diff --git a/internal/services/appservice/helpers/function_app_schema.go b/internal/services/appservice/helpers/function_app_schema.go index 0e19ebeeef9f..5ebae00fcad8 100644 --- a/internal/services/appservice/helpers/function_app_schema.go +++ b/internal/services/appservice/helpers/function_app_schema.go @@ -37,6 +37,7 @@ type SiteConfigLinuxFunctionApp struct { ElasticInstanceMinimum int64 `tfschema:"elastic_instance_minimum"` Http2Enabled bool `tfschema:"http2_enabled"` IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` LoadBalancing string `tfschema:"load_balancing_mode"` // TODO - Valid for FunctionApps? ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` PreWarmedInstanceCount int64 `tfschema:"pre_warmed_instance_count"` @@ -44,6 +45,7 @@ type SiteConfigLinuxFunctionApp struct { RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` RuntimeScaleMonitoring bool `tfschema:"runtime_scale_monitoring_enabled"` ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` ScmType string `tfschema:"scm_type"` // Computed? ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` Use32BitWorker bool `tfschema:"use_32_bit_worker"` @@ -163,6 +165,13 @@ func SiteConfigSchemaLinuxFunctionApp() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -172,6 +181,13 @@ func SiteConfigSchemaLinuxFunctionApp() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "load_balancing_mode": { // Supported on Function Apps? Type: pluginsdk.TypeString, Optional: true, @@ -396,6 +412,11 @@ func SiteConfigSchemaLinuxFunctionAppComputed() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchemaComputed(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Computed: true, @@ -403,6 +424,13 @@ func SiteConfigSchemaLinuxFunctionAppComputed() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchemaComputed(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "load_balancing_mode": { Type: pluginsdk.TypeString, Computed: true, @@ -512,6 +540,7 @@ type SiteConfigWindowsFunctionApp struct { ElasticInstanceMinimum int64 `tfschema:"elastic_instance_minimum"` Http2Enabled bool `tfschema:"http2_enabled"` IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` LoadBalancing string `tfschema:"load_balancing_mode"` // TODO - Valid for FunctionApps? ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` PreWarmedInstanceCount int64 `tfschema:"pre_warmed_instance_count"` @@ -520,6 +549,7 @@ type SiteConfigWindowsFunctionApp struct { RuntimeScaleMonitoring bool `tfschema:"runtime_scale_monitoring_enabled"` ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` ScmType string `tfschema:"scm_type"` // Computed? + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` Use32BitWorker bool `tfschema:"use_32_bit_worker"` WebSockets bool `tfschema:"websockets_enabled"` @@ -624,6 +654,13 @@ func SiteConfigSchemaWindowsFunctionApp() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -633,6 +670,13 @@ func SiteConfigSchemaWindowsFunctionApp() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "load_balancing_mode": { // Supported on Function Apps? Type: pluginsdk.TypeString, Optional: true, @@ -845,6 +889,11 @@ func SiteConfigSchemaWindowsFunctionAppComputed() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchemaComputed(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Computed: true, @@ -852,6 +901,11 @@ func SiteConfigSchemaWindowsFunctionAppComputed() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchemaComputed(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "load_balancing_mode": { Type: pluginsdk.TypeString, Computed: true, @@ -1612,6 +1666,10 @@ func ExpandSiteConfigLinuxFunctionApp(siteConfig []SiteConfigLinuxFunctionApp, e expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(linuxSiteConfig.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_use_main_ip_restriction") { expanded.ScmIPSecurityRestrictionsUseMain = pointer.To(linuxSiteConfig.ScmUseMainIpRestriction) } @@ -1624,6 +1682,10 @@ func ExpandSiteConfigLinuxFunctionApp(siteConfig []SiteConfigLinuxFunctionApp, e expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(linuxSiteConfig.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(linuxSiteConfig.LoadBalancing)) } @@ -1846,6 +1908,10 @@ func ExpandSiteConfigWindowsFunctionApp(siteConfig []SiteConfigWindowsFunctionAp expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(windowsSiteConfig.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_use_main_ip_restriction") { expanded.ScmIPSecurityRestrictionsUseMain = pointer.To(windowsSiteConfig.ScmUseMainIpRestriction) } @@ -1858,6 +1924,10 @@ func ExpandSiteConfigWindowsFunctionApp(siteConfig []SiteConfigWindowsFunctionAp expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(windowsSiteConfig.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(windowsSiteConfig.LoadBalancing)) } @@ -1932,32 +2002,34 @@ func FlattenSiteConfigLinuxFunctionApp(functionAppSiteConfig *webapps.SiteConfig } result := &SiteConfigLinuxFunctionApp{ - AlwaysOn: pointer.From(functionAppSiteConfig.AlwaysOn), - AppCommandLine: pointer.From(functionAppSiteConfig.AppCommandLine), - AppScaleLimit: pointer.From(functionAppSiteConfig.FunctionAppScaleLimit), - ContainerRegistryMSI: pointer.From(functionAppSiteConfig.AcrUserManagedIdentityID), - Cors: FlattenCorsSettings(functionAppSiteConfig.Cors), - DetailedErrorLogging: pointer.From(functionAppSiteConfig.DetailedErrorLoggingEnabled), - HealthCheckPath: pointer.From(functionAppSiteConfig.HealthCheckPath), - Http2Enabled: pointer.From(functionAppSiteConfig.HTTP20Enabled), - LinuxFxVersion: pointer.From(functionAppSiteConfig.LinuxFxVersion), - LoadBalancing: string(pointer.From(functionAppSiteConfig.LoadBalancing)), - ManagedPipelineMode: string(pointer.From(functionAppSiteConfig.ManagedPipelineMode)), - WorkerCount: pointer.From(functionAppSiteConfig.NumberOfWorkers), - ScmType: string(pointer.From(functionAppSiteConfig.ScmType)), - FtpsState: string(pointer.From(functionAppSiteConfig.FtpsState)), - RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), - MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)), - ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)), - PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount), - ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount), - Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess), - WebSockets: pointer.From(functionAppSiteConfig.WebSocketsEnabled), - ScmUseMainIpRestriction: pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsUseMain), - UseManagedIdentityACR: pointer.From(functionAppSiteConfig.AcrUseManagedIdentityCreds), - RemoteDebugging: pointer.From(functionAppSiteConfig.RemoteDebuggingEnabled), - RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSiteConfig.RemoteDebuggingVersion)), - VnetRouteAllEnabled: pointer.From(functionAppSiteConfig.VnetRouteAllEnabled), + AlwaysOn: pointer.From(functionAppSiteConfig.AlwaysOn), + AppCommandLine: pointer.From(functionAppSiteConfig.AppCommandLine), + AppScaleLimit: pointer.From(functionAppSiteConfig.FunctionAppScaleLimit), + ContainerRegistryMSI: pointer.From(functionAppSiteConfig.AcrUserManagedIdentityID), + Cors: FlattenCorsSettings(functionAppSiteConfig.Cors), + DetailedErrorLogging: pointer.From(functionAppSiteConfig.DetailedErrorLoggingEnabled), + HealthCheckPath: pointer.From(functionAppSiteConfig.HealthCheckPath), + Http2Enabled: pointer.From(functionAppSiteConfig.HTTP20Enabled), + IpRestrictionDefaultAction: string(pointer.From(functionAppSiteConfig.IPSecurityRestrictionsDefaultAction)), + ScmIpRestrictionDefaultAction: string(pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsDefaultAction)), + LinuxFxVersion: pointer.From(functionAppSiteConfig.LinuxFxVersion), + LoadBalancing: string(pointer.From(functionAppSiteConfig.LoadBalancing)), + ManagedPipelineMode: string(pointer.From(functionAppSiteConfig.ManagedPipelineMode)), + WorkerCount: pointer.From(functionAppSiteConfig.NumberOfWorkers), + ScmType: string(pointer.From(functionAppSiteConfig.ScmType)), + FtpsState: string(pointer.From(functionAppSiteConfig.FtpsState)), + RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), + MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)), + ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)), + PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount), + ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount), + Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess), + WebSockets: pointer.From(functionAppSiteConfig.WebSocketsEnabled), + ScmUseMainIpRestriction: pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsUseMain), + UseManagedIdentityACR: pointer.From(functionAppSiteConfig.AcrUseManagedIdentityCreds), + RemoteDebugging: pointer.From(functionAppSiteConfig.RemoteDebuggingEnabled), + RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSiteConfig.RemoteDebuggingVersion)), + VnetRouteAllEnabled: pointer.From(functionAppSiteConfig.VnetRouteAllEnabled), } if v := functionAppSiteConfig.ApiDefinition; v != nil && v.Url != nil { @@ -1999,30 +2071,32 @@ func FlattenSiteConfigWindowsFunctionApp(functionAppSiteConfig *webapps.SiteConf } result := &SiteConfigWindowsFunctionApp{ - AlwaysOn: pointer.From(functionAppSiteConfig.AlwaysOn), - AppCommandLine: pointer.From(functionAppSiteConfig.AppCommandLine), - AppScaleLimit: pointer.From(functionAppSiteConfig.FunctionAppScaleLimit), - Cors: FlattenCorsSettings(functionAppSiteConfig.Cors), - DetailedErrorLogging: pointer.From(functionAppSiteConfig.DetailedErrorLoggingEnabled), - HealthCheckPath: pointer.From(functionAppSiteConfig.HealthCheckPath), - Http2Enabled: pointer.From(functionAppSiteConfig.HTTP20Enabled), - WindowsFxVersion: pointer.From(functionAppSiteConfig.WindowsFxVersion), - LoadBalancing: string(pointer.From(functionAppSiteConfig.LoadBalancing)), - ManagedPipelineMode: string(pointer.From(functionAppSiteConfig.ManagedPipelineMode)), - NumberOfWorkers: pointer.From(functionAppSiteConfig.NumberOfWorkers), - ScmType: string(pointer.From(functionAppSiteConfig.ScmType)), - FtpsState: string(pointer.From(functionAppSiteConfig.FtpsState)), - RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), - MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)), - ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)), - PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount), - ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount), - Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess), - WebSockets: pointer.From(functionAppSiteConfig.WebSocketsEnabled), - ScmUseMainIpRestriction: pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsUseMain), - RemoteDebugging: pointer.From(functionAppSiteConfig.RemoteDebuggingEnabled), - RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSiteConfig.RemoteDebuggingVersion)), - VnetRouteAllEnabled: pointer.From(functionAppSiteConfig.VnetRouteAllEnabled), + AlwaysOn: pointer.From(functionAppSiteConfig.AlwaysOn), + AppCommandLine: pointer.From(functionAppSiteConfig.AppCommandLine), + AppScaleLimit: pointer.From(functionAppSiteConfig.FunctionAppScaleLimit), + Cors: FlattenCorsSettings(functionAppSiteConfig.Cors), + DetailedErrorLogging: pointer.From(functionAppSiteConfig.DetailedErrorLoggingEnabled), + HealthCheckPath: pointer.From(functionAppSiteConfig.HealthCheckPath), + Http2Enabled: pointer.From(functionAppSiteConfig.HTTP20Enabled), + WindowsFxVersion: pointer.From(functionAppSiteConfig.WindowsFxVersion), + LoadBalancing: string(pointer.From(functionAppSiteConfig.LoadBalancing)), + ManagedPipelineMode: string(pointer.From(functionAppSiteConfig.ManagedPipelineMode)), + NumberOfWorkers: pointer.From(functionAppSiteConfig.NumberOfWorkers), + ScmType: string(pointer.From(functionAppSiteConfig.ScmType)), + FtpsState: string(pointer.From(functionAppSiteConfig.FtpsState)), + RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), + MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)), + ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)), + PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount), + ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount), + Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess), + WebSockets: pointer.From(functionAppSiteConfig.WebSocketsEnabled), + ScmUseMainIpRestriction: pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsUseMain), + RemoteDebugging: pointer.From(functionAppSiteConfig.RemoteDebuggingEnabled), + RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSiteConfig.RemoteDebuggingVersion)), + VnetRouteAllEnabled: pointer.From(functionAppSiteConfig.VnetRouteAllEnabled), + IpRestrictionDefaultAction: string(pointer.From(functionAppSiteConfig.IPSecurityRestrictionsDefaultAction)), + ScmIpRestrictionDefaultAction: string(pointer.From(functionAppSiteConfig.ScmIPSecurityRestrictionsDefaultAction)), } if v := functionAppSiteConfig.ApiDefinition; v != nil && v.Url != nil { diff --git a/internal/services/appservice/helpers/function_app_slot_schema.go b/internal/services/appservice/helpers/function_app_slot_schema.go index 30b99e99b503..84a9373fe421 100644 --- a/internal/services/appservice/helpers/function_app_slot_schema.go +++ b/internal/services/appservice/helpers/function_app_slot_schema.go @@ -31,6 +31,7 @@ type SiteConfigWindowsFunctionAppSlot struct { ElasticInstanceMinimum int64 `tfschema:"elastic_instance_minimum"` Http2Enabled bool `tfschema:"http2_enabled"` IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` LoadBalancing string `tfschema:"load_balancing_mode"` // TODO - Valid for FunctionApps? ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` PreWarmedInstanceCount int64 `tfschema:"pre_warmed_instance_count"` @@ -38,6 +39,7 @@ type SiteConfigWindowsFunctionAppSlot struct { RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` RuntimeScaleMonitoring bool `tfschema:"runtime_scale_monitoring_enabled"` ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` ScmType string `tfschema:"scm_type"` // Computed? ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` Use32BitWorker bool `tfschema:"use_32_bit_worker"` @@ -149,6 +151,13 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -158,6 +167,13 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "load_balancing_mode": { // Supported on Function Apps? Type: pluginsdk.TypeString, Optional: true, @@ -335,6 +351,7 @@ type SiteConfigLinuxFunctionAppSlot struct { ElasticInstanceMinimum int64 `tfschema:"elastic_instance_minimum"` Http2Enabled bool `tfschema:"http2_enabled"` IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` LoadBalancing string `tfschema:"load_balancing_mode"` // TODO - Valid for FunctionApps? ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` PreWarmedInstanceCount int64 `tfschema:"pre_warmed_instance_count"` @@ -342,6 +359,7 @@ type SiteConfigLinuxFunctionAppSlot struct { RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` RuntimeScaleMonitoring bool `tfschema:"runtime_scale_monitoring_enabled"` ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` ScmType string `tfschema:"scm_type"` // Computed? ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` Use32BitWorker bool `tfschema:"use_32_bit_worker"` @@ -467,6 +485,13 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -476,6 +501,13 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "load_balancing_mode": { // Supported on Function Apps? Type: pluginsdk.TypeString, Optional: true, @@ -769,6 +801,10 @@ func ExpandSiteConfigWindowsFunctionAppSlot(siteConfig []SiteConfigWindowsFuncti expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(windowsSlotSiteConfig.IpRestrictionDefaultAction)) + } + expanded.ScmIPSecurityRestrictionsUseMain = pointer.To(windowsSlotSiteConfig.ScmUseMainIpRestriction) if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { @@ -779,6 +815,10 @@ func ExpandSiteConfigWindowsFunctionAppSlot(siteConfig []SiteConfigWindowsFuncti expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(windowsSlotSiteConfig.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(windowsSlotSiteConfig.LoadBalancing)) } @@ -843,31 +883,33 @@ func FlattenSiteConfigWindowsFunctionAppSlot(functionAppSlotSiteConfig *webapps. } result := &SiteConfigWindowsFunctionAppSlot{ - AlwaysOn: pointer.From(functionAppSlotSiteConfig.AlwaysOn), - AppCommandLine: pointer.From(functionAppSlotSiteConfig.AppCommandLine), - AppScaleLimit: pointer.From(functionAppSlotSiteConfig.FunctionAppScaleLimit), - AutoSwapSlotName: pointer.From(functionAppSlotSiteConfig.AutoSwapSlotName), - Cors: FlattenCorsSettings(functionAppSlotSiteConfig.Cors), - DetailedErrorLogging: pointer.From(functionAppSlotSiteConfig.DetailedErrorLoggingEnabled), - HealthCheckPath: pointer.From(functionAppSlotSiteConfig.HealthCheckPath), - Http2Enabled: pointer.From(functionAppSlotSiteConfig.HTTP20Enabled), - WindowsFxVersion: pointer.From(functionAppSlotSiteConfig.WindowsFxVersion), - LoadBalancing: string(pointer.From(functionAppSlotSiteConfig.LoadBalancing)), - ManagedPipelineMode: string(pointer.From(functionAppSlotSiteConfig.ManagedPipelineMode)), - NumberOfWorkers: pointer.From(functionAppSlotSiteConfig.NumberOfWorkers), - ScmType: string(pointer.From(functionAppSlotSiteConfig.ScmType)), - FtpsState: string(pointer.From(functionAppSlotSiteConfig.FtpsState)), - RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), - MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)), - ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)), - PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount), - ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount), - Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess), - WebSockets: pointer.From(functionAppSlotSiteConfig.WebSocketsEnabled), - ScmUseMainIpRestriction: pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsUseMain), - RemoteDebugging: pointer.From(functionAppSlotSiteConfig.RemoteDebuggingEnabled), - RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSlotSiteConfig.RemoteDebuggingVersion)), - VnetRouteAllEnabled: pointer.From(functionAppSlotSiteConfig.VnetRouteAllEnabled), + AlwaysOn: pointer.From(functionAppSlotSiteConfig.AlwaysOn), + AppCommandLine: pointer.From(functionAppSlotSiteConfig.AppCommandLine), + AppScaleLimit: pointer.From(functionAppSlotSiteConfig.FunctionAppScaleLimit), + AutoSwapSlotName: pointer.From(functionAppSlotSiteConfig.AutoSwapSlotName), + Cors: FlattenCorsSettings(functionAppSlotSiteConfig.Cors), + DetailedErrorLogging: pointer.From(functionAppSlotSiteConfig.DetailedErrorLoggingEnabled), + HealthCheckPath: pointer.From(functionAppSlotSiteConfig.HealthCheckPath), + Http2Enabled: pointer.From(functionAppSlotSiteConfig.HTTP20Enabled), + WindowsFxVersion: pointer.From(functionAppSlotSiteConfig.WindowsFxVersion), + LoadBalancing: string(pointer.From(functionAppSlotSiteConfig.LoadBalancing)), + ManagedPipelineMode: string(pointer.From(functionAppSlotSiteConfig.ManagedPipelineMode)), + NumberOfWorkers: pointer.From(functionAppSlotSiteConfig.NumberOfWorkers), + ScmType: string(pointer.From(functionAppSlotSiteConfig.ScmType)), + FtpsState: string(pointer.From(functionAppSlotSiteConfig.FtpsState)), + RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), + MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)), + ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)), + PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount), + ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount), + Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess), + WebSockets: pointer.From(functionAppSlotSiteConfig.WebSocketsEnabled), + ScmUseMainIpRestriction: pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsUseMain), + RemoteDebugging: pointer.From(functionAppSlotSiteConfig.RemoteDebuggingEnabled), + RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSlotSiteConfig.RemoteDebuggingVersion)), + VnetRouteAllEnabled: pointer.From(functionAppSlotSiteConfig.VnetRouteAllEnabled), + IpRestrictionDefaultAction: string(pointer.From(functionAppSlotSiteConfig.IPSecurityRestrictionsDefaultAction)), + ScmIpRestrictionDefaultAction: string(pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsDefaultAction)), } if v := functionAppSlotSiteConfig.ApiDefinition; v != nil && v.Url != nil { @@ -1100,6 +1142,10 @@ func ExpandSiteConfigLinuxFunctionAppSlot(siteConfig []SiteConfigLinuxFunctionAp expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(linuxSlotSiteConfig.IpRestrictionDefaultAction)) + } + expanded.ScmIPSecurityRestrictionsUseMain = pointer.To(linuxSlotSiteConfig.ScmUseMainIpRestriction) if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { @@ -1110,6 +1156,10 @@ func ExpandSiteConfigLinuxFunctionAppSlot(siteConfig []SiteConfigLinuxFunctionAp expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(linuxSlotSiteConfig.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(linuxSlotSiteConfig.LoadBalancing)) } @@ -1174,33 +1224,35 @@ func FlattenSiteConfigLinuxFunctionAppSlot(functionAppSlotSiteConfig *webapps.Si } result := &SiteConfigLinuxFunctionAppSlot{ - AlwaysOn: pointer.From(functionAppSlotSiteConfig.AlwaysOn), - AppCommandLine: pointer.From(functionAppSlotSiteConfig.AppCommandLine), - AppScaleLimit: pointer.From(functionAppSlotSiteConfig.FunctionAppScaleLimit), - AutoSwapSlotName: pointer.From(functionAppSlotSiteConfig.AutoSwapSlotName), - ContainerRegistryMSI: pointer.From(functionAppSlotSiteConfig.AcrUserManagedIdentityID), - Cors: FlattenCorsSettings(functionAppSlotSiteConfig.Cors), - DetailedErrorLogging: pointer.From(functionAppSlotSiteConfig.DetailedErrorLoggingEnabled), - HealthCheckPath: pointer.From(functionAppSlotSiteConfig.HealthCheckPath), - Http2Enabled: pointer.From(functionAppSlotSiteConfig.HTTP20Enabled), - LinuxFxVersion: pointer.From(functionAppSlotSiteConfig.LinuxFxVersion), - LoadBalancing: string(pointer.From(functionAppSlotSiteConfig.LoadBalancing)), - ManagedPipelineMode: string(pointer.From(functionAppSlotSiteConfig.ManagedPipelineMode)), - WorkerCount: pointer.From(functionAppSlotSiteConfig.NumberOfWorkers), - ScmType: string(pointer.From(functionAppSlotSiteConfig.ScmType)), - FtpsState: string(pointer.From(functionAppSlotSiteConfig.FtpsState)), - RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), - MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)), - ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)), - PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount), - ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount), - Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess), - WebSockets: pointer.From(functionAppSlotSiteConfig.WebSocketsEnabled), - ScmUseMainIpRestriction: pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsUseMain), - UseManagedIdentityACR: pointer.From(functionAppSlotSiteConfig.AcrUseManagedIdentityCreds), - RemoteDebugging: pointer.From(functionAppSlotSiteConfig.RemoteDebuggingEnabled), - RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSlotSiteConfig.RemoteDebuggingVersion)), - VnetRouteAllEnabled: pointer.From(functionAppSlotSiteConfig.VnetRouteAllEnabled), + AlwaysOn: pointer.From(functionAppSlotSiteConfig.AlwaysOn), + AppCommandLine: pointer.From(functionAppSlotSiteConfig.AppCommandLine), + AppScaleLimit: pointer.From(functionAppSlotSiteConfig.FunctionAppScaleLimit), + AutoSwapSlotName: pointer.From(functionAppSlotSiteConfig.AutoSwapSlotName), + ContainerRegistryMSI: pointer.From(functionAppSlotSiteConfig.AcrUserManagedIdentityID), + Cors: FlattenCorsSettings(functionAppSlotSiteConfig.Cors), + DetailedErrorLogging: pointer.From(functionAppSlotSiteConfig.DetailedErrorLoggingEnabled), + HealthCheckPath: pointer.From(functionAppSlotSiteConfig.HealthCheckPath), + Http2Enabled: pointer.From(functionAppSlotSiteConfig.HTTP20Enabled), + LinuxFxVersion: pointer.From(functionAppSlotSiteConfig.LinuxFxVersion), + LoadBalancing: string(pointer.From(functionAppSlotSiteConfig.LoadBalancing)), + ManagedPipelineMode: string(pointer.From(functionAppSlotSiteConfig.ManagedPipelineMode)), + WorkerCount: pointer.From(functionAppSlotSiteConfig.NumberOfWorkers), + ScmType: string(pointer.From(functionAppSlotSiteConfig.ScmType)), + FtpsState: string(pointer.From(functionAppSlotSiteConfig.FtpsState)), + RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled), + MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)), + ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)), + PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount), + ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount), + Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess), + WebSockets: pointer.From(functionAppSlotSiteConfig.WebSocketsEnabled), + ScmUseMainIpRestriction: pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsUseMain), + UseManagedIdentityACR: pointer.From(functionAppSlotSiteConfig.AcrUseManagedIdentityCreds), + RemoteDebugging: pointer.From(functionAppSlotSiteConfig.RemoteDebuggingEnabled), + RemoteDebuggingVersion: strings.ToUpper(pointer.From(functionAppSlotSiteConfig.RemoteDebuggingVersion)), + VnetRouteAllEnabled: pointer.From(functionAppSlotSiteConfig.VnetRouteAllEnabled), + IpRestrictionDefaultAction: string(pointer.From(functionAppSlotSiteConfig.IPSecurityRestrictionsDefaultAction)), + ScmIpRestrictionDefaultAction: string(pointer.From(functionAppSlotSiteConfig.ScmIPSecurityRestrictionsDefaultAction)), } if v := functionAppSlotSiteConfig.ApiDefinition; v != nil && v.Url != nil { diff --git a/internal/services/appservice/helpers/linux_web_app_schema.go b/internal/services/appservice/helpers/linux_web_app_schema.go index f255bdd76fde..3e57ebc42377 100644 --- a/internal/services/appservice/helpers/linux_web_app_schema.go +++ b/internal/services/appservice/helpers/linux_web_app_schema.go @@ -18,38 +18,40 @@ import ( ) type SiteConfigLinux struct { - AlwaysOn bool `tfschema:"always_on"` - ApiManagementConfigId string `tfschema:"api_management_api_id"` - ApiDefinition string `tfschema:"api_definition_url"` - AppCommandLine string `tfschema:"app_command_line"` - AutoHeal bool `tfschema:"auto_heal_enabled"` - AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"` - UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` - ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"` - DefaultDocuments []string `tfschema:"default_documents"` - Http2Enabled bool `tfschema:"http2_enabled"` - IpRestriction []IpRestriction `tfschema:"ip_restriction"` - ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` - ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` - LoadBalancing string `tfschema:"load_balancing_mode"` - LocalMysql bool `tfschema:"local_mysql_enabled"` - ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` - RemoteDebugging bool `tfschema:"remote_debugging_enabled"` - RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` - ScmType string `tfschema:"scm_type"` - Use32BitWorker bool `tfschema:"use_32_bit_worker"` - WebSockets bool `tfschema:"websockets_enabled"` - FtpsState string `tfschema:"ftps_state"` - HealthCheckPath string `tfschema:"health_check_path"` - HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` - NumberOfWorkers int64 `tfschema:"worker_count"` - ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"` - MinTlsVersion string `tfschema:"minimum_tls_version"` - ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` - Cors []CorsSetting `tfschema:"cors"` - DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` - LinuxFxVersion string `tfschema:"linux_fx_version"` - VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` + AlwaysOn bool `tfschema:"always_on"` + ApiManagementConfigId string `tfschema:"api_management_api_id"` + ApiDefinition string `tfschema:"api_definition_url"` + AppCommandLine string `tfschema:"app_command_line"` + AutoHeal bool `tfschema:"auto_heal_enabled"` + AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"` + UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` + ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"` + DefaultDocuments []string `tfschema:"default_documents"` + Http2Enabled bool `tfschema:"http2_enabled"` + IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` + ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` + ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` + LoadBalancing string `tfschema:"load_balancing_mode"` + LocalMysql bool `tfschema:"local_mysql_enabled"` + ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` + RemoteDebugging bool `tfschema:"remote_debugging_enabled"` + RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` + ScmType string `tfschema:"scm_type"` + Use32BitWorker bool `tfschema:"use_32_bit_worker"` + WebSockets bool `tfschema:"websockets_enabled"` + FtpsState string `tfschema:"ftps_state"` + HealthCheckPath string `tfschema:"health_check_path"` + HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` + NumberOfWorkers int64 `tfschema:"worker_count"` + ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"` + MinTlsVersion string `tfschema:"minimum_tls_version"` + ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` + Cors []CorsSetting `tfschema:"cors"` + DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` + LinuxFxVersion string `tfschema:"linux_fx_version"` + VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` // SiteLimits []SiteLimitsSettings `tfschema:"site_limits"` // TODO - New block to (possibly) support? No way to configure this in the portal? } @@ -124,6 +126,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -132,6 +141,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -324,6 +340,11 @@ func SiteConfigSchemaLinuxComputed() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchemaComputed(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Computed: true, @@ -331,6 +352,11 @@ func SiteConfigSchemaLinuxComputed() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchemaComputed(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Computed: true, @@ -738,6 +764,8 @@ func (s *SiteConfigLinux) ExpandForCreate(appSettings map[string]string) (*webap expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion)) expanded.AutoHealEnabled = pointer.To(s.AutoHeal) expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled) + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) if s.ApiManagementConfigId != "" { expanded.ApiManagementConfig = &webapps.ApiManagementConfig{ @@ -957,6 +985,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction) if err != nil { @@ -965,6 +997,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing)) } @@ -1043,6 +1079,8 @@ func (s *SiteConfigLinux) Flatten(appSiteConfig *webapps.SiteConfig) { s.WebSockets = pointer.From(appSiteConfig.WebSocketsEnabled) s.VnetRouteAllEnabled = pointer.From(appSiteConfig.VnetRouteAllEnabled) s.Cors = FlattenCorsSettings(appSiteConfig.Cors) + s.IpRestrictionDefaultAction = string(pointer.From(appSiteConfig.IPSecurityRestrictionsDefaultAction)) + s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteConfig.ScmIPSecurityRestrictionsDefaultAction)) if appSiteConfig.ApiManagementConfig != nil { s.ApiManagementConfigId = pointer.From(appSiteConfig.ApiManagementConfig.Id) diff --git a/internal/services/appservice/helpers/web_app_slot_schema.go b/internal/services/appservice/helpers/web_app_slot_schema.go index 8ae16bd3352c..370d1056ac23 100644 --- a/internal/services/appservice/helpers/web_app_slot_schema.go +++ b/internal/services/appservice/helpers/web_app_slot_schema.go @@ -18,39 +18,41 @@ import ( ) type SiteConfigLinuxWebAppSlot struct { - AlwaysOn bool `tfschema:"always_on"` - ApiManagementConfigId string `tfschema:"api_management_api_id"` - ApiDefinition string `tfschema:"api_definition_url"` - AppCommandLine string `tfschema:"app_command_line"` - AutoHeal bool `tfschema:"auto_heal_enabled"` - AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"` - AutoSwapSlotName string `tfschema:"auto_swap_slot_name"` - UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` - ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"` - DefaultDocuments []string `tfschema:"default_documents"` - Http2Enabled bool `tfschema:"http2_enabled"` - IpRestriction []IpRestriction `tfschema:"ip_restriction"` - ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` - ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` - LoadBalancing string `tfschema:"load_balancing_mode"` - LocalMysql bool `tfschema:"local_mysql_enabled"` - ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` - RemoteDebugging bool `tfschema:"remote_debugging_enabled"` - RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` - ScmType string `tfschema:"scm_type"` - Use32BitWorker bool `tfschema:"use_32_bit_worker"` - WebSockets bool `tfschema:"websockets_enabled"` - FtpsState string `tfschema:"ftps_state"` - HealthCheckPath string `tfschema:"health_check_path"` - HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` - WorkerCount int64 `tfschema:"worker_count"` - ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"` - MinTlsVersion string `tfschema:"minimum_tls_version"` - ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` - Cors []CorsSetting `tfschema:"cors"` - DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` - LinuxFxVersion string `tfschema:"linux_fx_version"` - VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` + AlwaysOn bool `tfschema:"always_on"` + ApiManagementConfigId string `tfschema:"api_management_api_id"` + ApiDefinition string `tfschema:"api_definition_url"` + AppCommandLine string `tfschema:"app_command_line"` + AutoHeal bool `tfschema:"auto_heal_enabled"` + AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"` + AutoSwapSlotName string `tfschema:"auto_swap_slot_name"` + UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` + ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"` + DefaultDocuments []string `tfschema:"default_documents"` + Http2Enabled bool `tfschema:"http2_enabled"` + IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` + ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` + ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` + LoadBalancing string `tfschema:"load_balancing_mode"` + LocalMysql bool `tfschema:"local_mysql_enabled"` + ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` + RemoteDebugging bool `tfschema:"remote_debugging_enabled"` + RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` + ScmType string `tfschema:"scm_type"` + Use32BitWorker bool `tfschema:"use_32_bit_worker"` + WebSockets bool `tfschema:"websockets_enabled"` + FtpsState string `tfschema:"ftps_state"` + HealthCheckPath string `tfschema:"health_check_path"` + HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` + WorkerCount int64 `tfschema:"worker_count"` + ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"` + MinTlsVersion string `tfschema:"minimum_tls_version"` + ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` + Cors []CorsSetting `tfschema:"cors"` + DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` + LinuxFxVersion string `tfschema:"linux_fx_version"` + VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` // SiteLimits []SiteLimitsSettings `tfschema:"site_limits"` // TODO - New block to (possibly) support? No way to configure this in the portal? } @@ -126,6 +128,13 @@ func SiteConfigSchemaLinuxWebAppSlot() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -134,6 +143,13 @@ func SiteConfigSchemaLinuxWebAppSlot() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -258,40 +274,42 @@ func SiteConfigSchemaLinuxWebAppSlot() *pluginsdk.Schema { } type SiteConfigWindowsWebAppSlot struct { - AlwaysOn bool `tfschema:"always_on"` - ApiManagementConfigId string `tfschema:"api_management_api_id"` - ApiDefinition string `tfschema:"api_definition_url"` - ApplicationStack []ApplicationStackWindows `tfschema:"application_stack"` - AppCommandLine string `tfschema:"app_command_line"` - AutoHeal bool `tfschema:"auto_heal_enabled"` - AutoHealSettings []AutoHealSettingWindows `tfschema:"auto_heal_setting"` - AutoSwapSlotName string `tfschema:"auto_swap_slot_name"` - UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` - ContainerRegistryUserMSI string `tfschema:"container_registry_managed_identity_client_id"` - DefaultDocuments []string `tfschema:"default_documents"` - Http2Enabled bool `tfschema:"http2_enabled"` - IpRestriction []IpRestriction `tfschema:"ip_restriction"` - ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` - ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` - LoadBalancing string `tfschema:"load_balancing_mode"` - LocalMysql bool `tfschema:"local_mysql_enabled"` - ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` - RemoteDebugging bool `tfschema:"remote_debugging_enabled"` - RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` - ScmType string `tfschema:"scm_type"` - Use32BitWorker bool `tfschema:"use_32_bit_worker"` - WebSockets bool `tfschema:"websockets_enabled"` - FtpsState string `tfschema:"ftps_state"` - HealthCheckPath string `tfschema:"health_check_path"` - HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` - WorkerCount int64 `tfschema:"worker_count"` - VirtualApplications []VirtualApplication `tfschema:"virtual_application"` - MinTlsVersion string `tfschema:"minimum_tls_version"` - ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` - Cors []CorsSetting `tfschema:"cors"` - DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` - WindowsFxVersion string `tfschema:"windows_fx_version"` - VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` + AlwaysOn bool `tfschema:"always_on"` + ApiManagementConfigId string `tfschema:"api_management_api_id"` + ApiDefinition string `tfschema:"api_definition_url"` + ApplicationStack []ApplicationStackWindows `tfschema:"application_stack"` + AppCommandLine string `tfschema:"app_command_line"` + AutoHeal bool `tfschema:"auto_heal_enabled"` + AutoHealSettings []AutoHealSettingWindows `tfschema:"auto_heal_setting"` + AutoSwapSlotName string `tfschema:"auto_swap_slot_name"` + UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` + ContainerRegistryUserMSI string `tfschema:"container_registry_managed_identity_client_id"` + DefaultDocuments []string `tfschema:"default_documents"` + Http2Enabled bool `tfschema:"http2_enabled"` + IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` + ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` + ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` + LoadBalancing string `tfschema:"load_balancing_mode"` + LocalMysql bool `tfschema:"local_mysql_enabled"` + ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` + RemoteDebugging bool `tfschema:"remote_debugging_enabled"` + RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` + ScmType string `tfschema:"scm_type"` + Use32BitWorker bool `tfschema:"use_32_bit_worker"` + WebSockets bool `tfschema:"websockets_enabled"` + FtpsState string `tfschema:"ftps_state"` + HealthCheckPath string `tfschema:"health_check_path"` + HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` + WorkerCount int64 `tfschema:"worker_count"` + VirtualApplications []VirtualApplication `tfschema:"virtual_application"` + MinTlsVersion string `tfschema:"minimum_tls_version"` + ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` + Cors []CorsSetting `tfschema:"cors"` + DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` + WindowsFxVersion string `tfschema:"windows_fx_version"` + VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` } func SiteConfigSchemaWindowsWebAppSlot() *pluginsdk.Schema { @@ -372,6 +390,13 @@ func SiteConfigSchemaWindowsWebAppSlot() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -380,6 +405,13 @@ func SiteConfigSchemaWindowsWebAppSlot() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -516,6 +548,8 @@ func (s *SiteConfigLinuxWebAppSlot) ExpandForCreate(appSettings map[string]strin expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion)) expanded.AutoHealEnabled = pointer.To(s.AutoHeal) expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled) + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) if s.ApiManagementConfigId != "" { expanded.ApiManagementConfig = &webapps.ApiManagementConfig{ @@ -747,6 +781,10 @@ func (s *SiteConfigLinuxWebAppSlot) ExpandForUpdate(metadata sdk.ResourceMetaDat expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction) if err != nil { @@ -755,6 +793,10 @@ func (s *SiteConfigLinuxWebAppSlot) ExpandForUpdate(metadata sdk.ResourceMetaDat expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing)) } @@ -832,6 +874,8 @@ func (s *SiteConfigLinuxWebAppSlot) Flatten(appSiteSlotConfig *webapps.SiteConfi s.UseManagedIdentityACR = pointer.From(appSiteSlotConfig.AcrUseManagedIdentityCreds) s.WebSockets = pointer.From(appSiteSlotConfig.WebSocketsEnabled) s.VnetRouteAllEnabled = pointer.From(appSiteSlotConfig.VnetRouteAllEnabled) + s.IpRestrictionDefaultAction = string(pointer.From(appSiteSlotConfig.IPSecurityRestrictionsDefaultAction)) + s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteSlotConfig.ScmIPSecurityRestrictionsDefaultAction)) if appSiteSlotConfig.ApiManagementConfig != nil && appSiteSlotConfig.ApiManagementConfig.Id != nil { s.ApiManagementConfigId = *appSiteSlotConfig.ApiManagementConfig.Id @@ -940,6 +984,8 @@ func (s *SiteConfigWindowsWebAppSlot) ExpandForCreate(appSettings map[string]str expanded.WebSocketsEnabled = pointer.To(s.WebSockets) expanded.VirtualApplications = expandVirtualApplications(s.VirtualApplications) expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled) + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) if s.ApiManagementConfigId != "" { expanded.ApiManagementConfig = &webapps.ApiManagementConfig{ @@ -1198,6 +1244,10 @@ func (s *SiteConfigWindowsWebAppSlot) ExpandForUpdate(metadata sdk.ResourceMetaD expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction) if err != nil { @@ -1206,6 +1256,10 @@ func (s *SiteConfigWindowsWebAppSlot) ExpandForUpdate(metadata sdk.ResourceMetaD expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing)) } @@ -1292,6 +1346,8 @@ func (s *SiteConfigWindowsWebAppSlot) Flatten(appSiteSlotConfig *webapps.SiteCon s.VirtualApplications = flattenVirtualApplications(appSiteSlotConfig.VirtualApplications) s.WebSockets = pointer.From(appSiteSlotConfig.WebSocketsEnabled) s.VnetRouteAllEnabled = pointer.From(appSiteSlotConfig.VnetRouteAllEnabled) + s.IpRestrictionDefaultAction = string(pointer.From(appSiteSlotConfig.IPSecurityRestrictionsDefaultAction)) + s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteSlotConfig.ScmIPSecurityRestrictionsDefaultAction)) if appSiteSlotConfig.ApiManagementConfig != nil && appSiteSlotConfig.ApiManagementConfig.Id != nil { s.ApiManagementConfigId = *appSiteSlotConfig.ApiManagementConfig.Id diff --git a/internal/services/appservice/helpers/windows_web_app_schema.go b/internal/services/appservice/helpers/windows_web_app_schema.go index de576fc842b7..5029c652b74e 100644 --- a/internal/services/appservice/helpers/windows_web_app_schema.go +++ b/internal/services/appservice/helpers/windows_web_app_schema.go @@ -19,39 +19,41 @@ import ( ) type SiteConfigWindows struct { - AlwaysOn bool `tfschema:"always_on"` - ApiManagementConfigId string `tfschema:"api_management_api_id"` - ApiDefinition string `tfschema:"api_definition_url"` - AppCommandLine string `tfschema:"app_command_line"` - AutoHeal bool `tfschema:"auto_heal_enabled"` - AutoHealSettings []AutoHealSettingWindows `tfschema:"auto_heal_setting"` - UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` - ContainerRegistryUserMSI string `tfschema:"container_registry_managed_identity_client_id"` - DefaultDocuments []string `tfschema:"default_documents"` - Http2Enabled bool `tfschema:"http2_enabled"` - IpRestriction []IpRestriction `tfschema:"ip_restriction"` - ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` - ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` - LoadBalancing string `tfschema:"load_balancing_mode"` - LocalMysql bool `tfschema:"local_mysql_enabled"` - ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` - RemoteDebugging bool `tfschema:"remote_debugging_enabled"` - RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` - ScmType string `tfschema:"scm_type"` - Use32BitWorker bool `tfschema:"use_32_bit_worker"` - WebSockets bool `tfschema:"websockets_enabled"` - FtpsState string `tfschema:"ftps_state"` - HealthCheckPath string `tfschema:"health_check_path"` - HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` - WorkerCount int64 `tfschema:"worker_count"` - ApplicationStack []ApplicationStackWindows `tfschema:"application_stack"` - VirtualApplications []VirtualApplication `tfschema:"virtual_application"` - MinTlsVersion string `tfschema:"minimum_tls_version"` - ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` - Cors []CorsSetting `tfschema:"cors"` - DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` - WindowsFxVersion string `tfschema:"windows_fx_version"` - VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` + AlwaysOn bool `tfschema:"always_on"` + ApiManagementConfigId string `tfschema:"api_management_api_id"` + ApiDefinition string `tfschema:"api_definition_url"` + AppCommandLine string `tfschema:"app_command_line"` + AutoHeal bool `tfschema:"auto_heal_enabled"` + AutoHealSettings []AutoHealSettingWindows `tfschema:"auto_heal_setting"` + UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"` + ContainerRegistryUserMSI string `tfschema:"container_registry_managed_identity_client_id"` + DefaultDocuments []string `tfschema:"default_documents"` + Http2Enabled bool `tfschema:"http2_enabled"` + IpRestriction []IpRestriction `tfschema:"ip_restriction"` + IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"` + ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"` + ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"` + ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"` + LoadBalancing string `tfschema:"load_balancing_mode"` + LocalMysql bool `tfschema:"local_mysql_enabled"` + ManagedPipelineMode string `tfschema:"managed_pipeline_mode"` + RemoteDebugging bool `tfschema:"remote_debugging_enabled"` + RemoteDebuggingVersion string `tfschema:"remote_debugging_version"` + ScmType string `tfschema:"scm_type"` + Use32BitWorker bool `tfschema:"use_32_bit_worker"` + WebSockets bool `tfschema:"websockets_enabled"` + FtpsState string `tfschema:"ftps_state"` + HealthCheckPath string `tfschema:"health_check_path"` + HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"` + WorkerCount int64 `tfschema:"worker_count"` + ApplicationStack []ApplicationStackWindows `tfschema:"application_stack"` + VirtualApplications []VirtualApplication `tfschema:"virtual_application"` + MinTlsVersion string `tfschema:"minimum_tls_version"` + ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"` + Cors []CorsSetting `tfschema:"cors"` + DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"` + WindowsFxVersion string `tfschema:"windows_fx_version"` + VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"` // TODO new properties / blocks // SiteLimits []SiteLimitsSettings `tfschema:"site_limits"` // TODO - ASE related for limiting App resource consumption // PushSettings - Supported in SDK, but blocked by manual step needed for connecting app to notification hub. @@ -129,6 +131,13 @@ func SiteConfigSchemaWindows() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchema(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Optional: true, @@ -137,6 +146,13 @@ func SiteConfigSchemaWindows() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchema(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Optional: true, + Default: webapps.DefaultActionAllow, + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false), + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -336,6 +352,11 @@ func SiteConfigSchemaWindowsComputed() *pluginsdk.Schema { "ip_restriction": IpRestrictionSchemaComputed(), + "ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "scm_use_main_ip_restriction": { Type: pluginsdk.TypeBool, Computed: true, @@ -343,6 +364,11 @@ func SiteConfigSchemaWindowsComputed() *pluginsdk.Schema { "scm_ip_restriction": IpRestrictionSchemaComputed(), + "scm_ip_restriction_default_action": { + Type: pluginsdk.TypeString, + Computed: true, + }, + "local_mysql_enabled": { Type: pluginsdk.TypeBool, Computed: true, @@ -455,6 +481,8 @@ func (s *SiteConfigWindows) ExpandForCreate(appSettings map[string]string) (*web expanded.WebSocketsEnabled = pointer.To(s.WebSockets) expanded.VirtualApplications = expandVirtualApplications(s.VirtualApplications) expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled) + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) if s.ApiManagementConfigId != "" { expanded.ApiManagementConfig = &webapps.ApiManagementConfig{ @@ -597,6 +625,8 @@ func (s *SiteConfigWindows) ExpandForUpdate(metadata sdk.ResourceMetaData, exist expanded.RemoteDebuggingEnabled = pointer.To(s.RemoteDebugging) expanded.Use32BitWorkerProcess = pointer.To(s.Use32BitWorker) expanded.WebSocketsEnabled = pointer.To(s.WebSockets) + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) if metadata.ResourceData.HasChange("site_config.0.api_management_api_id") { expanded.ApiManagementConfig = &webapps.ApiManagementConfig{ @@ -711,6 +741,10 @@ func (s *SiteConfigWindows) ExpandForUpdate(metadata sdk.ResourceMetaData, exist expanded.IPSecurityRestrictions = ipRestrictions } + if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") { + expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") { scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction) if err != nil { @@ -719,6 +753,10 @@ func (s *SiteConfigWindows) ExpandForUpdate(metadata sdk.ResourceMetaData, exist expanded.ScmIPSecurityRestrictions = scmIpRestrictions } + if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") { + expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction)) + } + if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") { expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing)) } @@ -800,6 +838,8 @@ func (s *SiteConfigWindows) Flatten(appSiteConfig *webapps.SiteConfig, currentSt s.VirtualApplications = flattenVirtualApplications(appSiteConfig.VirtualApplications) s.WebSockets = pointer.From(appSiteConfig.WebSocketsEnabled) s.VnetRouteAllEnabled = pointer.From(appSiteConfig.VnetRouteAllEnabled) + s.IpRestrictionDefaultAction = string(pointer.From(appSiteConfig.IPSecurityRestrictionsDefaultAction)) + s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteConfig.ScmIPSecurityRestrictionsDefaultAction)) } if appSiteConfig.ApiManagementConfig != nil && appSiteConfig.ApiManagementConfig.Id != nil { diff --git a/internal/services/appservice/linux_function_app_resource_test.go b/internal/services/appservice/linux_function_app_resource_test.go index 5abc7503218c..cccf63c7cc6d 100644 --- a/internal/services/appservice/linux_function_app_resource_test.go +++ b/internal/services/appservice/linux_function_app_resource_test.go @@ -79,6 +79,54 @@ func TestAccLinuxFunctionApp_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxFunctionApp_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app", "test") + r := LinuxFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccLinuxFunctionApp_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app", "test") + r := LinuxFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxFunctionApp_basicConsumptionPlan(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_function_app", "test") r := LinuxFunctionAppResource{} @@ -1864,6 +1912,43 @@ resource "azurerm_linux_function_app" "test" { `, r.template(data, SkuStandardPlan), data.RandomInteger) } +func (r LinuxFunctionAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app" "test" { + name = "acctest-LFA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, SkuStandardPlan), data.RandomInteger) +} + func (r LinuxFunctionAppResource) healthCheckPath(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/linux_function_app_slot_resource_test.go b/internal/services/appservice/linux_function_app_slot_resource_test.go index c22589ff52ee..7bed04f799cf 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_test.go @@ -643,6 +643,70 @@ func TestAccLinuxFunctionAppSlot_appServiceLoggingUpdate(t *testing.T) { }) } +func TestAccLinuxFunctionAppSlot_withIPRestrictions(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") + r := LinuxFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccLinuxFunctionAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") + r := LinuxFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccLinuxFunctionAppSlot_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") + r := LinuxFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + // App Stacks func TestAccLinuxFunctionAppSlot_appStackCustom(t *testing.T) { @@ -1741,6 +1805,71 @@ resource "azurerm_linux_function_app_slot" "test" { `, r.template(data, planSku), data.RandomInteger, javaVersion) } +func (r LinuxFunctionAppSlotResource) withIPRestrictions(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app_slot" "test" { + name = "acctest-LFAS-%d" + function_app_id = azurerm_linux_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} +func (r LinuxFunctionAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app_slot" "test" { + name = "acctest-LFAS-%d" + function_app_id = azurerm_linux_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} + // nolint: unparam func (r LinuxFunctionAppSlotResource) appStackNode(data acceptance.TestData, planSku string, nodeVersion string) string { return fmt.Sprintf(` diff --git a/internal/services/appservice/linux_web_app_resource_test.go b/internal/services/appservice/linux_web_app_resource_test.go index 46cb58a6277c..c8cac59a96ac 100644 --- a/internal/services/appservice/linux_web_app_resource_test.go +++ b/internal/services/appservice/linux_web_app_resource_test.go @@ -368,6 +368,50 @@ func TestAccLinuxWebApp_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxWebApp_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app", "test") + r := LinuxWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccLinuxWebApp_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app", "test") + r := LinuxWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxWebApp_withIPRestrictionsUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_web_app", "test") r := LinuxWebAppResource{} @@ -2484,6 +2528,40 @@ resource "azurerm_linux_web_app" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r LinuxWebAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_web_app" "test" { + name = "acctestWA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r LinuxWebAppResource) withIPRestrictionsUpdate(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/linux_web_app_slot_resource_test.go b/internal/services/appservice/linux_web_app_slot_resource_test.go index f7dba42e42e9..c0e6334d23a6 100644 --- a/internal/services/appservice/linux_web_app_slot_resource_test.go +++ b/internal/services/appservice/linux_web_app_slot_resource_test.go @@ -327,6 +327,50 @@ func TestAccLinuxWebAppSlot_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxWebAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app_slot", "test") + r := LinuxWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccLinuxWebAppSlot_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app_slot", "test") + r := LinuxWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxWebAppSlot_withIPRangeRestrictions(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_web_app_slot", "test") r := LinuxWebAppSlotResource{} @@ -2036,6 +2080,38 @@ resource "azurerm_linux_web_app_slot" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r LinuxWebAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_web_app_slot" "test" { + name = "acctestWAS-%d" + app_service_id = azurerm_linux_web_app.test.id + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r LinuxWebAppSlotResource) withIPRangeRestrictions(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_function_app_resource_test.go b/internal/services/appservice/windows_function_app_resource_test.go index fa9750e58107..a514084a295b 100644 --- a/internal/services/appservice/windows_function_app_resource_test.go +++ b/internal/services/appservice/windows_function_app_resource_test.go @@ -909,6 +909,70 @@ func TestAccWindowsFunctionApp_identityKeyVaultIdentity(t *testing.T) { }) } +func TestAccWindowsFunctionApp_withIPRestrictions(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app", "test") + r := WindowsFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccWindowsFunctionApp_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app", "test") + r := WindowsFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccWindowsFunctionApp_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app", "test") + r := WindowsFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + // App Stacks func TestAccWindowsFunctionApp_appStackDotNet30(t *testing.T) { @@ -3250,6 +3314,77 @@ resource "azurerm_windows_function_app" "test" { `, r.identityTemplate(data, planSku), data.RandomString, data.RandomInteger) } +func (r WindowsFunctionAppResource) withIPRestrictions(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app" "test" { + name = "acctest-WFA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} +func (r WindowsFunctionAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app" "test" { + name = "acctest-WFA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} + // Config Templates func (WindowsFunctionAppResource) template(data acceptance.TestData, planSku string) string { diff --git a/internal/services/appservice/windows_function_app_slot_resource_test.go b/internal/services/appservice/windows_function_app_slot_resource_test.go index a70df8428123..765d1e81491d 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_test.go @@ -20,22 +20,6 @@ import ( type WindowsFunctionAppSlotResource struct{} -func TestAccWindowsFunctionAppSlot_withIPRestrictions(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") - r := WindowsFunctionAppSlotResource{} - - data.ResourceTest(t, r, []acceptance.TestStep{ - { - Config: r.withIPRestrictions(data), - Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("kind").HasValue("functionapp"), - ), - }, - data.ImportStep("site_credential.0.password"), - }) -} - // Plan types func TestAccWindowsFunctionAppSlot_basicConsumptionPlan(t *testing.T) { @@ -644,6 +628,69 @@ func TestAccWindowsFunctionAppSlot_appServiceLoggingUpdate(t *testing.T) { }) } +func TestAccWindowsFunctionAppSlot_withIPRestrictions(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") + r := WindowsFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccWindowsFunctionAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") + r := WindowsFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} +func TestAccWindowsFunctionAppSlot_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") + r := WindowsFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + // App Stacks func TestAccWindowsFunctionAppSlot_appStackDotNet31(t *testing.T) { @@ -1257,6 +1304,40 @@ resource "azurerm_windows_function_app_slot" "test" { `, r.template(data, SkuStandardPlan), data.RandomInteger) } +func (r WindowsFunctionAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app_slot" "test" { + name = "acctest-WFAS-%d" + function_app_id = azurerm_windows_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.template(data, SkuStandardPlan), data.RandomInteger) +} + func (r WindowsFunctionAppSlotResource) appSettings(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_web_app_resource_test.go b/internal/services/appservice/windows_web_app_resource_test.go index 1fe88d6b13e8..fbdf60cf1ee3 100644 --- a/internal/services/appservice/windows_web_app_resource_test.go +++ b/internal/services/appservice/windows_web_app_resource_test.go @@ -334,6 +334,50 @@ func TestAccWindowsWebApp_withIPRestrictions(t *testing.T) { }) } +func TestAccWindowsWebApp_withIPRestrictionDefaultActionDeny(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app", "test") + r := WindowsWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccWindowsWebApp_withIPRestrictionDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app", "test") + r := WindowsWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsWebApp_withIPRangeRestrictions(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_web_app", "test") r := WindowsWebAppResource{} @@ -1977,6 +2021,40 @@ resource "azurerm_windows_web_app" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r WindowsWebAppResource) withIPRestrictionDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_web_app" "test" { + name = "acctestWA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r WindowsWebAppResource) withIPRangeRestrictions(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_web_app_slot_resource_test.go b/internal/services/appservice/windows_web_app_slot_resource_test.go index 33813f0dccd2..09b66ec3f410 100644 --- a/internal/services/appservice/windows_web_app_slot_resource_test.go +++ b/internal/services/appservice/windows_web_app_slot_resource_test.go @@ -320,6 +320,50 @@ func TestAccWindowsWebAppSlot_withIPRestrictionsUpdate(t *testing.T) { }) } +func TestAccWindowsWebAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app_slot", "test") + r := WindowsWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + +func TestAccWindowsWebAppSlot_withIPRestrictionsDefaultActionUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app_slot", "test") + r := WindowsWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDefaultActionDeny(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsWebAppSlot_withAuthSettings(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_web_app_slot", "test") r := WindowsWebAppSlotResource{} @@ -1686,6 +1730,38 @@ resource "azurerm_windows_web_app_slot" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r WindowsWebAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_web_app_slot" "test" { + name = "acctestWAS-%d" + app_service_id = azurerm_windows_web_app.test.id + + site_config { + ip_restriction_default_action = "Deny" + + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r WindowsWebAppSlotResource) withIPRestrictionsUpdate(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/d/linux_function_app.html.markdown b/website/docs/d/linux_function_app.html.markdown index e71d91425015..23da58e9514e 100644 --- a/website/docs/d/linux_function_app.html.markdown +++ b/website/docs/d/linux_function_app.html.markdown @@ -603,6 +603,8 @@ A `site_config` block exports the following: * `ip_restriction` - One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - The Default action for traffic that does not match any `ip_restriction` rule. + * `load_balancing_mode` - The Site load balancing mode. * `managed_pipeline_mode` - Managed pipeline mode. @@ -619,6 +621,8 @@ A `site_config` block exports the following: * `scm_ip_restriction` - One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - The Default action for traffic that does not match any `scm_ip_restriction` rule. + * `scm_minimum_tls_version` - The minimum version of TLS for SSL requests to the SCM site. * `scm_use_main_ip_restriction` - Is the Linux Function App `ip_restriction` configuration used for the SCM also? diff --git a/website/docs/d/linux_web_app.html.markdown b/website/docs/d/linux_web_app.html.markdown index 4c8a57bbca18..7898a5e3d112 100644 --- a/website/docs/d/linux_web_app.html.markdown +++ b/website/docs/d/linux_web_app.html.markdown @@ -589,12 +589,14 @@ A `site_config` block exports the following: * `health_check_path` - The path to the Health Check endpoint. -* `health_check_eviction_time_in_min` - (Optional) The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `health_check_path`. +* `health_check_eviction_time_in_min` - The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. * `http2_enabled` - Is HTTP2.0 enabled. * `ip_restriction` - A `ip_restriction` block as defined above. +* `ip_restriction_default_action` - The Default action for traffic that does not match any `ip_restriction` rule. + * `linux_fx_version` - The `LinuxFXVersion` string. * `load_balancing_mode` - The site Load Balancing Mode. @@ -611,6 +613,8 @@ A `site_config` block exports the following: * `scm_ip_restriction` - A `scm_ip_restriction` block as defined above. +* `scm_ip_restriction_default_action` - The Default action for traffic that does not match any `scm_ip_restriction` rule. + * `scm_minimum_tls_version` - The Minimum version of TLS for requests to SCM. * `scm_type` - The Source Control Management Type in use. diff --git a/website/docs/d/windows_function_app.html.markdown b/website/docs/d/windows_function_app.html.markdown index 27a108c32e2a..1a0d6fd6f817 100644 --- a/website/docs/d/windows_function_app.html.markdown +++ b/website/docs/d/windows_function_app.html.markdown @@ -521,6 +521,8 @@ A `site_config` block exports the following: * `ip_restriction` - One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - The Default action for traffic that does not match any `ip_restriction` rule. + * `load_balancing_mode` - The Site load balancing mode. * `managed_pipeline_mode` - The Managed pipeline mode. @@ -537,6 +539,8 @@ A `site_config` block exports the following: * `scm_ip_restriction` - One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - The Default action for traffic that does not match any `scm_ip_restriction` rule. + * `scm_minimum_tls_version` - The minimum version of TLS required for SSL requests to the SCM site. * `scm_type` - The SCM type. diff --git a/website/docs/d/windows_web_app.html.markdown b/website/docs/d/windows_web_app.html.markdown index 7f6bee5d6acf..9871e9aaa3c7 100644 --- a/website/docs/d/windows_web_app.html.markdown +++ b/website/docs/d/windows_web_app.html.markdown @@ -599,6 +599,8 @@ A `site_config` block exports the following: * `ip_restriction` - A `ip_restriction` block as defined above. +* `ip_restriction_default_action` - The Default action for traffic that does not match any `ip_restriction` rule. + * `load_balancing_mode` - The site Load Balancing Mode. * `local_mysql_enabled` - Is the Local MySQL enabled. @@ -613,6 +615,8 @@ A `site_config` block exports the following: * `scm_ip_restriction` - A `scm_ip_restriction` block as defined above. +* `scm_ip_restriction_default_action` - The Default action for traffic that does not match any `scm_ip_restriction` rule. + * `scm_minimum_tls_version` - The Minimum version of TLS for requests to SCM. * `scm_type` - The Source Control Management Type in use. diff --git a/website/docs/r/linux_function_app.html.markdown b/website/docs/r/linux_function_app.html.markdown index 7b357ba3340a..ce666dc233ba 100644 --- a/website/docs/r/linux_function_app.html.markdown +++ b/website/docs/r/linux_function_app.html.markdown @@ -679,6 +679,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `managed_pipeline_mode` - (Optional) Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. @@ -697,6 +699,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Linux Function App `ip_restriction` configuration be used for the SCM also. diff --git a/website/docs/r/linux_function_app_slot.html.markdown b/website/docs/r/linux_function_app_slot.html.markdown index 1ef3004fe06b..83ca48869fa3 100644 --- a/website/docs/r/linux_function_app_slot.html.markdown +++ b/website/docs/r/linux_function_app_slot.html.markdown @@ -478,6 +478,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) an `ip_restriction` block as detailed below. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `linux_fx_version` - The Linux FX Version * `load_balancing_mode` - (Optional) The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. @@ -498,6 +500,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) a `scm_ip_restriction` block as detailed below. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_type` - The SCM Type in use by the Linux Function App. diff --git a/website/docs/r/linux_web_app.html.markdown b/website/docs/r/linux_web_app.html.markdown index 84c88d60a77c..98cd2cb01e7f 100644 --- a/website/docs/r/linux_web_app.html.markdown +++ b/website/docs/r/linux_web_app.html.markdown @@ -708,6 +708,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `local_mysql_enabled` - (Optional) Use Local MySQL. Defaults to `false`. @@ -722,6 +724,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Linux Web App `ip_restriction` configuration be used for the SCM also. diff --git a/website/docs/r/linux_web_app_slot.html.markdown b/website/docs/r/linux_web_app_slot.html.markdown index fb61b6878ff4..41ac6451db6f 100644 --- a/website/docs/r/linux_web_app_slot.html.markdown +++ b/website/docs/r/linux_web_app_slot.html.markdown @@ -714,6 +714,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `local_mysql_enabled` - (Optional) Use Local MySQL. Defaults to `false`. @@ -728,6 +730,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Linux Web App `ip_restriction` configuration be used for the SCM also. diff --git a/website/docs/r/windows_function_app.html.markdown b/website/docs/r/windows_function_app.html.markdown index a94a10cca68f..eaa644b4d07a 100644 --- a/website/docs/r/windows_function_app.html.markdown +++ b/website/docs/r/windows_function_app.html.markdown @@ -655,6 +655,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `managed_pipeline_mode` - (Optional) Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. @@ -673,6 +675,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Windows Function App `ip_restriction` configuration be used for the SCM also. diff --git a/website/docs/r/windows_function_app_slot.html.markdown b/website/docs/r/windows_function_app_slot.html.markdown index 4e774c86d8e3..cc89081362af 100644 --- a/website/docs/r/windows_function_app_slot.html.markdown +++ b/website/docs/r/windows_function_app_slot.html.markdown @@ -473,6 +473,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) an `ip_restriction` block as detailed below. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `managed_pipeline_mode` - (Optional) The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. @@ -491,6 +493,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) a `scm_ip_restriction` block as detailed below. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_type` - The SCM Type in use by the Windows Function App. diff --git a/website/docs/r/windows_web_app.html.markdown b/website/docs/r/windows_web_app.html.markdown index e34f24b165d0..a0946cf755da 100644 --- a/website/docs/r/windows_web_app.html.markdown +++ b/website/docs/r/windows_web_app.html.markdown @@ -733,6 +733,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `local_mysql_enabled` - (Optional) Use Local MySQL. Defaults to `false`. @@ -747,6 +749,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Windows Web App `ip_restriction` configuration be used for the SCM also. diff --git a/website/docs/r/windows_web_app_slot.html.markdown b/website/docs/r/windows_web_app_slot.html.markdown index dd3811aedad0..8291761e04fa 100644 --- a/website/docs/r/windows_web_app_slot.html.markdown +++ b/website/docs/r/windows_web_app_slot.html.markdown @@ -730,6 +730,8 @@ A `site_config` block supports the following: * `ip_restriction` - (Optional) One or more `ip_restriction` blocks as defined above. +* `ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `load_balancing_mode` - (Optional) The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. * `local_mysql_enabled` - (Optional) Use Local MySQL. Defaults to `false`. @@ -744,6 +746,8 @@ A `site_config` block supports the following: * `scm_ip_restriction` - (Optional) One or more `scm_ip_restriction` blocks as defined above. +* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. + * `scm_minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. * `scm_use_main_ip_restriction` - (Optional) Should the Windows Web App Slot `ip_restriction` configuration be used for the SCM also.