claranet · fdmsantos · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024
@@ -212,7 +212,7 @@ No resources.
 | function\_app\_extra\_tags | Extra tags to add to Function App. | `map(string)` | `{}` | no |
 | function\_app\_name\_prefix | Function App name prefix. | `string` | `""` | no |
 | function\_app\_site\_config | Site config for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/app_service.html#site_config. IP restriction attribute is not managed in this block. | `any` | `{}` | no |
-| function\_app\_sticky\_settings | Lists of connection strings and app settings to prevent from swapping between slots. | <pre>object({<br/>    app_setting_names       = optional(list(string))<br/>    connection_string_names = optional(list(string))<br/>  })</pre> | `null` | no |
+| function\_app\_sticky\_settings | Lists of connection strings and app settings to prevent from swapping between slots. | <pre>object({<br>    app_setting_names       = optional(list(string))<br>    connection_string_names = optional(list(string))<br>  })</pre> | `null` | no |
 | function\_app\_version | Version of the function app runtime to use. | `number` | `3` | no |
 | function\_app\_vnet\_integration\_subnet\_id | ID of the subnet to associate with the Function App (Virtual Network integration). | `string` | `null` | no |
 | https\_only | Whether HTTPS traffic only is enabled. | `bool` | `true` | no |
@@ -222,13 +222,14 @@ No resources.
 | location | Azure location for Function App and related resources. | `string` | n/a | yes |
 | location\_short | Short string for Azure location. | `string` | n/a | yes |
 | logs\_categories | Log categories to send to destinations. | `list(string)` | `null` | no |
-| logs\_destinations\_ids | List of destination resources IDs for logs diagnostic destination.<br/>Can be `Storage Account`, `Log Analytics Workspace` and `Event Hub`. No more than one of each can be set.<br/>If you want to use Azure EventHub as destination, you must provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the <code>&#124;</code> character. | `list(string)` | n/a | yes |
+| logs\_destinations\_ids | List of destination resources IDs for logs diagnostic destination.<br>Can be `Storage Account`, `Log Analytics Workspace` and `Event Hub`. No more than one of each can be set.<br>If you want to use Azure EventHub as destination, you must provide a formatted string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the <code>&#124;</code> character. | `list(string)` | n/a | yes |
 | logs\_metrics\_categories | Metrics categories to send to destinations. | `list(string)` | `null` | no |
 | maximum\_elastic\_worker\_count | Maximum number of workers to use in an Elastic SKU Plan. Cannot be set unless using an Elastic SKU. | `number` | `null` | no |
 | name\_prefix | Optional prefix for the generated name. | `string` | `""` | no |
 | name\_suffix | Optional suffix for the generated name. | `string` | `""` | no |
 | os\_type | OS type for the Functions to be hosted in the Service Plan. Possible values include `Windows`, `Linux`, and `WindowsContainer`. | `string` | n/a | yes |
 | per\_site\_scaling\_enabled | Should per site scaling be enabled on the Service Plan. | `bool` | `false` | no |
+| public\_network\_access\_enabled | Whether enable public access for the App Service. | `bool` | `false` | no |
 | resource\_group\_name | Resource group name. | `string` | n/a | yes |
 | scm\_authorized\_ips | SCM IPs restriction for Function App. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | `list(string)` | `[]` | no |
 | scm\_authorized\_service\_tags | SCM Service Tags restriction for Function App. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#scm_ip_restriction | `list(string)` | `[]` | no |
@@ -252,7 +253,7 @@ No resources.
 | storage\_account\_kind | Storage Account Kind. | `string` | `"StorageV2"` | no |
 | storage\_account\_min\_tls\_version | Storage Account minimal TLS version. | `string` | `"TLS1_2"` | no |
 | storage\_account\_name\_prefix | Storage Account name prefix. | `string` | `""` | no |
-| storage\_account\_network\_bypass | Whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. | `list(string)` | <pre>[<br/>  "Logging",<br/>  "Metrics",<br/>  "AzureServices"<br/>]</pre> | no |
+| storage\_account\_network\_bypass | Whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. | `list(string)` | <pre>[<br>  "Logging",<br>  "Metrics",<br>  "AzureServices"<br>]</pre> | no |
 | storage\_account\_network\_rules\_enabled | Whether to enable Storage Account network default rules for functions. | `bool` | `true` | no |
 | storage\_uses\_managed\_identity | Whether the Function App use Managed Identity to access the Storage Account. **Caution** This disable the storage keys on the Storage Account if created within the module. | `bool` | `false` | no |
 | use\_caf\_naming | Use the Azure CAF naming provider to generate default resource name. `custom_name` override this if set. Legacy default name is used if this is set to `false`. | `bool` | `true` | no |

@@ -59,6 +59,7 @@ module "linux_function" {
   identity_type = var.identity_type
   identity_ids  = var.identity_ids
 
+  public_network_access_enabled           = var.public_network_access_enabled
   authorized_ips                          = var.authorized_ips
   authorized_service_tags                 = var.authorized_service_tags
   authorized_subnet_ids                   = var.authorized_subnet_ids
@@ -175,6 +176,7 @@ module "windows_function" {
   identity_type = var.identity_type
   identity_ids  = var.identity_ids
 
+  public_network_access_enabled           = var.public_network_access_enabled
   authorized_ips                          = var.authorized_ips
   authorized_service_tags                 = var.authorized_service_tags
   authorized_subnet_ids                   = var.authorized_subnet_ids

@@ -164,6 +164,7 @@ module "function_app_linux" {
 | application\_zip\_package\_path | Local or remote path of a zip package to deploy on the Function App. | `string` | `null` | no |
 | auth\_settings\_v2 | Authentication settings V2. See https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app#auth_settings_v2 | `any` | `{}` | no |
 | authorized\_ips | IPs restriction for Function in CIDR format. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#ip_restriction | `list(string)` | `[]` | no |
+| public\_network\_access\_enabled | Whether enable public access for the App Service. | `bool` | `false` | no |
 | authorized\_service\_tags | Service Tags restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | `list(string)` | `[]` | no |
 | authorized\_subnet\_ids | Subnets restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | `list(string)` | `[]` | no |
 | builtin\_logging\_enabled | Whether built-in logging is enabled. | `bool` | `true` | no |

@@ -18,7 +18,8 @@ resource "azurerm_linux_function_app" "linux_function" {
 
   functions_extension_version = "~${var.function_app_version}"
 
-  virtual_network_subnet_id = var.function_app_vnet_integration_subnet_id
+  public_network_access_enabled = var.public_network_access_enabled
+  virtual_network_subnet_id     = var.function_app_vnet_integration_subnet_id
 
   app_settings = merge(
     local.default_application_settings,

@@ -69,6 +69,12 @@ variable "authorized_ips" {
   default     = []
 }
 
+variable "public_network_access_enabled" {
+  description = "Whether enable public access for the Function App."
+  type        = bool
+  default     = true
+}
+
 variable "authorized_subnet_ids" {
   description = "Subnets restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction"
   type        = list(string)

@@ -157,6 +157,7 @@ module "function_app_windows" {
 | application\_zip\_package\_path | Local or remote path of a zip package to deploy on the Function App. | `string` | `null` | no |
 | auth\_settings\_v2 | Authentication settings V2. See https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app#auth_settings_v2 | `any` | `{}` | no |
 | authorized\_ips | IPs restriction for Function in CIDR format. See documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#ip_restriction | `list(string)` | `[]` | no |
+| public\_network\_access\_enabled | Whether enable public access for the App Service. | `bool` | `false` | no |
 | authorized\_service\_tags | Service Tags restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | `list(string)` | `[]` | no |
 | authorized\_subnet\_ids | Subnets restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction | `list(string)` | `[]` | no |
 | builtin\_logging\_enabled | Whether built-in logging is enabled. | `bool` | `true` | no |

@@ -18,7 +18,8 @@ resource "azurerm_windows_function_app" "windows_function" {
 
   functions_extension_version = "~${var.function_app_version}"
 
-  virtual_network_subnet_id = var.function_app_vnet_integration_subnet_id
+  public_network_access_enabled = var.public_network_access_enabled
+  virtual_network_subnet_id     = var.function_app_vnet_integration_subnet_id
 
   app_settings = merge(
     local.default_application_settings,

@@ -69,6 +69,12 @@ variable "authorized_ips" {
   default     = []
 }
 
+variable "public_network_access_enabled" {
+  description = "Whether enable public access for the Function App."
+  type        = bool
+  default     = true
+}
+
 variable "authorized_subnet_ids" {
   description = "Subnets restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction"
   type        = list(string)

@@ -64,6 +64,12 @@ variable "authorized_ips" {
   default     = []
 }
 
+variable "public_network_access_enabled" {
+  description = "Whether enable public access for the Function App."
+  type        = bool
+  default     = true
+}
+
 variable "authorized_subnet_ids" {
   description = "Subnets restriction for Function App. See documentation https://www.terraform.io/docs/providers/azurerm/r/function_app.html#ip_restriction"
   type        = list(string)