feat: Add variables for on-demand invoices and report assessment (#62)

src/core/20_appservice.tf

@@ -126,6 +126,13 @@ resource "azurerm_linux_web_app" "app_api" {
     AZUREAD_ADGROUP          = "fat-${var.env_short}-adgroup-"
     STORAGE_CONNECTIONSTRING = "@Microsoft.KeyVault(VaultName=${module.key_vault_app.name};SecretName=RelStorageConnectionString)"
     STORAGE_REL_FOLDER       = "rel"
+
+    STORAGE_DOCUMENTI_CONNECTIONSTRING = "@Microsoft.KeyVault(VaultName=${module.key_vault_app.name};SecretName=DlsStorageConnectionString)"
+    STORAGE_DOCUMENTI_FOLDER           = "reportaccertamenti"
+    SYNAPSE_WORKSPACE_NAME             = azurerm_synapse_workspace.this.name
+    PIPELINE_NAME_SAP                  = "SendJsonToSap",
+    SYNAPSE_SUBSCRIPTIONID             = data.azurerm_client_config.current.subscription_id
+    SYNAPSE_RESOURCEGROUPNAME          = azurerm_synapse_workspace.this.resource_group_name
   }
 
   site_config {
@@ -175,6 +182,12 @@ resource "azurerm_linux_web_app" "app_api" {
   tags = var.tags
 }
 
+resource "azurerm_synapse_role_assignment" "api_synapse_user" {
+  synapse_workspace_id = azurerm_synapse_workspace.this.id
+  role_name            = "Synapse User"
+  principal_id         = azurerm_linux_web_app.app_api.identity[0].principal_id
+}
+
 # vnet integration
 resource "azurerm_app_service_virtual_network_swift_connection" "app_api" {
   app_service_id = azurerm_linux_web_app.app_api.id

src/core/20_storage.tf

@@ -31,6 +31,14 @@ resource "azurerm_storage_container" "dls_synapse" {
   container_access_type = "private"
 }
 
+#tfsec:ignore:azure-keyvault-content-type-for-secret
+#tfsec:ignore:azure-keyvault-ensure-secret-expiry
+resource "azurerm_key_vault_secret" "dls_storage_connection_string" {
+  name         = "DlsStorageConnectionString"
+  value        = module.dls_storage.primary_connection_string
+  key_vault_id = module.key_vault_app.id
+}
+
 #
 # sa storage
 #
@@ -239,4 +247,4 @@ resource "azurerm_private_endpoint" "rel_storage_blob" {
   }
 
   tags = var.tags
-}
+}