lawrencegripper/main.tf

## main.tf
terraform {
  required_providers {
    shell = {
      source  = "scottwinkler/shell"
      version = "1.7.7"
    }
  }
}

resource "azurerm_function_app" "functions" {
  name                       = "${var.function_name}-${var.random_string}-premium"
  location                   = var.resource_group_location
  resource_group_name        = var.resource_group_name
  app_service_plan_id        = var.app_service_plan_id
  version                    = "~3"
  storage_account_name       = var.storage_account_name
  storage_account_access_key = var.storage_account_key
  identity {
    type = "SystemAssigned"
  }

  site_config {
    # Ensure we use all the mem on the box and not only 3.5GB of it!
    use_32_bit_worker_process = false
    pre_warmed_instance_count = 1
  }
  app_settings = merge({

    StorageContainerName     = var.test_storage_container_name
    https_only               = true
    FUNCTIONS_WORKER_RUNTIME = "dotnet"
    HASH                     = base64encode(filesha256(local.func_zip_path))
    WEBSITE_RUN_FROM_PACKAGE = "https://${var.storage_account_name}.blob.core.windows.net/${var.deployment_container_name}/${azurerm_storage_blob.appcode.name}${var.storage_sas}"
    # Route outbound requests over VNET see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options#regional-virtual-network-integration
    WEBSITE_DNS_SERVER     = "168.63.129.16"
    WEBSITE_VNET_ROUTE_ALL = 1
  }, var.app_settings)
}

data "azurerm_subscription" "current" {
}

data "shell_script" "functions_key" {
  lifecycle_commands {
    read = file("${path.module}/readkey.sh")
  }
  environment = {
    FUNC_NAME = azurerm_function_app.functions.name
    RG_NAME   = var.resource_group_name
    SUB_ID    = data.azurerm_subscription.current.subscription_id
  }
  depends_on = [azurerm_function_app.functions]

}

## output.tf
output "function_master_key" {
  # Try is used here to ensure destroy works as expected. On destroy the map will be
  # empty so try instead returns an empty string
  # See: https://www.terraform.io/docs/language/functions/try.html
  value = try(data.shell_script.functions_key.output["masterKey"], "")
}

output "function_hostname" {
  value = azurerm_function_app.functions.default_hostname
}

output "function_name" {
  value = azurerm_function_app.functions.name
}

## readkeys.sh
#!/bin/bash
set -e

# Get a token so we can call the ARM api
TOKEN=$(az account get-access-token -o json | jq -r .accessToken)

# Attempt to list the keys with exponential backoff and do this for 5mins max
# --fail required see https://github.com/curl/curl/issues/6712
curl "https://management.azure.com/subscriptions/$SUB_ID/resourceGroups/$RG_NAME/providers/Microsoft.Web/sites/$FUNC_NAME/host/default/listkeys?api-version=2018-11-01" \
    --compressed -H 'Content-Type: application/json;charset=utf-8' \
    -H "Authorization: Bearer $TOKEN" -d "{}" \
    --retry 8 --retry-max-time 360 --retry-all-errors --fail --silent
	terraform {
	required_providers {
	shell = {
	source = "scottwinkler/shell"
	version = "1.7.7"
	}
	}
	}

	resource "azurerm_function_app" "functions" {
	name = "${var.function_name}-${var.random_string}-premium"
	location = var.resource_group_location
	resource_group_name = var.resource_group_name
	app_service_plan_id = var.app_service_plan_id
	version = "~3"
	storage_account_name = var.storage_account_name
	storage_account_access_key = var.storage_account_key
	identity {
	type = "SystemAssigned"
	}

	site_config {
	# Ensure we use all the mem on the box and not only 3.5GB of it!
	use_32_bit_worker_process = false
	pre_warmed_instance_count = 1
	}
	app_settings = merge({

	StorageContainerName = var.test_storage_container_name
	https_only = true
	FUNCTIONS_WORKER_RUNTIME = "dotnet"
	HASH = base64encode(filesha256(local.func_zip_path))
	WEBSITE_RUN_FROM_PACKAGE = "https://${var.storage_account_name}.blob.core.windows.net/${var.deployment_container_name}/${azurerm_storage_blob.appcode.name}${var.storage_sas}"
	# Route outbound requests over VNET see: https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options#regional-virtual-network-integration
	WEBSITE_DNS_SERVER = "168.63.129.16"
	WEBSITE_VNET_ROUTE_ALL = 1
	}, var.app_settings)
	}

	data "azurerm_subscription" "current" {
	}

	data "shell_script" "functions_key" {
	lifecycle_commands {
	read = file("${path.module}/readkey.sh")
	}
	environment = {
	FUNC_NAME = azurerm_function_app.functions.name
	RG_NAME = var.resource_group_name
	SUB_ID = data.azurerm_subscription.current.subscription_id
	}
	depends_on = [azurerm_function_app.functions]

	}
	output "function_master_key" {
	# Try is used here to ensure destroy works as expected. On destroy the map will be
	# empty so try instead returns an empty string
	# See: https://www.terraform.io/docs/language/functions/try.html
	value = try(data.shell_script.functions_key.output["masterKey"], "")
	}

	output "function_hostname" {
	value = azurerm_function_app.functions.default_hostname
	}

	output "function_name" {
	value = azurerm_function_app.functions.name
	}
	#!/bin/bash
	set -e

	# Get a token so we can call the ARM api
	TOKEN=$(az account get-access-token -o json \| jq -r .accessToken)

	# Attempt to list the keys with exponential backoff and do this for 5mins max
	# --fail required see https://github.com/curl/curl/issues/6712
	curl "https://management.azure.com/subscriptions/$SUB_ID/resourceGroups/$RG_NAME/providers/Microsoft.Web/sites/$FUNC_NAME/host/default/listkeys?api-version=2018-11-01" \
	--compressed -H 'Content-Type: application/json;charset=utf-8' \
	-H "Authorization: Bearer $TOKEN" -d "{}" \
	--retry 8 --retry-max-time 360 --retry-all-errors --fail --silent