azurerm_function_app - support for ip_restriction #5440
Conversation
ghost
added
| // TODO we should fix this in 2.0 | ||
| // This attribute was made with the assumption that `ip_address` was the only valid option | ||
| // but `virtual_network_subnet_id` is being added and doesn't need a `subnet_mask`. | ||
| // We'll assume a default of "255.255.255.255" in the expand code when `ip_address` is specified | ||
| // and `subnet_mask` is not. | ||
| // Default: "255.255.255.255", |
There was a problem hiding this comment.
I think we can remove this comment?
|
|
||
| * `ip_address` - (Optional) The IP Address used for this IP Restriction. | ||
|
|
||
| * `subnet_mask` - (Optional) The Subnet mask used for this IP Restriction. Defaults to `255.255.255.255`. |
There was a problem hiding this comment.
This is not true as the default was commented out?
| `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) | ||
| } | ||
|
|
||
| func testAccAzureRMFunctionApp_zeroedIpRestriction(data acceptance.TestData) string { |
There was a problem hiding this comment.
| func testAccAzureRMFunctionApp_zeroedIpRestriction(data acceptance.TestData) string { | |
| func testAccAzureRMFunctionApp_ipRestrictionRemoved(data acceptance.TestData) string { |
| }) | ||
| } | ||
|
|
||
| func TestAccAzureRMFunctionApp_zeroedIpRestriction(t *testing.T) { |
There was a problem hiding this comment.
| func TestAccAzureRMFunctionApp_zeroedIpRestriction(t *testing.T) { | |
| func TestAccAzureRMFunctionApp_ipRestrictionRemoved(t *testing.T) { |
| @@ -225,6 +227,36 @@ func resourceArmFunctionApp() *schema.Resource { | |||
| Optional: true, | |||
| Default: false, | |||
| }, | |||
| "ip_restriction": { | |||
| Type: schema.TypeList, | |||
There was a problem hiding this comment.
Should this be a TypeSet to prevent duplicates & order won't matter here?
There was a problem hiding this comment.
I am trying to change to a TypeSet but it is not working as intended. In my case it will take some time to resolve.
There was a problem hiding this comment.
It shoul just be a matter of changing how you cast the objects, if you grant me push permissions i'll happily make the change
There was a problem hiding this comment.
I have granted push permission, you can freely add commits to this Pull Request. I tried #5319 for a similar change, but was investigating because the plan no longer worked.
| // the 2018-02-01 API expects a blank subnet mask and an IP address in CIDR format: a.b.c.d/x | ||
| // so translate the IP and mask if necessary |
There was a problem hiding this comment.
Can we make this block behave like the API? ie remove the subnet mask property and expect the IP address to be in the CIDR format?
| // the 2018-02-01 API uses CIDR format (a.b.c.d/x), so translate that back to IP and mask | ||
| if strings.Contains(*ip, "/") { | ||
| ipAddr, ipNet, _ := net.ParseCIDR(*ip) | ||
| block["ip_address"] = ipAddr.String() | ||
| mask := net.IP(ipNet.Mask) | ||
| block["subnet_mask"] = mask.String() | ||
| } else { | ||
| block["ip_address"] = *ip | ||
| } |
There was a problem hiding this comment.
Could we make the behave like the new API expects, no subnet mask and ip address in cidr format
| Type: schema.TypeString, | ||
| Optional: true, | ||
| }, | ||
| "virtual_network_subnet_id": { |
There was a problem hiding this comment.
Also could we name this subnet_id to match other resources?
|
@katbyte |
|
Yes @shibayan, app service should probably also be updated to behave this way for 2.0 |
|
I understood. I’ll modify the code to get the new behavior. |
There was a problem hiding this comment.
hey @shibayan
Thanks for pushing those changes - apologies for the delayed re-review here!
Taking a look through besides a couple of minor comments (which I hope you don't mind but so that we can get this merged I'll push a commit to fix) this otherwise LGTM 👍
Thanks!
|
Ignoring some expected test failures (which will be resolved outside of this PR) the tests otherwise look good:
|
tombuildsstuff
dismissed
katbyte’s stale review
dismissing since changes have been pushed
…lds are always set
|
@tombuildsstuff Thanks for the review and improvement. I'm sure it's better. |
|
This has been released in version 1.44.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.44.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Add an
ip_restrictiondefinition to the Function App. This PR fixes #4878