feat: configure client certificate and public network access (#215)

* customize feature for log&other parameters * Added other parameter to main * Update variables.tf Co-authored-by: Henrik Simonsen Knutsen <[email protected]> * Update variables.tf Co-authored-by: Henrik Simonsen Knutsen <[email protected]> * Update variables.tf Co-authored-by: Henrik Simonsen Knutsen <[email protected]> * removed log diagnostic setting --------- Co-authored-by: Khan <[email protected]> Co-authored-by: Henrik Simonsen Knutsen <[email protected]>
equinor · Sep 17, 2024 · f87655b · f87655b
1 parent a21ea3a
commit f87655b
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/examples/linux-app/main.tf b/examples/linux-app/main.tf
@@ -30,4 +30,5 @@ module "web_app" {
   location                   = var.location
   app_service_plan_id        = module.app_service.plan_id
   log_analytics_workspace_id = module.log_analytics.workspace_id
+
 }
diff --git a/main.tf b/main.tf
@@ -4,14 +4,16 @@ resource "azurerm_linux_web_app" "this" {
   count = local.is_windows ? 0 : 1
 
   name                            = var.app_name
+  client_certificate_enabled      = var.client_certificate_enabled
+  client_certificate_mode         = var.client_certificate_mode
   location                        = var.location
   resource_group_name             = var.resource_group_name
   service_plan_id                 = var.app_service_plan_id
   app_settings                    = var.app_settings
   https_only                      = local.https_only
   client_affinity_enabled         = var.client_affinity_enabled
   key_vault_reference_identity_id = var.key_vault_reference_identity_id
-  public_network_access_enabled   = true
+  public_network_access_enabled   = var.public_network_access_enabled
   virtual_network_subnet_id       = var.virtual_network_subnet_id
 
   tags = var.tags
@@ -147,14 +149,16 @@ resource "azurerm_windows_web_app" "this" {
   count = local.is_windows ? 1 : 0
 
   name                            = var.app_name
+  client_certificate_enabled      = var.client_certificate_enabled
+  client_certificate_mode         = var.client_certificate_mode
   location                        = var.location
   resource_group_name             = var.resource_group_name
   service_plan_id                 = var.app_service_plan_id
   app_settings                    = var.app_settings
   https_only                      = local.https_only
   client_affinity_enabled         = var.client_affinity_enabled
   key_vault_reference_identity_id = var.key_vault_reference_identity_id
-  public_network_access_enabled   = true
+  public_network_access_enabled   = var.public_network_access_enabled
   virtual_network_subnet_id       = var.virtual_network_subnet_id
 
   tags = var.tags

diff --git a/variables.tf b/variables.tf
@@ -316,3 +316,22 @@ variable "storage_accounts" {
     error_message = "Storage account type must be either \"AzureFiles\" or \"AzureBlob\"."
   }
 }
+
+variable "public_network_access_enabled" {
+    description = "Should public network access be enabled for this Web App?"
+    type        = bool
+    default     = true
+}
+
+
+variable "client_certificate_mode" {
+  description = "The client cerftificate mode for this Web App. Value must be \"Required\", \"Optional\" or \"OptionalInteractiveUser\"."
+  type        = string
+  default     = "Required"
+}
+
+variable "client_certificate_enabled" {
+  description = "Should client certificate be enabled for this Web App?"
+  type        = bool
+  default     = false
+}