role assignment for function app

microsoft · Jun 24, 2024 · e95abd5 · e95abd5
1 parent 29178a1
commit e95abd5
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 0 deletions.
diff --git a/deployment/terraform/resources/functions.tf b/deployment/terraform/resources/functions.tf
@@ -77,3 +77,29 @@ resource "azurerm_role_assignment" "function-app-animation-container-access" {
     azurerm_function_app.pcfuncs
   ]
 }
+
+resource "azurerm_role_assignment" "function-app-storage-table-data-contributor" {
+  scope                = azurerm_storage_account.pc.id
+  role_definition_name = "Storage Table Data Contributor"
+  principal_id         = azurerm_function_app.pcfuncs.identity[0].principal_id
+
+  depends_on = [
+    azurerm_function_app.pcfuncs
+  ]
+}
+
+data "azurerm_log_analytics_workspace" "log_analytics_workspace" {
+  provider            = azurerm.log_analytics
+  name                = var.log_analytics_workspace_name
+  resource_group_name = var.pc_resources_rg
+}
+
+resource "azurerm_role_assignment" "function-app-log-analytics-access" {
+  scope                = data.azurerm_log_analytics_workspace.log_analytics_workspace.id
+  role_definition_name = "Log Analytics Contributor"
+  principal_id         = azurerm_function_app.pcfuncs.identity[0].principal_id
+
+  depends_on = [
+    azurerm_function_app.pcfuncs
+  ]
+}
diff --git a/deployment/terraform/resources/providers.tf b/deployment/terraform/resources/providers.tf
@@ -8,6 +8,12 @@ provider "azurerm" {
   # storage_use_azuread = true
 }
 
+provider "azurerm" {
+  alias           = "log_analytics"
+  subscription_id = "9da7523a-cb61-4c3e-b1d4-afa5fc6d2da9"
+  features {}
+}
+
 terraform {
   required_version = ">= 0.13"
 

diff --git a/deployment/terraform/resources/variables.tf b/deployment/terraform/resources/variables.tf
@@ -11,6 +11,11 @@ variable "pc_test_resources_rg" {
   default = "pc-test-manual-resources"
 }
 
+variable "pc_resources_rg" {
+  type    = string
+  default = "pc-manual-resources"
+}
+
 variable "pc_test_resources_kv" {
   type    = string
   default = "pc-test-deploy-secrets"
@@ -123,6 +128,10 @@ variable "image_output_storage_url" {
   type = string
 }
 
+variable "log_analytics_workspace_name" {
+  type = string
+}
+
 # -----------------
 # Local variables
 

diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf
@@ -22,6 +22,7 @@ module "resources" {
   animation_output_storage_url = "https://pcfilestest.blob.core.windows.net/output/animations"
   image_output_storage_url     = "https://pcfilestest.blob.core.windows.net/output/images"
 
+  log_analytics_workspace_name = "pc-api-loganalytics"
 }
 
 terraform {