feat: configure basic authentication for publishing (#77)

Co-authored-by: Henrik Simonsen Knutsen <[email protected]>
equinor · Nov 22, 2024 · 562a282 · 562a282
1 parent e1bf536
commit 562a282
Show file tree

Hide file tree

Showing 5 changed files with 153 additions and 2 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,5 +7,3 @@ jobs:
   test:
     name: Unit Tests
     uses: equinor/terraform-baseline/.github/workflows/terraform-test.yml@main
-    with:
-      test-filter: tests/unit.tftest.hcl
diff --git a/main.tf b/main.tf
@@ -34,6 +34,9 @@ resource "azurerm_linux_function_app" "this" {
   app_settings                = var.app_settings
   functions_extension_version = var.functions_extension_version
 
+  ftp_publish_basic_authentication_enabled       = var.ftp_publish_basic_authentication_enabled
+  webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled
+
   key_vault_reference_identity_id = var.key_vault_reference_identity_id
 
   virtual_network_subnet_id = var.virtual_network_subnet_id
@@ -161,6 +164,9 @@ resource "azurerm_windows_function_app" "this" {
   app_settings                = var.app_settings
   functions_extension_version = var.functions_extension_version
 
+  ftp_publish_basic_authentication_enabled       = var.ftp_publish_basic_authentication_enabled
+  webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled
+
   key_vault_reference_identity_id = var.key_vault_reference_identity_id
 
   virtual_network_subnet_id = var.virtual_network_subnet_id

diff --git a/tests/configuration.unit.tftest.hcl b/tests/configuration.unit.tftest.hcl
@@ -0,0 +1,113 @@
+mock_provider "azurerm" {}
+
+run "setup_tests" {
+  module {
+    source = "./tests/setup-unit-tests"
+  }
+}
+
+run "linux_basic_authentication_disabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    ftp_publish_basic_authentication_enabled       = false
+    webdeploy_publish_basic_authentication_enabled = false
+  }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].ftp_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the WebDeploy client."
+  }
+}
+
+run "linux_basic_authentication_enabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    ftp_publish_basic_authentication_enabled       = true
+    webdeploy_publish_basic_authentication_enabled = true
+  }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].ftp_publish_basic_authentication_enabled == true
+    error_message = "Basic authentication disabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].webdeploy_publish_basic_authentication_enabled == true
+    error_message = "Basic authentication disabled for the WebDeploy client."
+  }
+}
+
+run "windows_basic_authentication_disabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    kind                       = "Windows"
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    ftp_publish_basic_authentication_enabled       = false
+    webdeploy_publish_basic_authentication_enabled = false
+  }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].ftp_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the WebDeploy client."
+  }
+}
+
+run "windows_basic_authentication_enabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    kind                       = "Windows"
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    ftp_publish_basic_authentication_enabled       = true
+    webdeploy_publish_basic_authentication_enabled = true
+  }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].ftp_publish_basic_authentication_enabled == true
+    error_message = "Basic authentication disabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].webdeploy_publish_basic_authentication_enabled == true
+    error_message = "Basic authentication disabled for the WebDeploy client."
+  }
+}
diff --git a/tests/unit.tftest.hcl → tests/defaults.unit.tftest.hcl b/tests/unit.tftest.hcl → tests/defaults.unit.tftest.hcl
@@ -27,6 +27,16 @@ run "linux_app" {
     condition     = length(azurerm_windows_function_app.this) == 0
     error_message = "Trying to create Windows Function App"
   }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].ftp_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_linux_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the WebDeploy client."
+  }
 }
 
 run "windows_app" {
@@ -51,4 +61,14 @@ run "windows_app" {
     condition     = length(azurerm_linux_function_app.this) == 0
     error_message = "Trying to create Linux Function App"
   }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].ftp_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the FTP client."
+  }
+
+  assert {
+    condition     = azurerm_windows_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
+    error_message = "Basic authentication enabled for the WebDeploy client."
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -216,6 +216,20 @@ variable "identity_ids" {
   default     = []
 }
 
+variable "ftp_publish_basic_authentication_enabled" {
+  description = "Should basic (username and password) authentication be enabled for the FTP client?"
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "webdeploy_publish_basic_authentication_enabled" {
+  description = "Should basic (username and password) authentication be enabled for the WebDeploy client?"
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
 variable "tags" {
   description = "A map of tags to assign to the resources."
   type        = map(string)