diff --git a/functions/FileFormRecPollingPDF/function.json b/functions/FileFormRecPollingPDF/function.json index 76d26036..a8148775 100644 --- a/functions/FileFormRecPollingPDF/function.json +++ b/functions/FileFormRecPollingPDF/function.json @@ -6,7 +6,7 @@ "type": "queueTrigger", "direction": "in", "queueName": "pdf-polling-queue", - "connection": "" + "connection": "AzureStorageConnection1" } ] } \ No newline at end of file diff --git a/functions/FileFormRecSubmissionPDF/function.json b/functions/FileFormRecSubmissionPDF/function.json index c79da65a..41639b03 100644 --- a/functions/FileFormRecSubmissionPDF/function.json +++ b/functions/FileFormRecSubmissionPDF/function.json @@ -6,7 +6,7 @@ "type": "queueTrigger", "direction": "in", "queueName": "pdf-submit-queue", - "connection": "" + "connection": "AzureStorageConnection1" } ] } \ No newline at end of file diff --git a/functions/FileLayoutParsingOther/function.json b/functions/FileLayoutParsingOther/function.json index 2edb946c..a40410fc 100644 --- a/functions/FileLayoutParsingOther/function.json +++ b/functions/FileLayoutParsingOther/function.json @@ -6,7 +6,7 @@ "type": "queueTrigger", "direction": "in", "queueName": "non-pdf-submit-queue", - "connection": "" + "connection": "AzureStorageConnection1" } ] } \ No newline at end of file diff --git a/functions/FileUploadedFunc/function.json b/functions/FileUploadedFunc/function.json index 2dd30a86..68776e21 100644 --- a/functions/FileUploadedFunc/function.json +++ b/functions/FileUploadedFunc/function.json @@ -6,7 +6,7 @@ "type": "blobTrigger", "direction": "in", "path": "upload", - "connection": "" + "connection": "AzureStorageConnection1" } ], "retry": { diff --git a/functions/ImageEnrichment/function.json b/functions/ImageEnrichment/function.json index 237b3893..5b04da35 100644 --- a/functions/ImageEnrichment/function.json +++ b/functions/ImageEnrichment/function.json @@ -6,7 +6,7 @@ "type": "queueTrigger", "direction": "in", "queueName": "image-enrichment-queue", - "connection": "" + "connection": "AzureStorageConnection1" } ] } \ No newline at end of file diff --git a/functions/TextEnrichment/function.json b/functions/TextEnrichment/function.json index 34ffdf92..a53d8093 100644 --- a/functions/TextEnrichment/function.json +++ b/functions/TextEnrichment/function.json @@ -6,7 +6,7 @@ "type": "queueTrigger", "direction": "in", "queueName": "text-enrichment-queue", - "connection": "" + "connection": "AzureStorageConnection1" } ] } \ No newline at end of file diff --git a/infra/core/db/cosmosdb.tf b/infra/core/db/cosmosdb.tf index ed85cda4..c6fdc615 100644 --- a/infra/core/db/cosmosdb.tf +++ b/infra/core/db/cosmosdb.tf @@ -35,7 +35,7 @@ resource "azurerm_cosmosdb_account" "cosmosdb_account" { kind = "GlobalDocumentDB" tags = var.tags public_network_access_enabled = var.is_secure_mode ? false : true - #local_authentication_disabled = var.is_secure_mode ? true : false + local_authentication_disabled = var.is_secure_mode ? true : false consistency_policy { consistency_level = var.defaultConsistencyLevel @@ -65,7 +65,7 @@ resource "azurerm_cosmosdb_sql_container" "log_container" { account_name = azurerm_cosmosdb_account.cosmosdb_account.name database_name = azurerm_cosmosdb_sql_database.log_database.name - partition_key_path = "/file_name" + partition_key_paths = ["/file_name"] } data "azurerm_subnet" "subnet" { diff --git a/infra/core/host/functions/functions.tf b/infra/core/host/functions/functions.tf index 7c5b8459..d918456d 100644 --- a/infra/core/host/functions/functions.tf +++ b/infra/core/host/functions/functions.tf @@ -98,21 +98,21 @@ resource "azurerm_linux_function_app" "function_app" { site_config { application_stack { docker { - image_name = "${var.container_registry}/functionapp" - image_tag = "latest" - registry_url = "https://${var.container_registry}" - registry_username = var.container_registry_admin_username - registry_password = var.container_registry_admin_password + image_name = "${var.container_registry}/functionapp" + image_tag = "latest" + registry_url = "https://${var.container_registry}" + registry_username = var.container_registry_admin_username + registry_password = var.container_registry_admin_password } } - container_registry_use_managed_identity = true - always_on = true - http2_enabled = true - ftps_state = var.is_secure_mode ? "Disabled" : var.ftpsState + container_registry_use_managed_identity = true + always_on = true + http2_enabled = true + ftps_state = var.is_secure_mode ? "Disabled" : var.ftpsState cors { - allowed_origins = concat([var.azure_portal_domain, "https://ms.portal.azure.com"], var.allowedOrigins) + allowed_origins = concat([var.azure_portal_domain, "https://ms.portal.azure.com"], var.allowedOrigins) } - vnet_route_all_enabled = var.is_secure_mode ? true : false + vnet_route_all_enabled = var.is_secure_mode ? true : false } identity { @@ -136,6 +136,12 @@ resource "azurerm_linux_function_app" "function_app" { AzureWebJobsStorage__fileServiceUri = "https://${var.blobStorageAccountName}.file.${var.endpointSuffix}" AzureWebJobsSecretStorageKeyVaultUri = data.azurerm_key_vault.existing.vault_uri AzureWebJobsSecretStorageType = "keyvault" + + AzureStorageConnection1__accountName = var.blobStorageAccountName + AzureStorageConnection1__blobServiceUri = "https://${var.blobStorageAccountName}.blob.${var.endpointSuffix}" + AzureStorageConnection1__queueServiceUri = "https://${var.blobStorageAccountName}.queue.${var.endpointSuffix}" + AzureStorageConnection1__tableServiceUri = "https://${var.blobStorageAccountName}.table.${var.endpointSuffix}" + AzureStorageConnection1__fileServiceUri = "https://${var.blobStorageAccountName}.file.${var.endpointSuffix}" FUNCTIONS_WORKER_RUNTIME = var.runtime FUNCTIONS_EXTENSION_VERSION = "~4" diff --git a/infra/main.tf b/infra/main.tf index 477eeedf..831d5197 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -739,6 +739,17 @@ module "functionApp_CognitiveServicesUser" { resourceGroupId = azurerm_resource_group.rg.id } +module "enrichmentApp_CognitiveServicesUser" { + source = "./core/security/role" + + scope = azurerm_resource_group.rg.id + principalId = module.enrichmentApp.identityPrincipalId + roleDefinitionId = local.azure_roles.CognitiveServicesUser + principalType = "ServicePrincipal" + subscriptionId = data.azurerm_client_config.current.subscription_id + resourceGroupId = azurerm_resource_group.rg.id +} + module "enrichmentApp_StorageQueueDataContributor" { source = "./core/security/role" @@ -799,7 +810,7 @@ module "encrichmentApp_SearchIndexDataReader" { scope = azurerm_resource_group.rg.id principalId = module.enrichmentApp.identityPrincipalId - roleDefinitionId = local.azure_roles.SearchIndexDataReader + roleDefinitionId = local.azure_roles.SearchIndexDataContributor principalType = "ServicePrincipal" subscriptionId = data.azurerm_client_config.current.subscription_id resourceGroupId = azurerm_resource_group.rg.id @@ -816,6 +827,28 @@ module "fuctionApp_StorageBlobDataOwner" { resourceGroupId = azurerm_resource_group.rg.id } +module "enrichmentApp_StorageBlobDataOwner" { + source = "./core/security/role" + + scope = azurerm_resource_group.rg.id + principalId = module.enrichmentApp.identityPrincipalId + roleDefinitionId = local.azure_roles.StorageBlobDataOwner + principalType = "ServicePrincipal" + subscriptionId = data.azurerm_client_config.current.subscription_id + resourceGroupId = azurerm_resource_group.rg.id +} + +module "fuctionApp_StorageAccountContributor" { + source = "./core/security/role" + + scope = azurerm_resource_group.rg.id + principalId = module.functions.identityPrincipalId + roleDefinitionId = local.azure_roles.StorageAccountContributor + principalType = "ServicePrincipal" + subscriptionId = data.azurerm_client_config.current.subscription_id + resourceGroupId = azurerm_resource_group.rg.id +} + resource "azurerm_cosmosdb_sql_role_assignment" "webApp_cosmosdb_data_contributor" { resource_group_name = azurerm_resource_group.rg.name account_name = module.cosmosdb.name