azurerm_container_app - support: allows IP restrictions without requi…

…ring CIDR (#25609) * fix: allows IP restrictions without requiring CIDR * fix: Modify to use the validation utility * remove: unnecessary functions * chore: modify docs and description
hashicorp · Apr 15, 2024 · 62950bf · 62950bf
1 parent 1fc8177
commit 62950bf
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/internal/services/containerapps/container_app_resource_test.go b/internal/services/containerapps/container_app_resource_test.go
@@ -526,6 +526,13 @@ func TestAccContainerAppResource_ipSecurityRulesUpdate(t *testing.T) {
 			),
 		},
 		data.ImportStep(),
+		{
+			Config: r.ingressSecurityRestrictionNotIncludedCIDR(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
 		{
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
@@ -2487,6 +2494,43 @@ resource "azurerm_container_app" "test" {
 `, r.template(data), data.RandomInteger)
 }
 
+func (r ContainerAppResource) ingressSecurityRestrictionNotIncludedCIDR(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_container_app" "test" {
+  name                         = "acctest-capp-%[2]d"
+  resource_group_name          = azurerm_resource_group.test.name
+  container_app_environment_id = azurerm_container_app_environment.test.id
+  revision_mode                = "Single"
+
+  template {
+    container {
+      name   = "acctest-cont-%[2]d"
+      image  = "jackofallops/azure-containerapps-python-acctest:v0.0.1"
+      cpu    = 0.25
+      memory = "0.5Gi"
+    }
+  }
+
+  ingress {
+    target_port = 5000
+    ip_security_restriction {
+      name             = "test"
+      description      = "test"
+      action           = "Allow"
+      ip_address_range = "10.1.0.0"
+    }
+
+    traffic_weight {
+      latest_revision = true
+      percentage      = 100
+    }
+  }
+}
+`, r.template(data), data.RandomInteger)
+}
+
 func (r ContainerAppResource) scaleRulesUpdate(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s

diff --git a/internal/services/containerapps/helpers/container_apps.go b/internal/services/containerapps/helpers/container_apps.go
@@ -484,8 +484,8 @@ func ContainerAppIngressIpSecurityRestriction() *pluginsdk.Schema {
 				"ip_address_range": {
 					Type:         pluginsdk.TypeString,
 					Required:     true,
-					ValidateFunc: validation.IsCIDR,
-					Description:  "CIDR notation to match incoming IP address.",
+					ValidateFunc: validation.Any(validation.IsCIDR, validation.IsIPAddress),
+					Description:  "The incoming IP address or range of IP addresses (in CIDR notation).",
 				},
 
 				"name": {

diff --git a/website/docs/r/container_app.html.markdown b/website/docs/r/container_app.html.markdown
@@ -413,7 +413,7 @@ A `ip_security_restriction` block supports the following:
 
 * `description` - (Optional) Describe the IP restriction rule that is being sent to the container-app.
 
-* `ip_address_range` - (Required) CIDR notation to match incoming IP address.
+* `ip_address_range` - (Required) The incoming IP address or range of IP addresses (in CIDR notation).
 
 * `name` - (Required) Name for the IP restriction rule.