diff --git a/internal/services/appservice/linux_function_app_data_source.go b/internal/services/appservice/linux_function_app_data_source.go index e52185a77955..3d2368a4700b 100644 --- a/internal/services/appservice/linux_function_app_data_source.go +++ b/internal/services/appservice/linux_function_app_data_source.go @@ -38,6 +38,7 @@ type LinuxFunctionAppDataSourceModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -141,6 +142,12 @@ func (d LinuxFunctionAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "daily_memory_time_quota": { @@ -295,16 +302,17 @@ func (d LinuxFunctionAppDataSource) Read() sdk.ResourceFunc { } state := LinuxFunctionAppDataSourceModel{ - Name: id.SiteName, - ResourceGroup: id.ResourceGroup, - ServicePlanId: utils.NormalizeNilableString(props.ServerFarmID), - Location: location.NormalizeNilable(functionApp.Location), - Enabled: utils.NormaliseNilableBool(functionApp.Enabled), - ClientCertMode: string(functionApp.ClientCertMode), - DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), - StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), - Tags: tags.ToTypedObject(functionApp.Tags), - Kind: utils.NormalizeNilableString(functionApp.Kind), + Name: id.SiteName, + ResourceGroup: id.ResourceGroup, + ServicePlanId: utils.NormalizeNilableString(props.ServerFarmID), + Location: location.NormalizeNilable(functionApp.Location), + Enabled: utils.NormaliseNilableBool(functionApp.Enabled), + ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), + DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), + StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), + Tags: tags.ToTypedObject(functionApp.Tags), + Kind: utils.NormalizeNilableString(functionApp.Kind), } configResp, err := client.GetConfiguration(ctx, id.ResourceGroup, id.SiteName) diff --git a/internal/services/appservice/linux_function_app_resource.go b/internal/services/appservice/linux_function_app_resource.go index 895cd64470af..a7e429436c0b 100644 --- a/internal/services/appservice/linux_function_app_resource.go +++ b/internal/services/appservice/linux_function_app_resource.go @@ -45,6 +45,7 @@ type LinuxFunctionAppModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` // TODO - Value ignored in for linux apps, even in Consumption plans? Enabled bool `tfschema:"enabled"` @@ -190,6 +191,12 @@ func (r LinuxFunctionAppResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` ", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -708,6 +715,10 @@ func (r LinuxFunctionAppResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/linux_function_app_resource_test.go b/internal/services/appservice/linux_function_app_resource_test.go index 89e518be269c..e3be65c9f32b 100644 --- a/internal/services/appservice/linux_function_app_resource_test.go +++ b/internal/services/appservice/linux_function_app_resource_test.go @@ -2088,6 +2088,7 @@ resource "azurerm_linux_function_app" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -2256,6 +2257,7 @@ resource "azurerm_linux_function_app" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_function_app_slot_resource.go b/internal/services/appservice/linux_function_app_slot_resource.go index 3dd686a2de4a..2b878975be32 100644 --- a/internal/services/appservice/linux_function_app_slot_resource.go +++ b/internal/services/appservice/linux_function_app_slot_resource.go @@ -38,6 +38,7 @@ type LinuxFunctionAppSlotModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` // TODO - Value ignored in for linux apps, even in Consumption plans? Enabled bool `tfschema:"enabled"` @@ -173,6 +174,12 @@ func (r LinuxFunctionAppSlotResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`.", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -431,13 +438,14 @@ func (r LinuxFunctionAppSlotResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp,linux"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(servicePlanId.ID()), - Enabled: utils.Bool(functionAppSlot.Enabled), - HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), // TODO - Investigate, setting appears silently ignored on Linux Function Apps? + ServerFarmID: utils.String(servicePlanId.ID()), + Enabled: utils.Bool(functionAppSlot.Enabled), + HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionAppSlot.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), // TODO - Investigate, setting appears silently ignored on Linux Function Apps? }, } @@ -563,6 +571,7 @@ func (r LinuxFunctionAppSlotResource) Read() sdk.ResourceFunc { FunctionAppID: parse.NewFunctionAppID(id.SubscriptionId, id.ResourceGroup, id.SiteName).ID(), Enabled: utils.NormaliseNilableBool(functionApp.Enabled), ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), Tags: tags.ToTypedObject(functionApp.Tags), Kind: utils.NormalizeNilableString(functionApp.Kind), @@ -678,6 +687,10 @@ func (r LinuxFunctionAppSlotResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/linux_function_app_slot_resource_test.go b/internal/services/appservice/linux_function_app_slot_resource_test.go index 6e40cefc2737..cfbfbfaae3e1 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_test.go @@ -1544,6 +1544,7 @@ resource "azurerm_linux_function_app_slot" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1710,6 +1711,7 @@ resource "azurerm_linux_function_app_slot" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_web_app_data_source.go b/internal/services/appservice/linux_web_app_data_source.go index 90d57b3e2fc1..70e54c768507 100644 --- a/internal/services/appservice/linux_web_app_data_source.go +++ b/internal/services/appservice/linux_web_app_data_source.go @@ -30,6 +30,7 @@ type LinuxWebAppDataSourceModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -111,6 +112,12 @@ func (r LinuxWebAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "custom_domain_verification_id": { @@ -281,6 +288,7 @@ func (r LinuxWebAppDataSource) Read() sdk.ResourceFunc { webApp.ClientCertEnabled = *props.ClientCertEnabled } webApp.ClientCertMode = string(props.ClientCertMode) + webApp.ClientCertExclusionPaths = utils.NormalizeNilableString(props.ClientCertExclusionPaths) webApp.CustomDomainVerificationId = utils.NormalizeNilableString(props.CustomDomainVerificationID) webApp.DefaultHostname = utils.NormalizeNilableString(props.DefaultHostName) if props.Enabled != nil { diff --git a/internal/services/appservice/linux_web_app_resource.go b/internal/services/appservice/linux_web_app_resource.go index 75de1bc108eb..26e6248a07bd 100644 --- a/internal/services/appservice/linux_web_app_resource.go +++ b/internal/services/appservice/linux_web_app_resource.go @@ -36,6 +36,7 @@ type LinuxWebAppModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -113,6 +114,12 @@ func (r LinuxWebAppResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -292,13 +299,14 @@ func (r LinuxWebAppResource) Create() sdk.ResourceFunc { Identity: expandedIdentity, Tags: tags.FromTypedObject(webApp.Tags), SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(webApp.ServicePlanId), - Enabled: utils.Bool(webApp.Enabled), - HTTPSOnly: utils.Bool(webApp.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ServerFarmID: utils.String(webApp.ServicePlanId), + Enabled: utils.Bool(webApp.Enabled), + HTTPSOnly: utils.Bool(webApp.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(webApp.ClientCertExclusionPaths), }, } @@ -469,6 +477,7 @@ func (r LinuxWebAppResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), Kind: utils.NormalizeNilableString(webApp.Kind), @@ -590,6 +599,9 @@ func (r LinuxWebAppResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/linux_web_app_resource_test.go b/internal/services/appservice/linux_web_app_resource_test.go index 45f8c3a06404..534d54d6ecaf 100644 --- a/internal/services/appservice/linux_web_app_resource_test.go +++ b/internal/services/appservice/linux_web_app_resource_test.go @@ -1205,6 +1205,7 @@ resource "azurerm_linux_web_app" "test" { client_affinity_enabled = true client_certificate_enabled = true client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" @@ -1379,6 +1380,7 @@ resource "azurerm_linux_web_app" "test" { client_affinity_enabled = true client_certificate_enabled = true client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/linux_web_app_slot_resource.go b/internal/services/appservice/linux_web_app_slot_resource.go index 2aa81a3400df..d24389fe6bf5 100644 --- a/internal/services/appservice/linux_web_app_slot_resource.go +++ b/internal/services/appservice/linux_web_app_slot_resource.go @@ -32,6 +32,7 @@ type LinuxWebAppSlotModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -116,6 +117,12 @@ func (r LinuxWebAppSlotResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -260,13 +267,14 @@ func (r LinuxWebAppSlotResource) Create() sdk.ResourceFunc { Identity: expandedIdentity, Tags: tags.FromTypedObject(webAppSlot.Tags), SiteProperties: &web.SiteProperties{ - ServerFarmID: siteProps.ServerFarmID, - Enabled: utils.Bool(webAppSlot.Enabled), - HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ServerFarmID: siteProps.ServerFarmID, + Enabled: utils.Bool(webAppSlot.Enabled), + HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(webAppSlot.ClientCertExclusionPaths), }, } @@ -419,6 +427,7 @@ func (r LinuxWebAppSlotResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), Kind: utils.NormalizeNilableString(webApp.Kind), @@ -532,6 +541,9 @@ func (r LinuxWebAppSlotResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/linux_web_app_slot_resource_test.go b/internal/services/appservice/linux_web_app_slot_resource_test.go index 48d4718d4386..d3329f7e643c 100644 --- a/internal/services/appservice/linux_web_app_slot_resource_test.go +++ b/internal/services/appservice/linux_web_app_slot_resource_test.go @@ -1105,6 +1105,7 @@ resource "azurerm_linux_web_app_slot" "test" { client_affinity_enabled = true client_certificate_enabled = true client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_function_app_data_source.go b/internal/services/appservice/windows_function_app_data_source.go index 3d36ab5085c8..32c0c3410793 100644 --- a/internal/services/appservice/windows_function_app_data_source.go +++ b/internal/services/appservice/windows_function_app_data_source.go @@ -38,6 +38,7 @@ type WindowsFunctionAppDataSourceModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -138,6 +139,12 @@ func (d WindowsFunctionAppDataSource) Attributes() map[string]*pluginsdk.Schema Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "daily_memory_time_quota": { @@ -252,6 +259,7 @@ func (d WindowsFunctionAppDataSource) Read() sdk.ResourceFunc { functionApp.Location = location.NormalizeNilable(existing.Location) functionApp.Enabled = utils.NormaliseNilableBool(existing.Enabled) functionApp.ClientCertMode = string(existing.ClientCertMode) + functionApp.ClientCertExclusionPaths = utils.NormalizeNilableString(existing.ClientCertExclusionPaths) functionApp.DailyMemoryTimeQuota = int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)) functionApp.Tags = tags.ToTypedObject(existing.Tags) functionApp.Kind = utils.NormalizeNilableString(existing.Kind) diff --git a/internal/services/appservice/windows_function_app_resource.go b/internal/services/appservice/windows_function_app_resource.go index 0c7fa56d20c1..698704e24656 100644 --- a/internal/services/appservice/windows_function_app_resource.go +++ b/internal/services/appservice/windows_function_app_resource.go @@ -45,6 +45,7 @@ type WindowsFunctionAppModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -190,6 +191,12 @@ func (r WindowsFunctionAppResource) Arguments() map[string]*pluginsdk.Schema { Description: "The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` ", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -434,13 +441,14 @@ func (r WindowsFunctionAppResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(functionApp.ServicePlanId), - Enabled: utils.Bool(functionApp.Enabled), - HTTPSOnly: utils.Bool(functionApp.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionApp.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionApp.DailyMemoryTimeQuota)), + ServerFarmID: utils.String(functionApp.ServicePlanId), + Enabled: utils.Bool(functionApp.Enabled), + HTTPSOnly: utils.Bool(functionApp.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionApp.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionApp.DailyMemoryTimeQuota)), }, } @@ -584,6 +592,7 @@ func (r WindowsFunctionAppResource) Read() sdk.ResourceFunc { Location: location.NormalizeNilable(functionApp.Location), Enabled: utils.NormaliseNilableBool(functionApp.Enabled), ClientCertMode: string(functionApp.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionApp.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), StickySettings: helpers.FlattenStickySettings(stickySettings.SlotConfigNames), Tags: tags.ToTypedObject(functionApp.Tags), @@ -704,6 +713,10 @@ func (r WindowsFunctionAppResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/windows_function_app_resource_test.go b/internal/services/appservice/windows_function_app_resource_test.go index eaffc9042cdd..3ee78882e35d 100644 --- a/internal/services/appservice/windows_function_app_resource_test.go +++ b/internal/services/appservice/windows_function_app_resource_test.go @@ -1481,6 +1481,7 @@ resource "azurerm_windows_function_app" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1656,6 +1657,7 @@ resource "azurerm_windows_function_app" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_function_app_slot_resource.go b/internal/services/appservice/windows_function_app_slot_resource.go index 5900a8acc2c4..0940799da776 100644 --- a/internal/services/appservice/windows_function_app_slot_resource.go +++ b/internal/services/appservice/windows_function_app_slot_resource.go @@ -38,6 +38,7 @@ type WindowsFunctionAppSlotModel struct { BuiltinLogging bool `tfschema:"builtin_logging_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` ConnectionStrings []helpers.ConnectionString `tfschema:"connection_string"` DailyMemoryTimeQuota int `tfschema:"daily_memory_time_quota"` Enabled bool `tfschema:"enabled"` @@ -173,6 +174,12 @@ func (r WindowsFunctionAppSlotResource) Arguments() map[string]*pluginsdk.Schema Description: "The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`.", }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "daily_memory_time_quota": { @@ -437,13 +444,14 @@ func (r WindowsFunctionAppSlotResource) Create() sdk.ResourceFunc { Kind: utils.String("functionapp"), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(servicePlanId.ID()), - Enabled: utils.Bool(functionAppSlot.Enabled), - HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), - DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), + ServerFarmID: utils.String(servicePlanId.ID()), + Enabled: utils.Bool(functionAppSlot.Enabled), + HTTPSOnly: utils.Bool(functionAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientCertEnabled: utils.Bool(functionAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(functionAppSlot.ClientCertExclusionPaths), + DailyMemoryTimeQuota: utils.Int32(int32(functionAppSlot.DailyMemoryTimeQuota)), }, } @@ -569,6 +577,7 @@ func (r WindowsFunctionAppSlotResource) Read() sdk.ResourceFunc { FunctionAppID: parse.NewFunctionAppID(id.SubscriptionId, id.ResourceGroup, id.SiteName).ID(), Enabled: utils.NormaliseNilableBool(functionAppSlot.Enabled), ClientCertMode: string(functionAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(functionAppSlot.ClientCertExclusionPaths), DailyMemoryTimeQuota: int(utils.NormaliseNilableInt32(props.DailyMemoryTimeQuota)), Tags: tags.ToTypedObject(functionAppSlot.Tags), Kind: utils.NormalizeNilableString(functionAppSlot.Kind), @@ -684,6 +693,10 @@ func (r WindowsFunctionAppSlotResource) Update() sdk.ResourceFunc { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } + if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) if err != nil { diff --git a/internal/services/appservice/windows_function_app_slot_resource_test.go b/internal/services/appservice/windows_function_app_slot_resource_test.go index 67f53a17047f..1c52aa764db0 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_test.go @@ -1090,6 +1090,7 @@ resource "azurerm_windows_function_app_slot" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "Required" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "Second" @@ -1253,6 +1254,7 @@ resource "azurerm_windows_function_app_slot" "test" { builtin_logging_enabled = false client_certificate_enabled = true client_certificate_mode = "OptionalInteractiveUser" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/internal/services/appservice/windows_web_app_data_source.go b/internal/services/appservice/windows_web_app_data_source.go index 48a9d59ef9f2..fd82356e6c0f 100644 --- a/internal/services/appservice/windows_web_app_data_source.go +++ b/internal/services/appservice/windows_web_app_data_source.go @@ -30,6 +30,7 @@ type WindowsWebAppDataSourceModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` LogsConfig []helpers.LogsConfig `tfschema:"logs"` @@ -106,6 +107,12 @@ func (d WindowsWebAppDataSource) Attributes() map[string]*pluginsdk.Schema { Computed: true, }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchemaComputed(), "custom_domain_verification_id": { @@ -271,6 +278,7 @@ func (d WindowsWebAppDataSource) Read() sdk.ResourceFunc { webApp.ClientCertEnabled = *props.ClientCertEnabled } webApp.ClientCertMode = string(props.ClientCertMode) + webApp.ClientCertExclusionPaths = utils.NormalizeNilableString(props.ClientCertExclusionPaths) webApp.CustomDomainVerificationId = utils.NormalizeNilableString(props.CustomDomainVerificationID) webApp.DefaultHostname = utils.NormalizeNilableString(props.DefaultHostName) if props.Enabled != nil { diff --git a/internal/services/appservice/windows_web_app_resource.go b/internal/services/appservice/windows_web_app_resource.go index a383f333bc4d..439ace8864fc 100644 --- a/internal/services/appservice/windows_web_app_resource.go +++ b/internal/services/appservice/windows_web_app_resource.go @@ -35,6 +35,7 @@ type WindowsWebAppModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -110,6 +111,12 @@ func (r WindowsWebAppResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -290,13 +297,14 @@ func (r WindowsWebAppResource) Create() sdk.ResourceFunc { Tags: tags.FromTypedObject(webApp.Tags), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: utils.String(webApp.ServicePlanId), - Enabled: utils.Bool(webApp.Enabled), - HTTPSOnly: utils.Bool(webApp.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ServerFarmID: utils.String(webApp.ServicePlanId), + Enabled: utils.Bool(webApp.Enabled), + HTTPSOnly: utils.Bool(webApp.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webApp.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webApp.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webApp.ClientCertMode), + ClientCertExclusionPaths: utils.String(webApp.ClientCertExclusionPaths), }, } @@ -481,6 +489,7 @@ func (r WindowsWebAppResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), ConnectionStrings: helpers.FlattenConnectionStrings(connectionStrings), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), @@ -600,6 +609,9 @@ func (r WindowsWebAppResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/windows_web_app_resource_test.go b/internal/services/appservice/windows_web_app_resource_test.go index b1eae9cae4e7..b569b44af05d 100644 --- a/internal/services/appservice/windows_web_app_resource_test.go +++ b/internal/services/appservice/windows_web_app_resource_test.go @@ -1578,6 +1578,7 @@ resource "azurerm_windows_web_app" "test" { client_affinity_enabled = true client_certificate_enabled = true //client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" @@ -1763,6 +1764,8 @@ resource "azurerm_windows_web_app" "test" { client_affinity_enabled = true client_certificate_enabled = true client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" + connection_string { name = "First" diff --git a/internal/services/appservice/windows_web_app_slot_resource.go b/internal/services/appservice/windows_web_app_slot_resource.go index e1cb16066f7d..771abc91de91 100644 --- a/internal/services/appservice/windows_web_app_slot_resource.go +++ b/internal/services/appservice/windows_web_app_slot_resource.go @@ -30,6 +30,7 @@ type WindowsWebAppSlotModel struct { ClientAffinityEnabled bool `tfschema:"client_affinity_enabled"` ClientCertEnabled bool `tfschema:"client_certificate_enabled"` ClientCertMode string `tfschema:"client_certificate_mode"` + ClientCertExclusionPaths string `tfschema:"client_certificate_exclusion_paths"` Enabled bool `tfschema:"enabled"` HttpsOnly bool `tfschema:"https_only"` KeyVaultReferenceIdentityID string `tfschema:"key_vault_reference_identity_id"` @@ -114,6 +115,12 @@ func (r WindowsWebAppSlotResource) Arguments() map[string]*pluginsdk.Schema { }, false), }, + "client_certificate_exclusion_paths": { + Type: pluginsdk.TypeString, + Optional: true, + Description: "Paths to exclude when using client certificates, separated by ;", + }, + "connection_string": helpers.ConnectionStringSchema(), "enabled": { @@ -249,13 +256,14 @@ func (r WindowsWebAppSlotResource) Create() sdk.ResourceFunc { Tags: tags.FromTypedObject(webAppSlot.Tags), Identity: expandedIdentity, SiteProperties: &web.SiteProperties{ - ServerFarmID: siteProps.ServerFarmID, - Enabled: utils.Bool(webAppSlot.Enabled), - HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), - SiteConfig: siteConfig, - ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), - ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), - ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ServerFarmID: siteProps.ServerFarmID, + Enabled: utils.Bool(webAppSlot.Enabled), + HTTPSOnly: utils.Bool(webAppSlot.HttpsOnly), + SiteConfig: siteConfig, + ClientAffinityEnabled: utils.Bool(webAppSlot.ClientAffinityEnabled), + ClientCertEnabled: utils.Bool(webAppSlot.ClientCertEnabled), + ClientCertMode: web.ClientCertMode(webAppSlot.ClientCertMode), + ClientCertExclusionPaths: utils.String(webAppSlot.ClientCertExclusionPaths), }, } @@ -422,6 +430,7 @@ func (r WindowsWebAppSlotResource) Read() sdk.ResourceFunc { ClientAffinityEnabled: utils.NormaliseNilableBool(props.ClientAffinityEnabled), ClientCertEnabled: utils.NormaliseNilableBool(props.ClientCertEnabled), ClientCertMode: string(props.ClientCertMode), + ClientCertExclusionPaths: utils.NormalizeNilableString(props.ClientCertExclusionPaths), ConnectionStrings: helpers.FlattenConnectionStrings(connectionStrings), CustomDomainVerificationId: utils.NormalizeNilableString(props.CustomDomainVerificationID), DefaultHostname: utils.NormalizeNilableString(props.DefaultHostName), @@ -533,6 +542,9 @@ func (r WindowsWebAppSlotResource) Update() sdk.ResourceFunc { if metadata.ResourceData.HasChange("client_certificate_mode") { existing.SiteProperties.ClientCertMode = web.ClientCertMode(state.ClientCertMode) } + if metadata.ResourceData.HasChange("client_certificate_exclusion_paths") { + existing.SiteProperties.ClientCertExclusionPaths = utils.String(state.ClientCertExclusionPaths) + } if metadata.ResourceData.HasChange("identity") { expandedIdentity, err := expandIdentity(metadata.ResourceData.Get("identity").([]interface{})) diff --git a/internal/services/appservice/windows_web_app_slot_resource_test.go b/internal/services/appservice/windows_web_app_slot_resource_test.go index 6df20aad8c0d..0e361c4000ca 100644 --- a/internal/services/appservice/windows_web_app_slot_resource_test.go +++ b/internal/services/appservice/windows_web_app_slot_resource_test.go @@ -957,6 +957,7 @@ resource "azurerm_windows_web_app_slot" "test" { client_affinity_enabled = true client_certificate_enabled = true client_certificate_mode = "Optional" + client_certificate_exclusion_paths = "/foo;/bar;/hello;/world" connection_string { name = "First" diff --git a/website/docs/d/linux_function_app.html.markdown b/website/docs/d/linux_function_app.html.markdown index 8654aa1e230c..d183a19c103e 100644 --- a/website/docs/d/linux_function_app.html.markdown +++ b/website/docs/d/linux_function_app.html.markdown @@ -57,6 +57,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The mode of the Function App's client certificates requirement for incoming requests. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` blocks as defined below. * `daily_memory_time_quota` - The amount of memory in gigabyte-seconds that your application is allowed to consume per day. diff --git a/website/docs/d/linux_web_app.html.markdown b/website/docs/d/linux_web_app.html.markdown index faa013699af3..672700c4edab 100644 --- a/website/docs/d/linux_web_app.html.markdown +++ b/website/docs/d/linux_web_app.html.markdown @@ -51,6 +51,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The Client Certificate mode. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` block as defined below. * `custom_domain_verification_id` - The identifier used by App Service to perform domain ownership verification via DNS TXT record. diff --git a/website/docs/d/windows_function_app.html.markdown b/website/docs/d/windows_function_app.html.markdown index 04b2fac5002e..162365267570 100644 --- a/website/docs/d/windows_function_app.html.markdown +++ b/website/docs/d/windows_function_app.html.markdown @@ -49,6 +49,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The mode of the Function App's client certificates requirement for incoming requests. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - One or more `connection_string` blocks as defined below. * `content_share_force_disabled` - Are Content Share Settings disabled? diff --git a/website/docs/d/windows_web_app.html.markdown b/website/docs/d/windows_web_app.html.markdown index 93dbd13a8d9b..7748f8b0a1b5 100644 --- a/website/docs/d/windows_web_app.html.markdown +++ b/website/docs/d/windows_web_app.html.markdown @@ -49,6 +49,8 @@ In addition to the Arguments listed above - the following Attributes are exporte * `client_certificate_mode` - The Client Certificate mode. +* `client_certificate_exclusion_paths` - Paths to exclude when using client certificates, separated by ; + * `connection_string` - A `connection_string` block as defined below. * `custom_domain_verification_id` - The identifier used by App Service to perform domain ownership verification via DNS TXT record. diff --git a/website/docs/r/linux_function_app.html.markdown b/website/docs/r/linux_function_app.html.markdown index 4eb3570e353c..019c71007c1f 100644 --- a/website/docs/r/linux_function_app.html.markdown +++ b/website/docs/r/linux_function_app.html.markdown @@ -78,6 +78,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `daily_memory_time_quota` - (Optional) The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to `0`. diff --git a/website/docs/r/linux_function_app_slot.html.markdown b/website/docs/r/linux_function_app_slot.html.markdown index da26c8ab5915..5d5f5a81ec8d 100644 --- a/website/docs/r/linux_function_app_slot.html.markdown +++ b/website/docs/r/linux_function_app_slot.html.markdown @@ -82,6 +82,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) a `connection_string` block as detailed below. * `content_share_force_disabled` - (Optional) Force disable the content share settings. diff --git a/website/docs/r/linux_web_app.html.markdown b/website/docs/r/linux_web_app.html.markdown index 78ad92edb979..fa00003b0f3b 100644 --- a/website/docs/r/linux_web_app.html.markdown +++ b/website/docs/r/linux_web_app.html.markdown @@ -71,6 +71,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Linux Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/linux_web_app_slot.html.markdown b/website/docs/r/linux_web_app_slot.html.markdown index b20598c533b5..c3e59f12df55 100644 --- a/website/docs/r/linux_web_app_slot.html.markdown +++ b/website/docs/r/linux_web_app_slot.html.markdown @@ -74,6 +74,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Linux Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/windows_function_app.html.markdown b/website/docs/r/windows_function_app.html.markdown index 3f2f138f02ca..7cc754ca0867 100644 --- a/website/docs/r/windows_function_app.html.markdown +++ b/website/docs/r/windows_function_app.html.markdown @@ -78,6 +78,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `content_share_force_disabled` - (Optional) Should Content Share Settings be disabled. Defaults to `false`. diff --git a/website/docs/r/windows_function_app_slot.html.markdown b/website/docs/r/windows_function_app_slot.html.markdown index 739647de8a45..bac4c27ca89c 100644 --- a/website/docs/r/windows_function_app_slot.html.markdown +++ b/website/docs/r/windows_function_app_slot.html.markdown @@ -81,6 +81,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The mode of the Function App Slot's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser`. +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) a `connection_string` block as detailed below. * `content_share_force_disabled` - (Optional) Force disable the content share settings. diff --git a/website/docs/r/windows_web_app.html.markdown b/website/docs/r/windows_web_app.html.markdown index b75e135e3437..7de7509d0fc1 100644 --- a/website/docs/r/windows_web_app.html.markdown +++ b/website/docs/r/windows_web_app.html.markdown @@ -67,6 +67,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Windows Web App be enabled? Defaults to `true`. diff --git a/website/docs/r/windows_web_app_slot.html.markdown b/website/docs/r/windows_web_app_slot.html.markdown index 7a2cee31f090..26bd67f7a6af 100644 --- a/website/docs/r/windows_web_app_slot.html.markdown +++ b/website/docs/r/windows_web_app_slot.html.markdown @@ -74,6 +74,8 @@ The following arguments are supported: * `client_certificate_mode` - (Optional) The Client Certificate mode. Possible values include `Optional` and `Required`. This property has no effect when `client_cert_enabled` is `false` +* `client_certificate_exclusion_paths` - (Optional) Paths to exclude when using client certificates, separated by ; + * `connection_string` - (Optional) One or more `connection_string` blocks as defined below. * `enabled` - (Optional) Should the Windows Web App Slot be enabled? Defaults to `true`.