Remove AccessRestrictionIPRange empty defaultvalue

[jvhoof]

Parameter AccessRestrictionIPRange needs to have a proper ip range value for the template to deploy. Removing the defaultvalue will cause the deployment via Azure Portal to ask for a value before it can deploy.

[JaydenLiang]

@jvhoof putting a default empty value there is on purposes, which is for users who don't want to set any ip restrictions to their function app (see: https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions)

any thought?

[jvhoof]

The current empty defaultvalue will cause the deployment to fail. 2 possible options:

• Remove the defaultvalue and it becomes a required field to be provided and a customer can make a choice
• Set the defaultvalue to '0.0.0.0/0' which leaves the Azure Function open by default
  The goal here is to make the deployment of the templates work with only filling in the required values. We have had several deployments internal and external fail because of this.

[JaydenLiang]

The current empty defaultvalue will cause the deployment to fail. 2 possible options:

• Remove the defaultvalue and it becomes a required field to be provided and a customer can make a choice
• Set the defaultvalue to '0.0.0.0/0' which leaves the Azure Function open by default
  The goal here is to make the deployment of the templates work with only filling in the required values. We have had several deployments internal and external fail because of this.

@jvhoof May I know which step it is causing failiures? or is it failing in other deployment tools like terraform? It should not cause failures if it is deployed with empty string as the default value. Otherwise, it is a flaw in the code which needs to be fixed

[jvhoof]

@JaydenLiang sure, to make it easy and uniform I have a deployment script you can find here: https://github.com/40net-cloud/fortinet-azure-solutions/blob/main/FortiGate/Autoscale/deploy.sh

This is the Azure CLI command to deploy the ARM template:
az deployment group create --resource-group "$rg"
--name "$deploymentName"
--template-file $templatefilename
--parameters $parameterfilename
--parameters ResourceNamePrefix="$prefix" ServicePrincipalAppID="$appid" ServicePrincipalAppSecret="$appsecret"
ServicePrincipalObjectID="$clientid" FortiAnalyzerIntegrationOptions="no"
FortiGatePSKSecret="$passwd" AdminUsername="$username" AdminPassword="$passwd"
InstanceType="$instancetype" AccessRestrictionIPRange="0.0.0.0/0"

When I remove the AccessRestrictionIPRange="0.0.0.0/0" which keeps the default empty defaultvalue get errors in SetupFunctionApp -> Update Function.

Hope this gives you an idea. In the end I think a defaultvalue of 0.0.0.0/0 or removing the empty defaultvalue make sense as both will provide an IP range if filled in correctly.

Errors on the various levels:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
"details": [
{
"code": "InvalidTemplate",
"message": "Deployment template validation failed: 'The template 'copy' definition at line '2' and column '3' has an invalid copy count. The copy count must be a positive integer value and cannot exceed '800'. Please see https://aka.ms/arm-resource-loops for usage details.'."
}
]
}

{
"code": "InvalidTemplate",
"message": "Deployment template validation failed: 'The template 'copy' definition at line '2' and column '3' has an invalid copy count. The copy count must be a positive integer value and cannot exceed '800'. Please see https://aka.ms/arm-resource-loops for usage details.'.",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 2,
"linePosition": 3,
"path": "[0]"
}
}
]
}

{
"code": "DeploymentFailed",
"target": "/subscriptions/f7f4728a-781f-470f-b029-bac8a9df75af/resourceGroups/JVH25-RG/providers/Microsoft.Resources/deployments/JVH25-RG-westeurope",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
"details": [
{
"code": "ResourceDeploymentFailure",
"target": "/subscriptions/f7f4728a-781f-470f-b029-bac8a9df75af/resourceGroups/JVH25-RG/providers/Microsoft.Resources/deployments/SetupFunctionApp",
"message": "The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'."
},
{
"code": "ConflictError",
"message": "A vault with the same name already exists in deleted state. You need to either recover or purge existing key vault. Follow this link https://go.microsoft.com/fwlink/?linkid=2149745 for more information on soft delete."
}
]
}