-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_function_app - support for ip_restriction #5440
azurerm_function_app - support for ip_restriction #5440
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the pr @shibayan, thanks for the PR.
My main concern is that we have copied over the hacks in the old code, i think we should mimic the behavior the API expects: a CIDR ip address or the subnet ID.
// TODO we should fix this in 2.0 | ||
// This attribute was made with the assumption that `ip_address` was the only valid option | ||
// but `virtual_network_subnet_id` is being added and doesn't need a `subnet_mask`. | ||
// We'll assume a default of "255.255.255.255" in the expand code when `ip_address` is specified | ||
// and `subnet_mask` is not. | ||
// Default: "255.255.255.255", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can remove this comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
|
||
* `ip_address` - (Optional) The IP Address used for this IP Restriction. | ||
|
||
* `subnet_mask` - (Optional) The Subnet mask used for this IP Restriction. Defaults to `255.255.255.255`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not true as the default was commented out?
`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomInteger) | ||
} | ||
|
||
func testAccAzureRMFunctionApp_zeroedIpRestriction(data acceptance.TestData) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func testAccAzureRMFunctionApp_zeroedIpRestriction(data acceptance.TestData) string { | |
func testAccAzureRMFunctionApp_ipRestrictionRemoved(data acceptance.TestData) string { |
}) | ||
} | ||
|
||
func TestAccAzureRMFunctionApp_zeroedIpRestriction(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func TestAccAzureRMFunctionApp_zeroedIpRestriction(t *testing.T) { | |
func TestAccAzureRMFunctionApp_ipRestrictionRemoved(t *testing.T) { |
@@ -225,6 +227,36 @@ func resourceArmFunctionApp() *schema.Resource { | |||
Optional: true, | |||
Default: false, | |||
}, | |||
"ip_restriction": { | |||
Type: schema.TypeList, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be a TypeSet to prevent duplicates & order won't matter here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am trying to change to a TypeSet
but it is not working as intended. In my case it will take some time to resolve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It shoul just be a matter of changing how you cast the objects, if you grant me push permissions i'll happily make the change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have granted push permission, you can freely add commits to this Pull Request. I tried #5319 for a similar change, but was investigating because the plan no longer worked.
// the 2018-02-01 API expects a blank subnet mask and an IP address in CIDR format: a.b.c.d/x | ||
// so translate the IP and mask if necessary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we make this block behave like the API? ie remove the subnet mask property and expect the IP address to be in the CIDR format?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
// the 2018-02-01 API uses CIDR format (a.b.c.d/x), so translate that back to IP and mask | ||
if strings.Contains(*ip, "/") { | ||
ipAddr, ipNet, _ := net.ParseCIDR(*ip) | ||
block["ip_address"] = ipAddr.String() | ||
mask := net.IP(ipNet.Mask) | ||
block["subnet_mask"] = mask.String() | ||
} else { | ||
block["ip_address"] = *ip | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we make the behave like the new API expects, no subnet mask and ip address in cidr format
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
Type: schema.TypeString, | ||
Optional: true, | ||
}, | ||
"virtual_network_subnet_id": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also could we name this subnet_id
to match other resources?
@katbyte |
Yes @shibayan, app service should probably also be updated to behave this way for 2.0 |
I understood. I’ll modify the code to get the new behavior. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @shibayan
Thanks for pushing those changes - apologies for the delayed re-review here!
Taking a look through besides a couple of minor comments (which I hope you don't mind but so that we can get this merged I'll push a commit to fix) this otherwise LGTM 👍
Thanks!
dismissing since changes have been pushed
…lds are always set
@tombuildsstuff Thanks for the review and improvement. I'm sure it's better. |
This has been released in version 1.44.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.44.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Add an
ip_restriction
definition to the Function App. This PR fixes #4878