diff --git a/internal/services/logic/logic_app_standard_resource.go b/internal/services/logic/logic_app_standard_resource.go index 0c29d3383e6f..a32e16df7e25 100644 --- a/internal/services/logic/logic_app_standard_resource.go +++ b/internal/services/logic/logic_app_standard_resource.go @@ -115,6 +115,12 @@ func resourceLogicAppStandard() *pluginsdk.Resource { "identity": commonschema.SystemAssignedUserAssignedIdentityOptional(), + "public_network_access_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: true, + }, + "site_config": schemaLogicAppStandardSiteConfig(), "connection_string": { @@ -294,6 +300,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) clientCertMode := d.Get("client_certificate_mode").(string) clientCertEnabled := clientCertMode != "" httpsOnly := d.Get("https_only").(bool) + publicNetworkAccess := d.Get("public_network_access_enabled").(bool) location := azure.NormalizeLocation(d.Get("location").(string)) VirtualNetworkSubnetID := d.Get("virtual_network_subnet_id").(string) t := d.Get("tags").(map[string]interface{}) @@ -303,6 +310,11 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) return err } + pna := helpers.PublicNetworkAccessEnabled + if !publicNetworkAccess { + pna = helpers.PublicNetworkAccessDisabled + } + siteConfig, err := expandLogicAppStandardSiteConfig(d) if err != nil { return fmt.Errorf("expanding `site_config`: %+v", err) @@ -329,6 +341,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) ClientAffinityEnabled: utils.Bool(clientAffinityEnabled), ClientCertEnabled: utils.Bool(clientCertEnabled), HTTPSOnly: utils.Bool(httpsOnly), + PublicNetworkAccess: utils.String(pna), SiteConfig: &siteConfig, }, } @@ -386,6 +399,7 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) clientCertMode := d.Get("client_certificate_mode").(string) clientCertEnabled := clientCertMode != "" httpsOnly := d.Get("https_only").(bool) + publicNetworkAccess := d.Get("public_network_access_enabled").(bool) t := d.Get("tags").(map[string]interface{}) basicAppSettings, err := getBasicLogicAppSettings(d, *storageAccountDomainSuffix) @@ -393,6 +407,11 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) return err } + pna := helpers.PublicNetworkAccessEnabled + if !publicNetworkAccess { + pna = helpers.PublicNetworkAccessDisabled + } + siteConfig, err := expandLogicAppStandardSiteConfig(d) if err != nil { return fmt.Errorf("expanding `site_config`: %+v", err) @@ -427,6 +446,7 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) ClientAffinityEnabled: utils.Bool(clientAffinityEnabled), ClientCertEnabled: utils.Bool(clientCertEnabled), HTTPSOnly: utils.Bool(httpsOnly), + PublicNetworkAccess: utils.String(pna), SiteConfig: &siteConfig, }, } @@ -561,6 +581,7 @@ func resourceLogicAppStandardRead(d *pluginsdk.ResourceData, meta interface{}) e d.Set("client_affinity_enabled", props.ClientAffinityEnabled) d.Set("custom_domain_verification_id", props.CustomDomainVerificationID) d.Set("virtual_network_subnet_id", props.VirtualNetworkSubnetID) + d.Set("public_network_access_enabled", props.PublicNetworkAccess == helpers.PublicNetworkAccessEnabled ) clientCertMode := "" if props.ClientCertEnabled != nil && *props.ClientCertEnabled { diff --git a/internal/services/logic/logic_app_standard_resource_test.go b/internal/services/logic/logic_app_standard_resource_test.go index 3725a7798af7..23e0a43ff780 100644 --- a/internal/services/logic/logic_app_standard_resource_test.go +++ b/internal/services/logic/logic_app_standard_resource_test.go @@ -872,6 +872,30 @@ func TestAccLogicAppStandard_vNetIntegrationUpdate(t *testing.T) { }) } +func TestAccLogicAppStandard_siteConfig_publicNetworkAccessEnabled(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_logic_app_standard", "test") + r := LogicAppStandardResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.publicNetworkAccessEnabled_siteConfig(data, false), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("false"), + ), + }, + data.ImportStep(), + { + Config: r.publicNetworkAccessEnabled_siteConfig(data, true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("true"), + ), + }, + data.ImportStep(), + }) +} + func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_logic_app_standard", "test") r := LogicAppStandardResource{} @@ -881,7 +905,7 @@ func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { Config: r.publicNetworkAccessEnabled(data, false), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("false"), + check.That(data.ResourceName).Key("public_network_access_enabled").HasValue("false"), ), }, data.ImportStep(), @@ -889,7 +913,7 @@ func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { Config: r.publicNetworkAccessEnabled(data, true), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("true"), + check.That(data.ResourceName).Key("public_network_access_enabled").HasValue("true"), ), }, data.ImportStep(), @@ -2205,7 +2229,7 @@ resource "azurerm_logic_app_standard" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } -func (r LogicAppStandardResource) publicNetworkAccessEnabled(data acceptance.TestData, enabled bool) string { +func (r LogicAppStandardResource) publicNetworkAccessEnabled_siteConfig(data acceptance.TestData, enabled bool) string { return fmt.Sprintf(` provider "azurerm" { features {} @@ -2227,3 +2251,24 @@ resource "azurerm_logic_app_standard" "test" { } `, r.template(data), data.RandomInteger, enabled) } + +func (r LogicAppStandardResource) publicNetworkAccessEnabled(data acceptance.TestData, enabled bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_logic_app_standard" "test" { + name = "acctest-%d-func" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + app_service_plan_id = azurerm_app_service_plan.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + public_network_access_enabled = %t + +} +`, r.template(data), data.RandomInteger, enabled) +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go b/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go index e3deb815db42..7805b625a53a 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go @@ -24464,6 +24464,8 @@ type SitePatchResourceProperties struct { // VirtualNetworkSubnetID - Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. // This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} VirtualNetworkSubnetID *string `json:"virtualNetworkSubnetId,omitempty"` + // PublicNetworkAccess - Property to allow or block all public traffic. + PublicNetworkAccess *string `json:"publicNetworkAccess,omitempty"` } // MarshalJSON is the custom marshaler for SitePatchResourceProperties. @@ -24538,6 +24540,9 @@ func (spr SitePatchResourceProperties) MarshalJSON() ([]byte, error) { if spr.VirtualNetworkSubnetID != nil { objectMap["virtualNetworkSubnetId"] = spr.VirtualNetworkSubnetID } + if spr.PublicNetworkAccess != nil { + objectMap["publicNetworkAccess"] = spr.PublicNetworkAccess + } return json.Marshal(objectMap) } @@ -24732,6 +24737,8 @@ type SiteProperties struct { // VirtualNetworkSubnetID - Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. // This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} VirtualNetworkSubnetID *string `json:"virtualNetworkSubnetId,omitempty"` + // PublicNetworkAccess - Property to allow or block all public traffic. + PublicNetworkAccess *string `json:"publicNetworkAccess,omitempty"` } // MarshalJSON is the custom marshaler for SiteProperties. @@ -24806,6 +24813,9 @@ func (s SiteProperties) MarshalJSON() ([]byte, error) { if s.VirtualNetworkSubnetID != nil { objectMap["virtualNetworkSubnetId"] = s.VirtualNetworkSubnetID } + if s.PublicNetworkAccess != nil { + objectMap["publicNetworkAccess"] = s.PublicNetworkAccess + } return json.Marshal(objectMap) } diff --git a/website/docs/r/logic_app_standard.html.markdown b/website/docs/r/logic_app_standard.html.markdown index cc48914bac5a..d877f7160993 100644 --- a/website/docs/r/logic_app_standard.html.markdown +++ b/website/docs/r/logic_app_standard.html.markdown @@ -139,6 +139,8 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. +* `public_network_access_enabled` - (Optional) Is public network access enabled? Defaults to `true`. + * `site_config` - (Optional) A `site_config` object as defined below. * `storage_account_name` - (Required) The backend storage account name which will be used by this Logic App (e.g. for Stateful workflows data). Changing this forces a new resource to be created.