Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_linux_web_app: does not track "Unmatched rule actions" #20331

Closed
1 task done
yellowhat opened this issue Feb 6, 2023 · 3 comments · Fixed by #20987
Closed
1 task done

azurerm_linux_web_app: does not track "Unmatched rule actions" #20331

yellowhat opened this issue Feb 6, 2023 · 3 comments · Fixed by #20987
Labels
bug service/web-app v/3.x

Comments

@yellowhat
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.42.0

Affected Resource(s)/Data Source(s)

azurerm_linux_web_app

Terraform Configuration Files

resource "azurerm_resource_group" "this" {
  name     = "zz_deleteme"
  location = "West Europe"
}

resource "random_integer" "ri" {
  min = 10000
  max = 99999
}

resource "azurerm_service_plan" "this" {
  name                = "appserviceplanname"
  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
  os_type             = "Linux"
  sku_name            = "P1v2"
  worker_count        = 1
}

resource "azurerm_linux_web_app" "this" {
  name                = "appservice${random_integer.ri.result}"
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location
  service_plan_id     = azurerm_service_plan.this.id
  https_only          = true

  site_config {
    always_on = true
    ip_restriction {
      name       = "Deny all access"
      ip_address = "0.0.0.0/0"
      action     = "Deny"
      priority   = 1000
    }
    scm_ip_restriction {
      name       = "Deny all access"
      ip_address = "0.0.0.0/0"
      action     = "Deny"
      priority   = 1000
    }
  }
}

Debug Output/Panic Output

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Expected Behaviour

"Unmatched rule action" for both "Main site" and "Advanced tool site" are managed by terraform.

Actual Behaviour

Hi,
if I deploy the code above, under "Networking" -> "Access restrictions":

  • the "Unmatched rule action" is set to "Deny" for both "Main site" and "Advanced tool site"
  • the rule "Deny all access" is created for both "Main site" and "Advanced tool site"

If I modify the "Unmatched rule action", from the Azure portal, and I rerun terraform apply -refresh nothing is changed.

Thanks

Steps to Reproduce

  1. Modify "Unmatched rule action" section from the portal
  2. terraform apply -refresh

Important Factoids

No response

References

No response
@yellowhat yellowhat added the bug label Feb 6, 2023
@github-actions github-actions bot removed the bug label Feb 6, 2023
@xiaxyi
Copy link
Contributor

xiaxyi commented Feb 7, 2023

Thanks @yellowhat for raising this issue, the fix to ip_restriction is covered in pr:#20327, you can track the status there.

Besides, would you mind sharing the ip_restriction value in your state file?

@xiaxyi xiaxyi mentioned this issue Feb 7, 2023
Closed
@yellowhat
Copy link
Author

Thanks for your reply.
Below is a section of the terraform.tfstate:

...
            "site_config": [
              {
                "always_on": true,
                "api_definition_url": "",
                "api_management_api_id": "",
                "app_command_line": "",
                "application_stack": [
                  {
                    "docker_image": "",
                    "docker_image_tag": "",
                    "dotnet_version": "",
                    "go_version": "",
                    "java_server": "",
                    "java_server_version": "",
                    "java_version": "",
                    "node_version": "",
                    "php_version": "",
                    "python_version": "",
                    "ruby_version": ""
                  }
                ],
                "auto_heal_enabled": false,
                "auto_heal_setting": [],
                "container_registry_managed_identity_client_id": "",
                "container_registry_use_managed_identity": false,
                "cors": [],
                "default_documents": [
                  "Default.htm",
                  "Default.html",
                  "Default.asp",
                  "index.htm",
                  "index.html",
                  "iisstart.htm",
                  "default.aspx",
                  "index.php",
                  "hostingstart.html"
                ],
                "detailed_error_logging_enabled": false,
                "ftps_state": "Disabled",
                "health_check_eviction_time_in_min": 0,
                "health_check_path": "",
                "http2_enabled": false,
                "ip_restriction": [
                  {
                    "action": "Deny",
                    "headers": null,
                    "ip_address": "0.0.0.0/0",
                    "name": "Deny all access",
                    "priority": 1000,
                    "service_tag": "",
                    "virtual_network_subnet_id": ""
                  }
                ],
                "linux_fx_version": "",
                "load_balancing_mode": "LeastRequests",
                "local_mysql_enabled": false,
                "managed_pipeline_mode": "Integrated",
                "minimum_tls_version": "1.2",
                "remote_debugging_enabled": false,
                "remote_debugging_version": "VS2019",
                "scm_ip_restriction": [
                  {
                    "action": "Deny",
                    "headers": null,
                    "ip_address": "0.0.0.0/0",
                    "name": "Deny all access",
                    "priority": 1000,
                    "service_tag": "",
                    "virtual_network_subnet_id": ""
                  }
                ],
                "scm_minimum_tls_version": "1.2",
                "scm_type": "None",
                "scm_use_main_ip_restriction": false,
                "use_32_bit_worker": true,
                "vnet_route_all_enabled": false,
                "websockets_enabled": false,
                "worker_count": 1
              }
            ],
...

@jackofallops jackofallops mentioned this issue Mar 16, 2023
Merged
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/web-app v/3.x
Projects
None yet
Milestone
No milestone
4 participants
@manicminer @yellowhat @catriona-m @xiaxyi