Skip to content

IPAM Azure Function App

IP Address Management (IPAM) system for Azure network block allocation to MCP tools with stateful inventory management, optimistic concurrency control, and Terraform gap handling.

Current State

  • Architecture: System design documented in Architecture.md; API contracts in openapi/openapi.json
  • Implementation Status: Core functions implemented (Manager and Vendor)
  • ✅ Manager Function: Timer-triggered Sync/Reap/Anchor operations
  • ✅ Vendor Function: HTTP API for network allocation
  • ✅ Shared Modules: Table Storage, Resource Graph, Network Math, Configuration, Logging
  • ✅ Test Suite: Pester tests with Azurite for local testing
  • Local Development: Azurite setup, test fixtures, and seeding scripts available

Quick Start

Local Development

  1. Start Azurite (Azure Storage emulator):
.\scripts\Start-Azurite.ps1
  1. Seed test data (optional):
.\scripts\Seed-TestData.ps1
  1. Start Azure Functions:
func start
  1. Run tests: 
    Invoke-Pester

Note: Tests automatically start/stop the Function App via FunctionTestHarness.psm1. Functions are tested by calling their HTTP endpoints, not by invoking scripts directly. See docs/Testing.md for details.

See docs/LocalDevelopment.md for detailed local development setup.

Functions

Manager (Timer Trigger)

Maintains network inventory by:

  • Sync: Reconciles state from Azure Resource Graph to Table Storage
  • Reap: Cleans up expired leases
  • Anchor: Performs cross-partition locking when networks are deployed

Triggered on schedule defined by MANAGER_TIMER_SCHEDULE app setting.

Vendor (HTTP Trigger)

Allocates available network blocks to MCP tools:

  • Endpoint: POST /api/getNewNetwork
  • Features: Optimistic concurrency, SessionId idempotency, Manifest-based allocation

See openapi/openapi.json for API contract details.

Documentation

  • Architecture: Architecture.md - System design and patterns
  • API Contract: openapi/openapi.json - OpenAPI 3.2.0 specification
  • Configuration: docs/Configuration.md - All app settings and configuration structures
  • Authentication: docs/Authentication.md - Managed identity and permissions
  • Deployment: docs/Deployment.md - Azure deployment guide
  • Local Development: docs/LocalDevelopment.md - Local setup and testing guide

Testing

  • Framework: Pester test framework
  • Storage Emulation: Azurite for local Table Storage
  • Test Structure: Unit tests, integration tests, and end-to-end scenarios
  • Fixtures: ARG response fixtures in Tests/fixtures/arg/

Run tests: Invoke-Pester

Project Structure

functions/
├── Manager/          # Timer trigger function (Sync/Reap/Anchor)
├── Vendor/           # HTTP trigger function (getNewNetwork)

modules/              # Shared PowerShell modules
├── TableStorage.psm1
├── ResourceGraph.psm1
├── NetworkMath.psm1
├── ConfigLoader.psm1
└── [additional modules]

tests/                # Pester test suite
├── Integration/
├── Manager/
└── fixtures/

docs/                 # Project documentation
├── Configuration.md
├── Authentication.md
├── Deployment.md
└── LocalDevelopment.md