DTOSS-12524: Add logic-app-slack-alert module for Azure Monitor Slack notifications

Author: josielsouzanordcloud

infrastructure/modules/app-insights/tfdocs.md

@@ -70,10 +70,25 @@ Type: `map(string)`
 
 Default: `{}`
 
+### <a name="input_use_log_based_exception_alert"></a> [use\_log\_based\_exception\_alert](#input\_use\_log\_based\_exception\_alert)
+
+Description:     Replace the default metric-based exceptions alert with a log-based scheduled query alert.  
+    The log-based alert projects exception type, message, affected URL, and operation ID,  
+    which enables the Slack notification transformer to include those fields directly.  
+    Existing consumers of this module are unaffected — the default retains the metric alert.
+
+Type: `bool`
+
+Default: `false`
+
 ## Outputs
 
 The following outputs are exported:
 
+### <a name="output_app_id"></a> [app\_id](#output\_app\_id)
+
+Description: The Application ID (GUID) used to authenticate with the App Insights REST API.
+
 ### <a name="output_connection_string"></a> [connection\_string](#output\_connection\_string)
 
 Description: n/a
@@ -95,3 +110,4 @@ The following resources are used by this module:
 
 - [azurerm_application_insights.appins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) (resource)
 - [azurerm_monitor_metric_alert.exceptions](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) (resource)
+- [azurerm_monitor_scheduled_query_rules_alert_v2.exceptions](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert_v2) (resource)

infrastructure/modules/logic-app-slack-alert/main.tf

@@ -0,0 +1,122 @@
+resource "azurerm_logic_app_workflow" "this" {
+  name                = var.name
+  resource_group_name = var.resource_group_name
+  location            = var.location
+
+  workflow_parameters = {
+    "slackWebhookUrl" = jsonencode({
+      type         = "SecureString"
+      defaultValue = ""
+    })
+  }
+
+  parameters = {
+    "slackWebhookUrl" = var.slack_webhook_url
+  }
+}
+
+resource "azurerm_logic_app_trigger_http_request" "this" {
+  name         = "When_an_HTTP_request_is_received"
+  logic_app_id = azurerm_logic_app_workflow.this.id
+  method       = "POST"
+
+  schema = jsonencode({
+    "$schema" = "http://json-schema.org/draft-04/schema#"
+    type      = "object"
+    properties = {
+      schemaId = { type = "string" }
+      data = {
+        type = "object"
+        properties = {
+          essentials = {
+            type = "object"
+            properties = {
+              alertRule        = { type = "string" }
+              severity         = { type = "string" }
+              firedDateTime    = { type = "string" }
+              resolvedDateTime = { type = "string" }
+              monitorCondition = { type = "string" }
+              description      = { type = "string" }
+              alertTargetIDs = {
+                type  = "array"
+                items = { type = "string" }
+              }
+              configurationItems = {
+                type  = "array"
+                items = { type = "string" }
+              }
+            }
+          }
+        }
+      }
+    }
+  })
+}
+
+resource "azurerm_logic_app_action_custom" "post_to_slack" {
+  name         = "Post_to_Slack"
+  logic_app_id = azurerm_logic_app_workflow.this.id
+
+  body = <<-BODY
+    {
+      "type": "Http",
+      "inputs": {
+        "method": "POST",
+        "uri": "@parameters('slackWebhookUrl')",
+        "headers": {
+          "Content-Type": "application/json"
+        },
+        "body": {
+          "blocks": [
+            {
+              "type": "header",
+              "text": {
+                "type": "plain_text",
+                "text": "@{if(equals(triggerBody()?['data']?['essentials']?['monitorCondition'], 'Resolved'), concat('✅ Resolved – ', triggerBody()?['data']?['essentials']?['alertRule']), concat('🚨 Alert – ', triggerBody()?['data']?['essentials']?['alertRule']))}",
+                "emoji": true
+              }
+            },
+            {
+              "type": "section",
+              "fields": [
+                {
+                  "type": "mrkdwn",
+                  "text": "@{concat('*Severity*\n', triggerBody()?['data']?['essentials']?['severity'])}"
+                },
+                {
+                  "type": "mrkdwn",
+                  "text": "@{concat('*Status*\n', triggerBody()?['data']?['essentials']?['monitorCondition'])}"
+                },
+                {
+                  "type": "mrkdwn",
+                  "text": "@{concat('*Fired At*\n', triggerBody()?['data']?['essentials']?['firedDateTime'])}"
+                },
+                {
+                  "type": "mrkdwn",
+                  "text": "@{concat('*Resource*\n`', coalesce(triggerBody()?['data']?['essentials']?['configurationItems']?[0], 'N/A'), '`')}"
+                }
+              ]
+            },
+            {
+              "type": "section",
+              "text": {
+                "type": "mrkdwn",
+                "text": "@{concat('*Description*\n> ', coalesce(triggerBody()?['data']?['essentials']?['description'], 'N/A'))}"
+              }
+            },
+            {
+              "type": "section",
+              "text": {
+                "type": "mrkdwn",
+                "text": "@{if(contains(triggerBody()?['data']?['essentials']?['alertTargetIDs']?[0], 'microsoft.insights/components'), concat(':mag: <https://portal.azure.com/#resource', triggerBody()?['data']?['essentials']?['alertTargetIDs']?[0], '/failures|View Failures in App Insights>'), concat(':mag: <https://portal.azure.com/#resource', triggerBody()?['data']?['essentials']?['alertTargetIDs']?[0], '|View Resource in Azure Portal>'))}"
+              }
+            }
+          ]
+        }
+      },
+      "runAfter": {}
+    }
+  BODY
+
+  depends_on = [azurerm_logic_app_trigger_http_request.this]
+}

infrastructure/modules/logic-app-slack-alert/outputs.tf

@@ -0,0 +1,5 @@
+output "trigger_callback_url" {
+  description = "HTTP trigger callback URL to register with an Azure Monitor action group webhook receiver."
+  value       = azurerm_logic_app_trigger_http_request.this.callback_url
+  sensitive   = true
+}

infrastructure/modules/logic-app-slack-alert/tfdocs.md

@@ -0,0 +1,44 @@
+# Module documentation
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_location"></a> [location](#input\_location)
+
+Description: Azure region in which to create the Logic App.
+
+Type: `string`
+
+### <a name="input_name"></a> [name](#input\_name)
+
+Description: Name of the Logic App workflow.
+
+Type: `string`
+
+### <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name)
+
+Description: Resource group in which to create the Logic App.
+
+Type: `string`
+
+### <a name="input_slack_webhook_url"></a> [slack\_webhook\_url](#input\_slack\_webhook\_url)
+
+Description: Slack incoming webhook URL. Stored as a SecureString workflow parameter.
+
+Type: `string`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_trigger_callback_url"></a> [trigger\_callback\_url](#output\_trigger\_callback\_url)
+
+Description: HTTP trigger callback URL to register with an Azure Monitor action group webhook receiver.
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_logic_app_action_custom.post_to_slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/logic_app_action_custom) (resource)
+- [azurerm_logic_app_trigger_http_request.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/logic_app_trigger_http_request) (resource)
+- [azurerm_logic_app_workflow.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/logic_app_workflow) (resource)

infrastructure/modules/logic-app-slack-alert/variables.tf

@@ -0,0 +1,20 @@
+variable "name" {
+  type        = string
+  description = "Name of the Logic App workflow."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group in which to create the Logic App."
+}
+
+variable "location" {
+  type        = string
+  description = "Azure region in which to create the Logic App."
+}
+
+variable "slack_webhook_url" {
+  type        = string
+  description = "Slack incoming webhook URL. Stored as a SecureString workflow parameter."
+  sensitive   = true
+}

infrastructure/modules/virtual-desktop/tfdocs.md

@@ -168,6 +168,14 @@ Type: `number`
 
 Default: `16`
 
+### <a name="input_principal_id"></a> [principal\_id](#input\_principal\_id)
+
+Description: The principal (object) ID to assign the 'Desktop Virtualization Power On Off Contributor' role to the host pool. If null, the role assignment will not be created. This maintains backward compatibility for existing deployments. The role is required for autoscaling but can be omitted if autoscaling is not used or the role is assigned manually.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_source_image_from_gallery"></a> [source\_image\_from\_gallery](#input\_source\_image\_from\_gallery)
 
 Description: n/a
@@ -279,6 +287,7 @@ Default: `null`
 The following resources are used by this module:
 
 - [azurerm_network_interface.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) (resource)
+- [azurerm_role_assignment.avd_autoscale_hostpool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.dag_admins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.dag_users](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.rg_admins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)