api.bicep•3.96 kB
param name string
@description('Primary location for all resources & Flex Consumption Function App')
param location string = resourceGroup().location
param tags object = {}
param applicationInsightsName string = ''
param appServicePlanId string
param appSettings object = {}
param runtimeName string
param runtimeVersion string
param serviceName string = 'api'
param storageAccountName string
param deploymentStorageContainerName string
param virtualNetworkSubnetId string = ''
param instanceMemoryMB int = 2048
param maximumInstanceCount int = 100
param identityId string = ''
param identityClientId string = ''
param enableBlob bool = true
param enableQueue bool = false
param enableTable bool = false
param enableFile bool = false
@allowed(['SystemAssigned', 'UserAssigned'])
param identityType string = 'UserAssigned'
var applicationInsightsIdentity = 'ClientId=${identityClientId};Authorization=AAD'
var kind = 'functionapp,linux'
// Create base application settings
var baseAppSettings = {
// Only include required credential settings unconditionally
AzureWebJobsStorage__credential: 'managedidentity'
AzureWebJobsStorage__clientId: identityClientId
// Application Insights settings are always included
APPLICATIONINSIGHTS_AUTHENTICATION_STRING: applicationInsightsIdentity
APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString
}
// Dynamically build storage endpoint settings based on feature flags
var blobSettings = enableBlob ? { AzureWebJobsStorage__blobServiceUri: stg.properties.primaryEndpoints.blob } : {}
var queueSettings = enableQueue ? { AzureWebJobsStorage__queueServiceUri: stg.properties.primaryEndpoints.queue } : {}
var tableSettings = enableTable ? { AzureWebJobsStorage__tableServiceUri: stg.properties.primaryEndpoints.table } : {}
var fileSettings = enableFile ? { AzureWebJobsStorage__fileServiceUri: stg.properties.primaryEndpoints.file } : {}
// Merge all app settings
var allAppSettings = union(
appSettings,
blobSettings,
queueSettings,
tableSettings,
fileSettings,
baseAppSettings
)
resource stg 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
name: storageAccountName
}
resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
name: applicationInsightsName
}
// Create a Flex Consumption Function App to host the API
module api 'br/public:avm/res/web/site:0.15.1' = {
name: '${serviceName}-flex-consumption'
params: {
kind: kind
name: name
location: location
tags: union(tags, { 'azd-service-name': serviceName })
serverFarmResourceId: appServicePlanId
managedIdentities: {
systemAssigned: identityType == 'SystemAssigned'
userAssignedResourceIds: [
'${identityId}'
]
}
functionAppConfig: {
deployment: {
storage: {
type: 'blobContainer'
value: '${stg.properties.primaryEndpoints.blob}${deploymentStorageContainerName}'
authentication: {
type: identityType == 'SystemAssigned' ? 'SystemAssignedIdentity' : 'UserAssignedIdentity'
userAssignedIdentityResourceId: identityType == 'UserAssigned' ? identityId : ''
}
}
}
scaleAndConcurrency: {
instanceMemoryMB: instanceMemoryMB
maximumInstanceCount: maximumInstanceCount
}
runtime: {
name: runtimeName
version: runtimeVersion
}
}
siteConfig: {
alwaysOn: false
}
virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : null
appSettingsKeyValuePairs: allAppSettings
}
}
output SERVICE_API_NAME string = api.outputs.name
// Ensure output is always string, handle potential null from module output if SystemAssigned is not used
output SERVICE_API_IDENTITY_PRINCIPAL_ID string = identityType == 'SystemAssigned' ? api.outputs.?systemAssignedMIPrincipalId ?? '' : ''