From 7752e320d64bd735386ca346735eccd76c7b7d94 Mon Sep 17 00:00:00 2001
From: patrickmoore-nc <94625903+patrickmoore-nc@users.noreply.github.com>
Date: Mon, 27 Oct 2025 11:56:00 +0000
Subject: [PATCH] feat: Prepare Application Gateway for APIM change to External
 mode for Front Door migration

---
 .../modules/application-gateway/main.tf       | 58 +++++++++++++++++++
 .../modules/application-gateway/variables.tf  | 25 ++++++++
 .../modules/shared-config/output.tf           | 58 +++----------------
 3 files changed, 91 insertions(+), 50 deletions(-)

diff --git a/infrastructure/modules/application-gateway/main.tf b/infrastructure/modules/application-gateway/main.tf
index fb4e805d..292edd6b 100644
--- a/infrastructure/modules/application-gateway/main.tf
+++ b/infrastructure/modules/application-gateway/main.tf
@@ -158,6 +158,64 @@ resource "azurerm_application_gateway" "this" {
       backend_address_pool_name  = var.names.backend_address_pool_name[request_routing_rule.value.backend_address_pool_key]
       backend_http_settings_name = var.names.backend_http_settings_name[request_routing_rule.value.backend_http_settings_key]
       priority                   = request_routing_rule.value.priority
+      rewrite_rule_set_name      = try(var.names.rewrite_rule_set_name[request_routing_rule.value.rewrite_rule_set_key], null)
+    }
+  }
+
+  dynamic "rewrite_rule_set" {
+    for_each = var.rewrite_rule_set
+
+    content {
+      name = var.names.rewrite_rule_set_name[rewrite_rule_set.key]
+
+      dynamic "rewrite_rule" {
+        for_each = rewrite_rule_set.value.rewrite_rule
+
+        content {
+          name          = rewrite_rule.key
+          rule_sequence = rewrite_rule.value.rule_sequence
+
+          dynamic "condition" {
+            for_each = coalesce(rewrite_rule.value.condition, {})
+
+            content {
+              variable    = condition.value.variable
+              pattern     = condition.value.pattern
+              ignore_case = condition.value.ignore_case
+              negate      = condition.value.negate
+            }
+          }
+
+          dynamic "response_header_configuration" {
+            for_each = coalesce(rewrite_rule.value.response_header_configuration, {})
+
+            content {
+              header_name  = response_header_configuration.key
+              header_value = response_header_configuration.value
+            }
+          }
+
+          dynamic "request_header_configuration" {
+            for_each = coalesce(rewrite_rule.value.request_header_configuration, {})
+
+            content {
+              header_name  = request_header_configuration.key
+              header_value = request_header_configuration.value
+            }
+          }
+
+          dynamic "url" {
+            for_each = rewrite_rule.value.url != null ? [1] : []
+
+            content {
+              path         = rewrite_rule.value.url.path
+              query_string = rewrite_rule.value.url.query_string
+              components   = rewrite_rule.value.url.components
+              reroute      = rewrite_rule.value.url.reroute
+            }
+          }
+        }
+      }
     }
   }
 
diff --git a/infrastructure/modules/application-gateway/variables.tf b/infrastructure/modules/application-gateway/variables.tf
index a43c2334..acf74451 100644
--- a/infrastructure/modules/application-gateway/variables.tf
+++ b/infrastructure/modules/application-gateway/variables.tf
@@ -115,6 +115,7 @@ variable "request_routing_rule" {
     backend_http_settings_key = string
     http_listener_key         = string
     priority                  = number
+    rewrite_rule_set_key      = optional(string)
     rule_type                 = string
   }))
 }
@@ -124,6 +125,30 @@ variable "resource_group_name" {
   description = "The name of the resource group in which to create the Application Gateway. Changing this forces a new resource to be created."
 }
 
+variable "rewrite_rule_set" {
+  description = "A map of request rewrite rules for the Application Gateway. The key name will be used to retrieve the name from var.names."
+  type = map(object({
+    rewrite_rule = optional(map(object({
+      rule_sequence = number
+      condition = optional(map(object({
+        ignore_case = optional(bool)
+        negate      = optional(bool)
+        pattern     = string
+        variable    = string
+      })))
+      request_header_configuration  = optional(map(string))
+      response_header_configuration = optional(map(string))
+      url = optional(object({
+        components   = optional(string)
+        path         = optional(string)
+        query_string = optional(string)
+        reroute      = optional(bool)
+      }))
+    })))
+  }))
+  default = {}
+}
+
 variable "sku" {
   type        = string
   description = "The SKU of the Application Gateway (Basic, Standard_v2, or WAF_v2)."
diff --git a/infrastructure/modules/shared-config/output.tf b/infrastructure/modules/shared-config/output.tf
index 57aa9594..024ff766 100644
--- a/infrastructure/modules/shared-config/output.tf
+++ b/infrastructure/modules/shared-config/output.tf
@@ -20,75 +20,33 @@ locals {
       probe_name = {
         apim_gateway   = lower("apim-gateway-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_portal    = lower("apim-portal-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_dev = lower("cohman-www-dev-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_nft = lower("cohman-www-nft-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_int = lower("cohman-www-int-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_pre = lower("cohman-www-pre-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_prd = lower("cohman-www-prd-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_dev = lower("parman-www-dev-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_nft = lower("parman-www-nft-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_int = lower("parman-www-int-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_pre = lower("parman-www-pre-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_prd = lower("parman-www-prd-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
+        migration_test = lower("migration-test-probe-${var.env}-${var.location_map[var.location]}-${var.application}")
       }
       backend_address_pool_name = {
         apim_gateway   = lower("apim-gateway-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_portal    = lower("apim-portal-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_dev = lower("cohman-www-dev-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_nft = lower("cohman-www-nft-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_int = lower("cohman-www-int-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_pre = lower("cohman-www-pre-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_prd = lower("cohman-www-prd-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_dev = lower("parman-www-dev-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_nft = lower("parman-www-nft-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_int = lower("parman-www-int-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_pre = lower("parman-www-pre-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_prd = lower("parman-www-prd-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
+        migration_test = lower("migration-test-beap-${var.env}-${var.location_map[var.location]}-${var.application}")
       }
       backend_http_settings_name = {
         apim_shared    = lower("apim-shared-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_gateway   = lower("apim-gateway-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_portal    = lower("apim-portal-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_dev = lower("cohman-www-dev-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_nft = lower("cohman-www-nft-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_int = lower("cohman-www-int-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_pre = lower("cohman-www-pre-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_prd = lower("cohman-www-prd-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_dev = lower("parman-www-dev-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_nft = lower("parman-www-nft-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_int = lower("parman-www-int-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_pre = lower("parman-www-pre-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_prd = lower("parman-www-prd-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
+        migration_test = lower("migration-test-htst-${var.env}-${var.location_map[var.location]}-${var.application}")
       }
       http_listener_name = {
         apim_gateway_public   = lower("apim-gateway-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_gateway_private  = lower("apim-gateway-priv-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_portal_private   = lower("apim-portal-priv-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_dev_public = lower("cohman-www-dev-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_nft_public = lower("cohman-www-nft-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_int_public = lower("cohman-www-int-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_pre_public = lower("cohman-www-pre-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_prd_public = lower("cohman-www-prd-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_dev_public = lower("parman-www-dev-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_nft_public = lower("parman-www-nft-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_int_public = lower("parman-www-int-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_pre_public = lower("parman-www-pre-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_prd_public = lower("parman-www-prd-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
+        migration_test_public = lower("migration-test-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
+      }
+      rewrite_rule_set_name = {
+        migration_test = lower("migration-test-rwrs-${var.env}-${var.location_map[var.location]}-${var.application}")
       }
       rule_name = {
         apim_gateway_public   = lower("apim-gateway-pub-rule-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_gateway_private  = lower("apim-gateway-priv-rule-${var.env}-${var.location_map[var.location]}-${var.application}")
         apim_portal_private   = lower("apim-portal-priv-rule-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_dev_public = lower("cohman-www-dev-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_nft_public = lower("cohman-www-nft-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_int_public = lower("cohman-www-int-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_pre_public = lower("cohman-www-pre-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        cohman_www_prd_public = lower("cohman-www-prd-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_dev_public = lower("parman-www-dev-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_nft_public = lower("parman-www-nft-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_int_public = lower("parman-www-int-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_pre_public = lower("parman-www-pre-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
-        parman_www_prd_public = lower("parman-www-prd-pub-listener-${var.env}-${var.location_map[var.location]}-${var.application}")
+        migration_test_public = lower("migration-test-pub-rule-${var.env}-${var.location_map[var.location]}-${var.application}")
       }
     }