recognizegroup · tom-reinders · Oct 16, 2023 · Oct 16, 2023 · Oct 16, 2023 · Oct 16, 2023
@@ -0,0 +1,49 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "location": {
+      "type": "String",
+      "metadata": {
+        "description": "location"
+      }
+    },
+    "service_bus_connection_name": {
+      "type": "String",
+      "metadata": {
+        "description": "Name to use for this connection"
+      }
+    },
+    "service_bus_namespace_endpoint": {
+      "type": "String",
+      "metadata": {
+        "description": "Service Bus namespace"
+      }
+    }
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Web/connections",
+      "apiVersion": "2018-07-01-preview",
+      "name": "[parameters('service_bus_connection_name')]",
+      "location": "[parameters('location')]",
+      "kind": "V1",
+      "properties": {
+        "displayName": "Service Bus",
+        "api": {
+          "name": "servicebus",
+          "id": "[format('{0}/providers/Microsoft.Web/locations/{1}/managedApis/servicebus', subscription().id, parameters('location'))]"
+        },
+        "alternativeParameterValues": {},
+        "parameterValueSet": {
+          "name": "managedIdentityAuth",
+          "values": {
+            "namespaceEndpoint": {
+              "value": "[parameters('service_bus_namespace_endpoint')]"
+            }
+          }
+        }
+      }
+    }
+  ]
+}
@@ -0,0 +1,37 @@
+terraform {
+  required_version = "~> 1.3"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.48"
+    }
+  }
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group_template_deployment" "service_bus_managed_identity" {
+  for_each = var.connection_names
+
+  name                = "${each.value}_deployment"
+  resource_group_name = var.resource_group_name
+
+  template_content = file("./connection.json")
+  parameters_content = jsonencode({
+    "service_bus_connection_name" = {
+      value = each.value
+    }
+    "service_bus_namespace_endpoint" = {
+      value = var.service_bus_namespace_endpoint
+    }
+    "location" = {
+      value = var.location
+    }
+  })
+  deployment_mode = "Incremental"
+}
@@ -0,0 +1,3 @@
+output "names" {
+  value = var.connection_names
+}
@@ -0,0 +1,19 @@
+variable "resource_group_name" {
+  type        = string
+  description = "Resource group the connection should be placed in"
+}
+
+variable "connection_names" {
+  type        = set(string)
+  description = "The names for the connection"
+}
+
+variable "service_bus_namespace_endpoint" {
+  type        = string
+  description = "The namespace endpoint for the connected service bus"
+}
+
+variable "location" {
+  type        = string
+  description = "The location of the connector, set by Azure if not provided and used to avoid deployment differences."
+}
@@ -0,0 +1,37 @@
+terraform {
+  required_version = "~> 1.3"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.48"
+    }
+  }
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {}
+}
+
+locals {
+  role_assignments = flatten([
+    for principal_key, principal_id in var.principals :
+    [
+      for role in var.roles : {
+        scope                = role.scope
+        role_definition_name = role.role_name
+        principal_id         = principal_id
+      }
+    ]
+  ])
+}
+
+resource "azurerm_role_assignment" "role_assignment" {
+  for_each = { for idx, ra in local.role_assignments : idx => ra }
+
+  scope                = each.value.scope
+  role_definition_name = each.value.role_definition_name
+  principal_id         = each.value.principal_id
+}
@@ -0,0 +1,13 @@
+variable "roles" {
+  type = list(object({
+    name      = optional(string),
+    role_name = string,
+    scope     = string,
+  }))
+  description = "List of role objects to apply roles on users given a certain scope."
+}
+
+variable "principals" {
+  description = "Map of principals to assign roles to"
+  type        = map(string)
+}
@@ -24,6 +24,13 @@ resource "azurerm_logic_app_workflow" "workflow" {
   name                = each.value.logic_app_name
   location            = var.location
   resource_group_name = var.resource_group_name
+
+  dynamic "identity" {
+    for_each = var.use_managed_identity ? [1] : []
+    content {
+      type = "SystemAssigned"
+    }
+  }
 }
 
 // Deploy workflow as ARM template conditional when arm_template_path is specified

@@ -0,0 +1,6 @@
+output "principal_id" {
+  value = {
+    for key, workflow_instance in azurerm_logic_app_workflow.workflow :
+    key => var.use_managed_identity ? workflow_instance.identity[0].principal_id : null
+  }
+}
@@ -32,4 +32,10 @@ variable "logic_app_instances" {
     arm_parameters = any
   }))
   description = "Individual logic app configuration"
+}
+
+variable "use_managed_identity" {
+  type        = bool
+  description = "Use Managed Identity for this logic app"
+  default     = false
 }