param subscriptionId string
param functionAppName string
param location string
param hostingPlanName string
param serverFarmResourceGroup string
param storageAccountName string
param appInsightsName string
param solutionShortName string 
param environment string 
param linuxFxVersion string
param networkingResourceGroup string
param vnetName string
param egressSubnet string
param resourceTags object
param azfuncpepName string

output appServicePrincipalId string = azureFnName.identity.principalId

resource azureFnName 'Microsoft.Web/sites@2018-11-01' = {
  name: functionAppName
  kind: 'functionapp,linux,container'
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  tags: union(resourceTags, {
    'hidden-link: /app-insights-resource-id': '/subscriptions/${subscriptionId}/resourceGroups/${serverFarmResourceGroup}/providers/Microsoft.Insights/components/${appInsightsName}'
  })
  properties: {
    siteConfig: {
      appSettings: [
        {
          name: 'FUNCTIONS_EXTENSION_VERSION'
          value: '~4'
        }
        {
          name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE'
          value: 'false'
        }
        {
          name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
          value: reference('microsoft.insights/components/${appInsightsName}', '2015-05-01').InstrumentationKey
        }
        {
          name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
          value: reference('microsoft.insights/components/${appInsightsName}', '2015-05-01').ConnectionString
        }
        {
          name: 'AzureWebJobsStorage'
          value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};AccountKey=${listKeys(resourceId('${subscriptionId}', '${serverFarmResourceGroup}', 'Microsoft.Storage/storageAccounts', storageAccountName), '2019-06-01').keys[0].value};EndpointSuffix=core.windows.net'
        }
      ]
      cors: {
        allowedOrigins: [
          'https://portal.azure.com'
        ]
      }
      use32BitWorkerProcess: false
      ftpsState: 'Disabled'
      linuxFxVersion: linuxFxVersion
      acrUseManagedIdentityCreds: true
      alwaysOn: true
      vnetRouteAllEnabled: true
    }
    serverFarmId: '/subscriptions/${subscriptionId}/resourcegroups/${serverFarmResourceGroup}/providers/Microsoft.Web/serverfarms/${hostingPlanName}'
    clientAffinityEnabled: false
    virtualNetworkSubnetId: '/subscriptions/${subscriptionId}/resourceGroups/${networkingResourceGroup}/providers/Microsoft.Network/virtualNetworks/${vnetName}/subnets/${egressSubnet}'
    httpsOnly: true
    publicNetworkAccess: 'Disabled'
    vnetImagePullEnabled: true
  }
  dependsOn: []
}

resource em_pe_func_temp 'Microsoft.Network/privateEndpoints@2021-02-01' = {
  name: azfuncpepName
  location: location
  tags: resourceTags
  properties: {
    subnet: {
      id: '/subscriptions/${subscriptionId}/resourceGroups/${networkingResourceGroup}/providers/Microsoft.Network/virtualNetworks/${vnetName}/subnets/commercialopstools-snet-pe-npr'
    }
    privateLinkServiceConnections: [
      {
        name: azfuncpepName
        properties: {
          privateLinkServiceId: azureFnName.id
          groupIds: [
            'sites'
          ]
        }
      }
    ]
  }
}

module functionapp_privateEndpoint_recordSetA 'PrivateEndpoint_DnsZoneGroup.bicep' = {
  name: '${functionAppName}-pe-recordSetA'
  params: {
    solutionShortName: solutionShortName
    environment: environment
    privateEndpointName: azfuncpepName
    privateDnsZoneName: 'privatelink.azurewebsites.net'
  }
  dependsOn: [
    azureFnName
    em_pe_func_temp
  ]
}