Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: configure client certificate mode #80

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
+247 −0
Open

feat: configure client certificate mode #80

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
032d944
feat: configure for client certificate mode
kov117 Nov 21, 2024
cf9d38b
refactor: changed the description and default values
kov117 Nov 22, 2024
aed28fc
Merge branch 'main' into feat/configure-client-certificate-mode
kov117 Nov 22, 2024
cc14fa0
fix: placed missing end block in variabel
kov117 Nov 22, 2024
0898917
fix: fmt check
kov117 Nov 22, 2024
fc014cc
feat: add new tftest for client certificate mode
kov117 Nov 25, 2024
441b8c1
feat: add new var and tftest for client certificate enabled
kov117 Nov 25, 2024
ff4594d
refactor: fmt fix
kov117 Nov 25, 2024
db17ea2
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
b0fa761
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
1738058
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
2a9a8df
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
da99087
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
7f7679c
Update tests/certificate.unit.tftest.hcl
kov117 Nov 25, 2024
d292a33
Update tests/defaults.unit.tftest.hcl
kov117 Nov 25, 2024
13d32e8
Update tests/defaults.unit.tftest.hcl
kov117 Nov 25, 2024
754df21
Update variables.tf
kov117 Nov 25, 2024
bbbc358
Update variables.tf
kov117 Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ resource "azurerm_linux_function_app" "this" {
app_settings = var.app_settings
functions_extension_version = var.functions_extension_version

client_certificate_mode = var.client_certificate_mode
client_certificate_enabled = var.client_certificate_enabled

ftp_publish_basic_authentication_enabled = var.ftp_publish_basic_authentication_enabled
webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled

Expand Down Expand Up @@ -164,6 +167,9 @@ resource "azurerm_windows_function_app" "this" {
app_settings = var.app_settings
functions_extension_version = var.functions_extension_version

client_certificate_mode = var.client_certificate_mode
client_certificate_enabled = var.client_certificate_enabled

ftp_publish_basic_authentication_enabled = var.ftp_publish_basic_authentication_enabled
webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled

Expand Down
209 changes: 209 additions & 0 deletions tests/certificate.unit.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
mock_provider "azurerm" {}

run "setup_tests" {
module {
source = "./tests/setup-unit-tests"
}
}

run "linux_client_certificate_mode_optional" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "Optional"
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_mode == "Optional"
error_message = "The Client certificate mode is on \"Required\" or \"OptionalInteractiveUser\""
}
}

run "linux_client_certificate_mode_optional_interactive_user" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "OptionalInteractiveUser"
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_mode == "OptionalInteractiveUser"
error_message = "The Client certificate mode is on \"Optional\" or \"Required\""
}
}

run "linux_client_certificate_mode_required" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "Required"
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_mode == "Required"
error_message = "The Client certificate mode is on \"Optional\" or \"OptionalInteractiveUser\""
}
}

run "linux_client_certificate_disable" {
kov117 marked this conversation as resolved.
Show resolved Hide resolved
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_enabled = false
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
error_message = "Client certificate enabled for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}

run "linux_client_certificate_enabled" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_enabled = true
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_enabled == true
error_message = "Client certificate disable for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}

run "windows_client_certificate_mode_optional" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
kind = "Windows"
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "Optional"
}

assert {
condition = azurerm_windows_function_app.this[0].client_certificate_mode == "Optional"
error_message = "The Client certificate mode is on \"OptionalInteractiveUser\" or \"Required\""
}
}

run "windows_client_certificate_mode_optional_interactive_user" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "OptionalInteractiveUser"
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_mode == "OptionalInteractiveUser"
error_message = "The Client certificate mode is on \"Optional\" or \"Required\""
}
}

run "windows_client_certificate_mode_required" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
kind = "Windows"
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_mode = "Required"
}

assert {
condition = azurerm_windows_function_app.this[0].client_certificate_mode == "Required"
error_message = "The Client certificate mode is on \"Optional\" or \"OptionalInteractiveUser\""
}
}

run "windows_client_certificate_disable" {
kov117 marked this conversation as resolved.
Show resolved Hide resolved
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_enabled = false
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
error_message = "Client certificate enabled for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}

run "windows_client_certificate_enabled" {
command = plan

variables {
app_name = run.setup_tests.app_name
resource_group_name = run.setup_tests.resource_group_name
location = run.setup_tests.location
app_service_plan_id = run.setup_tests.app_service_plan_id
storage_account_id = run.setup_tests.storage_account_id
log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id

client_certificate_enabled = true
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_enabled == true
error_message = "Client certificate disable for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}
20 changes: 20 additions & 0 deletions tests/defaults.unit.tftest.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,16 @@ run "linux_app" {
condition = azurerm_linux_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
error_message = "Basic authentication enabled for the WebDeploy client."
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_mode == "Required"
error_message = "Client certificate mode value is \"Optional\" or \"OptionalInteractiveUser\""
}

assert {
condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
error_message = "Client certificate enabled for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}

run "windows_app" {
Expand Down Expand Up @@ -71,4 +81,14 @@ run "windows_app" {
condition = azurerm_windows_function_app.this[0].webdeploy_publish_basic_authentication_enabled == false
error_message = "Basic authentication enabled for the WebDeploy client."
}

assert {
condition = azurerm_windows_function_app.this[0].client_certificate_mode == "Required"
error_message = "Client certificate mode value is \"Optional\" or \"OptionalInteractiveUser\""
}

assert {
condition = azurerm_windows_function_app.this[0].client_certificate_enabled == false
error_message = "Client certificate enabled for Web App"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
}
}
12 changes: 12 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,18 @@ variable "identity_ids" {
default = []
}

variable "client_certificate_mode" {
description = "The client cerftificate mode for this Web App. Value must be \"Required\", \"Optional\" or \"OptionalInteractiveUser\"."
kov117 marked this conversation as resolved.
Show resolved Hide resolved
type = string
default = "Required"
}

variable "client_certificate_enabled" {
description = "Should client certififcate be enabled for this Web App?"
kov117 marked this conversation as resolved.
Show resolved Hide resolved
type = bool
default = false
}

variable "ftp_publish_basic_authentication_enabled" {
description = "Should basic (username and password) authentication be enabled for the FTP client?"
type = bool
Expand Down