Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add inbound IP filter support to Logic app resource #3018

Open
alastairtree opened this issue Mar 7, 2019 · 2 comments
Open

Add inbound IP filter support to Logic app resource #3018

alastairtree opened this issue Mar 7, 2019 · 2 comments
Labels
new-resource service/logic

Comments

@alastairtree
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add new properties to the logic app workflow to allow users to set the inbound IP white-list filter on the logic app

New or Affected Resource(s)

  • azurerm_logic_app_workflow

Potential Terraform Configuration

Propose we mirror the IP restriction config syntax on App Service:

resource "azurerm_logic_app_workflow" "test" {
  name                = "workflow1"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  ip_restriction = [
    {
        ip_address = "0.0.0.0"
        subnet_mask = "255.255.255.0"
    }
 ]
}

the relevant JSON snippet in the workflow arm template is:

...........
     "accessControl": {
                    "triggers": {
                        "allowedCallerIpAddresses": [
                            {
                                "addressRange": "[parameters('inbound_address_range')]"
                            }
                        ]
                    }
                }
...........

References

More discussion in #1924 and #3004
@tombuildsstuff tombuildsstuff mentioned this issue Apr 3, 2019
Closed
@rohrerb
Copy link
Contributor

rohrerb commented Apr 3, 2019
edited

There are two types of firewall settings we need to be able to maintain under accessControl: contents and triggers.

"contents": {
            "allowedCallerIpAddresses": [
               {
                  "addressRange": "192.168.12.0/23"
               },
               {
                  "addressRange": "2001:0db8::/64"
               }
            ]
         },
"triggers": {
            "allowedCallerIpAddresses": [
               {
                  "addressRange": "192.168.12.0/23"
               },
               {
                  "addressRange": "2001:0db8::/64"
               }
            ]
         }

@jayendranarumugam
Copy link
Contributor

IP restriction would be kept on logic app itself rather than every custom trigger. Is this request every have been considered so far ? As I can see its idle for 1 year now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-resource service/logic
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tombuildsstuff @alastairtree @rohrerb @jayendranarumugam