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
index 264ac1a9..28e4050f 100644
--- a/terraform/container-apps-hosting.tf
+++ b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
- source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.9.0"
+ source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.10.1"
environment = local.environment
project_name = local.project_name
@@ -30,19 +30,20 @@ module "azure_container_apps_hosting" {
container_max_replicas = local.container_max_replicas
container_scale_http_concurrency = local.container_scale_http_concurrency
- enable_cdn_frontdoor = local.enable_cdn_frontdoor
- cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
- cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
- cdn_frontdoor_rate_limiting_threshold = local.cdn_frontdoor_rate_limiting_threshold
- cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
- cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
- cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
- cdn_frontdoor_host_redirects = local.cdn_frontdoor_host_redirects
- cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
- cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
- cdn_frontdoor_health_probe_protocol = local.cdn_frontdoor_health_probe_protocol
- enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
- container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
+ enable_cdn_frontdoor = local.enable_cdn_frontdoor
+ cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol
+ cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
+ cdn_frontdoor_rate_limiting_threshold = local.cdn_frontdoor_rate_limiting_threshold
+ cdn_frontdoor_rate_limiting_duration_in_minutes = local.cdn_frontdoor_rate_limiting_duration_in_minutes
+ cdn_frontdoor_waf_custom_rules = local.cdn_frontdoor_waf_custom_rules
+ cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
+ cdn_frontdoor_host_redirects = local.cdn_frontdoor_host_redirects
+ cdn_frontdoor_origin_fqdn_override = local.cdn_frontdoor_origin_fqdn_override
+ cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
+ cdn_frontdoor_health_probe_protocol = local.cdn_frontdoor_health_probe_protocol
+ enable_cdn_frontdoor_health_probe = local.enable_cdn_frontdoor_health_probe
+ container_apps_allow_ips_inbound = local.container_apps_allow_ips_inbound
container_health_probe_path = local.container_health_probe_path
cdn_frontdoor_health_probe_path = local.cdn_frontdoor_health_probe_path
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 76b9fc82..40bb346c 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -1,52 +1,53 @@
locals {
- environment = var.environment
- project_name = var.project_name
- azure_location = var.azure_location
- tags = var.tags
- virtual_network_address_space = var.virtual_network_address_space
- enable_container_registry = var.enable_container_registry
- registry_admin_enabled = var.registry_admin_enabled
- registry_use_managed_identity = var.registry_use_managed_identity
- registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
- registry_server = var.registry_server
- image_name = var.image_name
- container_command = var.container_command
- container_secret_environment_variables = var.container_secret_environment_variables
- container_max_replicas = var.container_max_replicas
- container_scale_http_concurrency = var.container_scale_http_concurrency
- enable_event_hub = var.enable_event_hub
- enable_logstash_consumer = var.enable_logstash_consumer
- eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names
- enable_dns_zone = var.enable_dns_zone
- dns_zone_domain_name = var.dns_zone_domain_name
- dns_ns_records = var.dns_ns_records
- dns_txt_records = var.dns_txt_records
- dns_mx_records = var.dns_mx_records
- enable_cdn_frontdoor = var.enable_cdn_frontdoor
- container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
- cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
- cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold
- cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
- cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
- cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
- cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
- cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
- cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
- cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
- cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
- enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
- key_vault_access_ipv4 = var.key_vault_access_ipv4
- tfvars_filename = var.tfvars_filename
- container_health_probe_path = var.container_health_probe_path
- cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
- enable_monitoring = var.enable_monitoring
- monitor_email_receivers = var.monitor_email_receivers
- monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
- existing_logic_app_workflow = var.existing_logic_app_workflow
- existing_network_watcher_name = var.existing_network_watcher_name
- existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
- statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
- statuscake_contact_group_name = var.statuscake_contact_group_name
- statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
- statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
+ environment = var.environment
+ project_name = var.project_name
+ azure_location = var.azure_location
+ tags = var.tags
+ virtual_network_address_space = var.virtual_network_address_space
+ enable_container_registry = var.enable_container_registry
+ registry_admin_enabled = var.registry_admin_enabled
+ registry_use_managed_identity = var.registry_use_managed_identity
+ registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
+ registry_server = var.registry_server
+ image_name = var.image_name
+ container_command = var.container_command
+ container_secret_environment_variables = var.container_secret_environment_variables
+ container_max_replicas = var.container_max_replicas
+ container_scale_http_concurrency = var.container_scale_http_concurrency
+ enable_event_hub = var.enable_event_hub
+ enable_logstash_consumer = var.enable_logstash_consumer
+ eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names
+ enable_dns_zone = var.enable_dns_zone
+ dns_zone_domain_name = var.dns_zone_domain_name
+ dns_ns_records = var.dns_ns_records
+ dns_txt_records = var.dns_txt_records
+ dns_mx_records = var.dns_mx_records
+ enable_cdn_frontdoor = var.enable_cdn_frontdoor
+ container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
+ cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
+ cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold
+ cdn_frontdoor_rate_limiting_duration_in_minutes = var.cdn_frontdoor_rate_limiting_duration_in_minutes
+ cdn_frontdoor_waf_custom_rules = var.cdn_frontdoor_waf_custom_rules
+ cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
+ cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
+ cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
+ cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
+ cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
+ cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
+ enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
+ key_vault_access_ipv4 = var.key_vault_access_ipv4
+ tfvars_filename = var.tfvars_filename
+ container_health_probe_path = var.container_health_probe_path
+ cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
+ enable_monitoring = var.enable_monitoring
+ monitor_email_receivers = var.monitor_email_receivers
+ monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
+ existing_logic_app_workflow = var.existing_logic_app_workflow
+ existing_network_watcher_name = var.existing_network_watcher_name
+ existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name
+ statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses
+ statuscake_contact_group_name = var.statuscake_contact_group_name
+ statuscake_contact_group_integrations = var.statuscake_contact_group_integrations
+ statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses
}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 5d117810..86e51cdc 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -159,6 +159,12 @@ variable "cdn_frontdoor_rate_limiting_threshold" {
type = number
}
+variable "cdn_frontdoor_rate_limiting_duration_in_minutes" {
+ description = "CDN Front Door rate limiting duration in minutes"
+ type = number
+ default = 5
+}
+
variable "cdn_frontdoor_host_add_response_headers" {
description = "List of response headers to add at the CDN Front Door `[{ \"Name\" = \"Strict-Transport-Security\", \"value\" = \"max-age=31536000\" }]`"
type = list(map(string))