diff --git a/internal/services/appconfiguration/app_configuration_data_source.go b/internal/services/appconfiguration/app_configuration_data_source.go index 0441f5da82ea9..9cd6f4ed5be4f 100644 --- a/internal/services/appconfiguration/app_configuration_data_source.go +++ b/internal/services/appconfiguration/app_configuration_data_source.go @@ -40,16 +40,26 @@ func dataSourceAppConfiguration() *pluginsdk.Resource { "location": commonschema.LocationComputed(), + "data_plane_proxy_authentication_mode": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "data_plane_proxy_private_link_delegation_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + "encryption": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ - "key_vault_key_identifier": { + "identity_client_id": { Type: pluginsdk.TypeString, Computed: true, }, - "identity_client_id": { + "key_vault_key_identifier": { Type: pluginsdk.TypeString, Computed: true, }, @@ -57,63 +67,16 @@ func dataSourceAppConfiguration() *pluginsdk.Resource { }, }, - "identity": commonschema.SystemAssignedUserAssignedIdentityComputed(), - - "local_auth_enabled": { - Type: pluginsdk.TypeBool, - Computed: true, - }, - - "public_network_access_enabled": { - Type: pluginsdk.TypeBool, - Computed: true, - }, - - "purge_protection_enabled": { - Type: pluginsdk.TypeBool, - Computed: true, - }, - - "sku": { - Type: pluginsdk.TypeString, - Computed: true, - }, - - "soft_delete_retention_days": { - Type: pluginsdk.TypeInt, - Computed: true, - }, - "endpoint": { Type: pluginsdk.TypeString, Computed: true, }, - "public_network_access": { - Type: pluginsdk.TypeString, - Computed: true, - }, + "identity": commonschema.SystemAssignedUserAssignedIdentityComputed(), - "replica": { - Type: pluginsdk.TypeList, + "local_auth_enabled": { + Type: pluginsdk.TypeBool, Computed: true, - Elem: &pluginsdk.Resource{ - Schema: map[string]*pluginsdk.Schema{ - "name": { - Type: pluginsdk.TypeString, - Computed: true, - }, - "location": commonschema.LocationComputed(), - "endpoint": { - Type: pluginsdk.TypeString, - Computed: true, - }, - "id": { - Type: pluginsdk.TypeString, - Computed: true, - }, - }, - }, }, "primary_read_key": { @@ -140,7 +103,7 @@ func dataSourceAppConfiguration() *pluginsdk.Resource { }, }, - "secondary_read_key": { + "primary_write_key": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ @@ -164,7 +127,44 @@ func dataSourceAppConfiguration() *pluginsdk.Resource { }, }, - "primary_write_key": { + "public_network_access": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "public_network_access_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "purge_protection_enabled": { + Type: pluginsdk.TypeBool, + Computed: true, + }, + + "replica": { + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "location": commonschema.LocationComputed(), + "endpoint": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + + "secondary_read_key": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ @@ -212,6 +212,16 @@ func dataSourceAppConfiguration() *pluginsdk.Resource { }, }, + "sku": { + Type: pluginsdk.TypeString, + Computed: true, + }, + + "soft_delete_retention_days": { + Type: pluginsdk.TypeInt, + Computed: true, + }, + "tags": commonschema.TagsDataSource(), }, } @@ -248,6 +258,11 @@ func dataSourceAppConfigurationRead(d *pluginsdk.ResourceData, meta interface{}) d.Set("sku", model.Sku.Name) if props := model.Properties; props != nil { + if dataPlaneProxy := props.DataPlaneProxy; dataPlaneProxy != nil { + d.Set("data_plane_proxy_authentication_mode", string(pointer.From(dataPlaneProxy.AuthenticationMode))) + d.Set("data_plane_proxy_private_link_delegation_enabled", pointer.From(dataPlaneProxy.PrivateLinkDelegation) == configurationstores.PrivateLinkDelegationEnabled) + } + d.Set("endpoint", props.Endpoint) d.Set("encryption", flattenAppConfigurationEncryption(props.Encryption)) d.Set("public_network_access", string(pointer.From(props.PublicNetworkAccess))) diff --git a/internal/services/appconfiguration/app_configuration_data_source_test.go b/internal/services/appconfiguration/app_configuration_data_source_test.go index 2bbbd31e0b55b..7799205a0e4a3 100644 --- a/internal/services/appconfiguration/app_configuration_data_source_test.go +++ b/internal/services/appconfiguration/app_configuration_data_source_test.go @@ -24,6 +24,8 @@ func TestAccAppConfigurationDataSource_basic(t *testing.T) { Config: AppConfigurationDataSource{}.basic(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(AppConfigurationResource{}), + check.That(data.ResourceName).Key("data_plane_proxy_authentication_mode").HasValue("Pass-through"), + check.That(data.ResourceName).Key("data_plane_proxy_private_link_delegation_enabled").HasValue("true"), check.That(data.ResourceName).Key("endpoint").Exists(), check.That(data.ResourceName).Key("encryption.#").HasValue("1"), check.That(data.ResourceName).Key("encryption.0.key_vault_key_identifier").Exists(), @@ -59,7 +61,6 @@ func TestAccAppConfigurationDataSource_basic(t *testing.T) { } func (AppConfigurationDataSource) basic(data acceptance.TestData) string { - template := AppConfigurationResource{}.complete(data) return fmt.Sprintf(` %s @@ -67,5 +68,5 @@ data "azurerm_app_configuration" "test" { name = azurerm_app_configuration.test.name resource_group_name = azurerm_app_configuration.test.resource_group_name } -`, template) +`, AppConfigurationResource{}.complete(data)) } diff --git a/internal/services/appconfiguration/app_configuration_resource.go b/internal/services/appconfiguration/app_configuration_resource.go index ec4c64a236695..c6abf39ec750d 100644 --- a/internal/services/appconfiguration/app_configuration_resource.go +++ b/internal/services/appconfiguration/app_configuration_resource.go @@ -31,7 +31,6 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" - "github.com/hashicorp/terraform-provider-azurerm/utils" ) func resourceAppConfiguration() *pluginsdk.Resource { @@ -59,6 +58,17 @@ func resourceAppConfiguration() *pluginsdk.Resource { pluginsdk.ForceNewIfChange("sku", func(ctx context.Context, old, new, meta interface{}) bool { return old == "premium" || new == "free" }), + + pluginsdk.CustomizeDiffShim(func(ctx context.Context, d *pluginsdk.ResourceDiff, _ interface{}) error { + authMode := d.Get("data_plane_proxy_authentication_mode").(string) + privLinkDelegation := d.Get("data_plane_proxy_private_link_delegation_enabled").(bool) + + if authMode == string(configurationstores.AuthenticationModeLocal) && privLinkDelegation { + return errors.New("`data_plane_proxy_private_link_delegation_enabled` cannot be set to `true` when `data_plane_proxy_authentication_mode` is `Local`") + } + + return nil + }), ), Schema: map[string]*pluginsdk.Schema{ @@ -69,9 +79,22 @@ func resourceAppConfiguration() *pluginsdk.Resource { ValidateFunc: validate.ConfigurationStoreName, }, + "resource_group_name": commonschema.ResourceGroupName(), + "location": commonschema.Location(), - "resource_group_name": commonschema.ResourceGroupName(), + "data_plane_proxy_authentication_mode": { + Type: pluginsdk.TypeString, + Optional: true, + Default: string(configurationstores.AuthenticationModeLocal), + ValidateFunc: validation.StringInSlice(configurationstores.PossibleValuesForAuthenticationMode(), false), + }, + + "data_plane_proxy_private_link_delegation_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + }, "encryption": { Type: pluginsdk.TypeList, @@ -79,15 +102,15 @@ func resourceAppConfiguration() *pluginsdk.Resource { MaxItems: 1, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ - "key_vault_key_identifier": { + "identity_client_id": { Type: pluginsdk.TypeString, Optional: true, - ValidateFunc: validation.IsURLWithHTTPorHTTPS, + ValidateFunc: validation.IsUUID, }, - "identity_client_id": { + "key_vault_key_identifier": { Type: pluginsdk.TypeString, Optional: true, - ValidateFunc: validation.IsUUID, + ValidateFunc: validation.IsURLWithHTTPorHTTPS, }, }, }, @@ -101,12 +124,44 @@ func resourceAppConfiguration() *pluginsdk.Resource { Default: true, }, + "public_network_access": { + Type: pluginsdk.TypeString, + Optional: true, + Default: nil, + ValidateFunc: validation.StringInSlice(configurationstores.PossibleValuesForPublicNetworkAccess(), true), + }, + "purge_protection_enabled": { Type: pluginsdk.TypeBool, Optional: true, Default: false, }, + "replica": { + Type: pluginsdk.TypeSet, + Optional: true, + MinItems: 1, + Set: resourceConfigurationStoreReplicaHash, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validate.ConfigurationStoreReplicaName, + }, + "location": commonschema.LocationWithoutForceNew(), + "id": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "endpoint": { + Type: pluginsdk.TypeString, + Computed: true, + }, + }, + }, + }, + // `sku` is not enum, https://github.com/Azure/azure-rest-api-specs/issues/23902 "sku": { Type: pluginsdk.TypeString, @@ -130,43 +185,13 @@ func resourceAppConfiguration() *pluginsdk.Resource { }, }, + "tags": commonschema.Tags(), + "endpoint": { Type: pluginsdk.TypeString, Computed: true, }, - "public_network_access": { - Type: pluginsdk.TypeString, - Optional: true, - Default: nil, - ValidateFunc: validation.StringInSlice(configurationstores.PossibleValuesForPublicNetworkAccess(), true), - }, - - "replica": { - Type: pluginsdk.TypeSet, - Optional: true, - MinItems: 1, - Set: resourceConfigurationStoreReplicaHash, - Elem: &pluginsdk.Resource{ - Schema: map[string]*pluginsdk.Schema{ - "name": { - Type: pluginsdk.TypeString, - Required: true, - ValidateFunc: validate.ConfigurationStoreReplicaName, - }, - "location": commonschema.LocationWithoutForceNew(), - "endpoint": { - Type: pluginsdk.TypeString, - Computed: true, - }, - "id": { - Type: pluginsdk.TypeString, - Computed: true, - }, - }, - }, - }, - "primary_read_key": { Type: pluginsdk.TypeList, Computed: true, @@ -177,12 +202,12 @@ func resourceAppConfiguration() *pluginsdk.Resource { Computed: true, Sensitive: true, }, - "secret": { + "connection_string": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, }, - "connection_string": { + "secret": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, @@ -191,7 +216,7 @@ func resourceAppConfiguration() *pluginsdk.Resource { }, }, - "secondary_read_key": { + "primary_write_key": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ @@ -201,12 +226,12 @@ func resourceAppConfiguration() *pluginsdk.Resource { Computed: true, Sensitive: true, }, - "secret": { + "connection_string": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, }, - "connection_string": { + "secret": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, @@ -215,7 +240,7 @@ func resourceAppConfiguration() *pluginsdk.Resource { }, }, - "primary_write_key": { + "secondary_read_key": { Type: pluginsdk.TypeList, Computed: true, Elem: &pluginsdk.Resource{ @@ -225,12 +250,12 @@ func resourceAppConfiguration() *pluginsdk.Resource { Computed: true, Sensitive: true, }, - "secret": { + "connection_string": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, }, - "connection_string": { + "secret": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, @@ -249,12 +274,12 @@ func resourceAppConfiguration() *pluginsdk.Resource { Computed: true, Sensitive: true, }, - "secret": { + "connection_string": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, }, - "connection_string": { + "secret": { Type: pluginsdk.TypeString, Computed: true, Sensitive: true, @@ -262,8 +287,6 @@ func resourceAppConfiguration() *pluginsdk.Resource { }, }, }, - - "tags": commonschema.Tags(), }, } } @@ -311,21 +334,30 @@ func resourceAppConfigurationCreate(d *pluginsdk.ResourceData, meta interface{}) } } + privLinkDelegation := configurationstores.PrivateLinkDelegationDisabled + if d.Get("data_plane_proxy_private_link_delegation_enabled").(bool) { + privLinkDelegation = configurationstores.PrivateLinkDelegationEnabled + } + parameters := configurationstores.ConfigurationStore{ Location: location, Sku: configurationstores.Sku{ Name: d.Get("sku").(string), }, Properties: &configurationstores.ConfigurationStoreProperties{ - EnablePurgeProtection: utils.Bool(d.Get("purge_protection_enabled").(bool)), - DisableLocalAuth: utils.Bool(!d.Get("local_auth_enabled").(bool)), + DataPlaneProxy: &configurationstores.DataPlaneProxyProperties{ + AuthenticationMode: pointer.To(configurationstores.AuthenticationMode(d.Get("data_plane_proxy_authentication_mode").(string))), + PrivateLinkDelegation: &privLinkDelegation, + }, + EnablePurgeProtection: pointer.To(d.Get("purge_protection_enabled").(bool)), + DisableLocalAuth: pointer.To(!d.Get("local_auth_enabled").(bool)), Encryption: expandAppConfigurationEncryption(d.Get("encryption").([]interface{})), }, Tags: tags.Expand(d.Get("tags").(map[string]interface{})), } if v, ok := d.Get("soft_delete_retention_days").(int); ok && v != 7 { - parameters.Properties.SoftDeleteRetentionInDays = utils.Int64(int64(v)) + parameters.Properties.SoftDeleteRetentionInDays = pointer.To(int64(v)) } if recoverSoftDeleted { @@ -420,6 +452,35 @@ func resourceAppConfigurationUpdate(d *pluginsdk.ResourceData, meta interface{}) update.Identity = identity } + if d.HasChange("data_plane_proxy_authentication_mode") { + if update.Properties == nil { + update.Properties = &configurationstores.ConfigurationStorePropertiesUpdateParameters{} + } + + props := update.Properties + if props.DataPlaneProxy == nil { + props.DataPlaneProxy = &configurationstores.DataPlaneProxyProperties{} + } + props.DataPlaneProxy.AuthenticationMode = pointer.To(configurationstores.AuthenticationMode(d.Get("data_plane_proxy_authentication_mode").(string))) + } + + if d.HasChange("data_plane_proxy_private_link_delegation_enabled") { + if update.Properties == nil { + update.Properties = &configurationstores.ConfigurationStorePropertiesUpdateParameters{} + } + + props := update.Properties + if props.DataPlaneProxy == nil { + props.DataPlaneProxy = &configurationstores.DataPlaneProxyProperties{} + } + + privLinkDelegation := configurationstores.PrivateLinkDelegationDisabled + if d.Get("data_plane_proxy_private_link_delegation_enabled").(bool) { + privLinkDelegation = configurationstores.PrivateLinkDelegationEnabled + } + props.DataPlaneProxy.PrivateLinkDelegation = &privLinkDelegation + } + if d.HasChange("encryption") { if update.Properties == nil { update.Properties = &configurationstores.ConfigurationStorePropertiesUpdateParameters{} @@ -431,7 +492,7 @@ func resourceAppConfigurationUpdate(d *pluginsdk.ResourceData, meta interface{}) if update.Properties == nil { update.Properties = &configurationstores.ConfigurationStorePropertiesUpdateParameters{} } - update.Properties.DisableLocalAuth = utils.Bool(!d.Get("local_auth_enabled").(bool)) + update.Properties.DisableLocalAuth = pointer.To(!d.Get("local_auth_enabled").(bool)) } if d.HasChange("public_network_access") { @@ -459,7 +520,7 @@ func resourceAppConfigurationUpdate(d *pluginsdk.ResourceData, meta interface{}) if oldValue && !newValue { return fmt.Errorf("updating %s: once Purge Protection has been Enabled it's not possible to disable it", *id) } - update.Properties.EnablePurgeProtection = utils.Bool(d.Get("purge_protection_enabled").(bool)) + update.Properties.EnablePurgeProtection = pointer.To(d.Get("purge_protection_enabled").(bool)) } if d.HasChange("public_network_enabled") { @@ -580,6 +641,11 @@ func resourceAppConfigurationRead(d *pluginsdk.ResourceData, meta interface{}) e d.Set("sku", model.Sku.Name) if props := model.Properties; props != nil { + if dataPlaneProxy := props.DataPlaneProxy; dataPlaneProxy != nil { + d.Set("data_plane_proxy_authentication_mode", string(pointer.From(dataPlaneProxy.AuthenticationMode))) + d.Set("data_plane_proxy_private_link_delegation_enabled", pointer.From(dataPlaneProxy.PrivateLinkDelegation) == configurationstores.PrivateLinkDelegationEnabled) + } + d.Set("endpoint", props.Endpoint) d.Set("encryption", flattenAppConfigurationEncryption(props.Encryption)) d.Set("public_network_access", string(pointer.From(props.PublicNetworkAccess))) diff --git a/internal/services/appconfiguration/app_configuration_resource_test.go b/internal/services/appconfiguration/app_configuration_resource_test.go index 2bb0d3cba578b..3de93edc4d537 100644 --- a/internal/services/appconfiguration/app_configuration_resource_test.go +++ b/internal/services/appconfiguration/app_configuration_resource_test.go @@ -9,12 +9,12 @@ import ( "regexp" "testing" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/appconfiguration/2024-05-01/configurationstores" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" - "github.com/hashicorp/terraform-provider-azurerm/utils" ) type AppConfigurationResource struct{} @@ -493,7 +493,7 @@ func (AppConfigurationResource) Exists(ctx context.Context, clients *clients.Cli return nil, fmt.Errorf("retrieving %s: %+v", *id, err) } - return utils.Bool(resp.Model != nil), nil + return pointer.To(resp.Model != nil), nil } func (AppConfigurationResource) free(data acceptance.TestData) string { @@ -728,14 +728,16 @@ resource "azurerm_key_vault_key" "test" { } resource "azurerm_app_configuration" "test" { - name = "testaccappconf%[1]d" - resource_group_name = azurerm_resource_group.test.name - location = azurerm_resource_group.test.location - sku = "standard" - local_auth_enabled = true - public_network_access = "Enabled" - purge_protection_enabled = false - soft_delete_retention_days = 1 + name = "testaccappconf%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + data_plane_proxy_authentication_mode = "Pass-through" + data_plane_proxy_private_link_delegation_enabled = true + sku = "standard" + local_auth_enabled = true + public_network_access = "Enabled" + purge_protection_enabled = false + soft_delete_retention_days = 1 identity { type = "UserAssigned" diff --git a/website/docs/d/app_configuration.html.markdown b/website/docs/d/app_configuration.html.markdown index 8a042fd13f865..393e07d6c9531 100644 --- a/website/docs/d/app_configuration.html.markdown +++ b/website/docs/d/app_configuration.html.markdown @@ -37,13 +37,19 @@ In addition to the Arguments listed above - the following Attributes are exporte * `id` - The ID of the App Configuration. +* `location` - The Azure Region where the App Configuration exists. + +* `data_plane_proxy_authentication_mode` - The data plane proxy authentication mode. + +* `data_plane_proxy_private_link_delegation_enabled` - Whether data plane proxy private link delegation is enabled. + * `endpoint` - The Endpoint used to access this App Configuration. * `encryption` - An `encryption` block as defined below. -* `local_auth_enabled` - Whether local authentication methods is enabled. +* `identity` - An `identity` block as defined below. -* `location` - The Azure Region where the App Configuration exists. +* `local_auth_enabled` - Whether local authentication methods are enabled. * `primary_read_key` - A `primary_read_key` block as defined below containing the primary read access key. @@ -69,53 +75,52 @@ In addition to the Arguments listed above - the following Attributes are exporte A `primary_read_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID and Secret. + * `secret` - The Secret of the Access Key. --- A `primary_write_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID and Secret. + * `secret` - The Secret of the Access Key. --- A `replica` block exports the following: -* `id` - The ID of the App Configuration Replica. +* `name` - The name of the App Configuration Replica. -* `endpoint` - The URL of the App Configuration Replica. +* `id` - The ID of the App Configuration Replica. * `location` - The supported Azure location where the App Configuration Replica exists. -* `name` - The name of the App Configuration Replica. - +* `endpoint` - The URL of the App Configuration Replica. --- A `secondary_read_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID and Secret. + * `secret` - The Secret of the Access Key. --- A `secondary_write_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID and Secret. + * `secret` - The Secret of the Access Key. ## Timeouts diff --git a/website/docs/r/app_configuration.html.markdown b/website/docs/r/app_configuration.html.markdown index 77a6abf0e3e06..b99dba96fa91a 100644 --- a/website/docs/r/app_configuration.html.markdown +++ b/website/docs/r/app_configuration.html.markdown @@ -153,10 +153,16 @@ The following arguments are supported: * `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -* `identity` - (Optional) An `identity` block as defined below. +* `data_plane_proxy_authentication_mode` - The data plane proxy authentication mode. Possible values are `Local` and `Pass-through`. Defaults to `Local`. + +* `data_plane_proxy_private_link_delegation_enabled` - Whether data plane proxy private link delegation is enabled. Defaults to `false`. + +~> **Note:** `data_plane_proxy_private_link_delegation_enabled` cannot be set to `true` when `data_plane_proxy_authentication_mode` is set to `Local`. * `encryption` - (Optional) An `encryption` block as defined below. +* `identity` - (Optional) An `identity` block as defined below. + * `local_auth_enabled` - (Optional) Whether local authentication methods is enabled. Defaults to `true`. * `public_network_access` - (Optional) The Public Network Access setting of the App Configuration. Possible values are `Enabled` and `Disabled`. @@ -183,15 +189,15 @@ The following arguments are supported: An `encryption` block supports the following: -* `key_vault_key_identifier` - (Optional) Specifies the URI of the key vault key used to encrypt data. +* `identity_client_id` - (Optional) Specifies the client ID of the identity which will be used to access key vault. -* `identity_client_id` - (Optional) Specifies the client id of the identity which will be used to access key vault. +* `key_vault_key_identifier` - (Optional) Specifies the URI of the key vault key used to encrypt data. --- An `identity` block supports the following: -* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this App Configuration. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). +* `type` - (Required) Specifies the type of Managed Service Identity that should be configured on this App Configuration. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned` (to enable both). * `identity_ids` - (Optional) A list of User Assigned Managed Identity IDs to be assigned to this App Configuration. @@ -201,10 +207,10 @@ An `identity` block supports the following: A `replica` block supports the following: -* `location` - (Required) Specifies the supported Azure location where the replica exists. - * `name` - (Required) Specifies the name of the replica. +* `location` - (Required) Specifies the supported Azure location where the replica exists. + --- ## Attributes Reference @@ -215,16 +221,18 @@ In addition to the Arguments listed above - the following Attributes are exporte * `endpoint` - The URL of the App Configuration. +* `identity` - An `identity` block as defined below. + * `primary_read_key` - A `primary_read_key` block as defined below containing the primary read access key. * `primary_write_key` - A `primary_write_key` block as defined below containing the primary write access key. +* `replica` - A `replica` block as defined below. + * `secondary_read_key` - A `secondary_read_key` block as defined below containing the secondary read access key. * `secondary_write_key` - A `secondary_write_key` block as defined below containing the secondary write access key. -* `identity` - An `identity` block as defined below. - --- An `identity` block exports the following: @@ -245,40 +253,40 @@ A `replica` block exports the following: A `primary_read_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. + * `secret` - The Secret of the Access Key. --- A `primary_write_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. + * `secret` - The Secret of the Access Key. --- A `secondary_read_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. + * `secret` - The Secret of the Access Key. --- A `secondary_write_key` block exports the following: -* `connection_string` - The Connection String for this Access Key - comprising of the Endpoint, ID and Secret. - * `id` - The ID of the Access Key. +* `connection_string` - The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. + * `secret` - The Secret of the Access Key. ## Timeouts @@ -286,8 +294,8 @@ A `secondary_write_key` block exports the following: The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: * `create` - (Defaults to 60 minutes) Used when creating the App Configuration. -* `update` - (Defaults to 60 minutes) Used when updating the App Configuration. * `read` - (Defaults to 5 minutes) Used when retrieving the App Configuration. +* `update` - (Defaults to 60 minutes) Used when updating the App Configuration. * `delete` - (Defaults to 60 minutes) Used when deleting the App Configuration. ## Import