From 40b6ba58f9424e6d5675a98de4a3e45398cd691a Mon Sep 17 00:00:00 2001 From: "Dris.S" Date: Wed, 1 Apr 2026 17:16:03 +0100 Subject: [PATCH 1/4] add kv to terraform sample of aci sample app --- .../python/terraform/deploy.sh | 2 ++ .../aci-blob-storage/python/terraform/main.tf | 30 ++++++++++++++++++- .../python/terraform/outputs.tf | 4 +++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/samples/aci-blob-storage/python/terraform/deploy.sh b/samples/aci-blob-storage/python/terraform/deploy.sh index 9bb2c3a..f52e6dc 100644 --- a/samples/aci-blob-storage/python/terraform/deploy.sh +++ b/samples/aci-blob-storage/python/terraform/deploy.sh @@ -128,6 +128,7 @@ fi # Get the output values RESOURCE_GROUP_NAME=$(terraform output -raw resource_group_name) STORAGE_ACCOUNT_NAME=$(terraform output -raw storage_account_name) +KEY_VAULT_NAME=$(terraform output -raw key_vault_name) ACR_NAME=$(terraform output -raw acr_name) ACI_GROUP_NAME=$(terraform output -raw aci_group_name) FQDN=$(terraform output -raw fqdn) @@ -138,6 +139,7 @@ echo "Deployment Complete!" echo "============================================================" echo "Resource Group: $RESOURCE_GROUP_NAME" echo "Storage Account: $STORAGE_ACCOUNT_NAME" +echo "Key Vault: $KEY_VAULT_NAME" echo "ACR: $ACR_NAME" echo "ACI Container: $ACI_GROUP_NAME" echo "FQDN: $FQDN" diff --git a/samples/aci-blob-storage/python/terraform/main.tf b/samples/aci-blob-storage/python/terraform/main.tf index 41a9ad3..71088b2 100644 --- a/samples/aci-blob-storage/python/terraform/main.tf +++ b/samples/aci-blob-storage/python/terraform/main.tf @@ -2,10 +2,14 @@ locals { resource_group_name = "${var.prefix}-aci-rg" storage_account_name = "${var.prefix}acistorage${var.suffix}" + key_vault_name = "${var.prefix}acikv${var.suffix}" acr_name = "${var.prefix}aciacr${var.suffix}" aci_group_name = "${var.prefix}-aci-planner-${var.suffix}" } +# Get the current client configuration (for tenant_id) +data "azurerm_client_config" "current" {} + # Create a resource group resource "azurerm_resource_group" "example" { name = local.resource_group_name @@ -37,6 +41,30 @@ resource "azurerm_storage_container" "example" { container_access_type = "private" } +# Create Key Vault +resource "azurerm_key_vault" "example" { + name = local.key_vault_name + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + enable_rbac_authorization = true + tags = var.tags + + lifecycle { + ignore_changes = [ + tags + ] + } +} + +# Store the storage connection string in Key Vault +resource "azurerm_key_vault_secret" "storage_conn" { + name = "storage-conn" + value = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}" + key_vault_id = azurerm_key_vault.example.id +} + # Reference the pre-created ACR (created by deploy.sh before terraform apply) data "azurerm_container_registry" "example" { name = local.acr_name @@ -76,7 +104,7 @@ resource "azurerm_container_group" "example" { } secure_environment_variables = { - AZURE_STORAGE_CONNECTION_STRING = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}" + AZURE_STORAGE_CONNECTION_STRING = azurerm_key_vault_secret.storage_conn.value } } diff --git a/samples/aci-blob-storage/python/terraform/outputs.tf b/samples/aci-blob-storage/python/terraform/outputs.tf index 284d9e6..5ded515 100644 --- a/samples/aci-blob-storage/python/terraform/outputs.tf +++ b/samples/aci-blob-storage/python/terraform/outputs.tf @@ -6,6 +6,10 @@ output "storage_account_name" { value = azurerm_storage_account.example.name } +output "key_vault_name" { + value = azurerm_key_vault.example.name +} + output "acr_name" { value = data.azurerm_container_registry.example.name } From 778e41d1169f0ea2d9a441c3d7b23057927b5a94 Mon Sep 17 00:00:00 2001 From: "Dris.S" Date: Wed, 1 Apr 2026 17:38:13 +0100 Subject: [PATCH 2/4] uncomment --- run-samples.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-samples.sh b/run-samples.sh index d3e7287..a063d8a 100755 --- a/run-samples.sh +++ b/run-samples.sh @@ -96,7 +96,7 @@ fi command -v localstack >/dev/null 2>&1 || { echo >&2 "localstack CLI is required but not installed. Aborting."; exit 1; } command -v az >/dev/null 2>&1 || { echo >&2 "az CLI is required but not installed. Aborting."; exit 1; } command -v azlocal >/dev/null 2>&1 || { echo >&2 "azlocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } -command -v funclocal >/dev/null 2>&1 || { echo >&2 "funclocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } +#command -v funclocal >/dev/null 2>&1 || { echo >&2 "funclocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } #command -v tflocal >/dev/null 2>&1 || { echo >&2 "tflocal is required but not installed. Run 'pip install terraform-local'. Aborting."; exit 1; } command -v terraform >/dev/null 2>&1 || { echo >&2 "terraform CLI is required but not installed. Aborting."; exit 1; } command -v func >/dev/null 2>&1 || { echo >&2 "Azure Functions Core Tools (func) is required but not installed. Aborting."; exit 1; } From 8f931362c1324564d1d15713c5e24d9fcaa9d880 Mon Sep 17 00:00:00 2001 From: "Dris.S" Date: Wed, 1 Apr 2026 18:29:50 +0100 Subject: [PATCH 3/4] remove funclocal --- run-samples.sh | 3 +-- .../function-app-front-door/python/scripts/deploy_all.sh | 9 +++------ .../function-app-storage-http/dotnet/scripts/deploy.sh | 4 ++-- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/run-samples.sh b/run-samples.sh index a063d8a..afa6953 100755 --- a/run-samples.sh +++ b/run-samples.sh @@ -11,7 +11,7 @@ set -euo pipefail # - LocalStack CLI # - Terraform CLI # - azlocal & terraform-local (pip install azlocal terraform-local) -# - funclocal (pip install funclocal) +# - Azure Functions Core Tools (func) # - Azure Functions Core Tools (func) # - jq & zip (sudo apt-get install jq zip) # - MSSQL Tools (sqlcmd) @@ -96,7 +96,6 @@ fi command -v localstack >/dev/null 2>&1 || { echo >&2 "localstack CLI is required but not installed. Aborting."; exit 1; } command -v az >/dev/null 2>&1 || { echo >&2 "az CLI is required but not installed. Aborting."; exit 1; } command -v azlocal >/dev/null 2>&1 || { echo >&2 "azlocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } -#command -v funclocal >/dev/null 2>&1 || { echo >&2 "funclocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; } #command -v tflocal >/dev/null 2>&1 || { echo >&2 "tflocal is required but not installed. Run 'pip install terraform-local'. Aborting."; exit 1; } command -v terraform >/dev/null 2>&1 || { echo >&2 "terraform CLI is required but not installed. Aborting."; exit 1; } command -v func >/dev/null 2>&1 || { echo >&2 "Azure Functions Core Tools (func) is required but not installed. Aborting."; exit 1; } diff --git a/samples/function-app-front-door/python/scripts/deploy_all.sh b/samples/function-app-front-door/python/scripts/deploy_all.sh index 3bac306..c9f347f 100644 --- a/samples/function-app-front-door/python/scripts/deploy_all.sh +++ b/samples/function-app-front-door/python/scripts/deploy_all.sh @@ -16,7 +16,7 @@ set -euo pipefail # Requirements # - az CLI # - bash, zip -# - Optional for LocalStack mode: azlocal (CLI interceptor), funclocal + Azure Functions Core Tools ('func') +# - Optional for LocalStack mode: azlocal (CLI interceptor), Azure Functions Core Tools ('func') # # Examples # # Real Azure (eastus by default) @@ -51,7 +51,7 @@ Options: -l, --location STR Azure region (default: eastus) -g, --resource-group STR Resource group name (auto-generated if omitted) --python-version STR Python runtime for Function App(s) (default: 3.11) - --use-localstack Use azlocal/funclocal for LocalStack emulator + --use-localstack Use azlocal for LocalStack emulator # Scenario toggles (all enabled by default) --no-basic Skip basic single-origin scenario @@ -221,14 +221,11 @@ create_function_app() { publish_function_code() { local funcName="$1"; local zipPath="$2" if [[ "$USE_LOCALSTACK" == "true" ]]; then - if ! command -v funclocal >/dev/null 2>&1; then - echo "Error: funclocal is required in --use-localstack mode." >&2; exit 1 - fi if ! command -v func >/dev/null 2>&1; then echo "Error: Azure Functions Core Tools ('func') not found in PATH." >&2; exit 1 fi pushd "$FUNCTION_SRC" >/dev/null - funclocal azure functionapp publish "$funcName" --python --build local #--verbose --debug + func azure functionapp publish "$funcName" --python --build local #--verbose --debug popd >/dev/null else rm -f "$zipPath"; ( cd "$FUNCTION_SRC" && zip -rq "$zipPath" . ) diff --git a/samples/function-app-storage-http/dotnet/scripts/deploy.sh b/samples/function-app-storage-http/dotnet/scripts/deploy.sh index 79f6558..5df829c 100755 --- a/samples/function-app-storage-http/dotnet/scripts/deploy.sh +++ b/samples/function-app-storage-http/dotnet/scripts/deploy.sh @@ -26,8 +26,8 @@ cd "$CURRENT_DIR" || exit # Choose the appropriate CLI based on the environment if [[ $ENVIRONMENT == "LocalStack" ]]; then - echo "Using funclocal for LocalStack emulator environment." - FUNC="funclocal" + echo "Using func for LocalStack emulator environment." + FUNC="func" else echo "Using standard func for AzureCloud environment." FUNC="func" From 4d09ec2af4b445f2831dbef82312e834f63b9afc Mon Sep 17 00:00:00 2001 From: "Dris.S" Date: Thu, 2 Apr 2026 10:05:35 +0100 Subject: [PATCH 4/4] refactor --- .../function-app-storage-http/dotnet/scripts/deploy.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/samples/function-app-storage-http/dotnet/scripts/deploy.sh b/samples/function-app-storage-http/dotnet/scripts/deploy.sh index 5df829c..f4f53b8 100755 --- a/samples/function-app-storage-http/dotnet/scripts/deploy.sh +++ b/samples/function-app-storage-http/dotnet/scripts/deploy.sh @@ -24,14 +24,7 @@ ENVIRONMENT=$(az account show --query environmentName --output tsv) # Change the current directory to the script's directory cd "$CURRENT_DIR" || exit -# Choose the appropriate CLI based on the environment -if [[ $ENVIRONMENT == "LocalStack" ]]; then - echo "Using func for LocalStack emulator environment." - FUNC="func" -else - echo "Using standard func for AzureCloud environment." - FUNC="func" -fi +FUNC="func" # Create a resource group echo "Checking if resource group [$RESOURCE_GROUP_NAME] exists in the subscription [$SUBSCRIPTION_NAME]..."