From 5b315f12188457c1678ea6f12ec07ad5d0fcf864 Mon Sep 17 00:00:00 2001
From: manisbindra <maninder.bindra@gmail.com>
Date: Fri, 25 Jan 2019 14:31:16 +0530
Subject: [PATCH 1/3] initial changes for issue 2004

---
 azurerm/resource_arm_app_service.go | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/azurerm/resource_arm_app_service.go b/azurerm/resource_arm_app_service.go
index 2faae84d47e8..60704e0aacba 100644
--- a/azurerm/resource_arm_app_service.go
+++ b/azurerm/resource_arm_app_service.go
@@ -82,6 +82,12 @@ func resourceArmAppService() *schema.Resource {
 				Default:  false,
 			},
 
+			"client_cert_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
 			"enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -225,6 +231,7 @@ func resourceArmAppServiceCreate(d *schema.ResourceData, meta interface{}) error
 	appServicePlanId := d.Get("app_service_plan_id").(string)
 	enabled := d.Get("enabled").(bool)
 	httpsOnly := d.Get("https_only").(bool)
+	clientCertEnabled := d.Get("client_cert_enabled").(bool)
 	tags := d.Get("tags").(map[string]interface{})
 
 	siteConfig := azure.ExpandAppServiceSiteConfig(d.Get("site_config"))
@@ -233,10 +240,11 @@ func resourceArmAppServiceCreate(d *schema.ResourceData, meta interface{}) error
 		Location: &location,
 		Tags:     expandTags(tags),
 		SiteProperties: &web.SiteProperties{
-			ServerFarmID: utils.String(appServicePlanId),
-			Enabled:      utils.Bool(enabled),
-			HTTPSOnly:    utils.Bool(httpsOnly),
-			SiteConfig:   &siteConfig,
+			ServerFarmID:      utils.String(appServicePlanId),
+			Enabled:           utils.Bool(enabled),
+			HTTPSOnly:         utils.Bool(httpsOnly),
+			ClientCertEnabled: utils.Bool(clientCertEnabled),
+			SiteConfig:        &siteConfig,
 		},
 	}
 
@@ -289,6 +297,7 @@ func resourceArmAppServiceUpdate(d *schema.ResourceData, meta interface{}) error
 	appServicePlanId := d.Get("app_service_plan_id").(string)
 	enabled := d.Get("enabled").(bool)
 	httpsOnly := d.Get("https_only").(bool)
+	clientCertEnabled := d.Get("client_cert_enabled").(bool)
 	tags := d.Get("tags").(map[string]interface{})
 
 	siteConfig := azure.ExpandAppServiceSiteConfig(d.Get("site_config"))
@@ -296,10 +305,11 @@ func resourceArmAppServiceUpdate(d *schema.ResourceData, meta interface{}) error
 		Location: &location,
 		Tags:     expandTags(tags),
 		SiteProperties: &web.SiteProperties{
-			ServerFarmID: utils.String(appServicePlanId),
-			Enabled:      utils.Bool(enabled),
-			HTTPSOnly:    utils.Bool(httpsOnly),
-			SiteConfig:   &siteConfig,
+			ServerFarmID:      utils.String(appServicePlanId),
+			Enabled:           utils.Bool(enabled),
+			HTTPSOnly:         utils.Bool(httpsOnly),
+			ClientCertEnabled: utils.Bool(clientCertEnabled),
+			SiteConfig:        &siteConfig,
 		},
 	}
 
@@ -453,6 +463,7 @@ func resourceArmAppServiceRead(d *schema.ResourceData, meta interface{}) error {
 		d.Set("client_affinity_enabled", props.ClientAffinityEnabled)
 		d.Set("enabled", props.Enabled)
 		d.Set("https_only", props.HTTPSOnly)
+		d.Set("client_cert_enabled", props.ClientCertEnabled)
 		d.Set("default_site_hostname", props.DefaultHostName)
 		d.Set("outbound_ip_addresses", props.OutboundIPAddresses)
 		d.Set("possible_outbound_ip_addresses", props.PossibleOutboundIPAddresses)

From dad44f4875ef6596855a21501979102e92707b69 Mon Sep 17 00:00:00 2001
From: manisbindra <maninder.bindra@gmail.com>
Date: Fri, 25 Jan 2019 18:52:00 +0530
Subject: [PATCH 2/3] changes to the datasource, test and markdown files

---
 azurerm/data_source_app_service.go       |  6 +++
 azurerm/resource_arm_app_service_test.go | 54 ++++++++++++++++++++++++
 website/docs/d/app_service.html.markdown |  2 +
 website/docs/r/app_service.html.markdown |  2 +
 4 files changed, 64 insertions(+)

diff --git a/azurerm/data_source_app_service.go b/azurerm/data_source_app_service.go
index d029eafdc3e5..445306507990 100644
--- a/azurerm/data_source_app_service.go
+++ b/azurerm/data_source_app_service.go
@@ -45,6 +45,11 @@ func dataSourceArmAppService() *schema.Resource {
 				Computed: true,
 			},
 
+			"client_cert_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+
 			"app_settings": {
 				Type:     schema.TypeMap,
 				Computed: true,
@@ -187,6 +192,7 @@ func dataSourceArmAppServiceRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("client_affinity_enabled", props.ClientAffinityEnabled)
 		d.Set("enabled", props.Enabled)
 		d.Set("https_only", props.HTTPSOnly)
+		d.Set("client_cert_enabled", props.ClientCertEnabled)
 		d.Set("default_site_hostname", props.DefaultHostName)
 		d.Set("outbound_ip_addresses", props.OutboundIPAddresses)
 		d.Set("possible_outbound_ip_addresses", props.PossibleOutboundIPAddresses)
diff --git a/azurerm/resource_arm_app_service_test.go b/azurerm/resource_arm_app_service_test.go
index 5a1393eaa967..d53f3e2a7713 100644
--- a/azurerm/resource_arm_app_service_test.go
+++ b/azurerm/resource_arm_app_service_test.go
@@ -288,6 +288,32 @@ func TestAccAzureRMAppService_httpsOnly(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMAppService_clientCertEnabled(t *testing.T) {
+	resourceName := "azurerm_app_service.test"
+	ri := tf.AccRandTimeInt()
+	config := testAccAzureRMAppService_clientCertEnabled(ri, testLocation())
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMAppServiceDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAppServiceExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "client_cert_enabled", "true"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccAzureRMAppService_appSettings(t *testing.T) {
 	resourceName := "azurerm_app_service.test"
 	ri := tf.AccRandTimeInt()
@@ -1397,6 +1423,34 @@ resource "azurerm_app_service" "test" {
 `, rInt, location, rInt, rInt)
 }
 
+func testAccAzureRMAppService_clientCertEnabled(rInt int, location string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_app_service_plan" "test" {
+  name                = "acctestASP-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+
+  sku {
+    tier = "Standard"
+    size = "S1"
+  }
+}
+
+resource "azurerm_app_service" "test" {
+  name                = "acctestAS-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  app_service_plan_id = "${azurerm_app_service_plan.test.id}"
+  client_cert_enabled          = true
+}
+`, rInt, location, rInt, rInt)
+}
+
 func testAccAzureRMAppService_32Bit(rInt int, location string) string {
 	return fmt.Sprintf(`
 resource "azurerm_resource_group" "test" {
diff --git a/website/docs/d/app_service.html.markdown b/website/docs/d/app_service.html.markdown
index 4d4ac87f6576..1c771a698874 100644
--- a/website/docs/d/app_service.html.markdown
+++ b/website/docs/d/app_service.html.markdown
@@ -47,6 +47,8 @@ output "app_service_id" {
 
 * `https_only` - Can the App Service only be accessed via HTTPS?
 
+* `client_cert_enabled` - Does the App Service require client certificates for incoming requests?
+
 * `site_config` - A `site_config` block as defined below.
 
 * `tags` - A mapping of tags to assign to the resource.
diff --git a/website/docs/r/app_service.html.markdown b/website/docs/r/app_service.html.markdown
index 30d8125dffbf..10a10d36e617 100644
--- a/website/docs/r/app_service.html.markdown
+++ b/website/docs/r/app_service.html.markdown
@@ -127,6 +127,8 @@ The following arguments are supported:
 
 * `https_only` - (Optional) Can the App Service only be accessed via HTTPS? Defaults to `false`.
 
+* `client_cert_enabled` - (Optional) Does the App Service require client certificates for incoming requests? Defaults to `false`.
+
 * `site_config` - (Optional) A `site_config` block as defined below.
 
 * `tags` - (Optional) A mapping of tags to assign to the resource.

From 0cd4d2b69e0b56238be8acfde25f85ad66f1cdc2 Mon Sep 17 00:00:00 2001
From: manisbindra <maninder.bindra@gmail.com>
Date: Sun, 27 Jan 2019 09:03:41 +0530
Subject: [PATCH 3/3] Incorporated PR review comments

---
 azurerm/resource_arm_app_service.go      | 31 ++++++++++--------
 azurerm/resource_arm_app_service_test.go | 41 ++++++++++++++++++++++--
 2 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/azurerm/resource_arm_app_service.go b/azurerm/resource_arm_app_service.go
index 60704e0aacba..306242454324 100644
--- a/azurerm/resource_arm_app_service.go
+++ b/azurerm/resource_arm_app_service.go
@@ -85,7 +85,6 @@ func resourceArmAppService() *schema.Resource {
 			"client_cert_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Default:  false,
 			},
 
 			"enabled": {
@@ -231,7 +230,6 @@ func resourceArmAppServiceCreate(d *schema.ResourceData, meta interface{}) error
 	appServicePlanId := d.Get("app_service_plan_id").(string)
 	enabled := d.Get("enabled").(bool)
 	httpsOnly := d.Get("https_only").(bool)
-	clientCertEnabled := d.Get("client_cert_enabled").(bool)
 	tags := d.Get("tags").(map[string]interface{})
 
 	siteConfig := azure.ExpandAppServiceSiteConfig(d.Get("site_config"))
@@ -240,11 +238,10 @@ func resourceArmAppServiceCreate(d *schema.ResourceData, meta interface{}) error
 		Location: &location,
 		Tags:     expandTags(tags),
 		SiteProperties: &web.SiteProperties{
-			ServerFarmID:      utils.String(appServicePlanId),
-			Enabled:           utils.Bool(enabled),
-			HTTPSOnly:         utils.Bool(httpsOnly),
-			ClientCertEnabled: utils.Bool(clientCertEnabled),
-			SiteConfig:        &siteConfig,
+			ServerFarmID: utils.String(appServicePlanId),
+			Enabled:      utils.Bool(enabled),
+			HTTPSOnly:    utils.Bool(httpsOnly),
+			SiteConfig:   &siteConfig,
 		},
 	}
 
@@ -258,6 +255,11 @@ func resourceArmAppServiceCreate(d *schema.ResourceData, meta interface{}) error
 		siteEnvelope.SiteProperties.ClientAffinityEnabled = utils.Bool(enabled)
 	}
 
+	if v, ok := d.GetOkExists("client_cert_enabled"); ok {
+		certEnabled := v.(bool)
+		siteEnvelope.SiteProperties.ClientCertEnabled = utils.Bool(certEnabled)
+	}
+
 	createFuture, err := client.CreateOrUpdate(ctx, resGroup, name, siteEnvelope)
 	if err != nil {
 		return err
@@ -297,7 +299,6 @@ func resourceArmAppServiceUpdate(d *schema.ResourceData, meta interface{}) error
 	appServicePlanId := d.Get("app_service_plan_id").(string)
 	enabled := d.Get("enabled").(bool)
 	httpsOnly := d.Get("https_only").(bool)
-	clientCertEnabled := d.Get("client_cert_enabled").(bool)
 	tags := d.Get("tags").(map[string]interface{})
 
 	siteConfig := azure.ExpandAppServiceSiteConfig(d.Get("site_config"))
@@ -305,14 +306,18 @@ func resourceArmAppServiceUpdate(d *schema.ResourceData, meta interface{}) error
 		Location: &location,
 		Tags:     expandTags(tags),
 		SiteProperties: &web.SiteProperties{
-			ServerFarmID:      utils.String(appServicePlanId),
-			Enabled:           utils.Bool(enabled),
-			HTTPSOnly:         utils.Bool(httpsOnly),
-			ClientCertEnabled: utils.Bool(clientCertEnabled),
-			SiteConfig:        &siteConfig,
+			ServerFarmID: utils.String(appServicePlanId),
+			Enabled:      utils.Bool(enabled),
+			HTTPSOnly:    utils.Bool(httpsOnly),
+			SiteConfig:   &siteConfig,
 		},
 	}
 
+	if v, ok := d.GetOkExists("client_cert_enabled"); ok {
+		certEnabled := v.(bool)
+		siteEnvelope.SiteProperties.ClientCertEnabled = utils.Bool(certEnabled)
+	}
+
 	future, err := client.CreateOrUpdate(ctx, resGroup, name, siteEnvelope)
 	if err != nil {
 		return err
diff --git a/azurerm/resource_arm_app_service_test.go b/azurerm/resource_arm_app_service_test.go
index d53f3e2a7713..0731acffab9a 100644
--- a/azurerm/resource_arm_app_service_test.go
+++ b/azurerm/resource_arm_app_service_test.go
@@ -291,7 +291,8 @@ func TestAccAzureRMAppService_httpsOnly(t *testing.T) {
 func TestAccAzureRMAppService_clientCertEnabled(t *testing.T) {
 	resourceName := "azurerm_app_service.test"
 	ri := tf.AccRandTimeInt()
-	config := testAccAzureRMAppService_clientCertEnabled(ri, testLocation())
+	configClientCertEnabled := testAccAzureRMAppService_clientCertEnabled(ri, testLocation())
+	configClientCertEnabledNotSet := testAccAzureRMAppService_clientCertEnabledNotSet(ri, testLocation())
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -299,12 +300,19 @@ func TestAccAzureRMAppService_clientCertEnabled(t *testing.T) {
 		CheckDestroy: testCheckAzureRMAppServiceDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: config,
+				Config: configClientCertEnabled,
 				Check: resource.ComposeTestCheckFunc(
 					testCheckAzureRMAppServiceExists(resourceName),
 					resource.TestCheckResourceAttr(resourceName, "client_cert_enabled", "true"),
 				),
 			},
+			{
+				Config: configClientCertEnabledNotSet,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMAppServiceExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "client_cert_enabled", "false"),
+				),
+			},
 			{
 				ResourceName:      resourceName,
 				ImportState:       true,
@@ -1446,7 +1454,34 @@ resource "azurerm_app_service" "test" {
   location            = "${azurerm_resource_group.test.location}"
   resource_group_name = "${azurerm_resource_group.test.name}"
   app_service_plan_id = "${azurerm_app_service_plan.test.id}"
-  client_cert_enabled          = true
+  client_cert_enabled = true
+}
+`, rInt, location, rInt, rInt)
+}
+
+func testAccAzureRMAppService_clientCertEnabledNotSet(rInt int, location string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_app_service_plan" "test" {
+  name                = "acctestASP-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+
+  sku {
+    tier = "Standard"
+    size = "S1"
+  }
+}
+
+resource "azurerm_app_service" "test" {
+  name                = "acctestAS-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  app_service_plan_id = "${azurerm_app_service_plan.test.id}"
 }
 `, rInt, location, rInt, rInt)
 }