ip_range_filter in azurerm_cosmosdb_account doesnt seem to work as expected

[sw-sxs260]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.4.5

AzureRM Provider Version

3.99.0

Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account

Terraform Configuration Files

Here is the main azurerm_cosmosdb_account creation code:

resource "azurerm_cosmosdb_account" "cosmos_account" {
  provider                        = azurerm.primarysubscription
  name                            = var.cosmos_account_name
  location                        = var.location
  resource_group_name             = local.resource_group_name
  offer_type                      = "Standard"
  kind                            = "MongoDB"
  mongo_server_version            = var.mongo_server_version
  public_network_access_enabled   = true
  ip_range_filter   =  "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"
  enable_automatic_failover       = var.auto_failover
  enable_free_tier                = var.enable_free_tier
  enable_multiple_write_locations = var.multi_region_write

  consistency_policy {
    consistency_level       = var.consistency_level
    max_interval_in_seconds = var.max_interval_in_seconds
    max_staleness_prefix    = var.max_staleness_prefix
  }

  dynamic "capabilities" {
    for_each = var.capabilities != null ? var.capabilities : []
    content {
      name = capabilities.value
    }
  }

  dynamic "geo_location" {
    for_each = var.geo_locations
    content {
      location          = geo_location.value["geo_location"]
      failover_priority = geo_location.value["failover_priority"]
      zone_redundant    = geo_location.value["zone_redundant"]
    }
  }

  dynamic "backup" {
    for_each = var.backup_enabled == true ? [1] : []
    content {
      type                = title(var.backup_type)
      interval_in_minutes = lower(var.backup_type) == "periodic" ? var.backup_interval : null
      retention_in_hours  = lower(var.backup_type) == "periodic" ? var.backup_retention : null
    }
  }

  dynamic "identity" {
    for_each = var.enable_systemassigned_identity ? [1] : []
    content {
      type = "SystemAssigned"
    }
  }

  lifecycle {
    ignore_changes = [
      default_identity_type, tags
    ]
  }
}

Debug Output/Panic Output

No errors, but I would expect "Allow access from Azure Portal" exception to be checked by passing the "ip_range_filter" which is not the case.

Expected Behaviour

I would expect "Allow access from Azure Portal" exception to be checked in the portal by passing the "ip_range_filter" which is not the case.

Actual Behaviour

"Allow access from Azure Portal" was unchecked.

Steps to Reproduce

Please try to create a cosmos account with the code provided.

Important Factoids

No

References

None

[neil-yechenwei]

Thanks for raising this issue. Unfortunately, though Azure Portal support this feature but seems there is no mapped feature in Azure Rest API Spec. Suggest file an issue on https://github.com/Azure/azure-rest-api-specs/issues. Once the feature is supported in Azure Rest API Spec, we would take another look for it. Thanks.