From 25ec55cb5502c8a05ff8e7be48dc5e734d7d9a66 Mon Sep 17 00:00:00 2001 From: Tao <104055472+teowa@users.noreply.github.com> Date: Wed, 6 Sep 2023 17:44:21 +0800 Subject: [PATCH 1/7] enhance datasource --- .../application_gateway_data_source.go | 1418 ++++++++++++++++- .../application_gateway_data_source_test.go | 25 + 2 files changed, 1433 insertions(+), 10 deletions(-) diff --git a/internal/services/network/application_gateway_data_source.go b/internal/services/network/application_gateway_data_source.go index 28c71f4a4d84..80ee567d7b7b 100644 --- a/internal/services/network/application_gateway_data_source.go +++ b/internal/services/network/application_gateway_data_source.go @@ -9,6 +9,8 @@ import ( "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" "github.com/hashicorp/go-azure-helpers/resourcemanager/location" + "github.com/hashicorp/go-azure-helpers/resourcemanager/zones" + "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-04-01/webapplicationfirewallpolicies" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tags" @@ -30,6 +32,9 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, }, + + "resource_group_name": commonschema.ResourceGroupNameForDataSource(), + "backend_address_pool": { Type: pluginsdk.TypeList, Computed: true, @@ -39,20 +44,1037 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Type: pluginsdk.TypeString, Computed: true, }, - "fqdns": { - Type: pluginsdk.TypeSet, + "fqdns": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + "ip_addresses": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "backend_http_settings": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "path": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "port": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "protocol": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "cookie_based_affinity": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "affinity_cookie_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "host_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "pick_host_name_from_backend_address": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "request_timeout": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "authentication_certificate": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "data": { + Type: pluginsdk.TypeString, + Computed: true, + Sensitive: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "trusted_root_certificate_names": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "connection_draining": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "drain_timeout_sec": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + }, + }, + }, + + "probe_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "probe_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "frontend_ip_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "subnet_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_ip_address": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "public_ip_address_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_ip_address_allocation": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_link_configuration_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_link_configuration_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "frontend_port": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "port": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "gateway_ip_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "subnet_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "global": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "request_buffering_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + "response_buffering_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + }, + }, + }, + + "http_listener": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "frontend_ip_configuration_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "frontend_port_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "protocol": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "host_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "host_names": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "ssl_certificate_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "require_sni": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "frontend_ip_configuration_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "frontend_port_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "ssl_certificate_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "ssl_profile_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "custom_error_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "status_code": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "custom_error_page_url": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "firewall_policy_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "ssl_profile_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "fips_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "private_endpoint_connection": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "private_link_configuration": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "ip_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "subnet_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_ip_address": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "private_ip_address_allocation": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "primary": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + }, + }, + }, + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "request_routing_rule": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rule_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "http_listener_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_address_pool_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_http_settings_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "url_path_map_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "redirect_configuration_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rewrite_rule_set_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "priority": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "backend_address_pool_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_http_settings_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "http_listener_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "url_path_map_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "redirect_configuration_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rewrite_rule_set_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "redirect_configuration": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "redirect_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "target_listener_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "target_url": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "include_path": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "include_query_string": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "target_listener_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + "autoscale_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "min_capacity": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + "max_capacity": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + }, + }, + }, + "sku": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "tier": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "capacity": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + }, + }, + }, + + "authentication_certificate": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "trusted_root_certificate": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "data": { + Type: pluginsdk.TypeString, + Computed: true, + Sensitive: true, + }, + + "key_vault_secret_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "ssl_policy": &pluginsdk.Schema{ + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "disabled_protocols": { + Type: pluginsdk.TypeList, + Optional: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "policy_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "policy_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "cipher_suites": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "min_protocol_version": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "http2_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "force_firewall_policy_association": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "probe": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "protocol": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "path": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "host": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "interval": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "timeout": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "unhealthy_threshold": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "port": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "pick_host_name_from_backend_http_settings": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "minimum_servers": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "match": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "body": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "status_code": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + }, + }, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "rewrite_rule_set": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rewrite_rule": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rule_sequence": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + + "condition": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "variable": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "pattern": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "ignore_case": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + "negate": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + }, + }, + }, + + "request_header_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "header_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "header_value": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "response_header_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "header_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "header_value": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "url": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "path": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "query_string": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "components": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "reroute": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "ssl_certificate": { + Type: pluginsdk.TypeSet, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "data": { + Type: pluginsdk.TypeString, + Computed: true, + Sensitive: true, + }, + + "key_vault_secret_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "public_cert_data": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "trusted_client_certificate": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "data": { + Type: pluginsdk.TypeString, + Computed: true, + Sensitive: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "ssl_profile": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "trusted_client_certificate_names": { + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, }, }, - "ip_addresses": { - Type: pluginsdk.TypeSet, + + "verify_client_cert_issuer_dn": { + Type: pluginsdk.TypeBool, Computed: true, - Elem: &pluginsdk.Schema{ - Type: pluginsdk.TypeString, + }, + + "verify_client_cert_revocation": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "ssl_policy": &pluginsdk.Schema{ + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "disabled_protocols": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "policy_type": { + Type: pluginsdk.TypeString, + Optional: true, + }, + + "policy_name": { + Type: pluginsdk.TypeString, + Optional: true, + }, + + "cipher_suites": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "min_protocol_version": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, }, }, + "id": { Type: pluginsdk.TypeString, Computed: true, @@ -61,12 +1083,250 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, }, - "location": commonschema.LocationComputed(), + "url_path_map": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, - "resource_group_name": commonschema.ResourceGroupNameForDataSource(), + "default_backend_address_pool_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_backend_http_settings_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_redirect_configuration_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_rewrite_rule_set_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "path_rule": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "paths": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + }, + + "backend_address_pool_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_http_settings_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "redirect_configuration_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rewrite_rule_set_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_address_pool_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "backend_http_settings_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "redirect_configuration_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rewrite_rule_set_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "firewall_policy_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "default_backend_address_pool_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_backend_http_settings_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_redirect_configuration_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "default_rewrite_rule_set_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "waf_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "firewall_mode": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rule_set_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rule_set_version": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "file_upload_limit_mb": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + "request_body_check": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + "max_request_body_size_kb": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + "disabled_rule_group": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "rule_group_name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "rules": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeInt, + }, + }, + }, + }, + }, + "exclusion": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "match_variable": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "selector_match_operator": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "selector": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + + "firewall_policy_id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "custom_error_configuration": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "status_code": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "custom_error_page_url": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "location": commonschema.LocationComputed(), "identity": commonschema.UserAssignedIdentityComputed(), + "zones": commonschema.ZonesMultipleComputed(), + "tags": commonschema.TagsDataSource(), }, } @@ -91,11 +1351,149 @@ func dataSourceApplicationGatewayRead(d *pluginsdk.ResourceData, meta interface{ d.SetId(id.ID()) if props := resp.ApplicationGatewayPropertiesFormat; props != nil { - if err := d.Set("backend_address_pool", flattenApplicationGatewayBackendAddressPools(props.BackendAddressPools)); err != nil { - return fmt.Errorf("setting `backend_address_pool`: %+v", err) + if err = d.Set("authentication_certificate", flattenApplicationGatewayAuthenticationCertificates(props.AuthenticationCertificates, d)); err != nil { + return fmt.Errorf("setting `authentication_certificate`: %+v", err) + } + + if err = d.Set("trusted_root_certificate", flattenApplicationGatewayTrustedRootCertificates(props.TrustedRootCertificates, d)); err != nil { + return fmt.Errorf("setting `trusted_root_certificate`: %+v", err) + } + + if setErr := d.Set("backend_address_pool", flattenApplicationGatewayBackendAddressPools(props.BackendAddressPools)); setErr != nil { + return fmt.Errorf("setting `backend_address_pool`: %+v", setErr) + } + + backendHttpSettings, err := flattenApplicationGatewayBackendHTTPSettings(props.BackendHTTPSettingsCollection) + if err != nil { + return fmt.Errorf("flattening `backend_http_settings`: %+v", err) + } + if setErr := d.Set("backend_http_settings", backendHttpSettings); setErr != nil { + return fmt.Errorf("setting `backend_http_settings`: %+v", setErr) + } + + if setErr := d.Set("ssl_policy", flattenApplicationGatewaySslPolicy(props.SslPolicy)); setErr != nil { + return fmt.Errorf("setting `ssl_policy`: %+v", setErr) + } + + d.Set("http2_enabled", props.EnableHTTP2) + d.Set("fips_enabled", props.EnableFips) + d.Set("force_firewall_policy_association", props.ForceFirewallPolicyAssociation) + + httpListeners, err := flattenApplicationGatewayHTTPListeners(props.HTTPListeners) + if err != nil { + return fmt.Errorf("flattening `http_listener`: %+v", err) + } + if setErr := d.Set("http_listener", httpListeners); setErr != nil { + return fmt.Errorf("setting `http_listener`: %+v", setErr) + } + + if setErr := d.Set("frontend_port", flattenApplicationGatewayFrontendPorts(props.FrontendPorts)); setErr != nil { + return fmt.Errorf("setting `frontend_port`: %+v", setErr) + } + + frontendIPConfigurations, err := flattenApplicationGatewayFrontendIPConfigurations(props.FrontendIPConfigurations) + if err != nil { + return fmt.Errorf("flattening `frontend IP configuration`: %+v", err) + } + if setErr := d.Set("frontend_ip_configuration", frontendIPConfigurations); setErr != nil { + return fmt.Errorf("setting `frontend_ip_configuration`: %+v", setErr) + } + + if setErr := d.Set("gateway_ip_configuration", flattenApplicationGatewayIPConfigurations(props.GatewayIPConfigurations)); setErr != nil { + return fmt.Errorf("setting `gateway_ip_configuration`: %+v", setErr) + } + + if setErr := d.Set("global", flattenApplicationGatewayGlobalConfiguration(props.GlobalConfiguration)); setErr != nil { + return fmt.Errorf("setting `global`: %+v", setErr) + } + + if setErr := d.Set("private_endpoint_connection", flattenApplicationGatewayPrivateEndpoints(props.PrivateEndpointConnections)); setErr != nil { + return fmt.Errorf("setting `private_endpoint_connection`: %+v", setErr) + } + + if setErr := d.Set("private_link_configuration", flattenApplicationGatewayPrivateLinkConfigurations(props.PrivateLinkConfigurations)); setErr != nil { + return fmt.Errorf("setting `private_link_configuration`: %+v", setErr) + } + + if setErr := d.Set("probe", flattenApplicationGatewayProbes(props.Probes)); setErr != nil { + return fmt.Errorf("setting `probe`: %+v", setErr) + } + + requestRoutingRules, err := flattenApplicationGatewayRequestRoutingRules(props.RequestRoutingRules) + if err != nil { + return fmt.Errorf("flattening `request_routing_rule`: %+v", err) + } + if setErr := d.Set("request_routing_rule", requestRoutingRules); setErr != nil { + return fmt.Errorf("setting `request_routing_rule`: %+v", setErr) + } + + redirectConfigurations, err := flattenApplicationGatewayRedirectConfigurations(props.RedirectConfigurations) + if err != nil { + return fmt.Errorf("flattening `redirect configuration`: %+v", err) + } + if setErr := d.Set("redirect_configuration", redirectConfigurations); setErr != nil { + return fmt.Errorf("setting `redirect_configuration`: %+v", setErr) + } + + rewriteRuleSets := flattenApplicationGatewayRewriteRuleSets(props.RewriteRuleSets) + if setErr := d.Set("rewrite_rule_set", rewriteRuleSets); setErr != nil { + return fmt.Errorf("setting `rewrite_rule_set`: %+v", setErr) + } + + if setErr := d.Set("sku", flattenApplicationGatewaySku(props.Sku)); setErr != nil { + return fmt.Errorf("setting `sku`: %+v", setErr) + } + + if setErr := d.Set("autoscale_configuration", flattenApplicationGatewayAutoscaleConfiguration(props.AutoscaleConfiguration)); setErr != nil { + return fmt.Errorf("setting `autoscale_configuration`: %+v", setErr) + } + + if setErr := d.Set("ssl_certificate", flattenApplicationGatewaySslCertificates(props.SslCertificates, d)); setErr != nil { + return fmt.Errorf("setting `ssl_certificate`: %+v", setErr) + } + + if setErr := d.Set("trusted_client_certificate", flattenApplicationGatewayTrustedClientCertificates(props.TrustedClientCertificates)); setErr != nil { + return fmt.Errorf("setting `trusted_client_certificate`: %+v", setErr) + } + + sslProfiles, err := flattenApplicationGatewaySslProfiles(props.SslProfiles) + if err != nil { + return fmt.Errorf("flattening `ssl_profile`: %+v", err) + } + if setErr := d.Set("ssl_profile", sslProfiles); setErr != nil { + return fmt.Errorf("setting `ssl_profile`: %+v", setErr) + } + + if setErr := d.Set("custom_error_configuration", flattenApplicationGatewayCustomErrorConfigurations(props.CustomErrorConfigurations)); setErr != nil { + return fmt.Errorf("setting `custom_error_configuration`: %+v", setErr) + } + + urlPathMaps, err := flattenApplicationGatewayURLPathMaps(props.URLPathMaps) + if err != nil { + return fmt.Errorf("flattening `url_path_map`: %+v", err) + } + if setErr := d.Set("url_path_map", urlPathMaps); setErr != nil { + return fmt.Errorf("setting `url_path_map`: %+v", setErr) + } + + if setErr := d.Set("waf_configuration", flattenApplicationGatewayWafConfig(props.WebApplicationFirewallConfiguration)); setErr != nil { + return fmt.Errorf("setting `waf_configuration`: %+v", setErr) + } + + firewallPolicyId := "" + if props.FirewallPolicy != nil && props.FirewallPolicy.ID != nil { + firewallPolicyId = *props.FirewallPolicy.ID + policyId, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyIDInsensitively(firewallPolicyId) + if err == nil { + firewallPolicyId = policyId.ID() + } } + d.Set("firewall_policy_id", firewallPolicyId) } + d.Set("name", id.Name) + d.Set("resource_group_name", id.ResourceGroup) + d.Set("zones", zones.FlattenUntyped(resp.Zones)) d.Set("location", location.NormalizeNilable(resp.Location)) identity, err := flattenApplicationGatewayIdentity(resp.Identity) diff --git a/internal/services/network/application_gateway_data_source_test.go b/internal/services/network/application_gateway_data_source_test.go index aac5a0735797..d9bed7cbd234 100644 --- a/internal/services/network/application_gateway_data_source_test.go +++ b/internal/services/network/application_gateway_data_source_test.go @@ -56,6 +56,20 @@ func TestAccDataSourceAppGateway_backendAddressPool(t *testing.T) { }) } +func TestAccDataSourceAppGateway_sslProfile(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_application_gateway", "test") + r := AppGatewayDataSource{} + + data.DataSourceTest(t, []acceptance.TestStep{ + { + Config: r.sslProfile(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("location").Exists(), + ), + }, + }) +} + func (AppGatewayDataSource) basic(data acceptance.TestData) string { return fmt.Sprintf(` %s @@ -67,6 +81,17 @@ data "azurerm_application_gateway" "test" { `, ApplicationGatewayResource{}.basic(data)) } +func (AppGatewayDataSource) sslProfile(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +data "azurerm_application_gateway" "test" { + resource_group_name = azurerm_application_gateway.test.resource_group_name + name = azurerm_application_gateway.test.name +} +`, ApplicationGatewayResource{}.sslProfile(data)) +} + func (AppGatewayDataSource) userAssignedIdentity(data acceptance.TestData) string { return fmt.Sprintf(` %s From a4d566ea65bc2fdc18422d8003c06f74fc45eb6f Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Tue, 19 Sep 2023 10:26:10 +0000 Subject: [PATCH 2/7] add doc --- .../application_gateway_data_source.go | 17 +- .../application_gateway_data_source_test.go | 17 +- .../docs/d/application_gateway.html.markdown | 586 +++++++++++++++++- .../docs/r/application_gateway.html.markdown | 28 +- 4 files changed, 611 insertions(+), 37 deletions(-) diff --git a/internal/services/network/application_gateway_data_source.go b/internal/services/network/application_gateway_data_source.go index 80ee567d7b7b..51d7df6cdf05 100644 --- a/internal/services/network/application_gateway_data_source.go +++ b/internal/services/network/application_gateway_data_source.go @@ -45,14 +45,14 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Computed: true, }, "fqdns": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, }, }, "ip_addresses": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, @@ -409,7 +409,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, "private_endpoint_connection": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ @@ -426,7 +426,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, "private_link_configuration": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ @@ -563,7 +563,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, "redirect_configuration": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ @@ -951,7 +951,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, "ssl_certificate": { - Type: pluginsdk.TypeSet, + Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ @@ -1026,17 +1026,18 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, }, + // this is same as in resource schema. TODO: replace cert by certificate in 4.0 "verify_client_cert_issuer_dn": { Type: pluginsdk.TypeBool, Computed: true, }, - "verify_client_cert_revocation": { + "verify_client_certificate_revocation": { Type: pluginsdk.TypeString, Computed: true, }, - "ssl_policy": &pluginsdk.Schema{ + "ssl_policy": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ diff --git a/internal/services/network/application_gateway_data_source_test.go b/internal/services/network/application_gateway_data_source_test.go index d9bed7cbd234..d5cd049235ac 100644 --- a/internal/services/network/application_gateway_data_source_test.go +++ b/internal/services/network/application_gateway_data_source_test.go @@ -64,7 +64,20 @@ func TestAccDataSourceAppGateway_sslProfile(t *testing.T) { { Config: r.sslProfile(data), Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).Key("location").Exists(), + check.That(data.ResourceName).Key("sku.0.capacity").Exists(), + check.That(data.ResourceName).Key("gateway_ip_configuration.0.subnet_id").Exists(), + check.That(data.ResourceName).Key("frontend_port.0.port").Exists(), + check.That(data.ResourceName).Key("frontend_ip_configuration.0.public_ip_address_id").Exists(), + check.That(data.ResourceName).Key("backend_address_pool.0.name").Exists(), + check.That(data.ResourceName).Key("backend_http_settings.0.cookie_based_affinity").Exists(), + check.That(data.ResourceName).Key("http_listener.0.frontend_port_name").Exists(), + check.That(data.ResourceName).Key("http_listener.0.protocol").Exists(), + check.That(data.ResourceName).Key("request_routing_rule.0.priority").Exists(), + check.That(data.ResourceName).Key("request_routing_rule.0.rule_type").Exists(), + check.That(data.ResourceName).Key("ssl_profile.0.verify_client_certificate_revocation").Exists(), + check.That(data.ResourceName).Key("ssl_profile.0.ssl_policy.0.policy_type").Exists(), + check.That(data.ResourceName).Key("ssl_profile.0.ssl_policy.0.policy_name").Exists(), + check.That(data.ResourceName).Key("ssl_certificate.0.name").Exists(), ), }, }) @@ -89,7 +102,7 @@ data "azurerm_application_gateway" "test" { resource_group_name = azurerm_application_gateway.test.resource_group_name name = azurerm_application_gateway.test.name } -`, ApplicationGatewayResource{}.sslProfile(data)) +`, ApplicationGatewayResource{}.sslProfileUpdateOne(data)) } func (AppGatewayDataSource) userAssignedIdentity(data acceptance.TestData) string { diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index 692ba7dbf035..3f79a44f723f 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -27,9 +27,9 @@ output "id" { The following arguments are supported: -* `name` - (Required) The name of this Application Gateway. +* `name` - The name of this Application Gateway. -* `resource_group_name` - (Required) The name of the Resource Group where the Application Gateway exists. +* `resource_group_name` - The name of the Resource Group where the Application Gateway exists. ## Attributes Reference @@ -37,33 +37,595 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Application Gateway. -* `backend_address_pool` - A `backend_address_pool` block as defined below. +* `location` - The Azure region where the Application Gateway should exist. -* `identity` - A `identity` block as defined below. +* `backend_address_pool` - One or more `backend_address_pool` blocks as defined below. -* `location` - The Azure Region where the Application Gateway exists. +* `backend_http_settings` - One or more `backend_http_settings` blocks as defined below. -* `tags` - A mapping of tags assigned to the Application Gateway. +* `frontend_ip_configuration` - One or more `frontend_ip_configuration` blocks as defined below. + +* `frontend_port` - One or more `frontend_port` blocks as defined below. + +* `gateway_ip_configuration` - One or more `gateway_ip_configuration` blocks as defined below. + +* `http_listener` - One or more `http_listener` blocks as defined below. + +* `request_routing_rule` - One or more `request_routing_rule` blocks as defined below. + +* `sku` - A `sku` block as defined below. + +--- + +* `fips_enabled` - Is FIPS enabled on the Application Gateway? + +* `global` - A `global` block as defined below. + +* `identity` - An `identity` block as defined below. + +* `private_link_configuration` - One or more `private_link_configuration` blocks as defined below. + +* `zones` - Specifies a list of Availability Zones in which this Application Gateway should be located. + +* `trusted_client_certificate` - One or more `trusted_client_certificate` blocks as defined below. + +* `ssl_profile` - One or more `ssl_profile` blocks as defined below. + +* `authentication_certificate` - One or more `authentication_certificate` blocks as defined below. + +* `trusted_root_certificate` - One or more `trusted_root_certificate` blocks as defined below. + +* `ssl_policy` - a `ssl_policy` block as defined below. + +* `enable_http2` - Is HTTP2 enabled on the application gateway resource? + +* `force_firewall_policy_association` - Is the Firewall Policy associated with the Application Gateway? + +* `probe` - One or more `probe` blocks as defined below. + +* `ssl_certificate` - One or more `ssl_certificate` blocks as defined below. + +* `tags` - A mapping of tags to assign to the resource. + +* `url_path_map` - One or more `url_path_map` blocks as defined below. + +* `waf_configuration` - A `waf_configuration` block as defined below. + +* `custom_error_configuration` - One or more `custom_error_configuration` blocks as defined below. + +* `firewall_policy_id` - The ID of the Web Application Firewall Policy. + +* `redirect_configuration` - One or more `redirect_configuration` blocks as defined below. + +* `autoscale_configuration` - A `autoscale_configuration` block as defined below. + +* `rewrite_rule_set` - One or more `rewrite_rule_set` blocks as defined below. Only valid for v2 SKUs. + +--- + +A `authentication_certificate` block supports the following: + +* `id` - The ID of the Authentication Certificate. + +* `name` - The Name of the Authentication Certificate to use. + +--- + +A `trusted_root_certificate` block supports the following: + +* `name` - The Name of the Trusted Root Certificate to use. + +* `key_vault_secret_id` - The Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for the Key Vault to use this feature. + +--- + +A `authentication_certificate` block, within the `backend_http_settings` block supports the following: + +* `id` - The ID of the Authentication Certificate. + +* `name` - The name of the Authentication Certificate. --- -A `backend_address_pool` block exports the following: +A `backend_address_pool` block supports the following: * `id` - The ID of the Backend Address Pool. * `name` - The name of the Backend Address Pool. -* `fqdns` - A list of FQDN's that are included in the Backend Address Pool. +* `fqdns` - A list of FQDN's which should be part of the Backend Address Pool. + +* `ip_addresses` - A list of IP Addresses which should be part of the Backend Address Pool. + +--- + +A `backend_http_settings` block supports the following: + +* `id` - The ID of the Backend HTTP Settings Configuration. + +* `probe_id` - The ID of the associated Probe. + +* `cookie_based_affinity` - Is Cookie-Based Affinity enabled? Possible values are `Enabled` and `Disabled`. + +* `affinity_cookie_name` - The name of the affinity cookie. + +* `name` - The name of the Backend HTTP Settings Collection. + +* `path` - The Path which should be used as a prefix for all HTTP requests. + +* `port` - The port which should be used for this Backend HTTP Settings Collection. + +* `probe_name` - The name of an associated HTTP Probe. + +* `protocol` - The Protocol which should be used. Possible values are `Http` and `Https`. + +* `request_timeout` - The request timeout in seconds, which must be between 1 and 86400 seconds. + +* `host_name` - Host header to be sent to the backend servers. Cannot be set if `pick_host_name_from_backend_address` is set to `true`. + +* `pick_host_name_from_backend_address` - Whether host header should be picked from the host name of the backend server. -* `ip_addresses` - A list of IP Addresses that are included in the Backend Address Pool. +* `authentication_certificate` - One or more `authentication_certificate` blocks as defined below. + +* `trusted_root_certificate_names` - A list of `trusted_root_certificate` names. + +* `connection_draining` - A `connection_draining` block as defined below. + +--- + +A `connection_draining` block supports the following: + +* `enabled` - If connection draining is enabled or not. + +* `drain_timeout_sec` - The number of seconds connection draining is active. Acceptable values are from `1` second to `3600` seconds. + +--- + +A `frontend_ip_configuration` block supports the following: + +* `id` - The ID of the Frontend IP Configuration. + +* `private_link_configuration_id` - The ID of the associated private link configuration. + +* `name` - The name of the Frontend IP Configuration. + +* `subnet_id` - The ID of the Subnet. + +* `private_ip_address` - The Private IP Address to use for the Application Gateway. + +* `public_ip_address_id` - The ID of a Public IP Address which the Application Gateway should use. The allocation method for the Public IP Address depends on the `sku` of this Application Gateway. Please refer to the [Azure documentation for public IP addresses](https://docs.microsoft.com/azure/virtual-network/public-ip-addresses#application-gateways) for details. + +* `private_ip_address_allocation` - The Allocation Method for the Private IP Address. Possible values are `Dynamic` and `Static`. + +* `private_link_configuration_name` - The name of the private link configuration to use for this frontend IP configuration. --- -A `identity` block exports the following: +A `frontend_port` block supports the following: + +* `id` - The ID of the Frontend Port. + +* `name` - The name of the Frontend Port. + +* `port` - The port used for this Frontend Port. + +--- + +A `gateway_ip_configuration` block supports the following: + +* `id` - The ID of the Gateway IP Configuration. + +* `name` - The Name of this Gateway IP Configuration. + +* `subnet_id` - The ID of the Subnet which the Application Gateway should be connected to. + +--- + +A `http_listener` block supports the following: + +* `id` - The ID of the HTTP Listener. + +* `frontend_ip_configuration_id` - The ID of the associated Frontend Configuration. + +* `frontend_port_id` - The ID of the associated Frontend Port. + +* `ssl_certificate_id` - The ID of the associated SSL Certificate. + +* `ssl_profile_id` - The ID of the associated SSL Profile. + +* `name` - The Name of the HTTP Listener. + +* `frontend_ip_configuration_name` - The Name of the Frontend IP Configuration used for this HTTP Listener. + +* `frontend_port_name` - The Name of the Frontend Port use for this HTTP Listener. + +* `host_name` - The Hostname which should be used for this HTTP Listener. + +* `host_names` - A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters. + +* `protocol` - The Protocol to use for this HTTP Listener. Possible values are `Http` and `Https`. + +* `require_sni` - Should Server Name Indication be Required? + +* `ssl_certificate_name` - The name of the associated SSL Certificate which should be used for this HTTP Listener. + +* `custom_error_configuration` - One or more `custom_error_configuration` blocks as defined below. + +* `firewall_policy_id` - The ID of the Web Application Firewall Policy which should be used for this HTTP Listener. + +* `ssl_profile_name` - The name of the associated SSL Profile which should be used for this HTTP Listener. + +--- + +An `identity` block supports the following: + +* `type` - Specifies the type of Managed Service Identity that should be configured on this Application Gateway. Only possible value is `UserAssigned`. + +* `identity_ids` - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway. + +--- + +A `private_endpoint_connection` block exports the following: + +* `name` - The name of the private endpoint connection. + +* `id` - The ID of the private endpoint connection. + +--- + +A `private_link_configuration` block supports the following: + +* `id` - The ID of the private link configuration. + +* `name` - The name of the private link configuration. + +* `ip_configuration` - One or more `ip_configuration` blocks as defined below. + +--- + +An `ip_configuration` block supports the following: + +* `name` - The name of the IP configuration. + +* `subnet_id` - The ID of the subnet the private link configuration should connect to. + +* `private_ip_address_allocation` - The allocation method used for the Private IP Address. Possible values are `Dynamic` and `Static`. + +* `primary` - Is this the Primary IP Configuration? + +* `private_ip_address` - The Static IP Address which should be used. + +--- + +A `match` block supports the following: + +* `body` - A snippet from the Response Body which must be present in the Response. + +* `status_code` - A list of allowed status codes for this Health Probe. + +--- + +A `path_rule` block supports the following: + +* `id` - The ID of the Path Rule. + +* `backend_address_pool_id` - The ID of the Backend Address Pool used in this Path Rule. + +* `backend_http_settings_id` - The ID of the Backend HTTP Settings Collection used in this Path Rule. + +* `redirect_configuration_id` - The ID of the Redirect Configuration used in this Path Rule. + +* `rewrite_rule_set_id` - The ID of the Rewrite Rule Set used in this Path Rule. + +* `name` - The Name of the Path Rule. + +* `paths` - A list of Paths used in this Path Rule. + +* `backend_address_pool_name` - The Name of the Backend Address Pool to use for this Path Rule. Cannot be set if `redirect_configuration_name` is set. + +* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection to use for this Path Rule. Cannot be set if `redirect_configuration_name` is set. + +* `redirect_configuration_name` - The Name of a Redirect Configuration to use for this Path Rule. Cannot be set if `backend_address_pool_name` or `backend_http_settings_name` is set. + +* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. + +* `firewall_policy_id` - The ID of the Web Application Firewall Policy which should be used as an HTTP Listener. + +--- + +A `probe` block support the following: + +* `id` - The ID of the Probe. + +* `host` - The Hostname used for this Probe. If the Application Gateway is configured for a single site, by default the Host name should be specified as `127.0.0.1`, unless otherwise configured in custom probe. Cannot be set if `pick_host_name_from_backend_http_settings` is set to `true`. + +* `interval` - The Interval between two consecutive probes in seconds. Possible values range from 1 second to a maximum of 86,400 seconds. + +* `name` - The Name of the Probe. + +* `protocol` - The Protocol used for this Probe. Possible values are `Http` and `Https`. + +* `path` - The Path used for this Probe. + +* `timeout` - The Timeout used for this Probe, which indicates when a probe becomes unhealthy. Possible values range from 1 second to a maximum of 86,400 seconds. + +* `unhealthy_threshold` - The Unhealthy Threshold for this Probe, which indicates the amount of retries which should be attempted before a node is deemed unhealthy. Possible values are from 1 to 20. + +* `port` - Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from HTTP settings will be used. This property is valid for Standard_v2 and WAF_v2 only. + +* `pick_host_name_from_backend_http_settings` - Whether the host header should be picked from the backend HTTP settings. + +* `match` - A `match` block as defined above. + +* `minimum_servers` - The minimum number of servers that are always marked as healthy. + +--- + +A `request_routing_rule` block supports the following: + +* `id` - The ID of the Request Routing Rule. + +* `http_listener_id` - The ID of the associated HTTP Listener. + +* `backend_address_pool_id` - The ID of the associated Backend Address Pool. + +* `backend_http_settings_id` - The ID of the associated Backend HTTP Settings Configuration. + +* `redirect_configuration_id` - The ID of the associated Redirect Configuration. + +* `rewrite_rule_set_id` - The ID of the associated Rewrite Rule Set. + +* `url_path_map_id` - The ID of the associated URL Path Map. + +* `name` - The Name of this Request Routing Rule. + +* `rule_type` - The Type of Routing that should be used for this Rule. Possible values are `Basic` and `PathBasedRouting`. + +* `http_listener_name` - The Name of the HTTP Listener which should be used for this Routing Rule. + +* `backend_address_pool_name` - The Name of the Backend Address Pool which should be used for this Routing Rule. Cannot be set if `redirect_configuration_name` is set. + +* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection which should be used for this Routing Rule. Cannot be set if `redirect_configuration_name` is set. + +* `redirect_configuration_name` - The Name of the Redirect Configuration which should be used for this Routing Rule. Cannot be set if either `backend_address_pool_name` or `backend_http_settings_name` is set. + +* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which should be used for this Routing Rule. Only valid for v2 SKUs. + +* `url_path_map_name` - The Name of the URL Path Map which should be associated with this Routing Rule. + +* `priority` - Rule evaluation order can be dictated by specifying an integer value from `1` to `20000` with `1` being the highest priority and `20000` being the lowest priority. + +--- + +A `global` block supports the following: + +* `request_buffering_enabled` - Whether Application Gateway's Request buffer is enabled. + +* `response_buffering_enabled` - Whether Application Gateway's Response buffer is enabled. + +--- + +A `sku` block supports the following: + +* `name` - The Name of the SKU to use for this Application Gateway. Possible values are `Standard_Small`, `Standard_Medium`, `Standard_Large`, `Standard_v2`, `WAF_Medium`, `WAF_Large`, and `WAF_v2`. + +* `tier` - The Tier of the SKU to use for this Application Gateway. Possible values are `Standard`, `Standard_v2`, `WAF` and `WAF_v2`. + +* `capacity` - The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between 1 and 32, and 1 to 125 for a V2 SKU. This property is optional if `autoscale_configuration` is set. + +--- + +A `ssl_certificate` block supports the following: + +* `id` - The ID of the SSL Certificate. + +* `public_cert_data` - The Public Certificate Data associated with the SSL Certificate. + +* `name` - The Name of the SSL certificate that is unique within this Application Gateway + +* `key_vault_secret_id` - Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. + +--- + +A `url_path_map` block supports the following: + +* `id` - The ID of the URL Path Map. + +* `default_backend_address_pool_id` - The ID of the Default Backend Address Pool. + +* `default_backend_http_settings_id` - The ID of the Default Backend HTTP Settings Collection. + +* `default_redirect_configuration_id` - The ID of the Default Redirect Configuration. + +* `path_rule` - A list of `path_rule` blocks as defined above. + +* `name` - The Name of the URL Path Map. + +* `default_backend_address_pool_name` - The Name of the Default Backend Address Pool which should be used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. + +* `default_backend_http_settings_name` - The Name of the Default Backend HTTP Settings Collection which should be used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. + +* `default_redirect_configuration_name` - The Name of the Default Redirect Configuration which should be used for this URL Path Map. Cannot be set if either `default_backend_address_pool_name` or `default_backend_http_settings_name` is set. + +* `default_rewrite_rule_set_name` - The Name of the Default Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. + +* `path_rule` - One or more `path_rule` blocks as defined above. + +--- + +A `trusted_client_certificate` block supports the following: + +* `name` - The name of the Trusted Client Certificate that is unique within this Application Gateway. + +--- + +A `ssl_profile` block supports the following: + +* `name` - The name of the SSL Profile that is unique within this Application Gateway. + +* `trusted_client_certificate_names` - The name of the Trusted Client Certificate that will be used to authenticate requests from clients. + +* `verify_client_cert_issuer_dn` - Should client certificate issuer DN be verified? + +* `verify_client_certificate_revocation` - Specify the method to check client certificate revocation status. Possible value is `OCSP`. + +* `ssl_policy` - a `ssl_policy` block as defined below. + +--- + +A `ssl_policy` block supports the following: + +* `disabled_protocols` - A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. + +* `policy_type` - The Type of the Policy. Possible values are `Predefined`, `Custom` and `CustomV2`. + +* `policy_name` - The Name of the Policy e.g. AppGwSslPolicy20170401S. Possible values can change over time and are published here . Not compatible with `disabled_protocols`. + +* `cipher_suites` - A List of accepted cipher suites. Possible values are: `TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_128_CBC_SHA256`, `TLS_DHE_DSS_WITH_AES_256_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_256_CBC_SHA256`, `TLS_DHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_DHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_3DES_EDE_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_256_CBC_SHA256` and `TLS_RSA_WITH_AES_256_GCM_SHA384`. + +* `min_protocol_version` - The minimal TLS version. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. + +--- + +A `waf_configuration` block supports the following: + +* `enabled` - Is the Web Application Firewall enabled? + +* `firewall_mode` - The Web Application Firewall Mode. Possible values are `Detection` and `Prevention`. + +* `rule_set_type` - The Type of the Rule Set used for this Web Application Firewall. Possible values are `OWASP` and `Microsoft_BotManagerRuleSet`. + +* `rule_set_version` - The Version of the Rule Set used for this Web Application Firewall. Possible values are `0.1`, `1.0`, `2.2.9`, `3.0`, `3.1` and `3.2`. + +* `disabled_rule_group` - one or more `disabled_rule_group` blocks as defined below. + +* `file_upload_limit_mb` - The File Upload Limit in MB. Accepted values are in the range `1`MB to `750`MB for the `WAF_v2` SKU, and `1`MB to `500`MB for all other SKUs. + +* `request_body_check` - Is Request Body Inspection enabled? + +* `max_request_body_size_kb` - The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. + +* `exclusion` - one or more `exclusion` blocks as defined below. + +--- + +A `disabled_rule_group` block supports the following: + +* `rule_group_name` - The rule group where specific rules should be disabled. Possible values are `BadBots`, `crs_20_protocol_violations`, `crs_21_protocol_anomalies`, `crs_23_request_limits`, `crs_30_http_policy`, `crs_35_bad_robots`, `crs_40_generic_attacks`, `crs_41_sql_injection_attacks`, `crs_41_xss_attacks`, `crs_42_tight_security`, `crs_45_trojans`, `General`, `GoodBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA` and `UnknownBots`. + +* `rules` - A list of rules which should be disabled in that group. Disables all rules in the specified group if `rules` is not specified. + +--- + +A `exclusion` block supports the following: + +* `match_variable` - Match variable of the exclusion rule to exclude header, cookie or GET arguments. Possible values are `RequestArgKeys`, `RequestArgNames`, `RequestArgValues`, `RequestCookieKeys`, `RequestCookieNames`, `RequestCookieValues`, `RequestHeaderKeys`, `RequestHeaderNames` and `RequestHeaderValues` + +* `selector_match_operator` - Operator which will be used to search in the variable content. Possible values are `Contains`, `EndsWith`, `Equals`, `EqualsAny` and `StartsWith`. If empty will exclude all traffic on this `match_variable` + +* `selector` - String value which will be used for the filter operation. If empty will exclude all traffic on this `match_variable` + +--- + +A `custom_error_configuration` block supports the following: + +* `id` - The ID of the Custom Error Configuration. + +* `status_code` - Status code of the application gateway customer error. Possible values are `HttpStatus403` and `HttpStatus502` + +* `custom_error_page_url` - Error page URL of the application gateway customer error. + +--- + +A `redirect_configuration` block supports the following: + +* `id` - The ID of the Redirect Configuration. + +* `name` - Unique name of the redirect configuration block + +* `redirect_type` - The type of redirect. Possible values are `Permanent`, `Temporary`, `Found` and `SeeOther` + +* `target_listener_name` - The name of the listener to redirect to. Cannot be set if `target_url` is set. + +* `target_url` - The Url to redirect the request to. Cannot be set if `target_listener_name` is set. + +* `include_path` - Whether to include the path in the redirected Url. + +* `include_query_string` - Whether to include the query string in the redirected Url. Default to `false` + +--- + +A `autoscale_configuration` block supports the following: + +* `min_capacity` - Minimum capacity for autoscaling. Accepted values are in the range `0` to `100`. + +* `max_capacity` - Maximum capacity for autoscaling. Accepted values are in the range `2` to `125`. + +--- + +A `rewrite_rule_set` block supports the following: + +* `id` - The ID of the Rewrite Rule Set + +* `name` - Unique name of the rewrite rule set block + +* `rewrite_rule` - One or more `rewrite_rule` blocks as defined above. + +--- + +A `rewrite_rule` block supports the following: + +* `name` - Unique name of the rewrite rule block + +* `rule_sequence` - Rule sequence of the rewrite rule that determines the order of execution in a set. + +* `condition` - One or more `condition` blocks as defined above. + +* `request_header_configuration` - One or more `request_header_configuration` blocks as defined above. + +* `response_header_configuration` - One or more `response_header_configuration` blocks as defined above. + +* `url` - One `url` block as defined below + +--- + +A `condition` block supports the following: + +* `variable` - The [variable](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers#server-variables) of the condition. + +* `pattern` - The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. + +* `ignore_case` - Perform a case in-sensitive comparison. + +* `negate` - Negate the result of the condition evaluation. + +--- + +A `request_header_configuration` block supports the following: + +* `header_name` - Header name of the header configuration. + +* `header_value` - Header value of the header configuration. To delete a request header set this property to an empty string. + +--- + +A `response_header_configuration` block supports the following: + +* `header_name` - Header name of the header configuration. + +* `header_value` - Header value of the header configuration. To delete a response header set this property to an empty string. + +--- + +A `url` block supports the following: + +* `path` - The URL path to rewrite. + +* `query_string` - The query string to rewrite. -* `identity_ids` - A list of Managed Identity IDs assigned to this Application Gateway. +* `components` - The components used to rewrite the URL. Possible values are `path_only` and `query_string_only` to limit the rewrite to the URL Path or URL Query String only. -* `type` - The type of Managed Identity assigned to this Application Gateway. +* `reroute` - Whether the URL path map should be reevaluated after this rewrite has been applied. [More info on rewrite configutation](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration) ## Timeouts diff --git a/website/docs/r/application_gateway.html.markdown b/website/docs/r/application_gateway.html.markdown index 6e03619470e6..7e6e4436d8ec 100644 --- a/website/docs/r/application_gateway.html.markdown +++ b/website/docs/r/application_gateway.html.markdown @@ -136,6 +136,12 @@ The following arguments are supported: * `http_listener` - (Required) One or more `http_listener` blocks as defined below. +* `request_routing_rule` - (Required) One or more `request_routing_rule` blocks as defined below. + +* `sku` - (Required) A `sku` block as defined below. + +--- + * `fips_enabled` - (Optional) Is FIPS enabled on the Application Gateway? * `global` - (Optional) A `global` block as defined below. @@ -144,20 +150,14 @@ The following arguments are supported: * `private_link_configuration` - (Optional) One or more `private_link_configuration` blocks as defined below. -* `request_routing_rule` - (Required) One or more `request_routing_rule` blocks as defined below. - -* `sku` - (Required) A `sku` block as defined below. - * `zones` - (Optional) Specifies a list of Availability Zones in which this Application Gateway should be located. Changing this forces a new Application Gateway to be created. +-> **Please Note**: Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). They are also only supported for [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) + * `trusted_client_certificate` - (Optional) One or more `trusted_client_certificate` blocks as defined below. * `ssl_profile` - (Optional) One or more `ssl_profile` blocks as defined below. --> **Please Note**: Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). They are also only supported for [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) - ---- - * `authentication_certificate` - (Optional) One or more `authentication_certificate` blocks as defined below. * `trusted_root_certificate` - (Optional) One or more `trusted_root_certificate` blocks as defined below. @@ -384,7 +384,7 @@ A `path_rule` block supports the following: * `rewrite_rule_set_name` - (Optional) The Name of the Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. -* `firewall_policy_id` - (Optional) The ID of the Web Application Firewall Policy which should be used as a HTTP Listener. +* `firewall_policy_id` - (Optional) The ID of the Web Application Firewall Policy which should be used as an HTTP Listener. --- @@ -470,7 +470,7 @@ A `ssl_certificate` block supports the following: * `password` - (Optional) Password for the pfx file specified in data. Required if `data` is set. -* `key_vault_secret_id` - (Optional) Secret Id of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. Required if `data` is not set. +* `key_vault_secret_id` - (Optional) Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. Required if `data` is not set. -> **NOTE:** TLS termination with Key Vault certificates is limited to the [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/key-vault-certs). @@ -529,7 +529,7 @@ A `ssl_policy` block supports the following: When using a `policy_type` of `Predefined` the following fields are supported: -* `policy_name` - (Optional) The Name of the Policy e.g AppGwSslPolicy20170401S. Required if `policy_type` is set to `Predefined`. Possible values can change over time and are published here . Not compatible with `disabled_protocols`. +* `policy_name` - (Optional) The Name of the Policy e.g. AppGwSslPolicy20170401S. Required if `policy_type` is set to `Predefined`. Possible values can change over time and are published here . Not compatible with `disabled_protocols`. When using a `policy_type` of `Custom` the following fields are supported: @@ -597,9 +597,9 @@ A `redirect_configuration` block supports the following: * `target_url` - (Optional) The Url to redirect the request to. Cannot be set if `target_listener_name` is set. -* `include_path` - (Optional) Whether or not to include the path in the redirected Url. Defaults to `false` +* `include_path` - (Optional) Whether to include the path in the redirected Url. Defaults to `false` -* `include_query_string` - (Optional) Whether or not to include the query string in the redirected Url. Default to `false` +* `include_query_string` - (Optional) Whether to include the query string in the redirected Url. Default to `false` --- @@ -693,8 +693,6 @@ In addition to the Arguments listed above - the following Attributes are exporte * `gateway_ip_configuration` - A list of `gateway_ip_configuration` blocks as defined below. -* `enable_http2` - (Optional) Is HTTP2 enabled on the application gateway resource? - * `http_listener` - A list of `http_listener` blocks as defined below. * `private_endpoint_connection` - A list of `private_endpoint_connection` blocks as defined below. From 77f31de24b3441a9f309413e6ead983f00200928 Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Tue, 19 Sep 2023 10:44:14 +0000 Subject: [PATCH 3/7] fix lint --- internal/services/network/application_gateway_data_source.go | 2 +- website/docs/d/application_gateway.html.markdown | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/services/network/application_gateway_data_source.go b/internal/services/network/application_gateway_data_source.go index 51d7df6cdf05..fce21bb9c14d 100644 --- a/internal/services/network/application_gateway_data_source.go +++ b/internal/services/network/application_gateway_data_source.go @@ -695,7 +695,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, }, - "ssl_policy": &pluginsdk.Schema{ + "ssl_policy": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index 3f79a44f723f..d7340371aa53 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -55,8 +55,6 @@ In addition to the Arguments listed above - the following Attributes are exporte * `sku` - A `sku` block as defined below. ---- - * `fips_enabled` - Is FIPS enabled on the Application Gateway? * `global` - A `global` block as defined below. From 18d47d290ff164dba18eb55dc57a6dc7f97d4cc5 Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Tue, 26 Sep 2023 08:27:08 +0000 Subject: [PATCH 4/7] fix review comment --- .../application_gateway_data_source.go | 98 +++++-- .../docs/d/application_gateway.html.markdown | 258 +++++++++--------- .../docs/r/application_gateway.html.markdown | 26 +- 3 files changed, 210 insertions(+), 172 deletions(-) diff --git a/internal/services/network/application_gateway_data_source.go b/internal/services/network/application_gateway_data_source.go index fce21bb9c14d..78b1575c1a21 100644 --- a/internal/services/network/application_gateway_data_source.go +++ b/internal/services/network/application_gateway_data_source.go @@ -7,6 +7,7 @@ import ( "fmt" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" "github.com/hashicorp/go-azure-helpers/resourcemanager/location" "github.com/hashicorp/go-azure-helpers/resourcemanager/zones" @@ -17,6 +18,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" "github.com/hashicorp/terraform-provider-azurerm/utils" + "github.com/tombuildsstuff/kermit/sdk/network/2022-07-01/network" ) func dataSourceApplicationGateway() *pluginsdk.Resource { @@ -126,12 +128,6 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Computed: true, }, - "data": { - Type: pluginsdk.TypeString, - Computed: true, - Sensitive: true, - }, - "id": { Type: pluginsdk.TypeString, Computed: true, @@ -352,6 +348,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Type: pluginsdk.TypeString, Computed: true, }, + "id": { Type: pluginsdk.TypeString, Computed: true, @@ -618,6 +615,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Type: pluginsdk.TypeInt, Computed: true, }, + "max_capacity": { Type: pluginsdk.TypeInt, Computed: true, @@ -676,12 +674,6 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Computed: true, }, - "data": { - Type: pluginsdk.TypeString, - Computed: true, - Sensitive: true, - }, - "key_vault_secret_id": { Type: pluginsdk.TypeString, Computed: true, @@ -702,7 +694,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Schema: map[string]*pluginsdk.Schema{ "disabled_protocols": { Type: pluginsdk.TypeList, - Optional: true, + Computed: true, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, }, @@ -960,12 +952,6 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Computed: true, }, - "data": { - Type: pluginsdk.TypeString, - Computed: true, - Sensitive: true, - }, - "key_vault_secret_id": { Type: pluginsdk.TypeString, Computed: true, @@ -994,12 +980,6 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { Computed: true, }, - "data": { - Type: pluginsdk.TypeString, - Computed: true, - Sensitive: true, - }, - "id": { Type: pluginsdk.TypeString, Computed: true, @@ -1026,8 +1006,7 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { }, }, - // this is same as in resource schema. TODO: replace cert by certificate in 4.0 - "verify_client_cert_issuer_dn": { + "verify_client_certificate_issuer_dn": { Type: pluginsdk.TypeBool, Computed: true, }, @@ -1052,12 +1031,12 @@ func dataSourceApplicationGateway() *pluginsdk.Resource { "policy_type": { Type: pluginsdk.TypeString, - Optional: true, + Computed: true, }, "policy_name": { Type: pluginsdk.TypeString, - Optional: true, + Computed: true, }, "cipher_suites": { @@ -1457,7 +1436,7 @@ func dataSourceApplicationGatewayRead(d *pluginsdk.ResourceData, meta interface{ return fmt.Errorf("setting `trusted_client_certificate`: %+v", setErr) } - sslProfiles, err := flattenApplicationGatewaySslProfiles(props.SslProfiles) + sslProfiles, err := flattenApplicationGatewayDataSourceSslProfiles(props.SslProfiles) if err != nil { return fmt.Errorf("flattening `ssl_profile`: %+v", err) } @@ -1507,3 +1486,62 @@ func dataSourceApplicationGatewayRead(d *pluginsdk.ResourceData, meta interface{ return tags.FlattenAndSet(d, resp.Tags) } + +// TODO: 4.0 remove this, after the resource schema `verify_client_cert_issuer_dn` is changed to `verify_client_certificate_issuer_dn` +func flattenApplicationGatewayDataSourceSslProfiles(input *[]network.ApplicationGatewaySslProfile) ([]interface{}, error) { + results := make([]interface{}, 0) + if input == nil { + return results, nil + } + + for _, v := range *input { + output := map[string]interface{}{} + if v.Name == nil { + continue + } + + name := *v.Name + + if v.ID != nil { + output["id"] = *v.ID + } + + output["name"] = name + + verifyClientCertIssuerDn := false + verifyClientCertificateRevocation := "" + if v.ClientAuthConfiguration != nil { + verifyClientCertIssuerDn = pointer.From(v.ClientAuthConfiguration.VerifyClientCertIssuerDN) + if v.ClientAuthConfiguration.VerifyClientRevocation != network.ApplicationGatewayClientRevocationOptionsNone { + verifyClientCertificateRevocation = string(v.ClientAuthConfiguration.VerifyClientRevocation) + } + } + output["verify_client_certificate_issuer_dn"] = verifyClientCertIssuerDn + output["verify_client_certificate_revocation"] = verifyClientCertificateRevocation + + output["ssl_policy"] = flattenApplicationGatewaySslPolicy(v.SslPolicy) + + if props := v.ApplicationGatewaySslProfilePropertiesFormat; props != nil { + trustedClientCertificateNames := make([]interface{}, 0) + if certs := props.TrustedClientCertificates; certs != nil { + for _, cert := range *certs { + if cert.ID == nil { + continue + } + + certId, err := parse.TrustedClientCertificateIDInsensitively(*cert.ID) + if err != nil { + return nil, err + } + + trustedClientCertificateNames = append(trustedClientCertificateNames, certId.Name) + } + } + output["trusted_client_certificate_names"] = trustedClientCertificateNames + } + + results = append(results, output) + } + + return results, nil +} diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index d7340371aa53..375aaf827521 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -37,7 +37,7 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the Application Gateway. -* `location` - The Azure region where the Application Gateway should exist. +* `location` - The Azure region where the Application Gateway exists. * `backend_address_pool` - One or more `backend_address_pool` blocks as defined below. @@ -63,7 +63,7 @@ In addition to the Arguments listed above - the following Attributes are exporte * `private_link_configuration` - One or more `private_link_configuration` blocks as defined below. -* `zones` - Specifies a list of Availability Zones in which this Application Gateway should be located. +* `zones` - The list of Availability Zones in which this Application Gateway can use. * `trusted_client_certificate` - One or more `trusted_client_certificate` blocks as defined below. @@ -73,9 +73,9 @@ In addition to the Arguments listed above - the following Attributes are exporte * `trusted_root_certificate` - One or more `trusted_root_certificate` blocks as defined below. -* `ssl_policy` - a `ssl_policy` block as defined below. +* `ssl_policy` - A `ssl_policy` block as defined below. -* `enable_http2` - Is HTTP2 enabled on the application gateway resource? +* `http2_enabled` - Is HTTP2 enabled on the application gateway resource? * `force_firewall_policy_association` - Is the Firewall Policy associated with the Application Gateway? @@ -95,13 +95,13 @@ In addition to the Arguments listed above - the following Attributes are exporte * `redirect_configuration` - One or more `redirect_configuration` blocks as defined below. -* `autoscale_configuration` - A `autoscale_configuration` block as defined below. +* `autoscale_configuration` - An `autoscale_configuration` block as defined below. -* `rewrite_rule_set` - One or more `rewrite_rule_set` blocks as defined below. Only valid for v2 SKUs. +* `rewrite_rule_set` - One or more `rewrite_rule_set` blocks as defined below. --- -A `authentication_certificate` block supports the following: +An `authentication_certificate` block exports the following: * `id` - The ID of the Authentication Certificate. @@ -109,15 +109,15 @@ A `authentication_certificate` block supports the following: --- -A `trusted_root_certificate` block supports the following: +A `trusted_root_certificate` block exports the following: * `name` - The Name of the Trusted Root Certificate to use. -* `key_vault_secret_id` - The Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for the Key Vault to use this feature. +* `key_vault_secret_id` - The Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. --- -A `authentication_certificate` block, within the `backend_http_settings` block supports the following: +A `authentication_certificate` block, within the `backend_http_settings` block exports the following: * `id` - The ID of the Authentication Certificate. @@ -125,43 +125,43 @@ A `authentication_certificate` block, within the `backend_http_settings` block s --- -A `backend_address_pool` block supports the following: +A `backend_address_pool` block exports the following: * `id` - The ID of the Backend Address Pool. * `name` - The name of the Backend Address Pool. -* `fqdns` - A list of FQDN's which should be part of the Backend Address Pool. +* `fqdns` - A list of FQDN's which are part of the Backend Address Pool. -* `ip_addresses` - A list of IP Addresses which should be part of the Backend Address Pool. +* `ip_addresses` - A list of IP Addresses which are part of the Backend Address Pool. --- -A `backend_http_settings` block supports the following: +A `backend_http_settings` block exports the following: * `id` - The ID of the Backend HTTP Settings Configuration. * `probe_id` - The ID of the associated Probe. -* `cookie_based_affinity` - Is Cookie-Based Affinity enabled? Possible values are `Enabled` and `Disabled`. +* `cookie_based_affinity` - Is Cookie-Based Affinity enabled? * `affinity_cookie_name` - The name of the affinity cookie. * `name` - The name of the Backend HTTP Settings Collection. -* `path` - The Path which should be used as a prefix for all HTTP requests. +* `path` - The Path which is used as a prefix for all HTTP requests. -* `port` - The port which should be used for this Backend HTTP Settings Collection. +* `port` - The port which is used for this Backend HTTP Settings Collection. -* `probe_name` - The name of an associated HTTP Probe. +* `probe_name` - The name of the associated HTTP Probe. -* `protocol` - The Protocol which should be used. Possible values are `Http` and `Https`. +* `protocol` - The Protocol which will be used. -* `request_timeout` - The request timeout in seconds, which must be between 1 and 86400 seconds. +* `request_timeout` - The request timeout in seconds. -* `host_name` - Host header to be sent to the backend servers. Cannot be set if `pick_host_name_from_backend_address` is set to `true`. +* `host_name` - Host header to be sent to the backend servers. -* `pick_host_name_from_backend_address` - Whether host header should be picked from the host name of the backend server. +* `pick_host_name_from_backend_address` - Whether host header will be picked from the host name of the backend server. * `authentication_certificate` - One or more `authentication_certificate` blocks as defined below. @@ -171,15 +171,15 @@ A `backend_http_settings` block supports the following: --- -A `connection_draining` block supports the following: +A `connection_draining` block exports the following: * `enabled` - If connection draining is enabled or not. -* `drain_timeout_sec` - The number of seconds connection draining is active. Acceptable values are from `1` second to `3600` seconds. +* `drain_timeout_sec` - The number of seconds connection draining is active. --- -A `frontend_ip_configuration` block supports the following: +A `frontend_ip_configuration` block exports the following: * `id` - The ID of the Frontend IP Configuration. @@ -191,15 +191,15 @@ A `frontend_ip_configuration` block supports the following: * `private_ip_address` - The Private IP Address to use for the Application Gateway. -* `public_ip_address_id` - The ID of a Public IP Address which the Application Gateway should use. The allocation method for the Public IP Address depends on the `sku` of this Application Gateway. Please refer to the [Azure documentation for public IP addresses](https://docs.microsoft.com/azure/virtual-network/public-ip-addresses#application-gateways) for details. +* `public_ip_address_id` - The ID of the Public IP Address which the Application Gateway will use. -* `private_ip_address_allocation` - The Allocation Method for the Private IP Address. Possible values are `Dynamic` and `Static`. +* `private_ip_address_allocation` - The Allocation Method for the Private IP Address. -* `private_link_configuration_name` - The name of the private link configuration to use for this frontend IP configuration. +* `private_link_configuration_name` - The name of the private link configuration in use by this frontend IP configuration. --- -A `frontend_port` block supports the following: +A `frontend_port` block exports the following: * `id` - The ID of the Frontend Port. @@ -209,17 +209,17 @@ A `frontend_port` block supports the following: --- -A `gateway_ip_configuration` block supports the following: +A `gateway_ip_configuration` block exports the following: * `id` - The ID of the Gateway IP Configuration. * `name` - The Name of this Gateway IP Configuration. -* `subnet_id` - The ID of the Subnet which the Application Gateway should be connected to. +* `subnet_id` - The ID of the Subnet which the Application Gateway is connected to. --- -A `http_listener` block supports the following: +A `http_listener` block exports the following: * `id` - The ID of the HTTP Listener. @@ -237,29 +237,29 @@ A `http_listener` block supports the following: * `frontend_port_name` - The Name of the Frontend Port use for this HTTP Listener. -* `host_name` - The Hostname which should be used for this HTTP Listener. +* `host_name` - The Hostname which is used for this HTTP Listener. -* `host_names` - A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters. +* `host_names` - A list of Hostname(s) used for this HTTP Listener. It allows special wildcard characters. -* `protocol` - The Protocol to use for this HTTP Listener. Possible values are `Http` and `Https`. +* `protocol` - The Protocol to use for this HTTP Listener. -* `require_sni` - Should Server Name Indication be Required? +* `require_sni` - Is Server Name Indication be Required? -* `ssl_certificate_name` - The name of the associated SSL Certificate which should be used for this HTTP Listener. +* `ssl_certificate_name` - The name of the associated SSL Certificate which is used for this HTTP Listener. * `custom_error_configuration` - One or more `custom_error_configuration` blocks as defined below. -* `firewall_policy_id` - The ID of the Web Application Firewall Policy which should be used for this HTTP Listener. +* `firewall_policy_id` - The ID of the Web Application Firewall Policy which is used for this HTTP Listener. -* `ssl_profile_name` - The name of the associated SSL Profile which should be used for this HTTP Listener. +* `ssl_profile_name` - The name of the associated SSL Profile which is used for this HTTP Listener. --- -An `identity` block supports the following: +An `identity` block exports the following: -* `type` - Specifies the type of Managed Service Identity that should be configured on this Application Gateway. Only possible value is `UserAssigned`. +* `type` - The type of Managed Service Identity that is configured on this Application Gateway. -* `identity_ids` - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway. +* `identity_ids` - The list of User Assigned Managed Identity IDs assigned to this Application Gateway. --- @@ -271,7 +271,7 @@ A `private_endpoint_connection` block exports the following: --- -A `private_link_configuration` block supports the following: +A `private_link_configuration` block exports the following: * `id` - The ID of the private link configuration. @@ -281,29 +281,29 @@ A `private_link_configuration` block supports the following: --- -An `ip_configuration` block supports the following: +An `ip_configuration` block exports the following: * `name` - The name of the IP configuration. -* `subnet_id` - The ID of the subnet the private link configuration should connect to. +* `subnet_id` - The ID of the subnet the private link configuration is connected to. -* `private_ip_address_allocation` - The allocation method used for the Private IP Address. Possible values are `Dynamic` and `Static`. +* `private_ip_address_allocation` - The allocation method used for the Private IP Address. * `primary` - Is this the Primary IP Configuration? -* `private_ip_address` - The Static IP Address which should be used. +* `private_ip_address` - The Static IP Address which is used. --- -A `match` block supports the following: +A `match` block exports the following: -* `body` - A snippet from the Response Body which must be present in the Response. +* `body` - A snippet from the Response Body which will be present in the Response. * `status_code` - A list of allowed status codes for this Health Probe. --- -A `path_rule` block supports the following: +A `path_rule` block exports the following: * `id` - The ID of the Path Rule. @@ -319,15 +319,15 @@ A `path_rule` block supports the following: * `paths` - A list of Paths used in this Path Rule. -* `backend_address_pool_name` - The Name of the Backend Address Pool to use for this Path Rule. Cannot be set if `redirect_configuration_name` is set. +* `backend_address_pool_name` - The Name of the Backend Address Pool used for this Path Rule. -* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection to use for this Path Rule. Cannot be set if `redirect_configuration_name` is set. +* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection used for this Path Rule. -* `redirect_configuration_name` - The Name of a Redirect Configuration to use for this Path Rule. Cannot be set if `backend_address_pool_name` or `backend_http_settings_name` is set. +* `redirect_configuration_name` - The Name of a Redirect Configuration used for this Path Rule. -* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. +* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which is used for this URL Path Map. -* `firewall_policy_id` - The ID of the Web Application Firewall Policy which should be used as an HTTP Listener. +* `firewall_policy_id` - The ID of the Web Application Firewall Policy which is used as an HTTP Listener for this Path Rule. --- @@ -335,23 +335,23 @@ A `probe` block support the following: * `id` - The ID of the Probe. -* `host` - The Hostname used for this Probe. If the Application Gateway is configured for a single site, by default the Host name should be specified as `127.0.0.1`, unless otherwise configured in custom probe. Cannot be set if `pick_host_name_from_backend_http_settings` is set to `true`. +* `host` - The Hostname used for this Probe. -* `interval` - The Interval between two consecutive probes in seconds. Possible values range from 1 second to a maximum of 86,400 seconds. +* `interval` - The Interval between two consecutive probes in seconds. * `name` - The Name of the Probe. -* `protocol` - The Protocol used for this Probe. Possible values are `Http` and `Https`. +* `protocol` - The Protocol used for this Probe. * `path` - The Path used for this Probe. -* `timeout` - The Timeout used for this Probe, which indicates when a probe becomes unhealthy. Possible values range from 1 second to a maximum of 86,400 seconds. +* `timeout` - The Timeout used for this Probe, indicating when a probe becomes unhealthy. -* `unhealthy_threshold` - The Unhealthy Threshold for this Probe, which indicates the amount of retries which should be attempted before a node is deemed unhealthy. Possible values are from 1 to 20. +* `unhealthy_threshold` - The Unhealthy Threshold for this Probe, which indicates the amount of retries which will be attempted before a node is deemed unhealthy. -* `port` - Custom port which will be used for probing the backend servers. The valid value ranges from 1 to 65535. In case not set, port from HTTP settings will be used. This property is valid for Standard_v2 and WAF_v2 only. +* `port` - Custom port which is used for probing the backend servers. -* `pick_host_name_from_backend_http_settings` - Whether the host header should be picked from the backend HTTP settings. +* `pick_host_name_from_backend_http_settings` - Whether the host header is picked from the backend HTTP settings. * `match` - A `match` block as defined above. @@ -359,7 +359,7 @@ A `probe` block support the following: --- -A `request_routing_rule` block supports the following: +A `request_routing_rule` block exports the following: * `id` - The ID of the Request Routing Rule. @@ -377,25 +377,25 @@ A `request_routing_rule` block supports the following: * `name` - The Name of this Request Routing Rule. -* `rule_type` - The Type of Routing that should be used for this Rule. Possible values are `Basic` and `PathBasedRouting`. +* `rule_type` - The Type of Routing that is used for this Rule. -* `http_listener_name` - The Name of the HTTP Listener which should be used for this Routing Rule. +* `http_listener_name` - The Name of the HTTP Listener which is used for this Routing Rule. -* `backend_address_pool_name` - The Name of the Backend Address Pool which should be used for this Routing Rule. Cannot be set if `redirect_configuration_name` is set. +* `backend_address_pool_name` - The Name of the Backend Address Pool which is used for this Routing Rule. -* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection which should be used for this Routing Rule. Cannot be set if `redirect_configuration_name` is set. +* `backend_http_settings_name` - The Name of the Backend HTTP Settings Collection which is used for this Routing Rule. -* `redirect_configuration_name` - The Name of the Redirect Configuration which should be used for this Routing Rule. Cannot be set if either `backend_address_pool_name` or `backend_http_settings_name` is set. +* `redirect_configuration_name` - The Name of the Redirect Configuration which is used for this Routing Rule. -* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which should be used for this Routing Rule. Only valid for v2 SKUs. +* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which is used for this Routing Rule. -* `url_path_map_name` - The Name of the URL Path Map which should be associated with this Routing Rule. +* `url_path_map_name` - The Name of the URL Path Map which is associated with this Routing Rule. -* `priority` - Rule evaluation order can be dictated by specifying an integer value from `1` to `20000` with `1` being the highest priority and `20000` being the lowest priority. +* `priority` - The Priority of this Routing Rule. --- -A `global` block supports the following: +A `global` block exports the following: * `request_buffering_enabled` - Whether Application Gateway's Request buffer is enabled. @@ -403,17 +403,17 @@ A `global` block supports the following: --- -A `sku` block supports the following: +A `sku` block exports the following: -* `name` - The Name of the SKU to use for this Application Gateway. Possible values are `Standard_Small`, `Standard_Medium`, `Standard_Large`, `Standard_v2`, `WAF_Medium`, `WAF_Large`, and `WAF_v2`. +* `name` - The Name of the SKU in use for this Application Gateway. -* `tier` - The Tier of the SKU to use for this Application Gateway. Possible values are `Standard`, `Standard_v2`, `WAF` and `WAF_v2`. +* `tier` - The Tier of the SKU in use for this Application Gateway. -* `capacity` - The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between 1 and 32, and 1 to 125 for a V2 SKU. This property is optional if `autoscale_configuration` is set. +* `capacity` - The Capacity of the SKU in use for this Application Gateway. --- -A `ssl_certificate` block supports the following: +A `ssl_certificate` block exports the following: * `id` - The ID of the SSL Certificate. @@ -421,11 +421,11 @@ A `ssl_certificate` block supports the following: * `name` - The Name of the SSL certificate that is unique within this Application Gateway -* `key_vault_secret_id` - Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. +* `key_vault_secret_id` - The Secret ID of (base-64 encoded unencrypted pfx) the `Secret` or `Certificate` object stored in Azure KeyVault. --- -A `url_path_map` block supports the following: +A `url_path_map` block exports the following: * `id` - The ID of the URL Path Map. @@ -439,129 +439,129 @@ A `url_path_map` block supports the following: * `name` - The Name of the URL Path Map. -* `default_backend_address_pool_name` - The Name of the Default Backend Address Pool which should be used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. +* `default_backend_address_pool_name` - The Name of the Default Backend Address Pool which is used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. -* `default_backend_http_settings_name` - The Name of the Default Backend HTTP Settings Collection which should be used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. +* `default_backend_http_settings_name` - The Name of the Default Backend HTTP Settings Collection which is used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. -* `default_redirect_configuration_name` - The Name of the Default Redirect Configuration which should be used for this URL Path Map. Cannot be set if either `default_backend_address_pool_name` or `default_backend_http_settings_name` is set. +* `default_redirect_configuration_name` - The Name of the Default Redirect Configuration which is used for this URL Path Map. Cannot be set if either `default_backend_address_pool_name` or `default_backend_http_settings_name` is set. -* `default_rewrite_rule_set_name` - The Name of the Default Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. +* `default_rewrite_rule_set_name` - The Name of the Default Rewrite Rule Set which is used for this URL Path Map. * `path_rule` - One or more `path_rule` blocks as defined above. --- -A `trusted_client_certificate` block supports the following: +A `trusted_client_certificate` block exports the following: * `name` - The name of the Trusted Client Certificate that is unique within this Application Gateway. --- -A `ssl_profile` block supports the following: +A `ssl_profile` block exports the following: * `name` - The name of the SSL Profile that is unique within this Application Gateway. * `trusted_client_certificate_names` - The name of the Trusted Client Certificate that will be used to authenticate requests from clients. -* `verify_client_cert_issuer_dn` - Should client certificate issuer DN be verified? +* `verify_client_cert_issuer_dn` - Will client certificate issuer DN to be verified? -* `verify_client_certificate_revocation` - Specify the method to check client certificate revocation status. Possible value is `OCSP`. +* `verify_client_certificate_revocation` - The method used to check client certificate revocation status. * `ssl_policy` - a `ssl_policy` block as defined below. --- -A `ssl_policy` block supports the following: +A `ssl_policy` block exports the following: -* `disabled_protocols` - A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. +* `disabled_protocols` - A list of SSL Protocols which are disabled on this Application Gateway. -* `policy_type` - The Type of the Policy. Possible values are `Predefined`, `Custom` and `CustomV2`. +* `policy_type` - The Type of the Policy. -* `policy_name` - The Name of the Policy e.g. AppGwSslPolicy20170401S. Possible values can change over time and are published here . Not compatible with `disabled_protocols`. +* `policy_name` - The Name of the Policy. -* `cipher_suites` - A List of accepted cipher suites. Possible values are: `TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_128_CBC_SHA256`, `TLS_DHE_DSS_WITH_AES_256_CBC_SHA`, `TLS_DHE_DSS_WITH_AES_256_CBC_SHA256`, `TLS_DHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_DHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_3DES_EDE_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_256_CBC_SHA256` and `TLS_RSA_WITH_AES_256_GCM_SHA384`. +* `cipher_suites` - A List of accepted cipher suites. -* `min_protocol_version` - The minimal TLS version. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. +* `min_protocol_version` - The minimal TLS version. --- -A `waf_configuration` block supports the following: +A `waf_configuration` block exports the following: * `enabled` - Is the Web Application Firewall enabled? -* `firewall_mode` - The Web Application Firewall Mode. Possible values are `Detection` and `Prevention`. +* `firewall_mode` - The Web Application Firewall Mode. -* `rule_set_type` - The Type of the Rule Set used for this Web Application Firewall. Possible values are `OWASP` and `Microsoft_BotManagerRuleSet`. +* `rule_set_type` - The Type of the Rule Set used for this Web Application Firewall. -* `rule_set_version` - The Version of the Rule Set used for this Web Application Firewall. Possible values are `0.1`, `1.0`, `2.2.9`, `3.0`, `3.1` and `3.2`. +* `rule_set_version` - The Version of the Rule Set used for this Web Application Firewall. -* `disabled_rule_group` - one or more `disabled_rule_group` blocks as defined below. +* `disabled_rule_group` - One or more `disabled_rule_group` blocks as defined below. -* `file_upload_limit_mb` - The File Upload Limit in MB. Accepted values are in the range `1`MB to `750`MB for the `WAF_v2` SKU, and `1`MB to `500`MB for all other SKUs. +* `file_upload_limit_mb` - The File Upload Limit in MB. * `request_body_check` - Is Request Body Inspection enabled? -* `max_request_body_size_kb` - The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. +* `max_request_body_size_kb` - The Maximum Request Body Size in KB. -* `exclusion` - one or more `exclusion` blocks as defined below. +* `exclusion` - One or more `exclusion` blocks as defined below. --- -A `disabled_rule_group` block supports the following: +A `disabled_rule_group` block exports the following: -* `rule_group_name` - The rule group where specific rules should be disabled. Possible values are `BadBots`, `crs_20_protocol_violations`, `crs_21_protocol_anomalies`, `crs_23_request_limits`, `crs_30_http_policy`, `crs_35_bad_robots`, `crs_40_generic_attacks`, `crs_41_sql_injection_attacks`, `crs_41_xss_attacks`, `crs_42_tight_security`, `crs_45_trojans`, `General`, `GoodBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA` and `UnknownBots`. +* `rule_group_name` - The rule group where specific rules are disabled. -* `rules` - A list of rules which should be disabled in that group. Disables all rules in the specified group if `rules` is not specified. +* `rules` - A list of rules which will be disabled in that group. --- -A `exclusion` block supports the following: +A `exclusion` block exports the following: -* `match_variable` - Match variable of the exclusion rule to exclude header, cookie or GET arguments. Possible values are `RequestArgKeys`, `RequestArgNames`, `RequestArgValues`, `RequestCookieKeys`, `RequestCookieNames`, `RequestCookieValues`, `RequestHeaderKeys`, `RequestHeaderNames` and `RequestHeaderValues` +* `match_variable` - Match variable of the exclusion rule. -* `selector_match_operator` - Operator which will be used to search in the variable content. Possible values are `Contains`, `EndsWith`, `Equals`, `EqualsAny` and `StartsWith`. If empty will exclude all traffic on this `match_variable` +* `selector_match_operator` - Operator which will be used to search in the variable content. -* `selector` - String value which will be used for the filter operation. If empty will exclude all traffic on this `match_variable` +* `selector` - String value which will be used for the filter operation. --- -A `custom_error_configuration` block supports the following: +A `custom_error_configuration` block exports the following: * `id` - The ID of the Custom Error Configuration. -* `status_code` - Status code of the application gateway customer error. Possible values are `HttpStatus403` and `HttpStatus502` +* `status_code` - Status code of the application gateway customer error. * `custom_error_page_url` - Error page URL of the application gateway customer error. --- -A `redirect_configuration` block supports the following: +A `redirect_configuration` block exports the following: * `id` - The ID of the Redirect Configuration. * `name` - Unique name of the redirect configuration block -* `redirect_type` - The type of redirect. Possible values are `Permanent`, `Temporary`, `Found` and `SeeOther` +* `redirect_type` - The type of redirect. -* `target_listener_name` - The name of the listener to redirect to. Cannot be set if `target_url` is set. +* `target_listener_name` - The name of the listener to redirect to. -* `target_url` - The Url to redirect the request to. Cannot be set if `target_listener_name` is set. +* `target_url` - The URL to redirect the request to. -* `include_path` - Whether to include the path in the redirected Url. +* `include_path` - Whether the path is included in the redirected URL. -* `include_query_string` - Whether to include the query string in the redirected Url. Default to `false` +* `include_query_string` - Whether to include the query string in the redirected URL. --- -A `autoscale_configuration` block supports the following: +An `autoscale_configuration` block exports the following: -* `min_capacity` - Minimum capacity for autoscaling. Accepted values are in the range `0` to `100`. +* `min_capacity` - Minimum capacity for autoscaling. -* `max_capacity` - Maximum capacity for autoscaling. Accepted values are in the range `2` to `125`. +* `max_capacity` - Maximum capacity for autoscaling. --- -A `rewrite_rule_set` block supports the following: +A `rewrite_rule_set` block exports the following: * `id` - The ID of the Rewrite Rule Set @@ -571,7 +571,7 @@ A `rewrite_rule_set` block supports the following: --- -A `rewrite_rule` block supports the following: +A `rewrite_rule` block exports the following: * `name` - Unique name of the rewrite rule block @@ -587,7 +587,7 @@ A `rewrite_rule` block supports the following: --- -A `condition` block supports the following: +A `condition` block exports the following: * `variable` - The [variable](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers#server-variables) of the condition. @@ -599,31 +599,31 @@ A `condition` block supports the following: --- -A `request_header_configuration` block supports the following: +A `request_header_configuration` block exports the following: * `header_name` - Header name of the header configuration. -* `header_value` - Header value of the header configuration. To delete a request header set this property to an empty string. +* `header_value` - Header value of the header configuration. --- -A `response_header_configuration` block supports the following: +A `response_header_configuration` block exports the following: * `header_name` - Header name of the header configuration. -* `header_value` - Header value of the header configuration. To delete a response header set this property to an empty string. +* `header_value` - Header value of the header configuration. --- -A `url` block supports the following: +A `url` block exports the following: * `path` - The URL path to rewrite. * `query_string` - The query string to rewrite. -* `components` - The components used to rewrite the URL. Possible values are `path_only` and `query_string_only` to limit the rewrite to the URL Path or URL Query String only. +* `components` - The components used to rewrite the URL. -* `reroute` - Whether the URL path map should be reevaluated after this rewrite has been applied. [More info on rewrite configutation](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration) +* `reroute` - Whether the URL path map is reevaluated after this rewrite has been applied. ## Timeouts diff --git a/website/docs/r/application_gateway.html.markdown b/website/docs/r/application_gateway.html.markdown index 7e6e4436d8ec..4e87e1946ad5 100644 --- a/website/docs/r/application_gateway.html.markdown +++ b/website/docs/r/application_gateway.html.markdown @@ -152,7 +152,7 @@ The following arguments are supported: * `zones` - (Optional) Specifies a list of Availability Zones in which this Application Gateway should be located. Changing this forces a new Application Gateway to be created. --> **Please Note**: Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). They are also only supported for [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) +-> **Please Note**: Availability Zones are not supported in all regions at this time, please check the [official documentation](https://docs.microsoft.com/azure/availability-zones/az-overview) for more information. They are also only supported for [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) * `trusted_client_certificate` - (Optional) One or more `trusted_client_certificate` blocks as defined below. @@ -184,13 +184,13 @@ The following arguments are supported: * `redirect_configuration` - (Optional) One or more `redirect_configuration` blocks as defined below. -* `autoscale_configuration` - (Optional) A `autoscale_configuration` block as defined below. +* `autoscale_configuration` - (Optional) An `autoscale_configuration` block as defined below. * `rewrite_rule_set` - (Optional) One or more `rewrite_rule_set` blocks as defined below. Only valid for v2 SKUs. --- -A `authentication_certificate` block supports the following: +An `authentication_certificate` block supports the following: * `name` - (Required) The Name of the Authentication Certificate to use. @@ -456,7 +456,7 @@ A `sku` block supports the following: !> **NOTE:** The `Standard` and `WAF` SKU have been deprecated in favour of the `Standard_v2` and `WAF_v2` SKU. Please see the [Azure documentation](https://aka.ms/V1retirement) for more details. -* `capacity` - (Optional) The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between 1 and 32, and 1 to 125 for a V2 SKU. This property is optional if `autoscale_configuration` is set. +* `capacity` - (Optional) The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between `1` and `32`, and `1` to `125` for a V2 SKU. This property is optional if `autoscale_configuration` is set. --- @@ -470,7 +470,7 @@ A `ssl_certificate` block supports the following: * `password` - (Optional) Password for the pfx file specified in data. Required if `data` is set. -* `key_vault_secret_id` - (Optional) Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for keyvault to use this feature. Required if `data` is not set. +* `key_vault_secret_id` - (Optional) The Secret ID of (base-64 encoded unencrypted pfx) the `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for Key Vault to use this feature. Required if `data` is not set. -> **NOTE:** TLS termination with Key Vault certificates is limited to the [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/key-vault-certs). @@ -549,7 +549,7 @@ A `waf_configuration` block supports the following: * `rule_set_version` - (Required) The Version of the Rule Set used for this Web Application Firewall. Possible values are `0.1`, `1.0`, `2.2.9`, `3.0`, `3.1` and `3.2`. -* `disabled_rule_group` - (Optional) one or more `disabled_rule_group` blocks as defined below. +* `disabled_rule_group` - (Optional) One or more `disabled_rule_group` blocks as defined below. * `file_upload_limit_mb` - (Optional) The File Upload Limit in MB. Accepted values are in the range `1`MB to `750`MB for the `WAF_v2` SKU, and `1`MB to `500`MB for all other SKUs. Defaults to `100`MB. @@ -557,7 +557,7 @@ A `waf_configuration` block supports the following: * `max_request_body_size_kb` - (Optional) The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. Defaults to `128`KB. -* `exclusion` - (Optional) one or more `exclusion` blocks as defined below. +* `exclusion` - (Optional) One or more `exclusion` blocks as defined below. --- @@ -595,15 +595,15 @@ A `redirect_configuration` block supports the following: * `target_listener_name` - (Optional) The name of the listener to redirect to. Cannot be set if `target_url` is set. -* `target_url` - (Optional) The Url to redirect the request to. Cannot be set if `target_listener_name` is set. +* `target_url` - (Optional) The URL to redirect the request to. Cannot be set if `target_listener_name` is set. -* `include_path` - (Optional) Whether to include the path in the redirected Url. Defaults to `false` +* `include_path` - (Optional) Whether to include the path in the redirected URL. Defaults to `false` -* `include_query_string` - (Optional) Whether to include the query string in the redirected Url. Default to `false` +* `include_query_string` - (Optional) Whether to include the query string in the redirected URL. Default to `false` --- -A `autoscale_configuration` block supports the following: +An `autoscale_configuration` block supports the following: * `min_capacity` - (Required) Minimum capacity for autoscaling. Accepted values are in the range `0` to `100`. @@ -671,9 +671,9 @@ A `url` block supports the following: * `components` - (Optional) The components used to rewrite the URL. Possible values are `path_only` and `query_string_only` to limit the rewrite to the URL Path or URL Query String only. -~> **Note:** One or both of `path` and `query_string` must be specified. If one of these is not specified, it means the value will be empty. If you only want to rewrite `path` or `query_string`, use `components`. +~> **Note:** One or both of `path` and `query_string` must be specified. If one of these is not specified, it means the value will be empty. If you only want to rewrite `path` or `query_string`, use `components`. -* `reroute` - (Optional) Whether the URL path map should be reevaluated after this rewrite has been applied. [More info on rewrite configutation](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration) +* `reroute` - (Optional) Whether the URL path map should be reevaluated after this rewrite has been applied. [More info on rewrite configuration](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration) ## Attributes Reference From 8f1a589b054fa023f54865f987a96523d8551f48 Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Wed, 27 Sep 2023 02:45:05 +0000 Subject: [PATCH 5/7] fix --- website/docs/d/application_gateway.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index 375aaf827521..3cd1dec1328e 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -331,7 +331,7 @@ A `path_rule` block exports the following: --- -A `probe` block support the following: +A `probe` block exports the following: * `id` - The ID of the Probe. From da197c5849527c6218c227142163bce1fe0a331d Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Sun, 8 Oct 2023 09:28:44 +0000 Subject: [PATCH 6/7] fix --- website/docs/d/application_gateway.html.markdown | 2 +- website/docs/r/application_gateway.html.markdown | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index 3cd1dec1328e..521e71ed953f 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -567,7 +567,7 @@ A `rewrite_rule_set` block exports the following: * `name` - Unique name of the rewrite rule set block -* `rewrite_rule` - One or more `rewrite_rule` blocks as defined above. +* `rewrite_rule` - One or more `rewrite_rule` blocks as defined below. --- diff --git a/website/docs/r/application_gateway.html.markdown b/website/docs/r/application_gateway.html.markdown index 4e87e1946ad5..5d7d83a4523c 100644 --- a/website/docs/r/application_gateway.html.markdown +++ b/website/docs/r/application_gateway.html.markdown @@ -615,7 +615,7 @@ A `rewrite_rule_set` block supports the following: * `name` - (Required) Unique name of the rewrite rule set block -* `rewrite_rule` - (Optional) One or more `rewrite_rule` blocks as defined above. +* `rewrite_rule` - (Optional) One or more `rewrite_rule` blocks as defined below. --- From 1d1e15b15c6260316fa5eb729b26686620917e7a Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Thu, 12 Oct 2023 08:51:29 +0100 Subject: [PATCH 7/7] More docs grammar --- .../docs/d/application_gateway.html.markdown | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/website/docs/d/application_gateway.html.markdown b/website/docs/d/application_gateway.html.markdown index 521e71ed953f..f4469a68d028 100644 --- a/website/docs/d/application_gateway.html.markdown +++ b/website/docs/d/application_gateway.html.markdown @@ -73,7 +73,7 @@ In addition to the Arguments listed above - the following Attributes are exporte * `trusted_root_certificate` - One or more `trusted_root_certificate` blocks as defined below. -* `ssl_policy` - A `ssl_policy` block as defined below. +* `ssl_policy` - An `ssl_policy` block as defined below. * `http2_enabled` - Is HTTP2 enabled on the application gateway resource? @@ -105,13 +105,13 @@ An `authentication_certificate` block exports the following: * `id` - The ID of the Authentication Certificate. -* `name` - The Name of the Authentication Certificate to use. +* `name` - The Name of the Authentication Certificate in use. --- A `trusted_root_certificate` block exports the following: -* `name` - The Name of the Trusted Root Certificate to use. +* `name` - The Name of the Trusted Root Certificate in use. * `key_vault_secret_id` - The Secret ID of (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. @@ -131,7 +131,7 @@ A `backend_address_pool` block exports the following: * `name` - The name of the Backend Address Pool. -* `fqdns` - A list of FQDN's which are part of the Backend Address Pool. +* `fqdns` - A list of FQDNs which are part of the Backend Address Pool. * `ip_addresses` - A list of IP Addresses which are part of the Backend Address Pool. @@ -149,13 +149,13 @@ A `backend_http_settings` block exports the following: * `name` - The name of the Backend HTTP Settings Collection. -* `path` - The Path which is used as a prefix for all HTTP requests. +* `path` - The path which is used as a prefix for all HTTP requests. * `port` - The port which is used for this Backend HTTP Settings Collection. * `probe_name` - The name of the associated HTTP Probe. -* `protocol` - The Protocol which will be used. +* `protocol` - The protocol which will be used. * `request_timeout` - The request timeout in seconds. @@ -183,7 +183,7 @@ A `frontend_ip_configuration` block exports the following: * `id` - The ID of the Frontend IP Configuration. -* `private_link_configuration_id` - The ID of the associated private link configuration. +* `private_link_configuration_id` - The ID of the associated Private Link configuration. * `name` - The name of the Frontend IP Configuration. @@ -195,7 +195,7 @@ A `frontend_ip_configuration` block exports the following: * `private_ip_address_allocation` - The Allocation Method for the Private IP Address. -* `private_link_configuration_name` - The name of the private link configuration in use by this frontend IP configuration. +* `private_link_configuration_name` - The name of the Private Link configuration in use by this Frontend IP Configuration. --- @@ -235,7 +235,7 @@ A `http_listener` block exports the following: * `frontend_ip_configuration_name` - The Name of the Frontend IP Configuration used for this HTTP Listener. -* `frontend_port_name` - The Name of the Frontend Port use for this HTTP Listener. +* `frontend_port_name` - The Name of the Frontend Port used for this HTTP Listener. * `host_name` - The Hostname which is used for this HTTP Listener. @@ -243,7 +243,7 @@ A `http_listener` block exports the following: * `protocol` - The Protocol to use for this HTTP Listener. -* `require_sni` - Is Server Name Indication be Required? +* `require_sni` - Is Server Name Indication required? * `ssl_certificate_name` - The name of the associated SSL Certificate which is used for this HTTP Listener. @@ -297,7 +297,7 @@ An `ip_configuration` block exports the following: A `match` block exports the following: -* `body` - A snippet from the Response Body which will be present in the Response. +* `body` - A snippet from the Response Body which must be present in the Response. * `status_code` - A list of allowed status codes for this Health Probe. @@ -325,7 +325,7 @@ A `path_rule` block exports the following: * `redirect_configuration_name` - The Name of a Redirect Configuration used for this Path Rule. -* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which is used for this URL Path Map. +* `rewrite_rule_set_name` - The Name of the Rewrite Rule Set which is used for this Path Rule. * `firewall_policy_id` - The ID of the Web Application Firewall Policy which is used as an HTTP Listener for this Path Rule. @@ -439,11 +439,11 @@ A `url_path_map` block exports the following: * `name` - The Name of the URL Path Map. -* `default_backend_address_pool_name` - The Name of the Default Backend Address Pool which is used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. +* `default_backend_address_pool_name` - The Name of the Default Backend Address Pool which is used for this URL Path Map. -* `default_backend_http_settings_name` - The Name of the Default Backend HTTP Settings Collection which is used for this URL Path Map. Cannot be set if `default_redirect_configuration_name` is set. +* `default_backend_http_settings_name` - The Name of the Default Backend HTTP Settings Collection which is used for this URL Path Map. -* `default_redirect_configuration_name` - The Name of the Default Redirect Configuration which is used for this URL Path Map. Cannot be set if either `default_backend_address_pool_name` or `default_backend_http_settings_name` is set. +* `default_redirect_configuration_name` - The Name of the Default Redirect Configuration which is used for this URL Path Map. * `default_rewrite_rule_set_name` - The Name of the Default Rewrite Rule Set which is used for this URL Path Map. @@ -463,7 +463,7 @@ A `ssl_profile` block exports the following: * `trusted_client_certificate_names` - The name of the Trusted Client Certificate that will be used to authenticate requests from clients. -* `verify_client_cert_issuer_dn` - Will client certificate issuer DN to be verified? +* `verify_client_cert_issuer_dn` - Will the client certificate issuer DN be verified? * `verify_client_certificate_revocation` - The method used to check client certificate revocation status. @@ -481,7 +481,7 @@ A `ssl_policy` block exports the following: * `cipher_suites` - A List of accepted cipher suites. -* `min_protocol_version` - The minimal TLS version. +* `min_protocol_version` - The minimum TLS version. --- @@ -529,9 +529,9 @@ A `custom_error_configuration` block exports the following: * `id` - The ID of the Custom Error Configuration. -* `status_code` - Status code of the application gateway customer error. +* `status_code` - Status code of the application gateway custom error. -* `custom_error_page_url` - Error page URL of the application gateway customer error. +* `custom_error_page_url` - Error page URL of the application gateway custom error. --- @@ -565,7 +565,7 @@ A `rewrite_rule_set` block exports the following: * `id` - The ID of the Rewrite Rule Set -* `name` - Unique name of the rewrite rule set block +* `name` - Unique name of the Rewrite Rule Set * `rewrite_rule` - One or more `rewrite_rule` blocks as defined below. @@ -573,9 +573,9 @@ A `rewrite_rule_set` block exports the following: A `rewrite_rule` block exports the following: -* `name` - Unique name of the rewrite rule block +* `name` - Unique name of the Rewrite Rule -* `rule_sequence` - Rule sequence of the rewrite rule that determines the order of execution in a set. +* `rule_sequence` - Rule sequence of the Rewrite Rule that determines the order of execution in a set. * `condition` - One or more `condition` blocks as defined above. @@ -593,9 +593,9 @@ A `condition` block exports the following: * `pattern` - The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. -* `ignore_case` - Perform a case in-sensitive comparison. +* `ignore_case` - Whether a case insensitive comparison is performed. -* `negate` - Negate the result of the condition evaluation. +* `negate` - Whether the result of the condition evaluation is negated. ---