Update Terraform github.com/DFE-Digital/terraform-azurerm-container-a…

…pps-hosting to v1.10.0 (#656) * Update Terraform github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.10.0 * Updated Readme * Disable SAS connection string for Blob Storage * Set the Rate Limit default threshold to 300 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ash Davies <[email protected]>
DFE-Digital · Jul 25, 2024 · 7cae505 · 7cae505
1 parent f501f3c
commit 7cae505
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 3 deletions.
diff --git a/terraform/README.md b/terraform/README.md
@@ -137,7 +137,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.9.0 |
+| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.10.0 |
 | <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
 | <a name="module_data_protection"></a> [data\_protection](#module\_data\_protection) | github.com/DFE-Digital/terraform-azurerm-aspnet-data-protection | v1.1.0 |
 | <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |
@@ -163,14 +163,15 @@ No resources.
 | <a name="input_cdn_frontdoor_origin_fqdn_override"></a> [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
 | <a name="input_cdn_frontdoor_origin_host_header_override"></a> [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
 | <a name="input_cdn_frontdoor_rate_limiting_duration_in_minutes"></a> [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
-| <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests per minute threshold before rate limiting is applied | `number` | n/a | yes |
+| <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests per minute threshold before rate limiting is applied | `number` | `300` | no |
 | <a name="input_cdn_frontdoor_waf_custom_rules"></a> [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | <pre>map(object({<br>    priority : number,<br>    action : string<br>    match_conditions : map(object({<br>      match_variable : string,<br>      match_values : optional(list(string), []),<br>      operator : optional(string, "Any"),<br>      selector : optional(string, null),<br>      negation_condition : optional(bool, false),<br>    }))<br>  }))</pre> | `{}` | no |
 | <a name="input_container_app_file_share_mount_path"></a> [container\_app\_file\_share\_mount\_path](#input\_container\_app\_file\_share\_mount\_path) | A path inside your container where the File Share will be mounted to | `string` | `"/srv/app/storage"` | no |
 | <a name="input_container_apps_allow_ips_inbound"></a> [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
 | <a name="input_container_command"></a> [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes |
 | <a name="input_container_max_replicas"></a> [container\_max\_replicas](#input\_container\_max\_replicas) | Container max replicas | `number` | `2` | no |
 | <a name="input_container_scale_http_concurrency"></a> [container\_scale\_http\_concurrency](#input\_container\_scale\_http\_concurrency) | When the number of concurrent HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the max-replicas amount. | `number` | `10` | no |
 | <a name="input_container_secret_environment_variables"></a> [container\_secret\_environment\_variables](#input\_container\_secret\_environment\_variables) | Container secret environment variables | `map(string)` | n/a | yes |
+| <a name="input_create_container_app_blob_storage_sas"></a> [create\_container\_app\_blob\_storage\_sas](#input\_create\_container\_app\_blob\_storage\_sas) | Generate a SAS connection string that is exposed to your App as an environment variable so that it can connect to the Storage Account | `bool` | `false` | no |
 | <a name="input_dns_a_records"></a> [dns\_a\_records](#input\_dns\_a\_records) | DNS A records to add to the DNS Zone | <pre>map(<br>    object({<br>      ttl : optional(number, 300),<br>      records : list(string)<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_dns_mx_records"></a> [dns\_mx\_records](#input\_dns\_mx\_records) | DNS MX records to add to the DNS Zone | <pre>map(<br>    object({<br>      ttl : optional(number, 300),<br>      records : list(<br>        object({<br>          preference : number,<br>          exchange : string<br>        })<br>      )<br>    })<br>  )</pre> | `{}` | no |
 | <a name="input_dns_ns_records"></a> [dns\_ns\_records](#input\_dns\_ns\_records) | DNS NS records to add to the DNS Zone | <pre>map(<br>    object({<br>      ttl : optional(number, 300),<br>      records : list(string)<br>    })<br>  )</pre> | n/a | yes |

diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
 module "azure_container_apps_hosting" {
-  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.9.0"
+  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.10.0"
 
   environment    = local.environment
   project_name   = local.project_name
@@ -55,6 +55,7 @@ module "azure_container_apps_hosting" {
   enable_container_health_probe = local.enable_container_health_probe
 
   enable_container_app_blob_storage     = local.enable_container_app_blob_storage
+  create_container_app_blob_storage_sas = local.create_container_app_blob_storage_sas
   enable_container_app_file_share       = local.enable_container_app_file_share
   container_app_file_share_mount_path   = local.container_app_file_share_mount_path
   storage_account_ipv4_allow_list       = local.storage_account_ipv4_allow_list

diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -44,6 +44,7 @@ locals {
   monitor_email_receivers                         = var.monitor_email_receivers
   existing_logic_app_workflow                     = var.existing_logic_app_workflow
   enable_container_app_blob_storage               = var.enable_container_app_blob_storage
+  create_container_app_blob_storage_sas           = var.create_container_app_blob_storage_sas
   enable_container_app_file_share                 = var.enable_container_app_file_share
   container_app_file_share_mount_path             = var.container_app_file_share_mount_path
   storage_account_ipv4_allow_list                 = var.storage_account_ipv4_allow_list

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -136,6 +136,7 @@ variable "cdn_frontdoor_enable_rate_limiting" {
 variable "cdn_frontdoor_rate_limiting_threshold" {
   description = "Maximum number of concurrent requests per minute threshold before rate limiting is applied"
   type        = number
+  default     = 300
 }
 
 variable "cdn_frontdoor_waf_custom_rules" {
@@ -296,6 +297,12 @@ variable "enable_container_app_blob_storage" {
   type        = bool
 }
 
+variable "create_container_app_blob_storage_sas" {
+  description = "Generate a SAS connection string that is exposed to your App as an environment variable so that it can connect to the Storage Account"
+  type        = bool
+  default     = false
+}
+
 variable "enable_container_app_file_share" {
   description = "Create an Azure Storage Account and File Share to be mounted to the Container Apps"
   type        = bool