Added support for scm ip restrictions.

HappyTobi · May 15, 2020 · 6425c5a · 6425c5a
1 parent 5e53ba6
commit 6425c5a
Show file tree

Hide file tree

Showing 3 changed files with 592 additions and 0 deletions.
diff --git a/azurerm/helpers/azure/app_service.go b/azurerm/helpers/azure/app_service.go
@@ -332,6 +332,45 @@ func SchemaAppServiceSiteConfig() *schema.Schema {
 					},
 				},
 
+				"scm_use_main_ip_restriction": {
+					Type:     schema.TypeBool,
+					Optional: true,
+					Default:  false,
+				},
+
+				"scm_ip_restriction": {
+					Type:       schema.TypeList,
+					Optional:   true,
+					Computed:   true,
+					ConfigMode: schema.SchemaConfigModeAttr,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"ip_address": {
+								Type:         schema.TypeString,
+								Optional:     true,
+								ValidateFunc: validate.CIDR,
+							},
+							"virtual_network_subnet_id": {
+								Type:         schema.TypeString,
+								Optional:     true,
+								ValidateFunc: validation.StringIsNotEmpty,
+							},
+							"name": {
+								Type:         schema.TypeString,
+								Optional:     true,
+								Computed:     true,
+								ValidateFunc: validation.StringIsNotEmpty,
+							},
+							"priority": {
+								Type:         schema.TypeInt,
+								Optional:     true,
+								Computed:     true,
+								ValidateFunc: validation.IntBetween(1, 2147483647),
+							},
+						},
+					},
+				},
+
 				"java_version": {
 					Type:     schema.TypeString,
 					Optional: true,
@@ -1486,6 +1525,54 @@ func ExpandAppServiceSiteConfig(input interface{}) (*web.SiteConfig, error) {
 		siteConfig.IPSecurityRestrictions = &restrictions
 	}
 
+	if v, ok := config["scm_use_main_ip_restriction"]; ok {
+		siteConfig.ScmIPSecurityRestrictionsUseMain = utils.Bool(v.(bool))
+	}
+
+	if v, ok := config["scm_ip_restriction"]; ok {
+		scmIPSecurityRestrictions := v.([]interface{})
+		scmRestrictions := make([]web.IPSecurityRestriction, 0)
+		for i, scmIPSecurityRestriction := range scmIPSecurityRestrictions {
+			scmRestriction := scmIPSecurityRestriction.(map[string]interface{})
+
+			ipAddress := scmRestriction["ip_address"].(string)
+			vNetSubnetID := scmRestriction["virtual_network_subnet_id"].(string)
+			name := scmRestriction["name"].(string)
+			priority := scmRestriction["priority"].(int)
+			if vNetSubnetID != "" && ipAddress != "" {
+				return siteConfig, fmt.Errorf(fmt.Sprintf("only one of `ip_address` or `virtual_network_subnet_id` can be set for `site_config.0.scm_ip_restriction.%d`", i))
+			}
+
+			if vNetSubnetID == "" && ipAddress == "" {
+				return siteConfig, fmt.Errorf(fmt.Sprintf("one of `ip_address` or `virtual_network_subnet_id` must be set for `site_config.0.scm_ip_restriction.%d`", i))
+			}
+
+			scmIPSecurityRestriction := web.IPSecurityRestriction{}
+			if ipAddress == "Any" {
+				continue
+			}
+
+			if ipAddress != "" {
+				scmIPSecurityRestriction.IPAddress = &ipAddress
+			}
+
+			if vNetSubnetID != "" {
+				scmIPSecurityRestriction.VnetSubnetResourceID = &vNetSubnetID
+			}
+
+			if name != "" {
+				scmIPSecurityRestriction.Name = &name
+			}
+
+			if priority != 0 {
+				scmIPSecurityRestriction.Priority = utils.Int32(int32(priority))
+			}
+
+			scmRestrictions = append(scmRestrictions, scmIPSecurityRestriction)
+		}
+		siteConfig.ScmIPSecurityRestrictions = &scmRestrictions
+	}
+
 	if v, ok := config["local_mysql_enabled"]; ok {
 		siteConfig.LocalMySQLEnabled = utils.Bool(v.(bool))
 	}
@@ -1620,6 +1707,36 @@ func FlattenAppServiceSiteConfig(input *web.SiteConfig) []interface{} {
 	}
 	result["ip_restriction"] = restrictions
 
+	if input.ScmIPSecurityRestrictionsUseMain != nil {
+		result["scm_use_main_ip_restriction"] = *input.ScmIPSecurityRestrictionsUseMain
+	}
+
+	scmRestrictions := make([]interface{}, 0)
+	if vs := input.ScmIPSecurityRestrictions; vs != nil {
+		for _, v := range *vs {
+			block := make(map[string]interface{})
+
+			if ip := v.IPAddress; ip != nil {
+				if *ip == "Any" {
+					continue
+				} else {
+					block["ip_address"] = *ip
+				}
+			}
+			if vNetSubnetID := v.VnetSubnetResourceID; vNetSubnetID != nil {
+				block["virtual_network_subnet_id"] = *vNetSubnetID
+			}
+			if name := v.Name; name != nil {
+				block["name"] = *name
+			}
+			if priority := v.Priority; priority != nil {
+				block["priority"] = *priority
+			}
+			scmRestrictions = append(scmRestrictions, block)
+		}
+	}
+	result["scm_ip_restriction"] = scmRestrictions
+
 	result["managed_pipeline_mode"] = string(input.ManagedPipelineMode)
 
 	if input.PhpVersion != nil {