Skip to content

Commit b45d14b

Browse files
heoelriheoelri
authored
Add key_vault_reference_identity_id attribute for azurerm_function_app (#13962)
This PR adds the key_vault_reference_identity_id attribute for azurerm_function_app. Plus some test cleanup. From the docs: key_vault_reference_identity_id - (Optional) The User Assigned Identity Id used for looking up KeyVault secrets. The identity must be assigned to the application. See Access vaults with a user-assigned identity for more information. Thanks to @patst for #13720. This PR will close #13960 CC: @sebader
1 parent af52ca6 commit b45d14b

File tree

3 files changed

+166
-81
lines changed

3 files changed

+166
-81
lines changed

internal/services/web/function_app_resource.go

+20
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
1212
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
1313
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
14+
msivalidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/msi/validate"
1415
storageValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/storage/validate"
1516
"github.com/hashicorp/terraform-provider-azurerm/internal/services/web/parse"
1617
webValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/web/validate"
@@ -162,6 +163,13 @@ func resourceFunctionApp() *pluginsdk.Resource {
162163
}, false),
163164
},
164165

166+
"key_vault_reference_identity_id": {
167+
Type: pluginsdk.TypeString,
168+
Optional: true,
169+
Computed: true,
170+
ValidateFunc: msivalidate.UserAssignedIdentityID,
171+
},
172+
165173
"site_config": schemaAppServiceFunctionAppSiteConfig(),
166174

167175
"source_control": schemaAppServiceSiteSourceControl(),
@@ -337,6 +345,10 @@ func resourceFunctionAppCreate(d *pluginsdk.ResourceData, meta interface{}) erro
337345
},
338346
}
339347

348+
if v, ok := d.GetOk("key_vault_reference_identity_id"); ok {
349+
siteEnvelope.SiteProperties.KeyVaultReferenceIdentity = utils.String(v.(string))
350+
}
351+
340352
if clientCertMode != "" {
341353
siteEnvelope.SiteProperties.ClientCertMode = web.ClientCertMode(clientCertMode)
342354
}
@@ -475,6 +487,10 @@ func resourceFunctionAppUpdate(d *pluginsdk.ResourceData, meta interface{}) erro
475487
},
476488
}
477489

490+
if v, ok := d.GetOk("key_vault_reference_identity_id"); ok {
491+
siteEnvelope.SiteProperties.KeyVaultReferenceIdentity = utils.String(v.(string))
492+
}
493+
478494
if clientCertMode != "" {
479495
siteEnvelope.SiteProperties.ClientCertMode = web.ClientCertMode(clientCertMode)
480496
}
@@ -662,6 +678,10 @@ func resourceFunctionAppRead(d *pluginsdk.ResourceData, meta interface{}) error
662678
clientCertMode = string(props.ClientCertMode)
663679
}
664680
d.Set("client_cert_mode", clientCertMode)
681+
682+
if props.KeyVaultReferenceIdentity != nil {
683+
d.Set("key_vault_reference_identity_id", props.KeyVaultReferenceIdentity)
684+
}
665685
}
666686

667687
appServiceTier, err := getFunctionAppServiceTier(ctx, appServicePlanID, meta)

0 commit comments

Comments
 (0)