Support for exposing Function App publishing profile as a resource/data source attribute

jake-scott commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Azure Function Apps have a publishing profile, an XML document that can be used by clients to publish code in a manner appropriate for a given configuration. For example, the GitHub publishing action, https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-github-actions.

This feature would expose the publishing profile as an additional attribute of Function Apps, Function App slots, and the associated data source.

New or Affected Resource(s)

Resources:

azurerm_function_app
azurerm_function_app_slot

Data sources:

azurerm_function_app

Potential Terraform Configuration

resource "github_actions_secret" "publish_profile" {
  repository       = "foo"
  secret_name      = "AZURE_FUNCTIONAPP_PUBLISH_PROFILE"
  plaintext_value  = azurerm_function_app.fooapp.publishing_profile
}

References

0000

salimkapadia commented 3 years ago

@jake-scott I believe you were going to make a new PR for this. Please let me know if i can help. Thanks.

ThomasZeman commented 3 years ago

Has this ever been done? I cannot find anything in the docs about it.

ctooley21 commented 3 years ago

Looking for the same thing but for azurerm_app_service. should I create a separate issue?

ctooley21 commented 3 years ago

For those of you automating deployments via GitHub actions, I was able to accomplish what I needed via

    - name: Azure Login
      uses: azure/login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    - name: Get Publish Profile
      run: |
        echo "::set-output name=PUBLISH_PROFILE::$(az webapp deployment list-publishing-profiles -g 'resource-group-name' -n 'app-service-name' --xml)"
      id: getPublishProfile

and using the value

    - name: 'Deploy to Azure WebApp'
      uses: azure/webapps-deploy@v2
      with:
        app-name: ${{ env.AZURE_WEBAPP_NAME }}
        publish-profile: ${{ steps.getPublishProfile.outputs.PUBLISH_PROFILE }}
        package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}

khushroomistry commented 2 years ago

@ctooley21 what does azure credentials look like? As in the structure of the object?

I have answered it myself :)

{ "clientId": "", "clientSecret": "", "subscriptionId": "", "tenantId": "" }

Satak commented 2 years ago

Any comment for this? What is the status? There seems to be site_credential exposed from function app resource but not the whole profile. Is the workaround currently so that users must construct their own XML from site_credential data?

phill-lewis commented 1 year ago

Hey jake - any update on this? Like others I've got function app devs who want to deploy with publish profiles and I want to get the publish profile of the function app through terraform and add it to the GitHub secret securely.

nibblesnbits commented 10 months ago

Wondering about this as well. It would be super helpful.

Pigstah commented 6 months ago

I'm bumping this for 2024 - I'm at the stage were having access to the publish profiles within Terraform would be super useful!

tcharetteacerta commented 5 months ago

Just stumbled upon this, was looking to get the publish profile from the azure function terraform obj and couldn't.

ppokrovskii commented 5 months ago

isn't site_credential attribute of a function in terraform the same as publishing profile? https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app.html#site_credential

ppokrovskii commented 5 months ago

my workaround is to output a script that can output a publishing profile :) :

# Output Function App publish profile
output "GET_PUBLISHING_PROFILE_SCRIPT" {
    value = "az functionapp deployment list-publishing-profiles --name ${azurerm_function_app.example.name} --resource-group ${azurerm_resource_group.rg.name} --xml"
    description = "Run this command in your shell to retrieve the Azure Function App's publishing profile."
}

Andre-East commented 4 months ago

my workaround is to output a script that can output a publishing profile :) :

# Output Function App publish profile
output "GET_PUBLISHING_PROFILE_SCRIPT" {
    value = "az functionapp deployment list-publishing-profiles --name ${azurerm_function_app.example.name} --resource-group ${azurerm_resource_group.rg.name} --xml"
    description = "Run this command in your shell to retrieve the Azure Function App's publishing profile."
}

@ppokrovskii Would the value be passible to GitHub actions secret ? Looking for a way to generate this an a secrete to a github repo

ppokrovskii commented 4 months ago

my workaround is to output a script that can output a publishing profile :) :
# Output Function App publish profile
output "GET_PUBLISHING_PROFILE_SCRIPT" {
    value = "az functionapp deployment list-publishing-profiles --name ${azurerm_function_app.example.name} --resource-group ${azurerm_resource_group.rg.name} --xml"
    description = "Run this command in your shell to retrieve the Azure Function App's publishing profile."
}
@ppokrovskii Would the value be passible to GitHub actions secret ? Looking for a way to generate this an a secrete to a github repo

that's a good idea actually. I think you can leverage the github_provider terraform provider and particulary github_actions_secret

hashicorp / terraform-provider-azurerm