Support: allows IP restrictions without requiring CIDRAddresses in Container Apps IP Restrictions

[sugar-cat7]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.0

AzureRM Provider Version

3.89.0

Affected Resource(s)/Data Source(s)

azurerm_container_app

Terraform Configuration Files

※192.168.0.1 is an example.

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "acctest-01"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
}

resource "azurerm_container_app_environment" "example" {
  name                       = "Example-Environment"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
}
resource "azurerm_container_app" "example" {
  name                         = "example-app"
  container_app_environment_id = azurerm_container_app_environment.example.id
  resource_group_name          = azurerm_resource_group.example.name
  revision_mode                = "Single"

  ip_security_restriction {
    name             = "AllowAll"
    description      = "Allow all IP addresses"
    action           = "Allow"
    ip_address_range = "192.168.0.1"
  }

  template {
    container {
      name   = "examplecontainerapp"
      image  = "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest"
      cpu    = 0.25
      memory = "0.5Gi"
    }
  }
}

Debug Output/Panic Output

Error: expected "ingress.0.ip_security_restriction.0.ip_address_range" to be a valid CIDR Value, got 192.168.0.1: invalid CIDR address: 192.168.0.1

Expected Behaviour

Can be registered without CIDR notation.

When setting IP restrictions for Azure Container Apps using the Azure Portal or CLI, it appears that the CIDR notation is not always necessary for a single host (no errors are reported).
IP restrictions for Container Apps.

az containerapp ingress access-restriction set --name example-app --resource-group example-app-rg --rule-name "my allow rule" --description "example of rule allowing access" --ip-address 192.168.0.1 --action Allow

Given that the native Azure behavior allows IP restrictions without requiring CIDR notation, should we not update the Terraform provider to align with this functionality? This would simplify configuration processes and reduce potential discrepancies between direct Azure usage and Terraform configurations.

Actual Behaviour

resource "azurerm_container_app" "example" {
# ...
    ip_security_restriction {
      name             = "AllowAll"
      description      = "Allow all IP addresses"
      action           = "Allow"
      ip_address_range = "192.168.0.1/32"
    }
}

$ terraform plan

Error: expected "ingress.0.ip_security_restriction.0.ip_address_range" to be a valid CIDR Value, got 192.168.0.1: invalid CIDR address: 192.168.0.1

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.