From e0396c0c64c263869169e407b505dec79e9bae94 Mon Sep 17 00:00:00 2001 From: olofattemo <39618653+olofattemo@users.noreply.github.com> Date: Thu, 26 May 2022 19:08:08 +0200 Subject: [PATCH] Added client certificate exclusion paths setting to app service web and function apps --- .../linux_function_app_data_source.go | 28 ++++++++++++------- .../appservice/linux_function_app_resource.go | 11 ++++++++ .../linux_function_app_resource_test.go | 14 ++++++---- .../linux_function_app_slot_resource.go | 27 +++++++++++++----- .../linux_function_app_slot_resource_test.go | 14 ++++++---- .../appservice/linux_web_app_data_source.go | 8 ++++++ .../appservice/linux_web_app_resource.go | 26 ++++++++++++----- .../appservice/linux_web_app_resource_test.go | 14 ++++++---- .../appservice/linux_web_app_slot_resource.go | 26 ++++++++++++----- .../linux_web_app_slot_resource_test.go | 7 +++-- .../windows_function_app_data_source.go | 8 ++++++ .../windows_function_app_resource.go | 27 +++++++++++++----- .../windows_function_app_resource_test.go | 14 ++++++---- .../windows_function_app_slot_resource.go | 27 +++++++++++++----- ...windows_function_app_slot_resource_test.go | 14 ++++++---- .../appservice/windows_web_app_data_source.go | 8 ++++++ .../appservice/windows_web_app_resource.go | 26 ++++++++++++----- .../windows_web_app_resource_test.go | 9 ++++-- .../windows_web_app_slot_resource.go | 26 ++++++++++++----- .../windows_web_app_slot_resource_test.go | 7 +++-- .../docs/d/linux_function_app.html.markdown | 2 ++ website/docs/d/linux_web_app.html.markdown | 2 ++ .../docs/d/windows_function_app.html.markdown | 2 ++ website/docs/d/windows_web_app.html.markdown | 2 ++ .../docs/r/linux_function_app.html.markdown | 2 ++ .../r/linux_function_app_slot.html.markdown | 2 ++ website/docs/r/linux_web_app.html.markdown | 2 ++ .../docs/r/linux_web_app_slot.html.markdown | 2 ++ .../docs/r/windows_function_app.html.markdown | 2 ++ .../r/windows_function_app_slot.html.markdown | 2 ++ website/docs/r/windows_web_app.html.markdown | 2 ++ .../docs/r/windows_web_app_slot.html.markdown | 2 ++ 32 files changed, 267 insertions(+), 98 deletions(-) diff --git a/internal/services/appservice/linux_function_app_data_source.go b/internal/services/appservice/linux_function_app_data_source.go index e52185a77955e..3d2368a4700b7 100644 --- a/internal/services/appservice/linux_function_app_data_source.go +++ b/internal/services/appservice/linux_function_app_data_source.go @@ -38,6 +38,7 @@ type LinuxFunctionAppDataSourceModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -141,6 +142,12 @@ func (d LinuxFunctionAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "daily_memory_time_quota": { @@ -295,16 +302,17 @@ func (d LinuxFunctionAppDataSource) Read() sdk.ResourceFunc { } state := LinuxFunctionAppDataSourceModel{ - Name: id.SiteName, - ResourceGroup: id.ResourceGroup, - ServicePlanId: utils.NormalizeNilableString(props.ServerFarmID), - Location: location.NormalizeNilable(functionApp.Location), - Enabled: utils.NormaliseNilableBool(functionApp.Enabled), - ClientCertMode: string(functionApp.ClientCertMode), - DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), - StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), - Tags: tags.ToTypedObject(functionApp.Tags), - Kind: utils.NormalizeNilableString(functionApp.Kind), + Name: id.SiteName, + ResourceGroup: id.ResourceGroup, + ServicePlanId: utils.NormalizeNilableString(props.ServerFarmID), + Location: location.NormalizeNilable(functionApp.Location), + Enabled: utils.NormaliseNilableBool(functionApp.Enabled), + ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), + DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), + StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), + Tags: tags.ToTypedObject(functionApp.Tags), + Kind: utils.NormalizeNilableString(functionApp.Kind), } configResp, err := client.GetConfiguration(ctx, id.ResourceGroup, id.SiteName) diff --git a/internal/services/appservice/linux_function_app_resource.go b/internal/services/appservice/linux_function_app_resource.go index 895cd64470af9..a7e429436c0b5 100644 --- a/internal/services/appservice/linux_function_app_resource.go +++ b/internal/services/appservice/linux_function_app_resource.go @@ -45,6 +45,7 @@ type LinuxFunctionAppModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` // TODO - Value ignored in for linux apps, even in Consumption plans? Enabled bool `tfschema:"enabled"` @@ -190,6 +191,12 @@ func (r LinuxFunctionAppResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` ", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -708,6 +715,10 @@ func (r LinuxFunctionAppResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/linux_function_app_resource_test.go b/internal/services/appservice/linux_function_app_resource_test.go index 89e518be269ce..9452aa98b9c33 100644 --- a/internal/services/appservice/linux_function_app_resource_test.go +++ b/internal/services/appservice/linux_function_app_resource_test.go @@ -2085,9 +2085,10 @@ resource "azurerm_linux_function_app" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "Required" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -2253,9 +2254,10 @@ resource "azurerm_linux_function_app" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "OptionalInteractiveUser" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_function_app_slot_resource.go b/internal/services/appservice/linux_function_app_slot_resource.go index 3dd686a2de4aa..2b878975be32c 100644 --- a/internal/services/appservice/linux_function_app_slot_resource.go +++ b/internal/services/appservice/linux_function_app_slot_resource.go @@ -38,6 +38,7 @@ type LinuxFunctionAppSlotModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` // TODO - Value ignored in for linux apps, even in Consumption plans? Enabled bool `tfschema:"enabled"` @@ -173,6 +174,12 @@ func (r LinuxFunctionAppSlotResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`.", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -431,13 +438,14 @@ func (r LinuxFunctionAppSlotResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp,linux"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(servicePlanId.ID()), - Enabled: utils.Bool(functionAppSlot.Enabled), - HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), // TODO - Investigate, setting appears silently ignored on Linux Function Apps? + ServerFarmID: utils.String(servicePlanId.ID()), + Enabled: utils.Bool(functionAppSlot.Enabled), + HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionAppSlot.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), // TODO - Investigate, setting appears silently ignored on Linux Function Apps? }, } @@ -563,6 +571,7 @@ func (r LinuxFunctionAppSlotResource) Read() sdk.ResourceFunc { FunctionAppID: parse.NewFunctionAppID(id.SubscriptionId, id.ResourceGroup, id.SiteName).ID(), Enabled: utils.NormaliseNilableBool(functionApp.Enabled), ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), Tags: tags.ToTypedObject(functionApp.Tags), Kind: utils.NormalizeNilableString(functionApp.Kind), @@ -678,6 +687,10 @@ func (r LinuxFunctionAppSlotResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/linux_function_app_slot_resource_test.go b/internal/services/appservice/linux_function_app_slot_resource_test.go index 6e40cefc27378..592b6232702c0 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_test.go @@ -1541,9 +1541,10 @@ resource "azurerm_linux_function_app_slot" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "Required" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1707,9 +1708,10 @@ resource "azurerm_linux_function_app_slot" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "OptionalInteractiveUser" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_web_app_data_source.go b/internal/services/appservice/linux_web_app_data_source.go index 90d57b3e2fc19..70e54c7685076 100644 --- a/internal/services/appservice/linux_web_app_data_source.go +++ b/internal/services/appservice/linux_web_app_data_source.go @@ -30,6 +30,7 @@ type LinuxWebAppDataSourceModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -111,6 +112,12 @@ func (r LinuxWebAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "custom_domain_verification_id": { @@ -281,6 +288,7 @@ func (r LinuxWebAppDataSource) Read() sdk.ResourceFunc { webApp.ClientCertEnabled = *props.ClientCertEnabled } webApp.ClientCertMode = string(props.ClientCertMode) + webApp.ClientCertExclusionPaths = utils.NormalizeNilableString(props.ClientCertExclusionPaths) webApp.CustomDomainVerificationId = utils.NormalizeNilableString(props.CustomDomainVerificationID) webApp.DefaultHostname = utils.NormalizeNilableString(props.DefaultHostName) if props.Enabled != nil { diff --git a/internal/services/appservice/linux_web_app_resource.go b/internal/services/appservice/linux_web_app_resource.go index 75de1bc108ebc..26e6248a07bd4 100644 --- a/internal/services/appservice/linux_web_app_resource.go +++ b/internal/services/appservice/linux_web_app_resource.go @@ -36,6 +36,7 @@ type LinuxWebAppModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -113,6 +114,12 @@ func (r LinuxWebAppResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -292,13 +299,14 @@ func (r LinuxWebAppResource) Create() sdk.ResourceFunc { Identity: expandedIdentity, Tags: tags.FromTypedObject(webApp.Tags), SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(webApp.ServicePlanId), - Enabled: utils.Bool(webApp.Enabled), - HTTPSOnly: utils.Bool(webApp.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ServerFarmID: utils.String(webApp.ServicePlanId), + Enabled: utils.Bool(webApp.Enabled), + HTTPSOnly: utils.Bool(webApp.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(webApp.ClientCertExclusionPaths), }, } @@ -469,6 +477,7 @@ func (r LinuxWebAppResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), Kind: utils.NormalizeNilableString(webApp.Kind), @@ -590,6 +599,9 @@ func (r LinuxWebAppResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/linux_web_app_resource_test.go b/internal/services/appservice/linux_web_app_resource_test.go index 45f8c3a064041..0811ee24a23aa 100644 --- a/internal/services/appservice/linux_web_app_resource_test.go +++ b/internal/services/appservice/linux_web_app_resource_test.go @@ -1202,9 +1202,10 @@ resource "azurerm_linux_web_app" "test" { } } - client_affinity_enabled = true - client_certificate_enabled = true - client_certificate_mode = "Optional" + client_affinity_enabled = true + client_certificate_enabled = true + client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" @@ -1376,9 +1377,10 @@ resource "azurerm_linux_web_app" "test" { } } - client_affinity_enabled = true - client_certificate_enabled = true - client_certificate_mode = "Optional" + client_affinity_enabled = true + client_certificate_enabled = true + client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_web_app_slot_resource.go b/internal/services/appservice/linux_web_app_slot_resource.go index 2aa81a3400dfa..d24389fe6bf5a 100644 --- a/internal/services/appservice/linux_web_app_slot_resource.go +++ b/internal/services/appservice/linux_web_app_slot_resource.go @@ -32,6 +32,7 @@ type LinuxWebAppSlotModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -116,6 +117,12 @@ func (r LinuxWebAppSlotResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -260,13 +267,14 @@ func (r LinuxWebAppSlotResource) Create() sdk.ResourceFunc { Identity: expandedIdentity, Tags: tags.FromTypedObject(webAppSlot.Tags), SiteProperties: &web.SiteProperties{ - ServerFarmID: siteProps.ServerFarmID, - Enabled: utils.Bool(webAppSlot.Enabled), - HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ServerFarmID: siteProps.ServerFarmID, + Enabled: utils.Bool(webAppSlot.Enabled), + HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(webAppSlot.ClientCertExclusionPaths), }, } @@ -419,6 +427,7 @@ func (r LinuxWebAppSlotResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), Kind: utils.NormalizeNilableString(webApp.Kind), @@ -532,6 +541,9 @@ func (r LinuxWebAppSlotResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/linux_web_app_slot_resource_test.go b/internal/services/appservice/linux_web_app_slot_resource_test.go index 48d4718d43863..26dc35e743d55 100644 --- a/internal/services/appservice/linux_web_app_slot_resource_test.go +++ b/internal/services/appservice/linux_web_app_slot_resource_test.go @@ -1102,9 +1102,10 @@ resource "azurerm_linux_web_app_slot" "test" { } } - client_affinity_enabled = true - client_certificate_enabled = true - client_certificate_mode = "Optional" + client_affinity_enabled = true + client_certificate_enabled = true + client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_function_app_data_source.go b/internal/services/appservice/windows_function_app_data_source.go index 3d36ab5085c84..32c0c34107936 100644 --- a/internal/services/appservice/windows_function_app_data_source.go +++ b/internal/services/appservice/windows_function_app_data_source.go @@ -38,6 +38,7 @@ type WindowsFunctionAppDataSourceModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -138,6 +139,12 @@ func (d WindowsFunctionAppDataSource) Attributes() map[string]*pluginsdk.Schema Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "daily_memory_time_quota": { @@ -252,6 +259,7 @@ func (d WindowsFunctionAppDataSource) Read() sdk.ResourceFunc { functionApp.Location = location.NormalizeNilable(existing.Location) functionApp.Enabled = utils.NormaliseNilableBool(existing.Enabled) functionApp.ClientCertMode = string(existing.ClientCertMode) + functionApp.ClientCertExclusionPaths = utils.NormalizeNilableString(existing.ClientCertExclusionPaths) functionApp.DailyMemoryTimeQuota = int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)) functionApp.Tags = tags.ToTypedObject(existing.Tags) functionApp.Kind = utils.NormalizeNilableString(existing.Kind) diff --git a/internal/services/appservice/windows_function_app_resource.go b/internal/services/appservice/windows_function_app_resource.go index 0c7fa56d20c15..698704e246565 100644 --- a/internal/services/appservice/windows_function_app_resource.go +++ b/internal/services/appservice/windows_function_app_resource.go @@ -45,6 +45,7 @@ type WindowsFunctionAppModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -190,6 +191,12 @@ func (r WindowsFunctionAppResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` ", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -434,13 +441,14 @@ func (r WindowsFunctionAppResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(functionApp.ServicePlanId), - Enabled: utils.Bool(functionApp.Enabled), - HTTPSOnly: utils.Bool(functionApp.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionApp.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionApp.DailyMemoryTimeQuota)), + ServerFarmID: utils.String(functionApp.ServicePlanId), + Enabled: utils.Bool(functionApp.Enabled), + HTTPSOnly: utils.Bool(functionApp.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionApp.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionApp.DailyMemoryTimeQuota)), }, } @@ -584,6 +592,7 @@ func (r WindowsFunctionAppResource) Read() sdk.ResourceFunc { Location: location.NormalizeNilable(functionApp.Location), Enabled: utils.NormaliseNilableBool(functionApp.Enabled), ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), Tags: tags.ToTypedObject(functionApp.Tags), @@ -704,6 +713,10 @@ func (r WindowsFunctionAppResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/windows_function_app_resource_test.go b/internal/services/appservice/windows_function_app_resource_test.go index eaffc9042cdd6..4cce59eba0b85 100644 --- a/internal/services/appservice/windows_function_app_resource_test.go +++ b/internal/services/appservice/windows_function_app_resource_test.go @@ -1478,9 +1478,10 @@ resource "azurerm_windows_function_app" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "Required" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1653,9 +1654,10 @@ resource "azurerm_windows_function_app" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "OptionalInteractiveUser" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_function_app_slot_resource.go b/internal/services/appservice/windows_function_app_slot_resource.go index 5900a8acc2c4e..0940799da7765 100644 --- a/internal/services/appservice/windows_function_app_slot_resource.go +++ b/internal/services/appservice/windows_function_app_slot_resource.go @@ -38,6 +38,7 @@ type WindowsFunctionAppSlotModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -173,6 +174,12 @@ func (r WindowsFunctionAppSlotResource) Arguments() map[string]*pluginsdk.Schema Description: "The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`.", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -437,13 +444,14 @@ func (r WindowsFunctionAppSlotResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(servicePlanId.ID()), - Enabled: utils.Bool(functionAppSlot.Enabled), - HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), + ServerFarmID: utils.String(servicePlanId.ID()), + Enabled: utils.Bool(functionAppSlot.Enabled), + HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionAppSlot.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), }, } @@ -569,6 +577,7 @@ func (r WindowsFunctionAppSlotResource) Read() sdk.ResourceFunc { FunctionAppID: parse.NewFunctionAppID(id.SubscriptionId, id.ResourceGroup, id.SiteName).ID(), Enabled: utils.NormaliseNilableBool(functionAppSlot.Enabled), ClientCertMode: string(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionAppSlot.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), Tags: tags.ToTypedObject(functionAppSlot.Tags), Kind: utils.NormalizeNilableString(functionAppSlot.Kind), @@ -684,6 +693,10 @@ func (r WindowsFunctionAppSlotResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/windows_function_app_slot_resource_test.go b/internal/services/appservice/windows_function_app_slot_resource_test.go index 67f53a17047fb..847b3160dd8e1 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_test.go @@ -1087,9 +1087,10 @@ resource "azurerm_windows_function_app_slot" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "Required" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1250,9 +1251,10 @@ resource "azurerm_windows_function_app_slot" "test" { } } - builtin_logging_enabled = false - client_certificate_enabled = true - client_certificate_mode = "OptionalInteractiveUser" + builtin_logging_enabled = false + client_certificate_enabled = true + client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_web_app_data_source.go b/internal/services/appservice/windows_web_app_data_source.go index 48a9d59ef9f22..fd82356e6c0f1 100644 --- a/internal/services/appservice/windows_web_app_data_source.go +++ b/internal/services/appservice/windows_web_app_data_source.go @@ -30,6 +30,7 @@ type WindowsWebAppDataSourceModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` LogsConfig []helpers.LogsConfig `tfschema:"logs"` @@ -106,6 +107,12 @@ func (d WindowsWebAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "custom_domain_verification_id": { @@ -271,6 +278,7 @@ func (d WindowsWebAppDataSource) Read() sdk.ResourceFunc { webApp.ClientCertEnabled = *props.ClientCertEnabled } webApp.ClientCertMode = string(props.ClientCertMode) + webApp.ClientCertExclusionPaths = utils.NormalizeNilableString(props.ClientCertExclusionPaths) webApp.CustomDomainVerificationId = utils.NormalizeNilableString(props.CustomDomainVerificationID) webApp.DefaultHostname = utils.NormalizeNilableString(props.DefaultHostName) if props.Enabled != nil { diff --git a/internal/services/appservice/windows_web_app_resource.go b/internal/services/appservice/windows_web_app_resource.go index a383f333bc4da..439ace8864fc0 100644 --- a/internal/services/appservice/windows_web_app_resource.go +++ b/internal/services/appservice/windows_web_app_resource.go @@ -35,6 +35,7 @@ type WindowsWebAppModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -110,6 +111,12 @@ func (r WindowsWebAppResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -290,13 +297,14 @@ func (r WindowsWebAppResource) Create() sdk.ResourceFunc { Tags: tags.FromTypedObject(webApp.Tags), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(webApp.ServicePlanId), - Enabled: utils.Bool(webApp.Enabled), - HTTPSOnly: utils.Bool(webApp.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ServerFarmID: utils.String(webApp.ServicePlanId), + Enabled: utils.Bool(webApp.Enabled), + HTTPSOnly: utils.Bool(webApp.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(webApp.ClientCertExclusionPaths), }, } @@ -481,6 +489,7 @@ func (r WindowsWebAppResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), ConnectionStrings: helpers.FlattenConnectionStrings(connectionStrings), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), @@ -600,6 +609,9 @@ func (r WindowsWebAppResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/windows_web_app_resource_test.go b/internal/services/appservice/windows_web_app_resource_test.go index b1eae9cae4e78..19c209b7ec4fb 100644 --- a/internal/services/appservice/windows_web_app_resource_test.go +++ b/internal/services/appservice/windows_web_app_resource_test.go @@ -1578,6 +1578,7 @@ resource "azurerm_windows_web_app" "test" { client_affinity_enabled = true client_certificate_enabled = true //client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" @@ -1760,9 +1761,11 @@ resource "azurerm_windows_web_app" "test" { } } - client_affinity_enabled = true - client_certificate_enabled = true - client_certificate_mode = "Optional" + client_affinity_enabled = true + client_certificate_enabled = true + client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" + connection_string { name = "First" diff --git a/internal/services/appservice/windows_web_app_slot_resource.go b/internal/services/appservice/windows_web_app_slot_resource.go index e1cb16066f7d2..771abc91de91d 100644 --- a/internal/services/appservice/windows_web_app_slot_resource.go +++ b/internal/services/appservice/windows_web_app_slot_resource.go @@ -30,6 +30,7 @@ type WindowsWebAppSlotModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -114,6 +115,12 @@ func (r WindowsWebAppSlotResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -249,13 +256,14 @@ func (r WindowsWebAppSlotResource) Create() sdk.ResourceFunc { Tags: tags.FromTypedObject(webAppSlot.Tags), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: siteProps.ServerFarmID, - Enabled: utils.Bool(webAppSlot.Enabled), - HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ServerFarmID: siteProps.ServerFarmID, + Enabled: utils.Bool(webAppSlot.Enabled), + HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(webAppSlot.ClientCertExclusionPaths), }, } @@ -422,6 +430,7 @@ func (r WindowsWebAppSlotResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), ConnectionStrings: helpers.FlattenConnectionStrings(connectionStrings), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), @@ -533,6 +542,9 @@ func (r WindowsWebAppSlotResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/windows_web_app_slot_resource_test.go b/internal/services/appservice/windows_web_app_slot_resource_test.go index 6df20aad8c0d7..82d1b74ecfdd4 100644 --- a/internal/services/appservice/windows_web_app_slot_resource_test.go +++ b/internal/services/appservice/windows_web_app_slot_resource_test.go @@ -954,9 +954,10 @@ resource "azurerm_windows_web_app_slot" "test" { } } - client_affinity_enabled = true - client_certificate_enabled = true - client_certificate_mode = "Optional" + client_affinity_enabled = true + client_certificate_enabled = true + client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/website/docs/d/linux_function_app.html.markdown b/website/docs/d/linux_function_app.html.markdown index 8654aa1e230c6..d183a19c103e3 100644 --- a/website/docs/d/linux_function_app.html.markdown +++ b/website/docs/d/linux_function_app.html.markdown @@ -57,6 +57,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The mode of the Function App's client certificates requirement for incoming requests. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` blocks as defined below. * `daily_memory_time_quota` - The amount of memory in gigabyte-seconds that your application is allowed to consume per day. diff --git a/website/docs/d/linux_web_app.html.markdown b/website/docs/d/linux_web_app.html.markdown index faa013699af3d..672700c4edab5 100644 --- a/website/docs/d/linux_web_app.html.markdown +++ b/website/docs/d/linux_web_app.html.markdown @@ -51,6 +51,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The Client Certificate mode. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` block as defined below. * `custom_domain_verification_id` - The identifier used by App Service to perform domain ownership verification via DNS TXT record. diff --git a/website/docs/d/windows_function_app.html.markdown b/website/docs/d/windows_function_app.html.markdown index 04b2fac5002e5..1623652675702 100644 --- a/website/docs/d/windows_function_app.html.markdown +++ b/website/docs/d/windows_function_app.html.markdown @@ -49,6 +49,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The mode of the Function App's client certificates requirement for incoming requests. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - One or more `connection_string` blocks as defined below. * `content_share_force_disabled` - Are Content Share Settings disabled? diff --git a/website/docs/d/windows_web_app.html.markdown b/website/docs/d/windows_web_app.html.markdown index 93dbd13a8d9b3..7748f8b0a1b5d 100644 --- a/website/docs/d/windows_web_app.html.markdown +++ b/website/docs/d/windows_web_app.html.markdown @@ -49,6 +49,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The Client Certificate mode. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` block as defined below. * `custom_domain_verification_id` - The identifier used by App Service to perform domain ownership verification via DNS TXT record. diff --git a/website/docs/r/linux_function_app.html.markdown b/website/docs/r/linux_function_app.html.markdown index 4eb3570e353ca..019c71007c1f4 100644 --- a/website/docs/r/linux_function_app.html.markdown +++ b/website/docs/r/linux_function_app.html.markdown @@ -78,6 +78,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `daily_memory_time_quota` - (Optional) The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to `0`. diff --git a/website/docs/r/linux_function_app_slot.html.markdown b/website/docs/r/linux_function_app_slot.html.markdown index da26c8ab5915c..5d5f5a81ec8de 100644 --- a/website/docs/r/linux_function_app_slot.html.markdown +++ b/website/docs/r/linux_function_app_slot.html.markdown @@ -82,6 +82,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) a `connection_string` block as detailed below. * `content_share_force_disabled` - (Optional) Force disable the content share settings. diff --git a/website/docs/r/linux_web_app.html.markdown b/website/docs/r/linux_web_app.html.markdown index 78ad92edb9798..fa00003b0f3b4 100644 --- a/website/docs/r/linux_web_app.html.markdown +++ b/website/docs/r/linux_web_app.html.markdown @@ -71,6 +71,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Linux Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/linux_web_app_slot.html.markdown b/website/docs/r/linux_web_app_slot.html.markdown index b20598c533b54..c3e59f12df55f 100644 --- a/website/docs/r/linux_web_app_slot.html.markdown +++ b/website/docs/r/linux_web_app_slot.html.markdown @@ -74,6 +74,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Linux Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/windows_function_app.html.markdown b/website/docs/r/windows_function_app.html.markdown index 3f2f138f02cab..7cc754ca08671 100644 --- a/website/docs/r/windows_function_app.html.markdown +++ b/website/docs/r/windows_function_app.html.markdown @@ -78,6 +78,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `content_share_force_disabled` - (Optional) Should Content Share Settings be disabled. Defaults to `false`. diff --git a/website/docs/r/windows_function_app_slot.html.markdown b/website/docs/r/windows_function_app_slot.html.markdown index 739647de8a452..bac4c27ca89cb 100644 --- a/website/docs/r/windows_function_app_slot.html.markdown +++ b/website/docs/r/windows_function_app_slot.html.markdown @@ -81,6 +81,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) a `connection_string` block as detailed below. * `content_share_force_disabled` - (Optional) Force disable the content share settings. diff --git a/website/docs/r/windows_web_app.html.markdown b/website/docs/r/windows_web_app.html.markdown index b75e135e34377..7de7509d0fc1b 100644 --- a/website/docs/r/windows_web_app.html.markdown +++ b/website/docs/r/windows_web_app.html.markdown @@ -67,6 +67,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Windows Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/windows_web_app_slot.html.markdown b/website/docs/r/windows_web_app_slot.html.markdown index 7a2cee31f090d..26bd67f7a6af1 100644 --- a/website/docs/r/windows_web_app_slot.html.markdown +++ b/website/docs/r/windows_web_app_slot.html.markdown @@ -74,6 +74,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Windows Web App Slot be enabled? Defaults to `true`.