feat: add new var and tftest for client certificate enabled

equinor · Nov 25, 2024 · 441b8c1 · 441b8c1
1 parent fc014cc
commit 441b8c1
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -35,6 +35,7 @@ resource "azurerm_linux_function_app" "this" {
   functions_extension_version = var.functions_extension_version
 
   client_certificate_mode = var.client_certificate_mode
+  client_certificate_enabled = var.client_certificate_enabled
 
   ftp_publish_basic_authentication_enabled       = var.ftp_publish_basic_authentication_enabled
   webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled
@@ -167,6 +168,7 @@ resource "azurerm_windows_function_app" "this" {
   functions_extension_version = var.functions_extension_version
 
   client_certificate_mode = var.client_certificate_mode
+  client_certificate_enabled = var.client_certificate_enabled
 
   ftp_publish_basic_authentication_enabled       = var.ftp_publish_basic_authentication_enabled
   webdeploy_publish_basic_authentication_enabled = var.webdeploy_publish_basic_authentication_enabled

diff --git a/tests/certificate.unit.tftest.hcl b/tests/certificate.unit.tftest.hcl
@@ -66,6 +66,46 @@ run "linux_client_certificate_mode_required" {
   }
 }
 
+run "linux_client_certificate_disable" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    client_certificate_enabled = false
+  }
+
+  assert {
+    condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
+    error_message = "Client certificate enabled for Web App"
+  }
+}
+
+run "linux_client_certificate_enabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    client_certificate_enabled = true
+  }
+
+  assert {
+    condition = azurerm_linux_function_app.this[0].client_certificate_enabled == true
+    error_message = "Client certificate disable for Web App"
+  }
+}
+
 run "windows_client_certificate_mode_optional" {
   command = plan
 
@@ -126,4 +166,44 @@ run "windows_client_certificate_mode_required" {
     condition = azurerm_windows_function_app.this[0].client_certificate_mode == "Required"
     error_message = "The Client certificate mode is on \"Optional\" or \"OptionalInteractiveUser\""
   }
-}
+}
+
+run "windows_client_certificate_disable" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    client_certificate_enabled = false
+  }
+
+  assert {
+    condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
+    error_message = "Client certificate enabled for Web App"
+  }
+}
+
+run "windows_client_certificate_enabled" {
+  command = plan
+
+  variables {
+    app_name                   = run.setup_tests.app_name
+    resource_group_name        = run.setup_tests.resource_group_name
+    location                   = run.setup_tests.location
+    app_service_plan_id        = run.setup_tests.app_service_plan_id
+    storage_account_id         = run.setup_tests.storage_account_id
+    log_analytics_workspace_id = run.setup_tests.log_analytics_workspace_id
+
+    client_certificate_enabled = true
+  }
+
+  assert {
+    condition = azurerm_linux_function_app.this[0].client_certificate_enabled == true
+    error_message = "Client certificate disable for Web App"
+  }
+}
diff --git a/tests/defaults.unit.tftest.hcl b/tests/defaults.unit.tftest.hcl
@@ -42,6 +42,11 @@ run "linux_app" {
     condition = azurerm_linux_function_app.this[0].client_certificate_mode == "Required"
     error_message = "Client certificate mode value is \"Optional\" or \"OptionalInteractiveUser\""
   }
+
+  assert {
+    condition = azurerm_linux_function_app.this[0].client_certificate_enabled == false
+    error_message = "Client certificate enabled for Web App"
+  }
 }
 
 run "windows_app" {
@@ -81,4 +86,9 @@ run "windows_app" {
     condition = azurerm_windows_function_app.this[0].client_certificate_mode == "Required"
     error_message = "Client certificate mode value is \"Optional\" or \"OptionalInteractiveUser\""
   }
+
+  assert {
+    condition = azurerm_windows_function_app.this[0].client_certificate_enabled == false
+    error_message = "Client certificate enabled for Web App"
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -222,6 +222,12 @@ variable "client_certificate_mode" {
   default     = "Required"
 }
 
+variable "client_certificate_enabled" {
+  description = "Should client certififcate be enabled for this Web App?"
+  type = bool
+  default = false
+}
+
 variable "ftp_publish_basic_authentication_enabled" {
   description = "Should basic (username and password) authentication be enabled for the FTP client?"
   type        = bool