Data Source: azurermLinuxFunctionApp

Use this data source to access information about an existing Linux Function App.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermLinuxFunctionAppExample =
  new azurerm.dataAzurermLinuxFunctionApp.DataAzurermLinuxFunctionApp(
    this,
    "example",
    {
      name: "existing",
      resource_group_name: "existing",
    }
  );
new cdktf.TerraformOutput(this, "id", {
  value: dataAzurermLinuxFunctionAppExample.id,
});

Arguments Reference

The following arguments are supported:

name - (Required) The name which should be used for this Linux Function App.
resourceGroupName - (Required) The name of the Resource Group where the Linux Function App should exist.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

id - The ID of the Linux Function App.
location - The Azure Region where the Linux Function App exists.
appSettings - A map of key-value pairs for App Settings and custom values.
authSettings - A authSettings block as defined below.
authSettingsV2 - A authSettingsV2 block as defined below.
backup - A backup block as defined below.
builtinLoggingEnabled - Is built in logging enabled?
clientCertificateEnabled - Are Client Certificates enabled?
clientCertificateMode - The mode of the Function App's client certificates requirement for incoming requests.
clientCertificateExclusionPaths - Paths to exclude when using client certificates, separated by ;
connectionString - A connectionString blocks as defined below.
contentShareForceDisabled - Are the settings for linking the Function App to storage suppressed?
customDomainVerificationId - The identifier used by App Service to perform domain ownership verification via DNS TXT record.
dailyMemoryTimeQuota - The amount of memory in gigabyte-seconds that your application is allowed to consume per day.
defaultHostname - The default hostname of the Linux Function App.
enabled - Is the Function App enabled?
functionsExtensionVersion - The runtime version associated with the Function App.
httpsOnly - Can the Function App only be accessed via HTTPS?
identity - A identity block as defined below.
kind - The Kind value for this Linux Function App.
outboundIpAddressList - A list of outbound IP addresses. For example ["5223253", "521434312"]
outboundIpAddresses - A comma separated list of outbound IP addresses as a string. For example 5223253,521434312.
possibleOutboundIpAddressList - A list of possible outbound IP addresses, not all of which are necessarily in use. This is a superset of outboundIpAddressList. For example ["5223253", "521434312"].
possibleOutboundIpAddresses - A comma separated list of possible outbound IP addresses as a string. For example 5223253,521434312,521434317. This is a superset of outboundIpAddresses. For example ["5223253", "521434312","521434317"].
servicePlanId - The ID of the App Service Plan within which this Function App has been created.
siteConfig - A siteConfig block as defined below.
siteCredential - A siteCredential block as defined below.
stickySettings - A stickySettings block as defined below.
storageAccountName - The backend storage account name used by this Function App.
storageAccountAccessKey - The access key used to access the backend storage account for the Function App.
storageKeyVaultSecretId - The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App.
storageUsesManagedIdentity - Does the Function App use Managed Identity to access the storage account?
tags - A mapping of tags which are assigned to the Linux Function App.
virtualNetworkSubnetId - The subnet id which the Linux Function App is vNet Integrated with.

An activeDirectory block exports the following:

clientId - The ID of the Client used to authenticate with Azure Active Directory.
allowedAudiences - A list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory.
clientSecret - The Client Secret of the Client ID.
clientSecretSettingName - The App Setting name that contains the client secret of the Client.

A applicationStack block exports the following:

docker - One or more docker blocks as defined below.
dotnetVersion - The version of .NET used.
javaVersion - The Version of Java used.
nodeVersion - The version of Node used.
pythonVersion - The version of Python used.
powershellCoreVersion - The version of PowerShell Core used.
useCustomRuntime - Does the Linux Function App use a custom runtime?

An appServiceLogs block exports the following:

diskQuotaMb - The amount of disk space used for logs.
retentionPeriodDays - The retention period for logs in days.

An authSettings block exports the following:

enabled - Is the Authentication / Authorization feature enabled for the Linux Web App?
activeDirectory - An activeDirectory block as defined above.
additionalLoginParameters - A map of login parameters sent to the OpenID Connect authorization endpoint when a user logs in.
allowedExternalRedirectUrls - A list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App.
defaultProvider - The default authentication provider used when multiple providers are configured.
facebook - A facebook block as defined below.
github - A github block as defined below.
google - A google block as defined below.
issuer - The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App.
microsoft - A microsoft block as defined below.
runtimeVersion - The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App.
tokenRefreshExtensionHours - The number of hours after session token expiration that a session token can be used to call the token refresh API.
tokenStoreEnabled - Does the Linux Web App durably store platform-specific security tokens that are obtained during login flows?
twitter - A twitter block as defined below.
unauthenticatedClientAction - The action to taken when an unauthenticated client attempts to access the app.

An authSettingsV2 block exports the following:

authEnabled - Are the AuthV2 Settings enabled.
runtimeVersion - The Runtime Version of the Authentication and Authorisation feature of this App.
configFilePath - The path to the App Auth settings.
requireAuthentication - Is the authentication flow used for all requests.
unauthenticatedAction - The action to take for requests made without authentication.
defaultProvider -The Default Authentication Provider used when more than one Authentication Provider is configured and the unauthenticatedAction is set to redirectToLoginPage.
excludedPaths - The paths which should be excluded from the unauthenticatedAction when it is set to redirectToLoginPage.
requireHttps -Is HTTPS required on connections?
httpRouteApiPrefix - The prefix that should precede all the authentication and authorisation paths.
forwardProxyConvention - The convention used to determine the url of the request made.
forwardProxyCustomHostHeaderName -The name of the custom header containing the host of the request.
forwardProxyCustomSchemeHeaderName - The name of the custom header containing the scheme of the request.
appleV2 - An appleV2 block as defined below.
activeDirectoryV2 - An activeDirectoryV2 block as defined below.
azureStaticWebAppV2 - An azureStaticWebAppV2 block as defined below.
customOidcV2 - Zero or more customOidcV2 blocks as defined below.
facebookV2 - A facebookV2 block as defined below.
githubV2 - A githubV2 block as defined below.
googleV2 - A googleV2 block as defined below.
microsoftV2 - A microsoftV2 block as defined below.
twitterV2 - A twitterV2 block as defined below.
login - A login block as defined below.

An appleV2 block supports the following:

clientId - The OpenID Connect Client ID for the Apple web application.
clientSecretSettingName - The app setting name that contains the clientSecret value used for Apple Login.
loginScopes - A list of Login Scopes provided by this Authentication Provider.

An activeDirectoryV2 block supports the following:

clientId - The ID of the Client used to authenticate with Azure Active Directory.
tenantAuthEndpoint - The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://loginMicrosoftonlineCom/v20/{tenantGuid}/
clientSecretSettingName - The App Setting name that contains the client secret of the Client.
clientSecretCertificateThumbprint - The thumbprint of the certificate used for signing purposes.
jwtAllowedGroups - The list of Allowed Groups in the JWT Claim.
jwtAllowedClientApplications - The list of Allowed Client Applications in the JWT Claim.
wwwAuthenticationDisabled - Is the www-authenticate provider omitted from the request?
allowedGroups -The list of allowed Group Names for the Default Authorisation Policy.
allowedIdentities - The list of allowed Identities for the Default Authorisation Policy.
allowedApplications - The list of allowed Applications for the Default Authorisation Policy.
loginParameters - A map of key-value pairs sent to the Authorisation Endpoint when a user logs in.
allowedAudiences - Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory.

An azureStaticWebAppV2 block supports the following:

clientId - The ID of the Client to use to authenticate with Azure Static Web App Authentication.

A customOidcV2 block supports the following:

name - The name of the Custom OIDC Authentication Provider.
clientId - The ID of the Client to use to authenticate with the Custom OIDC.
openidConfigurationEndpoint - The app setting name that contains the clientSecret value used for the Custom OIDC Login.
nameClaimType - The name of the claim that contains the users name.
scopes - The list of the scopes that are requested while authenticating.
clientCredentialMethod - The Client Credential Method used.
clientSecretSettingName - The App Setting name that contains the secret for this Custom OIDC Client. This is generated from name above and suffixed with providerAuthenticationSecret.
authorisationEndpoint - The endpoint to make the Authorisation Request as supplied by openidConfigurationEndpoint response.
tokenEndpoint - The endpoint used to request a Token as supplied by openidConfigurationEndpoint response.
issuerEndpoint - The endpoint that issued the Token as supplied by openidConfigurationEndpoint response.
certificationUri - The endpoint that provides the keys necessary to validate the token as supplied by openidConfigurationEndpoint response.

A facebookV2 block supports the following:

appId - The App ID of the Facebook app used for login.
appSecretSettingName - The app setting name that contains the appSecret value used for Facebook Login.
graphApiVersion - The version of the Facebook API to be used while logging in.
loginScopes - The list of scopes that are requested as part of Facebook Login authentication.

A githubV2 block supports the following:

clientId - The ID of the GitHub app used for login..
clientSecretSettingName - The app setting name that contains the clientSecret value used for GitHub Login.
loginScopes - The list of OAuth 2.0 scopes that are requested as part of GitHub Login authentication.

A googleV2 block supports the following:

clientId - The OpenID Connect Client ID for the Google web application.
clientSecretSettingName - The app setting name that contains the clientSecret value used for Google Login.
allowedAudiences - The list of Allowed Audiences that are requested as part of Google Sign-In authentication.
loginScopes - (Optional) The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication.

A microsoftV2 block supports the following:

clientId - The OAuth 2.0 client ID that was created for the app used for authentication.
clientSecretSettingName - The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.
allowedAudiences - The list of Allowed Audiences that are be requested as part of Microsoft Sign-In authentication.
loginScopes - The list of Login scopes that are requested as part of Microsoft Account authentication.

A twitterV2 block supports the following:

consumerKey - The OAuth 1.0a consumer key of the Twitter application used for sign-in.
consumerSecretSettingName - The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.

A login block supports the following:

logoutEndpoint - The endpoint to which logout requests are made.
tokenStoreEnabled - Is the Token Store configuration Enabled.
tokenRefreshExtensionTime - The number of hours after session token expiration that a session token can be used to call the token refresh API.
tokenStorePath - The directory path in the App Filesystem in which the tokens are stored.
tokenStoreSasSettingName - The name of the app setting which contains the SAS URL of the blob storage containing the tokens.
preserveUrlFragmentsForLogins - Are the fragments from the request preserved after the login request is made.
allowedExternalRedirectUrls - External URLs that can be redirected to as part of logging in or logging out of the app.
cookieExpirationConvention - The method by which cookies expire.
cookieExpirationTime - The time after the request is made when the session cookie should expire.
validateNonce - Is the nonce validated while completing the login flow.
nonceExpirationTime - The time after the request is made when the nonce should expire.

A backup block exports the following:

name - The name of this Backup.
schedule - A schedule block as defined below.
storageAccountUrl - The SAS URL to the container.
enabled - Is this backup job enabled?

A connectionString block exports the following:

name - The name of this Connection.
type - Type of database.
value - The connection string value.

A cors block exports the following:

allowedOrigins - A list of origins that are allowed to make cross-origin calls.
supportCredentials - Are credentials allowed in CORS requests?

A docker block exports the following:

registryUrl - The URL of the docker registry.
imageName - The name of the Docker image used.
imageTag - The image tag of the image used.
registryUsername - The username used for connections to the registry.
registryPassword - The password for the account to use to connect to the registry.

A facebook block exports the following:

appId - The App ID of the Facebook app used for login.
appSecret - The App Secret of the Facebook app used for Facebook login.
appSecretSettingName - The app setting name that contains the appSecret value used for Facebook login.
oauthScopes - Specifies a list of OAuth 2.0 scopes requested as part of Facebook login authentication.

A github block exports the following:

clientId - The ID of the GitHub app used for login.
clientSecret - The Client Secret of the GitHub app used for GitHub login.
clientSecretSettingName - The app setting name that contains the clientSecret value used for GitHub login.
oauthScopes - Specifies a list of OAuth 2.0 scopes that are requested as part of GitHub login authentication.

A google block exports the following:

clientId - The OpenID Connect Client ID for the Google web application.
clientSecret - The client secret associated with the Google web application.
clientSecretSettingName - The app setting name that contains the clientSecret value used for Google login.
oauthScopes - A list of OAuth 2.0 scopes that are requested as part of Google Sign-In authentication.

A headers block exports the following:

xAzureFdid - A list of Azure Front Door IDs.
xFdHealthProbe - Should a Front Door Health Probe be expected?
xForwardedFor - A list of addresses for which matching is applied.
xForwardedHost - A list of Hosts for which matching is applied.

An identity block exports the following:

type - The type of Managed Service Identity that is configured on this Linux Function App.
principalId - The Principal ID of the System Assigned Managed Service Identity that is configured on this Linux Function App.
tenantId - The Tenant ID of the System Assigned Managed Service Identity that is configured on this Linux Function App.
identityIds - The list of User Assigned Managed Identity IDs assigned to this Linux Function App.

An ipRestriction block exports the following:

action - The action to take.
headers - A headers block as defined above.
ipAddress - The CIDR notation of the IP or IP Range that is matched.
name - The name which is used for this ipRestriction.
priority - The priority value of this ipRestriction.
serviceTag - The Service Tag used for this IP Restriction.
virtualNetworkSubnetId - The Virtual Network Subnet ID used for this IP Restriction.

A microsoft block exports the following:

clientId - The OAuth 2.0 client ID that was created for the app used for authentication.
clientSecret - The OAuth 2.0 client secret that was created for the app used for authentication.
clientSecretSettingName - The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.
oauthScopes - A list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication.

A schedule block exports the following:

frequencyInterval - How often the backup is executed.
frequencyUnit - The unit of time for how often the backup takes place.
keepAtLeastOneBackup - Does the service keep at least one backup, regardless of age of backup?
retentionPeriodDays - After how many days backups are deleted.
startTime - When the schedule starts working in RFC-3339 format.

A scmIpRestriction block exports the following:

action - The action taken.
headers - A headers block as defined above.
ipAddress - The CIDR notation of the IP or IP Range matched.
name - The name used for this ipRestriction.
priority - The priority value of this ipRestriction.
serviceTag - The Service Tag used for this IP Restriction.
virtualNetworkSubnetId - The Virtual Network Subnet ID used for this IP Restriction.

A stickySettings block exports the following:

appSettingNames - A list of appSetting names that the Linux Function App will not swap between Slots when a swap operation is triggered.
connectionStringNames - A list of connectionString names that the Linux Function App will not swap between Slots when a swap operation is triggered.

A siteConfig block exports the following:

alwaysOn - If this Linux Web App is Always On enabled.
apiDefinitionUrl - The URL of the API definition that describes this Linux Function App.
apiManagementApiId - The ID of the API Management API for this Linux Function App.
appCommandLine - The App command line that is launched.
appScaleLimit - The number of workers this function app can scale out to.
applicationInsightsConnectionString - The Connection String that links the Linux Function App to Application Insights.
applicationInsightsKey - The Instrumentation Key that connects the Linux Function App to Application Insights.
applicationStack - An applicationStack block as defined above.
appServiceLogs - An appServiceLogs block as defined above.
autoSwapSlotName - The Linux Function App Slot Name that is automatically swapped to when deployment to that slot is successfully completed.
containerRegistryManagedIdentityClientId - The Client ID of the Managed Service Identity that is used for connections to the Azure Container Registry.
containerRegistryUseManagedIdentity - Do connections for Azure Container Registry use Managed Identity?
cors - A cors block as defined above.
defaultDocuments - A list of Default Documents for the Linux Web App.
elasticInstanceMinimum - The number of minimum instances for this Linux Function App.
ftpsState - State of FTP / FTPS service for this function app.
healthCheckPath - The path that is checked for this function app health.
healthCheckEvictionTimeInMin - The amount of time in minutes that a node can be unhealthy before being removed from the load balancer.
http2Enabled - Is the HTTP2 protocol enabled?
ipRestriction - One or more ipRestriction blocks as defined above.
loadBalancingMode - The Site load balancing mode.
managedPipelineMode - Managed pipeline mode.
minimumTlsVersion - The minimum version of TLS required for SSL requests.
preWarmedInstanceCount - The number of pre-warmed instances for this function app.
remoteDebuggingEnabled - Is Remote Debugging enabled?
remoteDebuggingVersion - The Remote Debugging Version.
runtimeScaleMonitoringEnabled - Is Scale Monitoring of the Functions Runtime enabled?
scmIpRestriction - One or more scmIpRestriction blocks as defined above.
scmMinimumTlsVersion - The minimum version of TLS for SSL requests to the SCM site.
scmUseMainIpRestriction - Is the Linux Function App ipRestriction configuration used for the SCM also?
use32BitWorker - Does the Linux Web App use a 32-bit worker process?
vnetRouteAllEnabled - Are all outbound traffic to NAT Gateways, Network Security Groups and User Defined Routes applied?
websocketsEnabled - Are Web Sockets enabled?
workerCount - The number of Workers for this Linux Function App.

A twitter block exports the following:

consumerKey - The OAuth 1.0a consumer key of the Twitter application used for sign-in.
consumerSecret - The OAuth 1.0a consumer secret of the Twitter application used for sign-in.
consumerSecretSettingName - The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.

A siteCredential block exports the following:

name - The Site Credentials Username used for publishing.
password - The Site Credentials Password used for publishing.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

read - (Defaults to 25 minutes) Used when retrieving the Linux Function App.