Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

app_service - fix cors, ip_restriction and scm_ip_restriction processing and minor bugfixes to flatten functions. #20987

Merged
merged 4 commits into from
Mar 23, 2023

Conversation

jackofallops
Copy link
Member

**Breaking Changes - App Service site_config **

  • ip_restriction blocks are no longer computed - Changes to IP restrictions outside of Terraform will now present a diff
  • scm_ip_restriction blocks are no longer computed - Changes to SCM IP restrictions outside of Terraform will now present a diff
  • cors blocks no longer require allowed_origins, however, if the property is supplied it must contain at least one item. Omitting this property will set the array empty.

BUG FIXES

  • azurerm_linux_function_app  - fixed processing of cors block

  • azurerm_linux_function_app_slot  - fixed processing of cors block

  • azurerm_linux_function_app  - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_function_app_slot  - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_function_app  - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_function_app_slot  - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_web_app  - fixed processing of cors block

  • azurerm_linux_web_app_slot  -fixed processing of cors block

  • azurerm_linux_web_app  - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_web_app_slot  - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_web_app  - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_linux_web_app_slot  - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_function_app - fixed processing of cors block

  • azurerm_windows_function_app_slot - fixed processing of cors block

  • azurerm_windows_function_app - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_function_app_slot - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_function_app - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_function_app_slot - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_web_app - fixed processing of cors block

  • azurerm_windows_web_app_slot -fixed processing of cors block

  • azurerm_windows_web_app - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_web_app_slot - the ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_web_app - the scm_ip_restriction block can is now successfully removed by removing from config

  • azurerm_windows_web_app_slot - the scm_ip_restriction block can is now successfully removed by removing from config

fixes #17173
fixes #18664
fixes #18793
fixes #19323
fixes #20148
fixes #20193
fixes #20331

Supersedes #20251
Supersedes #20327

Update Cors processing after service default changed from empty block to nil block
Copy link
Member

@mbfrahry mbfrahry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM though there are some tests failing around this but I can't tell if it's because of these changes or not

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of minor comments but otherwise 👍

internal/services/appservice/helpers/shared_schema.go Outdated Show resolved Hide resolved
internal/services/appservice/helpers/shared_schema.go Outdated Show resolved Hide resolved
@jackofallops
Copy link
Member Author

Tests look good, failures are transient service issues.

image

@jackofallops jackofallops merged commit 69847f2 into main Mar 23, 2023
@jackofallops jackofallops deleted the b/app-service-site-config-pt1 branch March 23, 2023 09:09
jackofallops added a commit that referenced this pull request Mar 23, 2023
@github-actions
Copy link

This functionality has been released in v3.49.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@rellis-of-rhindleton
Copy link

Hey everyone -- I'm finding that this change broke some of our modules and I want to be certain of the cause.

The ip_restrictions blocks used to work with the list syntax, if you provided values (or null) for every property. Example below, please excuse formatting and accuracy as I had to simplify it quickly.

As of 3.49 this syntax apparently no longer works. Dynamic block syntax is now required. Was that expected?

locals {
    ip_restrictions  = {
      "range_1" = {
        name       = "Range 1"
        ip_address = "..."
      },
      "range_2" = {
        name       = "Range 2"
        ip_address = "..."
      },
      ...
    }
}

# in app service configuration:
  ip_restriction = [
    for k, v in local.ip_restrictions : merge({
      name                      = null
      ip_address                = null
      action                    = "Allow"
      priority                  = 20
      headers                   = null
      service_tag               = null
      virtual_network_subnet_id = null
      subnet_id                 = null
    }, v)
  ]

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.