generated from Azure/terraform-azurerm-avm-template
-
Notifications
You must be signed in to change notification settings - Fork 10
/
main.locks.tf
68 lines (56 loc) · 4.02 KB
/
main.locks.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
resource "azurerm_management_lock" "this" {
count = var.lock != null ? 1 : 0
lock_level = var.lock.kind
name = coalesce(var.lock.name, "lock-${var.name}")
scope = (var.kind == "functionapp" || var.kind == "webapp") ? (var.kind == "functionapp" ? (var.os_type == "Windows" ? azurerm_windows_function_app.this[0].id : azurerm_linux_function_app.this[0].id) : (var.os_type == "Windows" ? azurerm_windows_web_app.this[0].id : azurerm_linux_web_app.this[0].id)) : null
notes = var.lock.kind == "CanNotDelete" ? "Cannot delete the app service or its child resources." : "Cannot delete or modify the app service or its child resources."
depends_on = [
azurerm_linux_function_app.this,
azurerm_windows_function_app.this,
azurerm_private_endpoint.this,
azurerm_role_assignment.this,
azurerm_monitor_diagnostic_setting.this
]
}
resource "azurerm_management_lock" "pe" {
for_each = { for private_endpoint, pe_values in var.private_endpoints : private_endpoint => pe_values if(((var.all_child_resources_inherit_lock || var.private_endpoints_inherit_lock) && var.lock != null) || (pe_values.lock != null)) }
lock_level = (var.all_child_resources_inherit_lock || var.private_endpoints_inherit_lock) ? var.lock.kind : each.value.lock.kind
name = each.value.lock != null ? each.value.lock.name : (each.value.name != null ? "lock-${each.value.name}" : "lock-pe-${var.name}")
scope = var.private_endpoints_manage_dns_zone_group ? azurerm_private_endpoint.this[each.key].id : azurerm_private_endpoint.this_unmanaged_dns_zone_groups[each.key].id
depends_on = [
azurerm_linux_function_app.this,
azurerm_windows_function_app.this,
azurerm_private_endpoint.this,
azurerm_role_assignment.this,
azurerm_monitor_diagnostic_setting.this
]
}
# Module to no longer support the creation/management of Storage Accounts
# resource "azurerm_management_lock" "storage_account" {
# count = (var.lock != null && (var.all_child_resources_inherit_lock || var.function_app_storage_account_inherit_lock)) || var.function_app_storage_account.lock != null ? 1 : 0
# lock_level = ((var.all_child_resources_inherit_lock || var.function_app_storage_account_inherit_lock) && var.lock != null) ? var.lock.kind : var.function_app_storage_account.lock.kind
# name = coalesce(var.function_app_storage_account.lock.name, "lock-${var.name}")
# scope = var.
# notes = var.function_app_storage_account.lock.kind == "CanNotDelete" ? "Cannot delete the storage account or its child resources." : "Cannot delete or modify the storage account or its child resources."
# depends_on = [
# azurerm_linux_function_app.this,
# azurerm_windows_function_app.this,
# azurerm_private_endpoint.this,
# azurerm_role_assignment.this,
# azurerm_monitor_diagnostic_setting.this
# ]
# }
resource "azurerm_management_lock" "slot" {
for_each = { for slot, slot_values in var.deployment_slots : slot => slot_values if(((var.all_child_resources_inherit_lock || var.deployment_slots_inherit_lock) && var.lock != null) || (slot_values.lock != null)) }
lock_level = ((var.all_child_resources_inherit_lock || var.deployment_slots_inherit_lock) && var.lock != null) ? var.lock.kind : each.value.lock.kind
name = "lock-${coalesce(each.value.name, "slot-${var.name}")}"
scope = (var.kind == "functionapp" || var.kind == "webapp") ? (var.kind == "functionapp" ? (var.os_type == "Windows" ? azurerm_windows_function_app_slot.this[each.key].id : azurerm_linux_function_app_slot.this[each.key].id) : (var.os_type == "Windows" ? azurerm_windows_web_app_slot.this[each.key].id : azurerm_linux_web_app_slot.this[each.key].id)) : null
notes = each.value.lock.kind == "CanNotDelete" ? "Cannot delete the deployment slot or its child resources." : "Cannot delete or modify the deployment slot or its child resources."
depends_on = [
azurerm_linux_function_app.this,
azurerm_windows_function_app.this,
azurerm_private_endpoint.this,
azurerm_role_assignment.this,
azurerm_monitor_diagnostic_setting.this
]
}