massdriver-cloud · coryodaniel · Apr 13, 2026 · Apr 13, 2026 · Apr 13, 2026 · Apr 13, 2026
diff --git a/artifact-definitions/azure-function-app/massdriver.yaml b/artifact-definitions/azure-function-app/massdriver.yaml
@@ -0,0 +1,53 @@
+name: azure-function-app
+label: Azure Function App
+icon: https://raw.githubusercontent.com/massdriver-cloud/icons/main/public/azure/function-apps.svg
+
+schema:
+  title: Azure Function App
+  description: Azure Function App with hosting plan and supporting infrastructure
+  type: object
+  required:
+    - id
+    - name
+    - resource_group_name
+    - location
+    - default_hostname
+  properties:
+    id:
+      title: ID
+      description: Azure resource ID of the Function App
+      type: string
+    name:
+      title: Name
+      description: Name of the Function App
+      type: string
+    resource_group_name:
+      title: Resource Group Name
+      description: Azure resource group containing the Function App
+      type: string
+    location:
+      title: Location
+      description: Azure region where the Function App is deployed
+      type: string
+    default_hostname:
+      title: Default Hostname
+      description: Default HTTPS hostname of the Function App
+      type: string
+    storage_account_name:
+      title: Storage Account Name
+      description: Name of the storage account backing the Function App
+      type: string
+    app_insights_instrumentation_key:
+      title: App Insights Instrumentation Key
+      description: Application Insights instrumentation key for telemetry
+      type: string
+      $md.sensitive: true
+    app_insights_connection_string:
+      title: App Insights Connection String
+      description: Application Insights connection string (preferred over instrumentation key)
+      type: string
+      $md.sensitive: true
+    principal_id:
+      title: Managed Identity Principal ID
+      description: Object ID of the system-assigned managed identity — use this to grant the Function App access to other Azure resources (Key Vault, Storage, SQL, etc.) via IAM role assignments
+      type: string
diff --git a/artifact-definitions/azure-virtual-network/massdriver.yaml b/artifact-definitions/azure-virtual-network/massdriver.yaml
@@ -0,0 +1,57 @@
+name: azure-virtual-network
+label: Azure Virtual Network
+icon: https://raw.githubusercontent.com/massdriver-cloud/icons/main/public/azure/virtual-networks.svg
+
+ui:
+  environmentDefaultGroup: networks
+
+schema:
+  title: Azure Virtual Network
+  description: Azure Virtual Network with subnet configuration
+  type: object
+  required:
+    - id
+    - resource_group_name
+    - location
+    - cidr
+    - subnets
+  properties:
+    id:
+      title: ID
+      description: Azure resource ID of the virtual network
+      type: string
+    resource_group_name:
+      title: Resource Group Name
+      description: Azure resource group containing the virtual network
+      type: string
+    location:
+      title: Location
+      description: Azure region where the virtual network is deployed
+      type: string
+    cidr:
+      title: CIDR
+      description: Address space in CIDR notation
+      type: string
+    subnets:
+      title: Subnets
+      description: Subnet allocations within the virtual network
+      type: array
+      items:
+        type: object
+        required:
+          - id
+          - name
+          - cidr
+        properties:
+          id:
+            title: ID
+            description: Azure resource ID of the subnet
+            type: string
+          name:
+            title: Name
+            description: Subnet name
+            type: string
+          cidr:
+            title: CIDR
+            description: Subnet address range
+            type: string
diff --git a/artifact-definitions/azure-virtual-wan/massdriver.yaml b/artifact-definitions/azure-virtual-wan/massdriver.yaml
@@ -0,0 +1,39 @@
+name: azure-virtual-wan
+label: Azure Virtual WAN
+icon: https://raw.githubusercontent.com/massdriver-cloud/icons/main/public/azure/virtual-wans.svg
+
+schema:
+  title: Azure Virtual WAN
+  description: Azure Virtual WAN with virtual hub configuration
+  type: object
+  required:
+    - id
+    - resource_group_name
+    - location
+    - virtual_hub_id
+    - virtual_hub_address_prefix
+  properties:
+    id:
+      title: ID
+      description: Azure resource ID of the Virtual WAN
+      type: string
+    resource_group_name:
+      title: Resource Group Name
+      description: Azure resource group containing the Virtual WAN
+      type: string
+    location:
+      title: Location
+      description: Azure region where the Virtual WAN is deployed
+      type: string
+    virtual_hub_id:
+      title: Virtual Hub ID
+      description: Azure resource ID of the Virtual Hub
+      type: string
+    virtual_hub_address_prefix:
+      title: Virtual Hub Address Prefix
+      description: Address prefix of the Virtual Hub
+      type: string
+    vpn_gateway_id:
+      title: VPN Gateway ID
+      description: Azure resource ID of the VPN Gateway (if provisioned)
+      type: string
diff --git a/bundles/azure-function-app/icon.svg b/bundles/azure-function-app/icon.svg
diff --git a/bundles/azure-function-app/massdriver.yaml b/bundles/azure-function-app/massdriver.yaml
@@ -0,0 +1,233 @@
+name: azure-function-app
+description: "Azure Function App with embedded App Service Plan, Storage Account, Application Insights, private endpoints, and backup via Recovery Services Vault."
+source_url: https://github.com/massdriver-cloud/massdriver-catalog/tree/main/bundles/azure-function-app
+version: 0.4.1
+
+params:
+  required:
+    - location
+    - runtime
+    - sku
+  properties:
+    location:
+      type: string
+      title: Azure Region
+      description: Azure region where the Function App will be deployed.
+      $md.immutable: true
+      enum:
+        - eastus
+        - eastus2
+        - westus
+        - westus2
+        - westus3
+        - centralus
+        - northcentralus
+        - southcentralus
+        - westcentralus
+        - northeurope
+        - westeurope
+        - uksouth
+        - ukwest
+        - australiaeast
+        - australiasoutheast
+        - southeastasia
+        - eastasia
+        - japaneast
+        - japanwest
+        - southindia
+        - centralindia
+        - westindia
+        - canadacentral
+        - canadaeast
+        - brazilsouth
+    runtime:
+      type: object
+      title: Runtime
+      description: Language runtime and version for the Function App.
+      required:
+        - name
+        - version
+      properties:
+        name:
+          type: string
+          title: Language
+          $md.immutable: true
+          enum:
+            - dotnet-isolated
+            - node
+            - python
+            - java
+          default: python
+        version:
+          type: string
+          title: Version
+          description: Runtime version (e.g. 3.11 for Python, 18 for Node).
+          default: "3.11"
+    sku:
+      type: object
+      title: Hosting Plan
+      description: App Service Plan SKU controlling scale and capabilities.
+      required:
+        - tier
+        - size
+      properties:
+        tier:
+          type: string
+          title: Tier
+          enum:
+            - ElasticPremium
+            - PremiumV3
+            - Standard
+          default: ElasticPremium
+        size:
+          type: string
+          title: Size
+          description: "ElasticPremium: EP1/EP2/EP3. PremiumV3: P1v3/P2v3/P3v3. Standard: S1/S2/S3."
+          enum:
+            - EP1
+            - EP2
+            - EP3
+            - P1v3
+            - P2v3
+            - P3v3
+            - S1
+            - S2
+            - S3
+          default: EP1
+    storage:
+      type: object
+      title: Storage Account
+      description: Configuration for the backing storage account.
+      properties:
+        replication_type:
+          type: string
+          title: Replication Type
+          description: "LRS: locally redundant. ZRS: zone redundant. GRS: geo-redundant."
+          enum:
+            - LRS
+            - ZRS
+            - GRS
+            - RAGRS
+          default: ZRS
+        enable_https_only:
+          type: boolean
+          title: HTTPS Only
+          description: Enforce HTTPS-only access to the storage account.
+          default: true
+    private_endpoints:
+      type: object
+      title: Private Endpoints
+      description: Deploy private endpoints to lock down Function App and Storage from public internet.
+      properties:
+        enable_function_app:
+          type: boolean
+          title: Function App Private Endpoint
+          description: Place the Function App behind a private endpoint on the connected VNet.
+          default: false
+        enable_storage:
+          type: boolean
+          title: Storage Account Private Endpoint
+          description: Place the Storage Account behind private endpoints (blob + file + queue + table).
+          default: false
+        subnet_name:
+          type: string
+          title: Subnet
+          description: Subnet from the connected VNet to use for private endpoints.
+          default: "private-endpoints"
+          $md.enum:
+            connection: azure_virtual_network
+            options: .subnets
+            value: .name
+            label: '"\(.name) — \(.cidr)"'
+    backup:
+      type: object
+      title: Backup
+      description: Recovery Services Vault backup for the Function App (filesystem snapshots).
+      properties:
+        enable:
+          type: boolean
+          title: Enable Backup
+          description: Create a Recovery Services Vault and configure daily backup for the Function App.
+          default: false
+        retention_days:
+          type: integer
+          title: Retention Days
+          description: Number of days to retain daily backups (7–730).
+          default: 30
+          minimum: 7
+          maximum: 730
+
+  examples:
+    - __name: Development
+      location: eastus
+      runtime:
+        name: python
+        version: "3.11"
+      sku:
+        tier: ElasticPremium
+        size: EP1
+      storage:
+        replication_type: ZRS
+        enable_https_only: true
+      private_endpoints:
+        enable_function_app: false
+        enable_storage: false
+        subnet_name: "private-endpoints"
+      backup:
+        enable: false
+        retention_days: 30
+    - __name: Production
+      location: eastus
+      runtime:
+        name: python
+        version: "3.11"
+      sku:
+        tier: ElasticPremium
+        size: EP2
+      storage:
+        replication_type: ZRS
+        enable_https_only: true
+      private_endpoints:
+        enable_function_app: true
+        enable_storage: true
+        subnet_name: "private-endpoints"
+      backup:
+        enable: true
+        retention_days: 90
+
+connections:
+  required:
+    - azure_service_principal
+    - azure_virtual_network
+  properties:
+    azure_service_principal:
+      $ref: acd/azure-service-principal
+      title: Azure Service Principal
+    azure_virtual_network:
+      $ref: acd/azure-virtual-network
+      title: Azure Virtual Network
+
+artifacts:
+  required:
+    - azure_function_app
+  properties:
+    azure_function_app:
+      $ref: acd/azure-function-app
+      title: Azure Function App
+
+steps:
+  - path: src
+    provisioner: opentofu:1.10
+    config:
+      checkov:
+        halt_on_failure: '.params.md_metadata.default_tags["md-target"] | test("prd|prod|production")'
+
+ui:
+  ui:order:
+    - location
+    - runtime
+    - sku
+    - storage
+    - private_endpoints
+    - backup
+    - "*"