Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AppService - Add support for ip_restriction_default_action and scm_ip_restriction_default_action to all app service resources #25131

Merged
merged 6 commits into from
Mar 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
174 changes: 124 additions & 50 deletions internal/services/appservice/helpers/function_app_schema.go

Large diffs are not rendered by default.

156 changes: 104 additions & 52 deletions internal/services/appservice/helpers/function_app_slot_schema.go

Large diffs are not rendered by default.

102 changes: 70 additions & 32 deletions internal/services/appservice/helpers/linux_web_app_schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,38 +18,40 @@ import (
)

type SiteConfigLinux struct {
AlwaysOn bool `tfschema:"always_on"`
ApiManagementConfigId string `tfschema:"api_management_api_id"`
ApiDefinition string `tfschema:"api_definition_url"`
AppCommandLine string `tfschema:"app_command_line"`
AutoHeal bool `tfschema:"auto_heal_enabled"`
AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"`
UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"`
ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"`
DefaultDocuments []string `tfschema:"default_documents"`
Http2Enabled bool `tfschema:"http2_enabled"`
IpRestriction []IpRestriction `tfschema:"ip_restriction"`
ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"`
ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"`
LoadBalancing string `tfschema:"load_balancing_mode"`
LocalMysql bool `tfschema:"local_mysql_enabled"`
ManagedPipelineMode string `tfschema:"managed_pipeline_mode"`
RemoteDebugging bool `tfschema:"remote_debugging_enabled"`
RemoteDebuggingVersion string `tfschema:"remote_debugging_version"`
ScmType string `tfschema:"scm_type"`
Use32BitWorker bool `tfschema:"use_32_bit_worker"`
WebSockets bool `tfschema:"websockets_enabled"`
FtpsState string `tfschema:"ftps_state"`
HealthCheckPath string `tfschema:"health_check_path"`
HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"`
NumberOfWorkers int64 `tfschema:"worker_count"`
ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
LinuxFxVersion string `tfschema:"linux_fx_version"`
VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"`
AlwaysOn bool `tfschema:"always_on"`
ApiManagementConfigId string `tfschema:"api_management_api_id"`
ApiDefinition string `tfschema:"api_definition_url"`
AppCommandLine string `tfschema:"app_command_line"`
AutoHeal bool `tfschema:"auto_heal_enabled"`
AutoHealSettings []AutoHealSettingLinux `tfschema:"auto_heal_setting"`
UseManagedIdentityACR bool `tfschema:"container_registry_use_managed_identity"`
ContainerRegistryMSI string `tfschema:"container_registry_managed_identity_client_id"`
DefaultDocuments []string `tfschema:"default_documents"`
Http2Enabled bool `tfschema:"http2_enabled"`
IpRestriction []IpRestriction `tfschema:"ip_restriction"`
IpRestrictionDefaultAction string `tfschema:"ip_restriction_default_action"`
ScmUseMainIpRestriction bool `tfschema:"scm_use_main_ip_restriction"`
ScmIpRestriction []IpRestriction `tfschema:"scm_ip_restriction"`
ScmIpRestrictionDefaultAction string `tfschema:"scm_ip_restriction_default_action"`
LoadBalancing string `tfschema:"load_balancing_mode"`
LocalMysql bool `tfschema:"local_mysql_enabled"`
ManagedPipelineMode string `tfschema:"managed_pipeline_mode"`
RemoteDebugging bool `tfschema:"remote_debugging_enabled"`
RemoteDebuggingVersion string `tfschema:"remote_debugging_version"`
ScmType string `tfschema:"scm_type"`
Use32BitWorker bool `tfschema:"use_32_bit_worker"`
WebSockets bool `tfschema:"websockets_enabled"`
FtpsState string `tfschema:"ftps_state"`
HealthCheckPath string `tfschema:"health_check_path"`
HealthCheckEvictionTime int64 `tfschema:"health_check_eviction_time_in_min"`
NumberOfWorkers int64 `tfschema:"worker_count"`
ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
LinuxFxVersion string `tfschema:"linux_fx_version"`
VnetRouteAllEnabled bool `tfschema:"vnet_route_all_enabled"`
// SiteLimits []SiteLimitsSettings `tfschema:"site_limits"` // TODO - New block to (possibly) support? No way to configure this in the portal?
}

Expand Down Expand Up @@ -124,6 +126,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema {

"ip_restriction": IpRestrictionSchema(),

"ip_restriction_default_action": {
Type: pluginsdk.TypeString,
Optional: true,
Default: webapps.DefaultActionAllow,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false),
},

"scm_use_main_ip_restriction": {
Type: pluginsdk.TypeBool,
Optional: true,
Expand All @@ -132,6 +141,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema {

"scm_ip_restriction": IpRestrictionSchema(),

"scm_ip_restriction_default_action": {
Type: pluginsdk.TypeString,
Optional: true,
Default: webapps.DefaultActionAllow,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false),
},

"local_mysql_enabled": {
Type: pluginsdk.TypeBool,
Optional: true,
Expand Down Expand Up @@ -324,13 +340,23 @@ func SiteConfigSchemaLinuxComputed() *pluginsdk.Schema {

"ip_restriction": IpRestrictionSchemaComputed(),

"ip_restriction_default_action": {
Type: pluginsdk.TypeString,
Computed: true,
},

"scm_use_main_ip_restriction": {
Type: pluginsdk.TypeBool,
Computed: true,
},

"scm_ip_restriction": IpRestrictionSchemaComputed(),

"scm_ip_restriction_default_action": {
Type: pluginsdk.TypeString,
Computed: true,
},

"local_mysql_enabled": {
Type: pluginsdk.TypeBool,
Computed: true,
Expand Down Expand Up @@ -738,6 +764,8 @@ func (s *SiteConfigLinux) ExpandForCreate(appSettings map[string]string) (*webap
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion))
expanded.AutoHealEnabled = pointer.To(s.AutoHeal)
expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled)
expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction))
expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction))

if s.ApiManagementConfigId != "" {
expanded.ApiManagementConfig = &webapps.ApiManagementConfig{
Expand Down Expand Up @@ -957,6 +985,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin
expanded.IPSecurityRestrictions = ipRestrictions
}

if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") {
expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction))
}

if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") {
scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction)
if err != nil {
Expand All @@ -965,6 +997,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin
expanded.ScmIPSecurityRestrictions = scmIpRestrictions
}

if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") {
expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction))
}

if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") {
expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing))
}
Expand Down Expand Up @@ -1043,6 +1079,8 @@ func (s *SiteConfigLinux) Flatten(appSiteConfig *webapps.SiteConfig) {
s.WebSockets = pointer.From(appSiteConfig.WebSocketsEnabled)
s.VnetRouteAllEnabled = pointer.From(appSiteConfig.VnetRouteAllEnabled)
s.Cors = FlattenCorsSettings(appSiteConfig.Cors)
s.IpRestrictionDefaultAction = string(pointer.From(appSiteConfig.IPSecurityRestrictionsDefaultAction))
s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteConfig.ScmIPSecurityRestrictionsDefaultAction))

if appSiteConfig.ApiManagementConfig != nil {
s.ApiManagementConfigId = pointer.From(appSiteConfig.ApiManagementConfig.Id)
Expand Down
Loading
Loading