diff --git a/internal/services/appservice/helpers/shared_schema.go b/internal/services/appservice/helpers/shared_schema.go index 513dafbc7d57..1c70716f9e07 100644 --- a/internal/services/appservice/helpers/shared_schema.go +++ b/internal/services/appservice/helpers/shared_schema.go @@ -24,6 +24,7 @@ type IpRestriction struct { Priority int64 `tfschema:"priority"` Action string `tfschema:"action"` Headers []IpRestrictionHeaders `tfschema:"headers"` + Description string `tfschema:"description"` } type IpRestrictionHeaders struct { @@ -104,6 +105,13 @@ func IpRestrictionSchema() *pluginsdk.Schema { }, "headers": IpRestrictionHeadersSchema(), + + "description": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.StringIsNotEmpty, + Description: "The description of the IP restriction rule.", + }, }, }, } @@ -153,6 +161,12 @@ func IpRestrictionSchemaComputed() *pluginsdk.Schema { }, "headers": IpRestrictionHeadersSchemaComputed(), + + "description": { + Type: pluginsdk.TypeString, + Computed: true, + Description: "The description of the ip restriction rule.", + }, }, }, } @@ -1155,6 +1169,10 @@ func ExpandIpRestrictions(restrictions []IpRestriction) (*[]webapps.IPSecurityRe restriction.VnetSubnetResourceId = utils.String(v.VnetSubnetId) } + if v.Description != "" { + restriction.Description = pointer.To(v.Description) + } + restriction.Priority = pointer.To(v.Priority) restriction.Action = pointer.To(v.Action) @@ -1493,6 +1511,9 @@ func FlattenIpRestrictions(ipRestrictionsList *[]webapps.IPSecurityRestriction) } ipRestriction.Headers = flattenIpRestrictionHeaders(pointer.From(v.Headers)) + if v.Description != nil { + ipRestriction.Description = *v.Description + } ipRestrictions = append(ipRestrictions, ipRestriction) } diff --git a/internal/services/appservice/linux_function_app_resource_test.go b/internal/services/appservice/linux_function_app_resource_test.go index cccf63c7cc6d..fc849bea6b5c 100644 --- a/internal/services/appservice/linux_function_app_resource_test.go +++ b/internal/services/appservice/linux_function_app_resource_test.go @@ -79,6 +79,38 @@ func TestAccLinuxFunctionApp_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxFunctionApp_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app", "test") + r := LinuxFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxFunctionApp_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_function_app", "test") r := LinuxFunctionAppResource{} @@ -1912,6 +1944,42 @@ resource "azurerm_linux_function_app" "test" { `, r.template(data, SkuStandardPlan), data.RandomInteger) } +func (r LinuxFunctionAppResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app" "test" { + name = "acctest-LFA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address linux function app" + } + } +} +`, r.template(data, SkuStandardPlan), data.RandomInteger) +} + func (r LinuxFunctionAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/linux_function_app_slot_resource_test.go b/internal/services/appservice/linux_function_app_slot_resource_test.go index 7bed04f799cf..7f0051904ed0 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_test.go @@ -659,6 +659,38 @@ func TestAccLinuxFunctionAppSlot_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxFunctionAppSlot_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") + r := LinuxFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxFunctionAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") r := LinuxFunctionAppSlotResource{} @@ -1805,6 +1837,7 @@ resource "azurerm_linux_function_app_slot" "test" { `, r.template(data, planSku), data.RandomInteger, javaVersion) } +// nolint: unparam func (r LinuxFunctionAppSlotResource) withIPRestrictions(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { @@ -1836,6 +1869,39 @@ resource "azurerm_linux_function_app_slot" "test" { } `, r.template(data, planSku), data.RandomInteger) } + +func (r LinuxFunctionAppSlotResource) withIPRestrictionsDescription(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app_slot" "test" { + name = "acctest-LFAS-%d" + function_app_id = azurerm_linux_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address linux function app" + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} func (r LinuxFunctionAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { @@ -2331,6 +2397,7 @@ resource "azurerm_linux_function_app_slot" "test" { x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] x_forwarded_host = ["example.com"] } + description = "Allow ip address 10.10.10.10/32" } load_balancing_mode = "LeastResponseTime" diff --git a/internal/services/appservice/linux_web_app_resource_test.go b/internal/services/appservice/linux_web_app_resource_test.go index c8cac59a96ac..b29ad69b5c43 100644 --- a/internal/services/appservice/linux_web_app_resource_test.go +++ b/internal/services/appservice/linux_web_app_resource_test.go @@ -368,6 +368,35 @@ func TestAccLinuxWebApp_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxWebApp_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app", "test") + r := LinuxWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxWebApp_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_web_app", "test") r := LinuxWebAppResource{} @@ -2528,6 +2557,39 @@ resource "azurerm_linux_web_app" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r LinuxWebAppResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_web_app" "test" { + name = "acctestWA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + site_config { + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address 10.10.10.10/32" + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r LinuxWebAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/linux_web_app_slot_resource_test.go b/internal/services/appservice/linux_web_app_slot_resource_test.go index c0e6334d23a6..c713e5033fb1 100644 --- a/internal/services/appservice/linux_web_app_slot_resource_test.go +++ b/internal/services/appservice/linux_web_app_slot_resource_test.go @@ -327,6 +327,35 @@ func TestAccLinuxWebAppSlot_withIPRestrictions(t *testing.T) { }) } +func TestAccLinuxWebAppSlot_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_web_app_slot", "test") + r := LinuxWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccLinuxWebAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_linux_web_app_slot", "test") r := LinuxWebAppSlotResource{} @@ -2080,6 +2109,37 @@ resource "azurerm_linux_web_app_slot" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r LinuxWebAppSlotResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_web_app_slot" "test" { + name = "acctestWAS-%d" + app_service_id = azurerm_linux_web_app.test.id + + site_config { + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address linux function app" + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r LinuxWebAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { @@ -2136,6 +2196,7 @@ resource "azurerm_linux_web_app_slot" "test" { x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] x_forwarded_host = ["example.com"] } + description = "Allow ip address linux web app slot" } } } diff --git a/internal/services/appservice/windows_function_app_resource_test.go b/internal/services/appservice/windows_function_app_resource_test.go index a514084a295b..6dc311a3bc91 100644 --- a/internal/services/appservice/windows_function_app_resource_test.go +++ b/internal/services/appservice/windows_function_app_resource_test.go @@ -925,6 +925,38 @@ func TestAccWindowsFunctionApp_withIPRestrictions(t *testing.T) { }) } +func TestAccWindowsFunctionApp_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app", "test") + r := WindowsFunctionAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data, SkuStandardPlan), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsFunctionApp_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_function_app", "test") r := WindowsFunctionAppResource{} @@ -2296,6 +2328,7 @@ resource "azurerm_windows_function_app" "test" { x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] x_forwarded_host = ["example.com"] } + description = "Allow ip address 10.10.10.10/32" } load_balancing_mode = "LeastResponseTime" @@ -3314,6 +3347,7 @@ resource "azurerm_windows_function_app" "test" { `, r.identityTemplate(data, planSku), data.RandomString, data.RandomInteger) } +// nolint: unparam func (r WindowsFunctionAppResource) withIPRestrictions(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { @@ -3348,6 +3382,43 @@ resource "azurerm_windows_function_app" "test" { } `, r.template(data, planSku), data.RandomInteger) } + +func (r WindowsFunctionAppResource) withIPRestrictionsDescription(data acceptance.TestData, planSku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app" "test" { + name = "acctest-WFA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address linux function app" + + } + } +} +`, r.template(data, planSku), data.RandomInteger) +} func (r WindowsFunctionAppResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData, planSku string) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_function_app_slot_resource_test.go b/internal/services/appservice/windows_function_app_slot_resource_test.go index 765d1e81491d..b0a38c654a62 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_test.go @@ -644,6 +644,38 @@ func TestAccWindowsFunctionAppSlot_withIPRestrictions(t *testing.T) { }) } +func TestAccWindowsFunctionAppSlot_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") + r := WindowsFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsFunctionAppSlot_withIPRestrictionsDefaultAction(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") r := WindowsFunctionAppSlotResource{} @@ -1304,6 +1336,39 @@ resource "azurerm_windows_function_app_slot" "test" { `, r.template(data, SkuStandardPlan), data.RandomInteger) } +func (r WindowsFunctionAppSlotResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app_slot" "test" { + name = "acctest-WFAS-%d" + function_app_id = azurerm_windows_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + ip_restriction { + ip_address = "13.107.6.152/31,13.107.128.0/22" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address windows function app slot" + } + } +} +`, r.template(data, SkuStandardPlan), data.RandomInteger) +} + func (r WindowsFunctionAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_web_app_resource_test.go b/internal/services/appservice/windows_web_app_resource_test.go index fbdf60cf1ee3..d28b1017461b 100644 --- a/internal/services/appservice/windows_web_app_resource_test.go +++ b/internal/services/appservice/windows_web_app_resource_test.go @@ -334,6 +334,35 @@ func TestAccWindowsWebApp_withIPRestrictions(t *testing.T) { }) } +func TestAccWindowsWebApp_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app", "test") + r := WindowsWebAppResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsWebApp_withIPRestrictionDefaultActionDeny(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_web_app", "test") r := WindowsWebAppResource{} @@ -2021,6 +2050,39 @@ resource "azurerm_windows_web_app" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r WindowsWebAppResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_web_app" "test" { + name = "acctestWA-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + service_plan_id = azurerm_service_plan.test.id + + site_config { + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address 10.10.10.10/32" + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r WindowsWebAppResource) withIPRestrictionDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/appservice/windows_web_app_slot_resource_test.go b/internal/services/appservice/windows_web_app_slot_resource_test.go index 09b66ec3f410..375204418357 100644 --- a/internal/services/appservice/windows_web_app_slot_resource_test.go +++ b/internal/services/appservice/windows_web_app_slot_resource_test.go @@ -291,6 +291,35 @@ func TestAccWindowsWebAppSlot_withIPRestrictions(t *testing.T) { }) } +func TestAccWindowsWebAppSlot_withIPRestrictionsDescription(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_web_app_slot", "test") + r := WindowsWebAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictionsDescription(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + { + Config: r.withIPRestrictions(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + func TestAccWindowsWebAppSlot_withIPRestrictionsUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_windows_web_app_slot", "test") r := WindowsWebAppSlotResource{} @@ -1730,6 +1759,37 @@ resource "azurerm_windows_web_app_slot" "test" { `, r.baseTemplate(data), data.RandomInteger) } +func (r WindowsWebAppSlotResource) withIPRestrictionsDescription(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_web_app_slot" "test" { + name = "acctestWAS-%d" + app_service_id = azurerm_windows_web_app.test.id + + site_config { + ip_restriction { + ip_address = "10.10.10.10/32" + name = "test-restriction" + priority = 123 + action = "Allow" + headers { + x_azure_fdid = ["55ce4ed1-4b06-4bf1-b40e-4638452104da"] + x_fd_health_probe = ["1"] + x_forwarded_for = ["9.9.9.9/32", "2002::1234:abcd:ffff:c0a8:101/64"] + x_forwarded_host = ["example.com"] + } + description = "Allow ip address 10.10.10.10/32" + } + } +} +`, r.baseTemplate(data), data.RandomInteger) +} + func (r WindowsWebAppSlotResource) withIPRestrictionsDefaultActionDeny(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/r/linux_function_app.html.markdown b/website/docs/r/linux_function_app.html.markdown index ce666dc233ba..2e51cf0ea47d 100644 --- a/website/docs/r/linux_function_app.html.markdown +++ b/website/docs/r/linux_function_app.html.markdown @@ -585,6 +585,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `microsoft` block supports the following: @@ -633,6 +634,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: diff --git a/website/docs/r/linux_function_app_slot.html.markdown b/website/docs/r/linux_function_app_slot.html.markdown index 83ca48869fa3..d492ac348fec 100644 --- a/website/docs/r/linux_function_app_slot.html.markdown +++ b/website/docs/r/linux_function_app_slot.html.markdown @@ -704,6 +704,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `scm_ip_restriction` block supports the following: @@ -724,6 +725,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `storage_account` block supports the following: diff --git a/website/docs/r/linux_web_app.html.markdown b/website/docs/r/linux_web_app.html.markdown index 98cd2cb01e7f..b2e4ee9f9280 100644 --- a/website/docs/r/linux_web_app.html.markdown +++ b/website/docs/r/linux_web_app.html.markdown @@ -600,6 +600,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `logs` block supports the following: @@ -668,6 +669,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: diff --git a/website/docs/r/linux_web_app_slot.html.markdown b/website/docs/r/linux_web_app_slot.html.markdown index 41ac6451db6f..c5e6a3054416 100644 --- a/website/docs/r/linux_web_app_slot.html.markdown +++ b/website/docs/r/linux_web_app_slot.html.markdown @@ -604,6 +604,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `logs` block supports the following: @@ -672,6 +673,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: diff --git a/website/docs/r/windows_function_app.html.markdown b/website/docs/r/windows_function_app.html.markdown index eaa644b4d07a..282155270663 100644 --- a/website/docs/r/windows_function_app.html.markdown +++ b/website/docs/r/windows_function_app.html.markdown @@ -565,6 +565,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `microsoft` block supports the following: @@ -613,6 +614,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: diff --git a/website/docs/r/windows_function_app_slot.html.markdown b/website/docs/r/windows_function_app_slot.html.markdown index cc89081362af..3c1f67292c59 100644 --- a/website/docs/r/windows_function_app_slot.html.markdown +++ b/website/docs/r/windows_function_app_slot.html.markdown @@ -663,6 +663,7 @@ An `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `scm_ip_restriction` block supports the following: @@ -683,6 +684,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** Exactly one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `headers` block supports the following: diff --git a/website/docs/r/windows_web_app.html.markdown b/website/docs/r/windows_web_app.html.markdown index a0946cf755da..5a0b70070452 100644 --- a/website/docs/r/windows_web_app.html.markdown +++ b/website/docs/r/windows_web_app.html.markdown @@ -625,6 +625,8 @@ A `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. + --- A `logs` block supports the following: @@ -693,6 +695,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: diff --git a/website/docs/r/windows_web_app_slot.html.markdown b/website/docs/r/windows_web_app_slot.html.markdown index 8291761e04fa..05dd4e215c69 100644 --- a/website/docs/r/windows_web_app_slot.html.markdown +++ b/website/docs/r/windows_web_app_slot.html.markdown @@ -620,6 +620,7 @@ A `ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `logs` block supports the following: @@ -688,6 +689,7 @@ A `scm_ip_restriction` block supports the following: ~> **NOTE:** One and only one of `ip_address`, `service_tag` or `virtual_network_subnet_id` must be specified. +* `description` - (Optional) The Description of this IP Restriction. --- A `site_config` block supports the following: