Support for Network Access Control in SignalR

[jayendranarumugam]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

New or Affected Resource(s)

• azurerm_signalr_service

Potential Terraform Configuration

resource "azurerm_signalr_service" "example" {
  name                = "tfex-signalr"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku {
    name     = "Free_F1"
    capacity = 1
  }

  cors {
    allowed_origins = ["http://www.example.com"]
  }

  features {
    flag  = "ServiceMode"
    value = "Default"
  }

network_rules = [
    {
      name      = "AllowClientConnection"
      rule_type = "allow"
      endpoint  = "public-network"
      services  = ["ClientConnection"]
    },
    {
      name      = "DenyAllOthers"
      rule_type = "deny"
      endpoint  = "public-network"
      services  = ["ServerConnection", "RESTAPI"]
    }
  ]

}

Corresponds to the image below

References

• https://github.com/claranet/terraform-azurerm-signalr

[jayendranarumugam]

@katbyte , you can close this issue as with this new #12434, this feature is completed. Thanks, @neil-yechenwei !

With this I can now officially complete my blog series 😁

For others, you can use the below code to implement NAC. Here is the official docs

resource "azurerm_private_endpoint" "example" {
  name                = "example-privateendpoint"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  subnet_id           = azurerm_subnet.example.id

  private_service_connection {
    name                           = "psc-sig-test"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_signalr_service.example.id
    subresource_names              = ["signalr"]
  }
}

resource "azurerm_signalr_service_network_acl" "example" {
  signalr_service_id = azurerm_signalr_service.example.id
  default_action     = "Deny"

  public_network {
    allowed_request_types = ["ClientConnection"]
  }

  private_endpoint {
    id                    = azurerm_private_endpoint.example.id
    allowed_request_types = ["ServerConnection"]
  }
}

[tombuildsstuff]

Fixed via #12434

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.