diff --git a/run-samples.sh b/run-samples.sh index 1082711..4311be9 100755 --- a/run-samples.sh +++ b/run-samples.sh @@ -11,7 +11,7 @@ set -euo pipefail # - LocalStack CLI # - Terraform CLI # - azlocal & terraform-local (pip install azlocal terraform-local) -# - funclocal (pip install funclocal) +# - Azure Functions Core Tools (func) # - Azure Functions Core Tools (func) # - jq & zip (sudo apt-get install jq zip) # - MSSQL Tools (sqlcmd) @@ -96,7 +96,6 @@ fi command -v localstack >/dev/null 2>&1 || { echo >&2 "localstack CLI is required but not installed. Aborting."; exit 1; } command -v az >/dev/null 2>&1 || { echo >&2 "az CLI is required but not installed. Aborting."; exit 1; } command -v azlocal >/dev/null 2>&1 || { echo >&2 "azlocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } -command -v funclocal >/dev/null 2>&1 || { echo >&2 "funclocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } #command -v tflocal >/dev/null 2>&1 || { echo >&2 "tflocal is required but not installed. Run 'pip install terraform-local'. Aborting."; exit 1; } command -v terraform >/dev/null 2>&1 || { echo >&2 "terraform CLI is required but not installed. Aborting."; exit 1; } command -v func >/dev/null 2>&1 || { echo >&2 "Azure Functions Core Tools (func) is required but not installed. Aborting."; exit 1; } diff --git a/samples/aci-blob-storage/python/terraform/deploy.sh b/samples/aci-blob-storage/python/terraform/deploy.sh index 0b50db0..e1fcf95 100644 --- a/samples/aci-blob-storage/python/terraform/deploy.sh +++ b/samples/aci-blob-storage/python/terraform/deploy.sh @@ -119,6 +119,7 @@ fi # Get the output values RESOURCE_GROUP_NAME=$(terraform output -raw resource_group_name) STORAGE_ACCOUNT_NAME=$(terraform output -raw storage_account_name) +KEY_VAULT_NAME=$(terraform output -raw key_vault_name) ACR_NAME=$(terraform output -raw acr_name) ACI_GROUP_NAME=$(terraform output -raw aci_group_name) FQDN=$(terraform output -raw fqdn) @@ -129,6 +130,7 @@ echo "Deployment Complete!" echo "============================================================" echo "Resource Group: $RESOURCE_GROUP_NAME" echo "Storage Account: $STORAGE_ACCOUNT_NAME" +echo "Key Vault: $KEY_VAULT_NAME" echo "ACR: $ACR_NAME" echo "ACI Container: $ACI_GROUP_NAME" echo "FQDN: $FQDN" diff --git a/samples/aci-blob-storage/python/terraform/main.tf b/samples/aci-blob-storage/python/terraform/main.tf index 41a9ad3..71088b2 100644 --- a/samples/aci-blob-storage/python/terraform/main.tf +++ b/samples/aci-blob-storage/python/terraform/main.tf @@ -2,10 +2,14 @@ locals { resource_group_name = "${var.prefix}-aci-rg" storage_account_name = "${var.prefix}acistorage${var.suffix}" + key_vault_name = "${var.prefix}acikv${var.suffix}" acr_name = "${var.prefix}aciacr${var.suffix}" aci_group_name = "${var.prefix}-aci-planner-${var.suffix}" } +# Get the current client configuration (for tenant_id) +data "azurerm_client_config" "current" {} + # Create a resource group resource "azurerm_resource_group" "example" { name = local.resource_group_name @@ -37,6 +41,30 @@ resource "azurerm_storage_container" "example" { container_access_type = "private" } +# Create Key Vault +resource "azurerm_key_vault" "example" { + name = local.key_vault_name + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + enable_rbac_authorization = true + tags = var.tags + + lifecycle { + ignore_changes = [ + tags + ] + } +} + +# Store the storage connection string in Key Vault +resource "azurerm_key_vault_secret" "storage_conn" { + name = "storage-conn" + value = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}" + key_vault_id = azurerm_key_vault.example.id +} + # Reference the pre-created ACR (created by deploy.sh before terraform apply) data "azurerm_container_registry" "example" { name = local.acr_name @@ -76,7 +104,7 @@ resource "azurerm_container_group" "example" { } secure_environment_variables = { - AZURE_STORAGE_CONNECTION_STRING = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}" + AZURE_STORAGE_CONNECTION_STRING = azurerm_key_vault_secret.storage_conn.value } } diff --git a/samples/aci-blob-storage/python/terraform/outputs.tf b/samples/aci-blob-storage/python/terraform/outputs.tf index 284d9e6..5ded515 100644 --- a/samples/aci-blob-storage/python/terraform/outputs.tf +++ b/samples/aci-blob-storage/python/terraform/outputs.tf @@ -6,6 +6,10 @@ output "storage_account_name" { value = azurerm_storage_account.example.name } +output "key_vault_name" { + value = azurerm_key_vault.example.name +} + output "acr_name" { value = data.azurerm_container_registry.example.name } diff --git a/samples/function-app-storage-http/dotnet/scripts/deploy.sh b/samples/function-app-storage-http/dotnet/scripts/deploy.sh index 79f6558..f4f53b8 100755 --- a/samples/function-app-storage-http/dotnet/scripts/deploy.sh +++ b/samples/function-app-storage-http/dotnet/scripts/deploy.sh @@ -24,14 +24,7 @@ ENVIRONMENT=$(az account show --query environmentName --output tsv) # Change the current directory to the script's directory cd "$CURRENT_DIR" || exit -# Choose the appropriate CLI based on the environment -if [[ $ENVIRONMENT == "LocalStack" ]]; then - echo "Using funclocal for LocalStack emulator environment." - FUNC="funclocal" -else - echo "Using standard func for AzureCloud environment." - FUNC="func" -fi +FUNC="func" # Create a resource group echo "Checking if resource group [$RESOURCE_GROUP_NAME] exists in the subscription [$SUBSCRIPTION_NAME]..."