diff --git a/internal/services/web/function_app_resource.go b/internal/services/web/function_app_resource.go index f372aa572695..c783b1d75a6c 100644 --- a/internal/services/web/function_app_resource.go +++ b/internal/services/web/function_app_resource.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + msivalidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/msi/validate" storageValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/storage/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/services/web/parse" webValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/web/validate" @@ -162,6 +163,13 @@ func resourceFunctionApp() *pluginsdk.Resource { }, false), }, + "key_vault_reference_identity_id": { + Type: pluginsdk.TypeString, + Optional: true, + Computed: true, + ValidateFunc: msivalidate.UserAssignedIdentityID, + }, + "site_config": schemaAppServiceFunctionAppSiteConfig(), "source_control": schemaAppServiceSiteSourceControl(), @@ -337,6 +345,10 @@ func resourceFunctionAppCreate(d *pluginsdk.ResourceData, meta interface{}) erro }, } + if v, ok := d.GetOk("key_vault_reference_identity_id"); ok { + siteEnvelope.SiteProperties.KeyVaultReferenceIdentity = utils.String(v.(string)) + } + if clientCertMode != "" { siteEnvelope.SiteProperties.ClientCertMode = web.ClientCertMode(clientCertMode) } @@ -475,6 +487,10 @@ func resourceFunctionAppUpdate(d *pluginsdk.ResourceData, meta interface{}) erro }, } + if v, ok := d.GetOk("key_vault_reference_identity_id"); ok { + siteEnvelope.SiteProperties.KeyVaultReferenceIdentity = utils.String(v.(string)) + } + if clientCertMode != "" { siteEnvelope.SiteProperties.ClientCertMode = web.ClientCertMode(clientCertMode) } @@ -662,6 +678,10 @@ func resourceFunctionAppRead(d *pluginsdk.ResourceData, meta interface{}) error clientCertMode = string(props.ClientCertMode) } d.Set("client_cert_mode", clientCertMode) + + if props.KeyVaultReferenceIdentity != nil { + d.Set("key_vault_reference_identity_id", props.KeyVaultReferenceIdentity) + } } appServiceTier, err := getFunctionAppServiceTier(ctx, appServicePlanID, meta) diff --git a/internal/services/web/function_app_resource_test.go b/internal/services/web/function_app_resource_test.go index 93238fa6afe5..d81740420550 100644 --- a/internal/services/web/function_app_resource_test.go +++ b/internal/services/web/function_app_resource_test.go @@ -447,6 +447,21 @@ func TestAccFunctionApp_consumptionPlan(t *testing.T) { }) } +func TestAccFunctionApp_keyVaultUserAssignedIdentity(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_function_app", "test") + r := FunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.KeyVaultUserAssignedIdentity(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccFunctionApp_consumptionPlanUppercaseName(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_function_app", "test") r := FunctionAppResource{} @@ -2112,12 +2127,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -2125,7 +2140,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -2136,7 +2151,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -2144,7 +2159,7 @@ resource "azurerm_function_app" "test" { storage_account_access_key = azurerm_storage_account.test.primary_access_key https_only = true } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) dailyMemoryTimeQuota(data acceptance.TestData, dailyMemoryTimeQuota int) string { @@ -2154,12 +2169,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -2167,7 +2182,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "FunctionApp" @@ -2179,15 +2194,15 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id storage_account_name = azurerm_storage_account.test.name storage_account_access_key = azurerm_storage_account.test.primary_access_key - daily_memory_time_quota = %d + daily_memory_time_quota = %[4]d } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger, dailyMemoryTimeQuota) +`, data.RandomInteger, data.Locations.Primary, data.RandomString, dailyMemoryTimeQuota) } func (r FunctionAppResource) consumptionPlan(data acceptance.TestData) string { @@ -2197,12 +2212,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -2210,7 +2225,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "FunctionApp" @@ -2222,14 +2237,14 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id storage_account_name = azurerm_storage_account.test.name storage_account_access_key = azurerm_storage_account.test.primary_access_key } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) consumptionPlanUppercaseName(data acceptance.TestData) string { @@ -2239,12 +2254,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -2252,7 +2267,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "FunctionApp" @@ -2264,14 +2279,14 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-FuncWithUppercase" + name = "acctest-%[1]d-FuncWithUppercase" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id storage_account_name = azurerm_storage_account.test.name storage_account_access_key = azurerm_storage_account.test.primary_access_key } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) basicIdentity(data acceptance.TestData) string { @@ -2914,12 +2929,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -2927,7 +2942,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -2938,7 +2953,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -2951,7 +2966,7 @@ resource "azurerm_function_app" "test" { } } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) oneVNetSubnetIpRestriction(data acceptance.TestData) string { @@ -3022,12 +3037,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3035,7 +3050,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -3046,7 +3061,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3071,7 +3086,7 @@ resource "azurerm_function_app" "test" { } } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) ipRestrictionRemoved(data acceptance.TestData) string { @@ -3081,12 +3096,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3094,7 +3109,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -3105,7 +3120,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3116,7 +3131,7 @@ resource "azurerm_function_app" "test" { ip_restriction = [] } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) scmUseMainIPRestriction(data acceptance.TestData) string { @@ -3126,12 +3141,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3139,7 +3154,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -3150,7 +3165,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3164,7 +3179,7 @@ resource "azurerm_function_app" "test" { scm_use_main_ip_restriction = true } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) scmOneIpRestriction(data acceptance.TestData) string { @@ -3174,12 +3189,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3187,7 +3202,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -3198,7 +3213,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3212,7 +3227,7 @@ resource "azurerm_function_app" "test" { } } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) deprecatedConnectionString(data acceptance.TestData) string { @@ -3471,12 +3486,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3484,7 +3499,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "elastic" @@ -3496,7 +3511,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3506,7 +3521,7 @@ resource "azurerm_function_app" "test" { elastic_instance_minimum = 1 } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) appScaleLimit(data acceptance.TestData) string { @@ -3516,12 +3531,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3529,7 +3544,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "elastic" @@ -3541,7 +3556,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3551,7 +3566,7 @@ resource "azurerm_function_app" "test" { app_scale_limit = 1 } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) runtimeScaleMonitoringEnabled(data acceptance.TestData) string { @@ -3561,12 +3576,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3574,7 +3589,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location kind = "elastic" @@ -3586,7 +3601,7 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id @@ -3598,7 +3613,7 @@ resource "azurerm_function_app" "test" { runtime_scale_monitoring_enabled = true } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } func (r FunctionAppResource) dotnetVersion(data acceptance.TestData, functionVersion string, version string) string { @@ -3608,12 +3623,12 @@ provider "azurerm" { } resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" + name = "acctestsa%[3]s" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -3621,7 +3636,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_app_service_plan" "test" { - name = "acctestASP-%d" + name = "acctestASP-%[1]d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name @@ -3632,18 +3647,66 @@ resource "azurerm_app_service_plan" "test" { } resource "azurerm_function_app" "test" { - name = "acctest-%d-func" + name = "acctest-%[1]d-func" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name app_service_plan_id = azurerm_app_service_plan.test.id storage_account_name = azurerm_storage_account.test.name storage_account_access_key = azurerm_storage_account.test.primary_access_key - version = "%s" + version = "%[4]s" site_config { - dotnet_framework_version = "%s" + dotnet_framework_version = "%[5]s" } } -`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger, functionVersion, version) +`, data.RandomInteger, data.Locations.Primary, data.RandomString, functionVersion, version) +} + +func (r FunctionAppResource) KeyVaultUserAssignedIdentity(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} +resource "azurerm_resource_group" "test" { + name = "acctestRG-%[1]d" + location = "%[2]s" +} +resource "azurerm_user_assigned_identity" "test" { + name = "acct-%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location +} +resource "azurerm_storage_account" "test" { + name = "acctestsa%[3]s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" +} +resource "azurerm_app_service_plan" "test" { + name = "acctestASP-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + sku { + tier = "Standard" + size = "S1" + } +} +resource "azurerm_function_app" "test" { + name = "acctest-%[1]d-func" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + app_service_plan_id = azurerm_app_service_plan.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + key_vault_reference_identity_id = azurerm_user_assigned_identity.test.id + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.test.id] + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString) } diff --git a/website/docs/r/function_app.html.markdown b/website/docs/r/function_app.html.markdown index 5d78ce6fde6c..b1c03e67e71d 100644 --- a/website/docs/r/function_app.html.markdown +++ b/website/docs/r/function_app.html.markdown @@ -163,6 +163,8 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. +* `key_vault_reference_identity_id` - (Optional) The User Assigned Identity Id used for looking up KeyVault secrets. The identity must be assigned to the application. See [Access vaults with a user-assigned identity](https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references#access-vaults-with-a-user-assigned-identity) for more information. + * `os_type` - (Optional) A string indicating the Operating System type for this function app. ~> **NOTE:** This value will be `linux` for Linux derivatives, or an empty string for Windows (default). When set to `linux` you must also set `azurerm_app_service_plan` arguments as `kind = "Linux"` and `reserved = true`