Deploy API connection using Terraform (#20)

* The API Connection is linked to the Logic App Workflow * Deploys a scheduled timer with a linked API connection so that the Container Instances can be automatically rebooted every day
DFE-Digital · Jul 29, 2024 · c0845d5 · c0845d5
1 parent 7731600
commit c0845d5
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 24 deletions.
diff --git a/terraform/api.tf b/terraform/api.tf
@@ -0,0 +1,24 @@
+resource "azurerm_api_connection" "linkedservice" {
+  count = (local.api_connection_client_id != "" && local.api_connection_client_secret != "") ? 1 : 0
+
+  name                = "aci"
+  resource_group_name = azurerm_resource_group.default.name
+  managed_api_id      = data.azurerm_managed_api.container_instance_group.id
+  display_name        = "${local.resource_prefix}-job"
+
+  parameter_values = {
+    "token:clientId" : local.api_connection_client_id,
+    "token:clientSecret" : local.api_connection_client_secret,
+    "token:TenantId" : data.azurerm_subscription.current.tenant_id,
+    "token:grantType" : "client_credentials"
+  }
+
+  lifecycle {
+    # NOTE: Az API does not return sensitive values so there will always be a diff without this
+    ignore_changes = [
+      parameter_values
+    ]
+  }
+
+  tags = local.tags
+}
diff --git a/terraform/data.tf b/terraform/data.tf
@@ -1 +1,6 @@
 data "azurerm_subscription" "current" {}
+
+data "azurerm_managed_api" "container_instance_group" {
+  name     = "aci"
+  location = azurerm_resource_group.default.location
+}
diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -16,5 +16,7 @@ locals {
   key_vault_access_ipv4              = var.key_vault_access_ipv4
   tfvars_filename                    = var.tfvars_filename
   slack_webhook_url                  = var.slack_webhook_url
+  api_connection_client_id           = var.api_connection_client_id
+  api_connection_client_secret       = var.api_connection_client_secret
   tags                               = var.tags
 }
diff --git a/terraform/logicapp.tf b/terraform/logicapp.tf
@@ -0,0 +1,79 @@
+resource "azurerm_logic_app_workflow" "logicapp" {
+  count = (local.api_connection_client_id != "" && local.api_connection_client_secret != "") ? 1 : 0
+
+  name                = local.resource_prefix
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+
+  parameters = { "$connections" = jsonencode({
+    "${azurerm_api_connection.linkedservice[0].name}" = {
+      connectionId   = azurerm_api_connection.linkedservice[0].id
+      connectionName = azurerm_api_connection.linkedservice[0].name
+      id             = data.azurerm_managed_api.container_instance_group.id
+    }
+  }) }
+
+  workflow_parameters = { "$connections" = jsonencode({
+    defaultValue = {}
+    type         = "Object"
+  }) }
+
+  tags = local.tags
+}
+
+resource "azurerm_monitor_diagnostic_setting" "logicapp" {
+  count = (local.api_connection_client_id != "" && local.api_connection_client_secret != "") ? 1 : 0
+
+  name                       = local.resource_prefix
+  target_resource_id         = azurerm_logic_app_workflow.logicapp[0].id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
+
+  enabled_log {
+    category = "WorkflowRuntime"
+  }
+
+  # The below metrics are kept in to avoid a diff in the Terraform Plan output
+  metric {
+    category = "AllMetrics"
+    enabled  = false
+  }
+}
+
+resource "azurerm_logic_app_trigger_recurrence" "start" {
+  count = (local.api_connection_client_id != "" && local.api_connection_client_secret != "") ? 1 : 0
+
+  name         = "scheduled-start"
+  time_zone    = "W. Europe Standard Time"
+  logic_app_id = azurerm_logic_app_workflow.logicapp[0].id
+  frequency    = "Day"
+  interval     = 1
+
+  schedule {
+    at_these_hours   = [06]
+    at_these_minutes = [30]
+  }
+}
+
+resource "azurerm_logic_app_action_custom" "start" {
+  name         = "start-aci"
+  logic_app_id = azurerm_logic_app_workflow.logicapp[0].id
+
+  body = <<BODY
+  {
+    "inputs": {
+      "host": {
+        "connection": {
+          "name": "@parameters('$connections')['${azurerm_api_connection.linkedservice[0].name}']['connectionId']"
+        }
+      },
+      "method": "post",
+      "path": "${azurerm_container_group.default.id}/start",
+      "queries": {
+        "x-ms-api-version": "2019-12-01"
+      }
+    },
+    "runAfter": {},
+    "type": "ApiConnection"
+  }
+  BODY
+}
diff --git a/terraform/terraform.tf b/terraform/terraform.tf
@@ -127,27 +127,3 @@ resource "azurerm_user_assigned_identity" "default" {
 
   tags = local.tags
 }
-
-resource "azurerm_logic_app_workflow" "logicapp" {
-  name                = local.resource_prefix
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
-
-  tags = local.tags
-}
-
-resource "azurerm_monitor_diagnostic_setting" "logicapp" {
-  name                       = local.resource_prefix
-  target_resource_id         = azurerm_logic_app_workflow.logicapp.id
-  log_analytics_workspace_id = azurerm_log_analytics_workspace.default.id
-
-  enabled_log {
-    category = "WorkflowRuntime"
-  }
-
-  # The below metrics are kept in to avoid a diff in the Terraform Plan output
-  metric {
-    category = "AllMetrics"
-    enabled  = false
-  }
-}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -35,3 +35,14 @@ variable "slack_webhook_url" {
   type        = string
   default     = ""
 }
+variable "api_connection_client_id" {
+  description = "Service Principal Client ID used for authenticating with the Container Instance "
+  type        = string
+  default     = ""
+}
+variable "api_connection_client_secret" {
+  description = "Service Principal Client Secret used for authenticating with the Container Instance"
+  type        = string
+  default     = ""
+  sensitive   = true
+}