Add Azure integration

deployment/terraform/azure/container_app/examples/azure-integration/main.tf

@@ -0,0 +1,107 @@
+variable "port_client_id" {
+  type = string
+}
+variable "port_client_secret" {
+  type = string
+}
+variable "port_base_url" {
+  type = string
+  default = ""
+}
+
+module "ocean_integration" {
+  source       = "../.."
+
+  # required port parameters so that the integration could communicate with Port
+  port = {
+    client_id     = var.port_client_id
+    client_secret = var.port_client_secret
+    base_url = var.port_base_url
+  }
+
+  initialize_port_resources = true
+
+  # required port integration parameters so Port could identify the integration
+  integration = {
+    type       = "azure"
+    identifier = "az1"
+    config     = {
+    }
+  }
+  # optional port integration parameters
+  subscription_id = "/subscriptions/xxxxxx"
+  location = "East US 2"
+
+  image = "ghcr.io/port-labs/port-ocean-azure:v0.1.0rc11"
+
+  permissions = {
+    actions = [
+      "microsoft.app/containerapps/read",
+      "Microsoft.Storage/storageAccounts/read",
+      "Microsoft.ContainerService/managedClusters/read",
+      "Microsoft.Network/loadBalancers/read",
+      "Microsoft.Resources/subscriptions/resourceGroups/read",
+      "Microsoft.Resources/subscriptions/resources/read",
+    ]
+    not_actions = []
+    data_actions = []
+    not_data_actions = []
+  }
+
+  additional_secrets = {
+      OCEAN__INTEGRATION__CONFIG__SUBSCRIPTION_ID = "xxxxxxxxx"
+  }
+  additional_environment_variables = {
+    OCEAN__INTEGRATION__CONFIG__SOME_ENV_VAR = "some-value"
+  }
+}
+
+resource "azurerm_eventgrid_system_topic" "subscription_event_grid_topic" {
+  name                = "subscription-event-grid-topic"
+  resource_group_name = module.ocean_integration.resource_group_name
+  location            = "Global"
+  topic_type = "Microsoft.Resources.Subscriptions"
+  source_arm_resource_id = module.ocean_integration.subscription_id
+}
+
+
+resource "azurerm_eventgrid_system_topic_event_subscription" "subscription_event_grid_topic_subscription" {
+  name                = replace(replace("ocean-${module.ocean_integration.integration.type}-${module.ocean_integration.integration.identifier}-subscription","_", "-"),".","-")
+  resource_group_name = azurerm_eventgrid_system_topic.subscription_event_grid_topic.resource_group_name
+  system_topic   = azurerm_eventgrid_system_topic.subscription_event_grid_topic.name
+
+  included_event_types = [
+    "Microsoft.Resources.ResourceWriteSuccess",
+    "Microsoft.Resources.ResourceWriteFailure",
+    "Microsoft.Resources.ResourceDeleteSuccess",
+    "Microsoft.Resources.ResourceDeleteFailure",
+  ]
+  event_delivery_schema = "CloudEventSchemaV1_0"
+  webhook_endpoint {
+        url = "https://${module.ocean_integration.container_app_latest_fqdn}/integration/events"
+    }
+  advanced_filtering_on_arrays_enabled = true
+  advanced_filter {
+    string_contains {
+      key    = "data.operationName"
+      values = [
+        "microsoft.app/containerapps",
+        "Microsoft.Storage/storageAccounts",
+        "Microsoft.ContainerService/managedClusters",
+        "Microsoft.Network/loadBalancers",
+        "Microsoft.Compute/virtualMachine",
+        "Microsoft.Resources/subscriptions/resourceGroups",
+      ]
+    }
+  }
+  delivery_property {
+    header_name = "Access-Control-Request-Method"
+    type        = "Static"
+    value       = "POST"
+  }
+  delivery_property {
+    header_name = "Origin"
+    type        = "Static"
+    value       = "azure"
+  }
+}

deployment/terraform/azure/container_app/examples/azure-integration/providers.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.68.0"
+    }
+  }
+}
+provider "azurerm" {
+  # The AzureRM Provider supports authenticating using via the Azure CLI, a Managed Identity
+  # and a Service Principal. More information on the authentication methods supported by
+  # the AzureRM Provider can be found here:
+  # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#authenticating-to-azure
+
+  # The features block allows changing the behaviour of the Azure Provider, more
+  # information can be found here:
+  # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/features-block
+  features {}
+}

deployment/terraform/azure/container_app/main.tf

@@ -0,0 +1,36 @@
+locals {
+  prefix = "port-ocean"
+}
+
+resource "azurerm_resource_group" "ocean-rg" {
+  count   = var.resource_group_name != null ? 0 : 1
+  name     = "${local.prefix}-${var.integration.type}-${var.integration.identifier}-rg"
+  location = var.location
+}
+
+module "port_ocean_authorization" {
+  source = "../modules/authorization"
+  location = var.location
+  resource_group_name = var.resource_group_name != null ? var.resource_group_name : azurerm_resource_group.ocean-rg[0].name
+  integration = var.integration
+  permissions = var.permissions
+  subscription_id = var.subscription_id
+}
+
+module "port_ocean_container_app" {
+  source= "./modules/container_app"
+  integration = var.integration
+  port = var.port
+  initialize_port_resources = var.initialize_port_resources
+  location = var.location
+  resource_group_name = var.resource_group_name != null ? var.resource_group_name : azurerm_resource_group.ocean-rg[0].name
+  container_app_environment_id = var.container_app_environment_id
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  image = var.image
+  min_replicas = var.min_replicas
+  max_replicas = var.max_replicas
+  user_assigned_identity_ids = [module.port_ocean_authorization.user_assigned_identity_id]
+  user_assigned_client_id = module.port_ocean_authorization.user_assigned_identity_client_id
+  additional_secrets = var.additional_secrets
+  additional_environment_variables = var.additional_environment_variables
+}

deployment/terraform/azure/container_app/modules/container_app/main.tf

@@ -0,0 +1,110 @@
+locals {
+  prefix = "port-ocean"
+  env = [
+    {
+      name  = upper("OCEAN__INITIALIZE_PORT_RESOURCES"),
+      value = var.initialize_port_resources ? "true" : "false"
+    },
+    {
+      name  = upper("OCEAN__EVENT_LISTENER")
+      value = jsonencode({
+        for key, value in var.event_listener : key => value if value != null
+      })
+    },
+    {
+      name  = upper("OCEAN__INTEGRATION")
+      value = jsonencode(var.integration)
+    }
+  ]
+  port_credentials_secret_name = "ocean-port-credentials"
+}
+
+resource "azurerm_log_analytics_workspace" "ocean-log-analytics" {
+  count   = var.log_analytics_workspace_id != null ? 0 : 1
+  name                = "${local.prefix}-${var.integration.type}-${var.integration.identifier}-law"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  sku                 = "PerGB2018"
+  retention_in_days   = 30
+}
+
+resource "azurerm_container_app_environment" "ocean-container-app-env" {
+  count                  = var.container_app_environment_id != null ? 0 : 1
+  name                   = "${local.prefix}-${var.integration.type}-${var.integration.identifier}-env"
+  location               = var.location
+  resource_group_name    = var.resource_group_name
+  log_analytics_workspace_id = var.log_analytics_workspace_id != null ? var.log_analytics_workspace_id : azurerm_log_analytics_workspace.ocean-log-analytics[0].id
+}
+
+
+resource "azurerm_container_app" "ocean-container-app" {
+  name = "${local.prefix}-${var.integration.type}-${var.integration.identifier}"
+  container_app_environment_id = var.container_app_environment_id != null ? var.container_app_environment_id : azurerm_container_app_environment.ocean-container-app-env[0].id
+  resource_group_name = var.resource_group_name
+  revision_mode = "Single"
+  identity {
+    type = "UserAssigned"
+    identity_ids = var.user_assigned_identity_ids
+  }
+  ingress {
+    external_enabled = var.assign_public_ip
+    target_port = var.container_port
+    traffic_weight {
+      percentage = 100
+      latest_revision = true
+    }
+  }
+  template {
+    min_replicas = 1
+    max_replicas = 1
+    container {
+      name = "${local.prefix}-${var.integration.type}"
+      cpu = var.cpu
+      memory = var.memory
+      image = var.image != null ? var.image : "${var.image_registry}/port-ocean-${var.integration.type}:${var.integration_version}"
+      dynamic "env" {
+        for_each = local.env
+        content {
+          name  = env.value.name
+          value = env.value.value
+        }
+      }
+      dynamic "env" {
+        for_each = var.additional_environment_variables
+        content {
+          name  = env.key
+          value = env.value
+        }
+      }
+      env {
+        name = "AZURE_CLIENT_ID"
+        value = var.user_assigned_client_id
+      }
+      env {
+        name = "OCEAN__PORT"
+        secret_name = local.port_credentials_secret_name
+      }
+      dynamic "env" {
+        for_each = var.additional_secrets
+        content {
+          name        = env.key
+          secret_name = replace("ocean-${lower(env.key)}", "_", "-")
+        }
+      }
+    }
+  }
+  secret {
+    name = local.port_credentials_secret_name
+    value = jsonencode({
+      for key, value in var.port : key => value if value != null
+    })
+  }
+  dynamic "secret" {
+    for_each = var.additional_secrets
+    content {
+      name = replace("ocean-${lower(secret.key)}", "_", "-")
+      value = secret.value
+    }
+  }
+}
+

deployment/terraform/azure/container_app/modules/container_app/outputs.tf

@@ -0,0 +1,11 @@
+output "container_app_latest_fqdn" {
+  value = azurerm_container_app.ocean-container-app.latest_revision_fqdn
+}
+
+output "container_app_outbound_ip_addresses" {
+  value = azurerm_container_app.ocean-container-app.outbound_ip_addresses
+}
+
+output "container_latest_revision_name" {
+  value = azurerm_container_app.ocean-container-app.latest_revision_name
+}