Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_app_service_environment - support for user_whitelisted_ip_ranges #7324

Merged
merged 3 commits into from
Jun 16, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions azurerm/internal/services/web/app_service_environment_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
helpersValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
networkParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/network/parse"
networkValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/network/validate"
Expand Down Expand Up @@ -86,6 +87,15 @@ func resourceArmAppServiceEnvironment() *schema.Resource {
}, false),
},

"user_whitelisted_ip_ranges": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: helpersValidate.CIDR,
},
},

// TODO in 3.0 Make it "Required"
"resource_group_name": azure.SchemaResourceGroupNameOptionalComputed(),

Expand All @@ -109,6 +119,7 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa
name := d.Get("name").(string)
internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string)
t := d.Get("tags").(map[string]interface{})
userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()

subnetId := d.Get("subnet_id").(string)
subnet, err := networkParse.SubnetID(subnetId)
Expand Down Expand Up @@ -166,6 +177,7 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa
ID: utils.String(subnetId),
Subnet: utils.String(subnet.Name),
},
UserWhitelistedIPRanges: utils.ExpandStringSlice(userWhitelistedIPRangesRaw),

// the SDK is coded primarily for v1, which needs a non-null entry for workerpool, so we construct an empty slice for it
// TODO: remove this hack once https://github.com/Azure/azure-rest-api-specs/pull/8433 has been merged
Expand Down Expand Up @@ -224,6 +236,11 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa
environment.AppServiceEnvironment.MultiSize = utils.String(v)
}

if d.HasChange("user_whitelisted_ip_ranges") {
v := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()
environment.UserWhitelistedIPRanges = utils.ExpandStringSlice(v)
}

if _, err := client.Update(ctx, id.ResourceGroup, id.Name, environment); err != nil {
return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
}
Expand Down Expand Up @@ -282,6 +299,7 @@ func resourceArmAppServiceEnvironmentRead(d *schema.ResourceData, meta interface
pricingTier = convertToIsolatedSKU(*props.MultiSize)
}
d.Set("pricing_tier", pricingTier)
d.Set("user_whitelisted_ip_ranges", props.UserWhitelistedIPRanges)
}

return tags.FlattenAndSet(d, existing.Tags)
Expand Down
13 changes: 9 additions & 4 deletions website/docs/r/app_service_environment.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,11 @@ resource "azurerm_subnet" "gateway" {
}

resource "azurerm_app_service_environment" "example" {
name = "example-ase"
subnet_id = azurerm_subnet.ase.id
pricing_tier = "I2"
front_end_scale_factor = 10
name = "example-ase"
subnet_id = azurerm_subnet.ase.id
pricing_tier = "I2"
front_end_scale_factor = 10
user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"]
}

```
Expand All @@ -63,6 +64,10 @@ resource "azurerm_app_service_environment" "example" {

* `front_end_scale_factor` - (Optional) Scale factor for front end instances. Possible values are between `5` and `15`. Defaults to `15`.

* `user_whitelisted_ip_ranges` - (Optional) User added IP ranges to whitelist on ASE db. Use the addresses you want to set as the explicit egress address ranges. Use CIDR format.

~> **NOTE:** `user_whitelisted_ip_ranges` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall)

* `resource_group_name` - (Optional) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by `subnet_id`).

* `tags` - (Optional) A mapping of tags to assign to the resource. Changing this forces a new resource to be created.
Expand Down